Merge branch 'main' into coko-examples

.github/workflows/build.yml

@@ -16,8 +16,8 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-java@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
         with:
           distribution: "temurin"
           java-version: 17
@@ -36,10 +36,10 @@ jobs:
           fi
           # store version in GitHub environment file
           echo "version=$VERSION" >> $GITHUB_ENV
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
       - name: Build ${{ env.version }}
-        uses: gradle/gradle-build-action@v2
-        with:
-          arguments: :codyze-cli:build -x check --parallel -Pversion=${{ env.version }}
+        run: ./gradlew :codyze-cli:build -x check --parallel -Pversion=${{ env.version }}
       - name: Push Release Docker Image
         if: startsWith(github.ref, 'refs/tags/v')
         run: |
@@ -50,7 +50,7 @@ jobs:
           docker push ghcr.io/fraunhofer-aisec/codyze:latest
       - name: Create Release
         if: startsWith(github.ref, 'refs/tags/v')
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         with:
           name: ${{ env.version }}
           generate_release_notes: true

.github/workflows/codecov.yml

@@ -13,23 +13,23 @@ jobs:
   analyze-code-coverage:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: "temurin"
           java-version: 17
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
       - name: Generate coverage report
-        uses: gradle/gradle-build-action@v2
-        with:
-          arguments: testCodeCoverageReport --continue
+        run: ./gradlew testCodeCoverageReport --continue
       - name: Archive test reports
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: test
           path: ./code-coverage-report/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           files: ./code-coverage-report/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml

.github/workflows/detekt.yml

@@ -17,23 +17,23 @@ jobs:
       security-events: write  # for github/codeql-action/upload-sarif to upload SARIF results
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Java
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: "temurin"
           java-version: 17
 
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
       - name: Run analysis
-        uses: gradle/gradle-build-action@v2
-        with:
-          arguments: detektMain detektTest --continue
+        run: ./gradlew detektMain detektTest --continue
 
       # Make sure we always run this upload task,
       # because the previous step may fail if there are findings.
       - name: Upload SARIF to Github using the upload-sarif action
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         if: success() || failure()
         with:
           sarif_file: build/reports/detekt/detekt.sarif

.github/workflows/docs.yml

@@ -10,24 +10,27 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
+      - uses: actions/checkout@v4
+      # Ensure Java installation to run Gradle
+      - uses: actions/setup-java@v4
         with:
-          python-version: '3.x'
-      - uses: actions/cache@v3
+          distribution: "temurin"
+          java-version: 17
+      - name: 'Setup Gradle'
+        uses: gradle/actions/setup-gradle@v3
+      - name: 'Build API pages'
+        run: |
+            ./gradlew dokkaHtmlMultiModule \
+              -Dorg.gradle.internal.repository.max.tentatives=5 \
+              -Dorg.gradle.internal.repository.initial.backoff=10000
+      - uses: actions/setup-python@v5
         with:
-          key: ${{ github.ref }}
-          path: .cache
+          python-version: '3.x'
+          cache: 'pip'
+          cache-dependency-path: './docs/mkdocs-material-plugins.txt'
       - name: 'Install mkdocs-material and plugins'
         run: |
           python -m pip install mkdocs-material
           python -m pip install -r ./docs/mkdocs-material-plugins.txt
-      - name: 'Build API pages'
-        uses: gradle/gradle-build-action@v2
-        with:
-          arguments: |
-            dokkaHtmlMultiModule
-            -Dorg.gradle.internal.repository.max.tentatives=5
-            -Dorg.gradle.internal.repository.initial.backoff=10000
       - name: 'Build & deploy docs'
         run: mkdocs gh-deploy --force

.github/workflows/upgrade.yml

@@ -0,0 +1,73 @@
+# Portability testing across OSes and Java LTS versions
+# ---
+# Regularly check if we remain compatible with other OSes than Linux and if we
+# could upgrade to newer LTS versions of Java.
+#
+# This acts more like an indicator if something is going to break. Our main
+# target platform is Linux and we build against it during our regular workflow
+# runs. Likewise, we're just testing if we could support newer LTS version of
+# Java. We're still taking very deliberate decisions to upgrade to the next
+# LTS version of Java.
+name: 'Portability testing OSes and Java LTS versions'
+
+permissions: {}
+
+on:
+  schedule:
+    # runs at 5:00 on the first of every month
+    - cron: '0 5 1 * *'
+  # can be triggered manually
+  workflow_dispatch:
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false
+      matrix:
+        java-lts: [ '17', '21' ]
+        os: [ ubuntu-latest, macos-latest, windows-latest ]
+    runs-on: ${{ matrix.os }}
+    continue-on-error: true
+    name: 'Building with Java ${{ matrix.java-lts }} on ${{ matrix.os }}'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Java ${{ matrix.java-lts }}
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: ${{ matrix.java-lts }}
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+      - name: Build and Test
+        id: build-and-test
+        run:  ./gradlew build --parallel
+      - if: ${{ failure() }}
+        run: touch failure
+      - if: ${{ !cancelled() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.os }}-${{ matrix.java-lts }}-failure
+          path: failure
+          if-no-files-found: ignore
+          retention-days: 1
+
+  process-failures:
+    if: ${{ !cancelled() }}
+    needs: [ build ]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get failures from matrix jobs
+        uses: actions/download-artifact@v4
+        with:
+          path: all-failures
+          pattern: '*-failure'
+          merge-multiple: true
+      - name: Process failures
+        id: process-failures
+        run: test -f all-failures/failure && echo 'hasFails=true' >> "$GITHUB_OUTPUT"
+      - if: ${{ steps.process-failures.outputs.hasFails == 'true' }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+            core.setFailed('Some matrix jobs failed.')

Dockerfile

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:17-jre
+FROM eclipse-temurin:17.0.10_7-jre
 
 LABEL org.opencontainers.image.authors="Fraunhofer AISEC <[email protected]>"
 

build.gradle.kts

@@ -31,13 +31,13 @@ tasks.dokkaHtmlMultiModule.configure {
     dokkaAssetsBaseDirectory
         .resolve("JetBrainsMono")
         .copyRecursively(
-            target = outputDirectory.get().resolve("styles").resolve("JetBrainsMono"),
+            target = file(outputDirectory).resolve("styles").resolve("JetBrainsMono"),
             overwrite = true,
         )
     dokkaAssetsBaseDirectory
         .resolve("inter")
         .copyRecursively(
-            target = outputDirectory.get().resolve("styles").resolve("inter"),
+            target = file(outputDirectory).resolve("styles").resolve("inter"),
             overwrite = true,
         )
 }
@@ -47,7 +47,7 @@ val projectProps by tasks.registering(WriteProperties::class) {
     description = "Write project properties in a file."
 
     // Set output file to build/project.properties
-    outputFile = file("$buildDir/codyze.properties")
+    destinationFile = layout.buildDirectory.file("codyze.properties")
     // Default encoding is ISO-8559-1, here we change it.
     encoding = "UTF-8"
     // Optionally we can specify the header comment.
@@ -62,7 +62,7 @@ val projectProps by tasks.registering(WriteProperties::class) {
     }
 }
 
-// configure detekt to combine the results of all submodules into a single sarif file -> for github code scanning
+// configure detekt to combine the results of all submodules into a single sarif file -> for GitHub code scanning
 val detektReportMergeSarif by tasks.registering(ReportMergeTask::class) {
     output.set(rootProject.layout.buildDirectory.file("reports/detekt/detekt.sarif"))
 }

buildSrc/src/main/kotlin/code-quality.gradle.kts

@@ -28,7 +28,8 @@ tasks.jacocoTestReport {
 // a merged report
 tasks.withType<Detekt>().configureEach {
     basePath = "${rootProject.projectDir.absolutePath}"
-    config.setFrom(files("$rootDir/detekt.yml"))
+    buildUponDefaultConfig = true
+    config.setFrom(rootDir.resolve("detekt.yml"))
 }
 
 // custom task for fixing formatting issues

buildSrc/src/main/kotlin/documented.gradle.kts

@@ -49,13 +49,13 @@ tasks.withType<DokkaTask>().configureEach {
     dokkaAssetsBaseDirectory
         .resolve("JetBrainsMono")
         .copyRecursively(
-            target = outputDirectory.get().resolve("styles").resolve("JetBrainsMono"),
+            target = file(outputDirectory).resolve("styles").resolve("JetBrainsMono"),
             overwrite = true,
         )
     dokkaAssetsBaseDirectory
         .resolve("inter")
         .copyRecursively(
-            target = outputDirectory.get().resolve("styles").resolve("inter"),
+            target = file(outputDirectory).resolve("styles").resolve("inter"),
             overwrite = true,
         )
 }

buildSrc/src/main/kotlin/module.gradle.kts

@@ -17,6 +17,7 @@ dependencies {
     // Unit tests
     testImplementation(kotlin("test"))
     testImplementation(libs.junit.params)
+    testRuntimeOnly("org.junit.platform:junit-platform-launcher")
 }
 
 repositories {
@@ -37,7 +38,7 @@ repositories {
 
     // Eclipse CDT repo --> needed for CPG
     ivy {
-        setUrl("https://download.eclipse.org/tools/cdt/releases/11.0/cdt-11.0.0/plugins")
+        setUrl("https://download.eclipse.org/tools/cdt/releases/11.3/cdt-11.3.1/plugins")
         metadataSources {
             artifact()
         }

buildSrc/src/main/kotlin/publish.gradle.kts

@@ -9,7 +9,7 @@ plugins {
 }
 
 java {
-    //withJavadocJar() // using custom JavaDoc from Dokka; FIXME maybe there is a better way?
+    // withJavadocJar() // using custom JavaDoc from Dokka; FIXME maybe there is a better way?
     withSourcesJar()
 }
 
@@ -54,4 +54,4 @@ publishing {
             }
         }
     }
-}
+}

code-coverage-report/build.gradle.kts

@@ -10,7 +10,7 @@ repositories {
 
     // Eclipse CDT repo --> needed when adding the CPG as an included build
     ivy {
-        setUrl("https://download.eclipse.org/tools/cdt/releases/11.0/cdt-11.0.0/plugins")
+        setUrl("https://download.eclipse.org/tools/cdt/releases/11.3/cdt-11.3.1/plugins")
         metadataSources {
             artifact()
         }

codyze-backends/cpg/build.gradle.kts

@@ -24,4 +24,4 @@ publishing {
             }
         }
     }
-}
+}

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/CPGBackend.kt

@@ -67,8 +67,6 @@ open class CPGBackend(config: BackendConfiguration) : Backend {
                 .processAnnotations(processAnnotations)
                 .failOnError(failOnError)
                 .useParallelFrontends(useParallelFrontends)
-                .typeSystemActiveInFrontend(typeSystemActiveInFrontend)
-                .defaultLanguages()
                 .sourceLocations(source.map { (it.toFile()) })
                 .symbols(symbols)
                 .useUnityBuild(useUnityBuild)
@@ -86,6 +84,15 @@ open class CPGBackend(config: BackendConfiguration) : Backend {
         if (defaultPasses) translationConfiguration.defaultPasses()
         passes.forEach { translationConfiguration.registerPass(it) }
 
+        translationConfiguration.optionalLanguage(
+            "de.fraunhofer.aisec.cpg.frontends.cxx.CLanguage"
+        )
+        translationConfiguration.optionalLanguage(
+            "de.fraunhofer.aisec.cpg.frontends.cxx.CPPLanguage"
+        )
+        translationConfiguration.optionalLanguage(
+            "de.fraunhofer.aisec.cpg.frontends.java.JavaLanguage"
+        )
         translationConfiguration.optionalLanguage(
             "de.fraunhofer.aisec.cpg.frontends.python.PythonLanguage"
         )

codyze-backends/cpg/src/main/kotlin/de/fraunhofer/aisec/codyze/backends/cpg/CPGConfiguration.kt

@@ -17,8 +17,9 @@ package de.fraunhofer.aisec.codyze.backends.cpg
 
 import de.fraunhofer.aisec.codyze.core.backend.BackendConfiguration
 import de.fraunhofer.aisec.cpg.passes.Pass
-import mu.KotlinLogging
+import io.github.oshai.kotlinlogging.KotlinLogging
 import java.nio.file.Path
+import kotlin.reflect.KClass
 
 private val logger = KotlinLogging.logger {}
 
@@ -33,7 +34,6 @@ private val logger = KotlinLogging.logger {}
 data class CPGConfiguration(
     val source: List<Path>,
     val useUnityBuild: Boolean,
-    val typeSystemActiveInFrontend: Boolean,
     val debugParser: Boolean,
     val disableCleanup: Boolean,
     val codeInNodes: Boolean,
@@ -44,7 +44,7 @@ data class CPGConfiguration(
     val defaultPasses: Boolean,
     val additionalLanguages: Set<String>,
     val symbols: Map<String, String>,
-    val passes: List<Pass>,
+    val passes: List<KClass<out Pass<*>>>,
     val loadIncludes: Boolean,
     val includePaths: List<Path>,
     val includeAllowlist: List<Path>,