From 1c57722764e26b30d50ae3e22126e2945cf32cb4 Mon Sep 17 00:00:00 2001 From: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com> Date: Mon, 16 Dec 2024 16:57:07 +0100 Subject: [PATCH] #28: Update dependencies (#29) --- .gitattributes | 13 ++ .github/workflows/broken_links_checker.yml | 26 ++- .github/workflows/ci-build-next-java.yml | 35 --- .github/workflows/ci-build.yml | 219 +++++++++++++++--- .github/workflows/dependencies_check.yml | 88 +++++-- .github/workflows/dependencies_update.yml | 176 ++++++++++++++ .github/workflows/release.yml | 219 ++++++++++++++++++ ...elease_droid_prepare_original_checksum.yml | 31 --- .../release_droid_print_quick_checksum.yml | 24 -- ...release_droid_release_on_maven_central.yml | 30 --- ...ase_droid_upload_github_release_assets.yml | 44 ---- .gitignore | 2 + .project-keeper.yml | 1 - .settings/org.eclipse.jdt.core.prefs | 22 +- .settings/org.eclipse.jdt.ui.prefs | 6 + .vscode/settings.json | 21 ++ README.md | 4 +- dependencies.md | 126 +++++----- doc/changes/changelog.md | 1 + doc/changes/changes_0.4.3.md | 53 +++++ pk_generated_parent.pom | 188 ++++++++++----- pom.xml | 70 ++++-- release_config.yml | 3 - 23 files changed, 1030 insertions(+), 372 deletions(-) create mode 100644 .gitattributes delete mode 100644 .github/workflows/ci-build-next-java.yml create mode 100644 .github/workflows/dependencies_update.yml create mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/release_droid_prepare_original_checksum.yml delete mode 100644 .github/workflows/release_droid_print_quick_checksum.yml delete mode 100644 .github/workflows/release_droid_release_on_maven_central.yml delete mode 100644 .github/workflows/release_droid_upload_github_release_assets.yml create mode 100644 .vscode/settings.json create mode 100644 doc/changes/changes_0.4.3.md delete mode 100644 release_config.yml diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..4192e8b --- /dev/null +++ b/.gitattributes @@ -0,0 +1,13 @@ +*.sh text eol=lf +*.bat text eol=crlf + +pk_generated_parent.pom linguist-generated=true +dependencies.md linguist-generated=true +doc/changes/changelog.md linguist-generated=true +.github/workflows/broken_links_checker.yml linguist-generated=true +.github/workflows/ci-build.yml linguist-generated=true +.github/workflows/dependencies_check.yml linguist-generated=true +.github/workflows/dependencies_update.yml linguist-generated=true +.github/workflows/release.yml linguist-generated=true +.settings/org.eclipse.jdt.core.prefs linguist-generated=true +.settings/org.eclipse.jdt.ui.prefs linguist-generated=true diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index 29071df..90488ca 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -1,27 +1,35 @@ +# Generated by Project Keeper +# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/broken_links_checker.yml name: Broken Links Checker on: schedule: - cron: "0 5 * * 0" - push: - branches: - - main - pull_request: jobs: linkChecker: runs-on: ubuntu-latest + permissions: + contents: read + defaults: + run: + shell: "bash" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Configure broken links checker run: | mkdir -p ./target - echo '{ "aliveStatusCodes": [429, 200], "ignorePatterns": [{"pattern": "^https?://(www.)?opensource.org"}] }' > ./target/broken_links_checker.json + echo '{"aliveStatusCodes": [429, 200], "ignorePatterns": [' \ + '{"pattern": "^https?://(www|dev).mysql.com/"},' \ + '{"pattern": "^https?://(www.)?opensource.org"}' \ + '{"pattern": "^https?://(www.)?eclipse.org"}' \ + '{"pattern": "^https?://projects.eclipse.org"}' \ + ']}' > ./target/broken_links_checker.json - uses: gaurav-nelson/github-action-markdown-link-check@v1 with: - use-quiet-mode: 'yes' - use-verbose-mode: 'yes' - config-file: ./target/broken_links_checker.json \ No newline at end of file + use-quiet-mode: "yes" + use-verbose-mode: "yes" + config-file: ./target/broken_links_checker.json diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml deleted file mode 100644 index 6a1006c..0000000 --- a/.github/workflows/ci-build-next-java.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: CI Build next Java - -on: - push: - branches: - - main - pull_request: - -jobs: - java-17-compatibility: - runs-on: ubuntu-latest - concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - steps: - - name: Checkout the repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: 17 - cache: 'maven' - - name: Run tests and build with Maven - run: | - mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \ - -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn - - name: Publish Test Report - uses: scacap/action-surefire-report@v1 - if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - fail_if_no_tests: false diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index e520870..dbd2de0 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -1,55 +1,210 @@ +# This file was generated by Project Keeper. name: CI Build - on: push: - branches: - - main - pull_request: - + branches: [ + main + ] + + pull_request: null + workflow_dispatch: null jobs: - build: + build-and-test: runs-on: ubuntu-latest - concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + defaults: + run: { + shell: bash + } + permissions: { + contents: read, + issues: read + } + concurrency: { + group: '${{ github.workflow }}-build-and-test-${{ github.ref }}', cancel-in-progress: true + } + outputs: { + release-required: '${{ steps.check-release.outputs.release-required }}' + } steps: + - name: Free Disk Space + id: free-disk-space + if: ${{ false }} + run: | + sudo rm -rf /usr/local/lib/android + sudo rm -rf /usr/share/dotnet - name: Checkout the repository - uses: actions/checkout@v3 - with: + id: checkout + uses: actions/checkout@v4 + with: { fetch-depth: 0 - - name: Set up JDK 11 - uses: actions/setup-java@v3 + } + - name: Set up JDKs + id: setup-java + uses: actions/setup-java@v4 with: - distribution: 'temurin' - java-version: 11 - cache: 'maven' + distribution: temurin + java-version: |- + 11 + 17 + cache: maven - name: Cache SonarCloud packages - uses: actions/cache@v3 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Enable testcontainer reuse + id: cache-sonar + uses: actions/cache@v4 + with: { + path: ~/.sonar/cache, + key: '${{ runner.os }}-sonar', + restore-keys: '${{ runner.os }}-sonar' + } + - { + name: Enable testcontainer reuse, + id: enable-testcontainer-reuse, run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" + } - name: Run tests and build with Maven + id: build-pk-verify run: | mvn --batch-mode clean verify \ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ -DtrimStackTrace=false - - name: Publish Test Report - uses: scacap/action-surefire-report@v1 - if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - name: Sonar analysis + id: sonar-analysis if: ${{ env.SONAR_TOKEN != null }} run: | mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ -DtrimStackTrace=false \ - -Dsonar.organization=exasol \ - -Dsonar.host.url=https://sonarcloud.io \ - -Dsonar.login=$SONAR_TOKEN - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} \ No newline at end of file + -Dsonar.token=$SONAR_TOKEN + env: { + GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}', + SONAR_TOKEN: '${{ secrets.SONAR_TOKEN }}' + } + - name: Verify Release Artifacts + id: verify-release-artifacts + run: "print_message() {\n local -r message=$1\n echo \"$message\"\n echo \"$message\" >> \"$GITHUB_STEP_SUMMARY\"\n}\n\nprint_message \"### Release Artifacts\"\n\nIFS=$'\\n' artifacts_array=($ARTIFACTS)\nmissing_files=()\nfor file in \"${artifacts_array[@]}\";\ndo \n echo \"Checking if file $file exists...\"\n if ! [[ -f \"$file\" ]]; then\n print_message \"* ⚠️ \\`$file\\` does not exist ⚠️\"\n echo \"Content of directory $(dirname \"$file\"):\"\n ls \"$(dirname \"$file\")\"\n missing_files+=(\"$file\")\n else\n print_message \"* \\`$file\\` ✅\" \n fi\ndone\nprint_message \"\"\nnumber_of_missing_files=${#missing_files[@]}\nif [[ $number_of_missing_files -gt 0 ]]; then\n print_message \"⚠️ $number_of_missing_files release artifact(s) missing ⚠️\"\n exit 1\nfi\n" + env: { + ARTIFACTS: '${{ steps.build-pk-verify.outputs.release-artifacts }}' + } + - name: Upload artifacts + id: upload-artifacts + uses: actions/upload-artifact@v4 + with: { + name: artifacts, + path: '${{ steps.build-pk-verify.outputs.release-artifacts }}', + retention-days: 5 + } + - name: Configure link check + id: configure-link-check + run: | + mkdir -p ./target + echo '{"aliveStatusCodes": [429, 200], "ignorePatterns": [' \ + '{"pattern": "^https?://(www|dev).mysql.com/"},' \ + '{"pattern": "^https?://(www.)?opensource.org"}' \ + '{"pattern": "^https?://(www.)?eclipse.org"}' \ + '{"pattern": "^https?://projects.eclipse.org"}' \ + ']}' > ./target/broken_links_checker.json + - uses: gaurav-nelson/github-action-markdown-link-check@v1 + id: run-link-check + with: { + use-quiet-mode: yes, + use-verbose-mode: yes, + config-file: ./target/broken_links_checker.json + } + next-java-compatibility: + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + permissions: { + contents: read + } + concurrency: { + group: '${{ github.workflow }}-next-java-${{ github.ref }}', + cancel-in-progress: true + } + steps: + - name: Checkout the repository + id: checkout + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up JDK 17 + id: setup-java + uses: actions/setup-java@v4 + with: { + distribution: temurin, + java-version: '17', + cache: maven + } + - { + name: Run tests and build with Maven 17, + id: build-next-java, + run: mvn --batch-mode clean package -DtrimStackTrace=false -Djava.version=17 + } + build: + needs: [ + build-and-test, + next-java-compatibility + ] + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + permissions: { + contents: read, + issues: read + } + outputs: { + release-required: '${{ steps.check-release.outputs.release-required }}' + } + steps: + - name: Checkout the repository + id: checkout + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up JDKs + id: setup-java + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: |- + 11 + 17 + cache: maven + - name: Check if release is needed + id: check-release + if: ${{ github.ref == 'refs/heads/main' }} + run: | + if mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects .; then + echo "### ✅ Release preconditions met, start release" >> "$GITHUB_STEP_SUMMARY" + echo "release-required=true" >> "$GITHUB_OUTPUT" + else + echo "### 🛑 Not all release preconditions met, skipping release" >> "$GITHUB_STEP_SUMMARY" + echo "See log output for details." >> "$GITHUB_STEP_SUMMARY" + echo "release-required=false" >> "$GITHUB_OUTPUT" + fi + env: { + GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + } + start_release: + needs: build + if: ${{ github.ref == 'refs/heads/main' && needs.build.outputs.release-required == 'true' }} + concurrency: { + cancel-in-progress: false, + group: release + } + secrets: inherit + permissions: { + contents: write, + actions: read, + issues: read + } + uses: ./.github/workflows/release.yml + with: { + started-from-ci: true + } diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index b2ab231..02c5aa0 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -1,20 +1,80 @@ -name: Dependencies Check - +# This file was generated by Project Keeper. +name: Report Security Issues on: + workflow_dispatch: null schedule: - - cron: "0 2 * * *" - + - { + cron: 0 2 * * * + } jobs: - build: + report_security_issues: runs-on: ubuntu-latest - + defaults: + run: { + shell: bash + } + permissions: { + contents: read, + issues: write + } + outputs: { + created-issues: '${{ steps.security-issues.outputs.created-issues }}' + } + concurrency: { + group: '${{ github.workflow }}-report_security_issues', + cancel-in-progress: true + } steps: - - uses: actions/checkout@v3 - - name: Set up JDK 11 - uses: actions/setup-java@v3 + - { + name: Checkout, + id: checkout, + uses: actions/checkout@v4 + } + - name: Set up JDKs + id: setup-jdks + uses: actions/setup-java@v4 with: - distribution: 'temurin' - java-version: 11 - cache: 'maven' - - name: Checking dependencies for vulnerabilities - run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml \ No newline at end of file + distribution: temurin + java-version: |- + 11 + 17 + cache: maven + - name: Generate ossindex report + id: ossindex-report + run: | + mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \ + org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \ + -Dossindex.reportFile=$(pwd)/ossindex-report.json \ + -Dossindex.fail=false + - name: Report Security Issues + id: security-issues + uses: exasol/python-toolbox/.github/actions/security-issues@main + with: { + format: maven, + command: cat ossindex-report.json, + github-token: '${{ secrets.GITHUB_TOKEN }}' + } + - name: Output security issues (Debugging) + id: debug-print-security-issues + run: | + echo "$CREATED_ISSUES" > test.jsonl + cat test.jsonl + env: { + CREATED_ISSUES: '${{ steps.security-issues.outputs.created-issues }}' + } + start_dependency_udpate: + needs: report_security_issues + if: ${{ needs.report_security_issues.outputs.created-issues }} + concurrency: { + group: '${{ github.workflow }}-start_dependency_update', + cancel-in-progress: false + } + secrets: inherit + permissions: { + contents: write, + pull-requests: write + } + uses: ./.github/workflows/dependencies_update.yml + with: { + vulnerability_issues: '${{ needs.report_security_issues.outputs.created-issues }}' + } diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml new file mode 100644 index 0000000..c901506 --- /dev/null +++ b/.github/workflows/dependencies_update.yml @@ -0,0 +1,176 @@ +# This file was generated by Project Keeper. +name: Update dependencies +on: + workflow_call: + inputs: + vulnerability_issues: { + description: GitHub issues for vulnerable dependencies as JSONL, + required: true, + type: string + } + workflow_dispatch: null +jobs: + update_dependencies: + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + permissions: { + contents: write, + pull-requests: write + } + concurrency: { + group: '${{ github.workflow }}', + cancel-in-progress: false + } + steps: + - uses: actions/checkout@v4 + id: checkout + with: { + fetch-depth: 0 + } + - name: Set up JDKs + id: setup-jdks + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: |- + 11 + 17 + cache: maven + - name: Print issues + id: debug-print-issues + run: | + echo "Issues from Action input: $ISSUES" + env: { + ISSUES: '${{ inputs.vulnerability_issues }}' + } + - name: Fail if not running on a branch + id: check-branch + if: ${{ !startsWith(github.ref, 'refs/heads/') }} + uses: actions/github-script@v7 + with: + script: | + core.setFailed('Not running on a branch, github.ref is ${{ github.ref }}. Please start this workflow only on main or a branch') + - name: Update dependencies + id: update-dependencies + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:update-dependencies --projects . \ + -Dproject-keeper:vulnerabilities="$CREATED_ISSUES" + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } + - name: Generate Pull Request comment + id: pr-comment + run: | + echo 'comment<> "$GITHUB_OUTPUT" + echo 'This Pull Request was created by [`dependencies_update.yml`](https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml) workflow.' >> "$GITHUB_OUTPUT" + if [ -n "$CREATED_ISSUES" ]; then + echo 'It updates dependencies to fix the following vulnerabilities:' >> "$GITHUB_OUTPUT" + echo $CREATED_ISSUES | jq --raw-output '. | "* Closes " + .issue_url + " (" + .cve + ")"' >> "$GITHUB_OUTPUT" + else + echo 'It updates dependencies.' >> "$GITHUB_OUTPUT" + fi + echo >> "$GITHUB_OUTPUT" + echo '# ⚠️ Notes ⚠️' >> "$GITHUB_OUTPUT" + echo '## Run PK fix manually' >> "$GITHUB_OUTPUT" + echo 'Due to restrictions workflow `dependencies_update.yml` cannot update other workflows, see https://github.com/exasol/project-keeper/issues/578 for details.' >> "$GITHUB_OUTPUT" + echo 'Please checkout this PR locally and run `mvn com.exasol:project-keeper-maven-plugin:fix --projects .`' >> "$GITHUB_OUTPUT" + echo '## This PR does not trigger CI workflows' >> "$GITHUB_OUTPUT" + echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT" + echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + + cat "$GITHUB_OUTPUT" + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } + - name: Generate Pull Request Title + id: pr-title + run: | + if [ -n "$CREATED_ISSUES" ]; then + echo "Security issues are available" + echo "title=🔐 Update dependencies to fix vulnerabilities" >> "$GITHUB_OUTPUT" + else + echo "Security issues are not available" + echo "title=Update dependencies" >> "$GITHUB_OUTPUT" + fi + + cat "$GITHUB_OUTPUT" + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } + - name: Configure git + id: configure-git + run: | + git config --global user.email "opensource@exasol.com" + git config --global user.name "Automatic Dependency Updater" + - name: Create branch + id: create-branch + if: ${{ github.ref == 'refs/heads/main' }} + run: | + branch_name="dependency-update/$(date "+%Y%m%d%H%M%S")" + echo "Creating branch $branch_name" + git checkout -b "$branch_name" + - name: Commit changes & push + id: publish-branch + if: ${{ startsWith(github.ref, 'refs/heads/' ) }} + run: | + branch_name=$(git rev-parse --abbrev-ref HEAD) + echo "Current branch: $branch_name" + echo "git diff --stat" + git diff --stat + echo "git diff --numstat" + git diff --numstat + echo "git diff --name-status" + git diff --name-status + echo "Adding untracked files:" + git add . --verbose --all + echo "Committing changes..." + git commit --message "$TITLE" + echo "Pushing branch $branch_name..." + git push --set-upstream origin "$branch_name" + echo "Done." + env: { + TITLE: '${{ steps.pr-title.outputs.title }}' + } + - name: Create pull request + id: create-pr + if: ${{ github.ref == 'refs/heads/main' }} + run: | + pr_url=$(gh pr create --base main --title "$TITLE" --body "$COMMENT") + echo "Created Pull Request: $pr_url" + echo "pr_url=$pr_url" >> "$GITHUB_OUTPUT" + env: { + COMMENT: '${{ steps.pr-comment.outputs.comment }}', + TITLE: '${{ steps.pr-title.outputs.title }}', + GH_TOKEN: '${{ github.token }}' + } + - name: Report failure Status to Slack channel + id: report-failure-slack + if: ${{ always() }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ secrets.GITHUB_TOKEN }}', + notification_title: 'Dependency check in {repo} has {status_message}', + message_format: '{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>', + notify_when: 'failure,cancelled,warnings' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } + - name: Report new Pull Request to Slack channel + id: report-pr-slack + if: ${{ steps.create-pr.outputs.pr_url }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ secrets.GITHUB_TOKEN }}', + notification_title: 'Dependency update for {repo} created a Pull Request', + message_format: '{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..e4682a3 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,219 @@ +# This file was generated by Project Keeper. +name: Release +on: + workflow_call: + inputs: + started-from-ci: { + description: 'Marks this release as started from CI, skipping precondition check', + type: boolean, + required: true, + default: false + } + workflow_dispatch: + inputs: + skip-maven-central: { + description: Skip deployment to Maven Central, + required: true, + type: boolean, + default: false + } + skip-github-release: { + description: Skip creating the GitHub release, + required: true, + type: boolean, + default: false + } +jobs: + release: + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + concurrency: { + group: '${{ github.workflow }}', + cancel-in-progress: false + } + permissions: { + contents: write, + actions: read, + issues: read + } + steps: + - name: Checkout the repository + id: checkout + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up Maven Central Repository + id: configure-maven-central-credentials + if: ${{ true }} + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: |- + 11 + 17 + cache: maven + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + - name: Set up JDKs + id: setup-jdks + if: ${{ ! true }} + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: |- + 11 + 17 + cache: maven + - name: Fail if not running on main branch + id: check-main-branch + if: ${{ github.ref != 'refs/heads/main' }} + uses: actions/github-script@v7 + with: + script: | + core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main') + - name: Check CI build of this commit succeeded + id: check-ci-build-status + if: ${{ ! inputs.started-from-ci }} + run: | + echo "Commit SHA: $COMMIT_SHA" + gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA + ci_build_status=$(gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA --json conclusion --template '{{range .}}{{.conclusion}}{{"\n"}}{{end}}') + echo "CI build status at commit $COMMIT_SHA was '$ci_build_status'" + if [[ "$ci_build_status" != "success" ]]; then + gh run list --workflow ci-build.yml --commit $COMMIT_SHA >> $GITHUB_STEP_SUMMARY + echo "Status of CI build for commit $COMMIT_SHA was '$ci_build_status', expected 'success'" >> $GITHUB_STEP_SUMMARY + cat $GITHUB_STEP_SUMMARY + exit 1 + fi + env: { + COMMIT_SHA: '${{ github.sha }}', + GH_TOKEN: '${{ github.token }}' + } + - name: Verify release preconditions + id: verify-release + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects . + echo "$GITHUB_OUTPUT" + env: { + GITHUB_TOKEN: '${{ github.token }}' + } + - { + name: Build project, + id: build, + run: mvn --batch-mode -DskipTests clean verify + } + - { + name: List secret GPG keys, + id: list-secret-gpg-keys, + if: '${{ true && (! inputs.skip-maven-central) }}', + run: gpg --list-secret-keys + } + - name: Publish to Central Repository + id: deploy-maven-central + if: ${{ true && (! inputs.skip-maven-central) }} + run: | + echo "#### Maven Central Release" >> "$GITHUB_STEP_SUMMARY" + mvn --batch-mode -Dgpg.skip=false -DskipTests deploy + echo "Published to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY" + env: { + MAVEN_USERNAME: '${{ secrets.OSSRH_USERNAME }}', + MAVEN_PASSWORD: '${{ secrets.OSSRH_PASSWORD }}', + MAVEN_GPG_PASSPHRASE: '${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}' + } + - name: Calculate Artifact Checksums + id: artifact-checksum + if: ${{ ! inputs.skip-github-release }} + run: | + echo "Calculating sha256 checksum for artifact files" + echo "artifacts<> "$GITHUB_OUTPUT" + IFS=$'\n' artifacts_array=($ARTIFACTS) + for file in "${artifacts_array[@]}"; + do + full_path=$(realpath "$file") + echo "Calculate sha256sum for file '$full_path'" + file_dir="$(dirname "$full_path")" + file_name=$(basename "$full_path") + pushd "$file_dir" + checksum_file_name="${file_name}.sha256" + sha256sum "$file_name" > "$checksum_file_name" + echo "$full_path" >> "$GITHUB_OUTPUT" + echo "${file_dir}/$checksum_file_name" >> "$GITHUB_OUTPUT" + popd + done + echo "EOF" >> "$GITHUB_OUTPUT" + echo "Full artifact file list" + cat "$GITHUB_OUTPUT" + env: { + ARTIFACTS: '${{ steps.verify-release.outputs.release-artifacts }}' + } + - name: Create GitHub Release + id: create-github-release + if: ${{ ! inputs.skip-github-release }} + run: | + echo "### GitHub Release" >> "$GITHUB_STEP_SUMMARY" + IFS=$'\n' artifacts_array=($ARTIFACTS) + echo "#### Attaching Release Artifacts" >> "$GITHUB_STEP_SUMMARY" + for file in "${artifacts_array[@]}"; + do + echo "Attaching artifact '$file'" + echo "* \`$file\`" >> "$GITHUB_STEP_SUMMARY" + done + echo "" >> "$GITHUB_STEP_SUMMARY" + release_url=$(gh release create --latest --title "$TITLE" --notes "$NOTES" --target main $TAG "${artifacts_array[@]}") + echo "Created release $TAG with title '$TITLE' at $release_url ✅" >> "$GITHUB_STEP_SUMMARY" + echo "release-url=$release_url" >> "$GITHUB_OUTPUT" + + # [impl->dsn~release-workflow.create-golang-tags~1] + echo "#### Creating Additional Tags" >> "$GITHUB_STEP_SUMMARY" + IFS=$'\n' tags_array=($ADDITIONAL_TAGS) + for tag in "${tags_array[@]}"; + do + echo "Creating tag '$tag'" + git tag "$tag" + git push origin "$tag" + echo "* \`$tag\`" >> "$GITHUB_STEP_SUMMARY" + done + + git fetch --tags origin + env: { + GH_TOKEN: '${{ github.token }}', + TAG: '${{ steps.verify-release.outputs.release-tag }}', + ADDITIONAL_TAGS: '${{ steps.verify-release.outputs.additional-release-tags }}', + NOTES: '${{ steps.verify-release.outputs.release-notes }}', + TITLE: '${{ steps.verify-release.outputs.release-title }}', + ARTIFACTS: '${{ steps.artifact-checksum.outputs.artifacts }}' + } + - name: Report failure Status to Slack channel + id: report-failure-status-slack + if: ${{ always() }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ github.token }}', + notification_title: 'Release build in {repo} has {status_message}', + message_format: '{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>', + notify_when: 'failure,cancelled,warnings,skipped' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } + - name: Report new release to Slack channel + id: report-new-release-slack + if: ${{ steps.create-github-release.outputs.release-url }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ github.token }}', + notification_title: 'Release build for {repo} created a new release', + message_format: '{workflow} created release ${{ steps.create-github-release.outputs.release-url }}' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml deleted file mode 100644 index 4a980f8..0000000 --- a/.github/workflows/release_droid_prepare_original_checksum.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Release Droid - Prepare Original Checksum - -on: - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set up JDK 11 - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: 11 - cache: 'maven' - - name: Enable testcontainer reuse - run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" - - name: Run tests and build with Maven - run: mvn --batch-mode clean verify --file pom.xml - - name: Prepare checksum - run: find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum - - name: Upload checksum to the artifactory - uses: actions/upload-artifact@v3 - with: - name: original_checksum - retention-days: 5 - path: original_checksum \ No newline at end of file diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml deleted file mode 100644 index 8add957..0000000 --- a/.github/workflows/release_droid_print_quick_checksum.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Release Droid - Print Quick Checksum - -on: - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set up JDK 11 - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: 11 - cache: 'maven' - - name: Build with Maven skipping tests - run: mvn --batch-mode clean verify -DskipTests - - name: Print checksum - run: echo 'checksum_start==';find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + | xargs;echo '==checksum_end' - diff --git a/.github/workflows/release_droid_release_on_maven_central.yml b/.github/workflows/release_droid_release_on_maven_central.yml deleted file mode 100644 index b467607..0000000 --- a/.github/workflows/release_droid_release_on_maven_central.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: Release Droid - Release On Maven Central - -on: - workflow_dispatch: - -jobs: - publish: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set up Maven Central Repository - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: 11 - cache: 'maven' - server-id: ossrh - server-username: MAVEN_USERNAME - server-password: MAVEN_PASSWORD - gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} - gpg-passphrase: MAVEN_GPG_PASSPHRASE - - name: Publish to Central Repository - run: mvn --batch-mode -Dgpg.skip=false -DskipTests clean deploy - env: - MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} - MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }} - MAVEN_GPG_PASSPHRASE: ${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }} \ No newline at end of file diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml deleted file mode 100644 index 7350faf..0000000 --- a/.github/workflows/release_droid_upload_github_release_assets.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Release Droid - Upload GitHub Release Assets - -on: - workflow_dispatch: - inputs: - upload_url: - description: 'Assets upload URL' - required: true - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Set up JDK 11 - uses: actions/setup-java@v3 - with: - distribution: 'temurin' - java-version: 11 - cache: 'maven' - - name: Build with Maven skipping tests - run: mvn --batch-mode clean verify -DskipTests - - name: Generate sha256sum files - run: | - cd target - find . -maxdepth 1 -name \*.jar -exec bash -c 'sha256sum {} > {}.sha256' \; - - name: Upload assets to the GitHub release draft - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/*.jar - - name: Upload sha256sum files - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/*.sha256 - - name: Upload error-code-report - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/error_code_report.json diff --git a/.gitignore b/.gitignore index e83d226..e49bb57 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,5 @@ pom.xml.versionsBackup *.md.html *.flattened-pom.xml +/.apt_generated/ +.settings/org.eclipse.jdt.apt.core.prefs diff --git a/.project-keeper.yml b/.project-keeper.yml index 367e462..7da25d4 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -4,4 +4,3 @@ sources: modules: - maven_central - integration_tests - - udf_coverage diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs index 8b5a9aa..6d0c568 100644 --- a/.settings/org.eclipse.jdt.core.prefs +++ b/.settings/org.eclipse.jdt.core.prefs @@ -1,15 +1,19 @@ eclipse.preferences.version=1 +org.eclipse.jdt.core.builder.annotationPath.allLocations=disabled org.eclipse.jdt.core.compiler.annotation.inheritNullAnnotations=disabled org.eclipse.jdt.core.compiler.annotation.missingNonNullByDefaultAnnotation=ignore org.eclipse.jdt.core.compiler.annotation.nonnull=org.eclipse.jdt.annotation.NonNull org.eclipse.jdt.core.compiler.annotation.nonnull.secondary= org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=org.eclipse.jdt.annotation.NonNullByDefault org.eclipse.jdt.core.compiler.annotation.nonnullbydefault.secondary= +org.eclipse.jdt.core.compiler.annotation.notowning=org.eclipse.jdt.annotation.NotOwning org.eclipse.jdt.core.compiler.annotation.nullable=org.eclipse.jdt.annotation.Nullable org.eclipse.jdt.core.compiler.annotation.nullable.secondary= org.eclipse.jdt.core.compiler.annotation.nullanalysis=disabled +org.eclipse.jdt.core.compiler.annotation.owning=org.eclipse.jdt.annotation.Owning +org.eclipse.jdt.core.compiler.annotation.resourceanalysis=disabled org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled -org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate +org.eclipse.jdt.core.compiler.codegen.methodParameters=generate org.eclipse.jdt.core.compiler.codegen.targetPlatform=11 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve org.eclipse.jdt.core.compiler.compliance=11 @@ -17,6 +21,7 @@ org.eclipse.jdt.core.compiler.debug.lineNumber=generate org.eclipse.jdt.core.compiler.debug.localVariable=generate org.eclipse.jdt.core.compiler.debug.sourceFile=generate org.eclipse.jdt.core.compiler.problem.APILeak=warning +org.eclipse.jdt.core.compiler.problem.annotatedTypeArgumentToUnannotated=info org.eclipse.jdt.core.compiler.problem.annotationSuperInterface=warning org.eclipse.jdt.core.compiler.problem.assertIdentifier=error org.eclipse.jdt.core.compiler.problem.autoboxing=ignore @@ -39,8 +44,10 @@ org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning org.eclipse.jdt.core.compiler.problem.hiddenCatchBlock=warning org.eclipse.jdt.core.compiler.problem.includeNullInfoFromAsserts=disabled org.eclipse.jdt.core.compiler.problem.incompatibleNonInheritedInterfaceMethod=warning +org.eclipse.jdt.core.compiler.problem.incompatibleOwningContract=warning org.eclipse.jdt.core.compiler.problem.incompleteEnumSwitch=warning org.eclipse.jdt.core.compiler.problem.indirectStaticAccess=ignore +org.eclipse.jdt.core.compiler.problem.insufficientResourceAnalysis=warning org.eclipse.jdt.core.compiler.problem.localVariableHiding=ignore org.eclipse.jdt.core.compiler.problem.methodWithConstructorName=warning org.eclipse.jdt.core.compiler.problem.missingDefaultCase=ignore @@ -56,15 +63,15 @@ org.eclipse.jdt.core.compiler.problem.noImplicitStringConversion=warning org.eclipse.jdt.core.compiler.problem.nonExternalizedStringLiteral=ignore org.eclipse.jdt.core.compiler.problem.nonnullParameterAnnotationDropped=warning org.eclipse.jdt.core.compiler.problem.nonnullTypeVariableFromLegacyInvocation=warning -org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=error +org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=warning org.eclipse.jdt.core.compiler.problem.nullReference=warning -org.eclipse.jdt.core.compiler.problem.nullSpecViolation=error -org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=warning +org.eclipse.jdt.core.compiler.problem.nullSpecViolation=warning +org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=ignore org.eclipse.jdt.core.compiler.problem.overridingPackageDefaultMethod=warning org.eclipse.jdt.core.compiler.problem.parameterAssignment=ignore org.eclipse.jdt.core.compiler.problem.pessimisticNullAnalysisForFreeTypeVariables=warning org.eclipse.jdt.core.compiler.problem.possibleAccidentalBooleanAssignment=ignore -org.eclipse.jdt.core.compiler.problem.potentialNullReference=ignore +org.eclipse.jdt.core.compiler.problem.potentialNullReference=warning org.eclipse.jdt.core.compiler.problem.potentiallyUnclosedCloseable=ignore org.eclipse.jdt.core.compiler.problem.rawTypeReference=warning org.eclipse.jdt.core.compiler.problem.redundantNullAnnotation=warning @@ -78,7 +85,8 @@ org.eclipse.jdt.core.compiler.problem.specialParameterHidingField=disabled org.eclipse.jdt.core.compiler.problem.staticAccessReceiver=warning org.eclipse.jdt.core.compiler.problem.suppressOptionalErrors=disabled org.eclipse.jdt.core.compiler.problem.suppressWarnings=enabled -org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=disabled +org.eclipse.jdt.core.compiler.problem.suppressWarningsNotFullyAnalysed=info +org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=enabled org.eclipse.jdt.core.compiler.problem.syntheticAccessEmulation=ignore org.eclipse.jdt.core.compiler.problem.terminalDeprecation=warning org.eclipse.jdt.core.compiler.problem.typeParameterHiding=warning @@ -111,7 +119,7 @@ org.eclipse.jdt.core.compiler.problem.unusedPrivateMember=warning org.eclipse.jdt.core.compiler.problem.unusedTypeParameter=ignore org.eclipse.jdt.core.compiler.problem.unusedWarningToken=warning org.eclipse.jdt.core.compiler.problem.varargsArgumentNeedCast=warning -org.eclipse.jdt.core.compiler.processAnnotations=enabled +org.eclipse.jdt.core.compiler.processAnnotations=disabled org.eclipse.jdt.core.compiler.release=disabled org.eclipse.jdt.core.compiler.source=11 org.eclipse.jdt.core.formatter.align_assignment_statements_on_columns=false diff --git a/.settings/org.eclipse.jdt.ui.prefs b/.settings/org.eclipse.jdt.ui.prefs index 1add06a..54d02ac 100644 --- a/.settings/org.eclipse.jdt.ui.prefs +++ b/.settings/org.eclipse.jdt.ui.prefs @@ -76,6 +76,7 @@ sp_cleanup.add_missing_nls_tags=false sp_cleanup.add_missing_override_annotations=true sp_cleanup.add_missing_override_annotations_interface_methods=true sp_cleanup.add_serial_version_id=false +sp_cleanup.also_simplify_lambda=false sp_cleanup.always_use_blocks=true sp_cleanup.always_use_parentheses_in_expressions=true sp_cleanup.always_use_this_for_non_static_field_access=true @@ -130,6 +131,7 @@ sp_cleanup.one_if_rather_than_duplicate_blocks_that_fall_through=false sp_cleanup.operand_factorization=false sp_cleanup.organize_imports=true sp_cleanup.overridden_assignment=false +sp_cleanup.overridden_assignment_move_decl=false sp_cleanup.plain_replacement=false sp_cleanup.precompile_regex=false sp_cleanup.primitive_comparison=false @@ -159,10 +161,12 @@ sp_cleanup.remove_unnecessary_casts=true sp_cleanup.remove_unnecessary_nls_tags=true sp_cleanup.remove_unused_imports=true sp_cleanup.remove_unused_local_variables=false +sp_cleanup.remove_unused_method_parameters=false sp_cleanup.remove_unused_private_fields=true sp_cleanup.remove_unused_private_members=false sp_cleanup.remove_unused_private_methods=true sp_cleanup.remove_unused_private_types=true +sp_cleanup.replace_deprecated_calls=false sp_cleanup.return_expression=false sp_cleanup.simplify_lambda_expression_and_method_ref=false sp_cleanup.single_used_field=false @@ -174,6 +178,8 @@ sp_cleanup.strictly_equal_or_different=false sp_cleanup.stringbuffer_to_stringbuilder=false sp_cleanup.stringbuilder=false sp_cleanup.stringbuilder_for_local_vars=false +sp_cleanup.stringconcat_stringbuffer_stringbuilder=false +sp_cleanup.stringconcat_to_textblock=false sp_cleanup.substring=false sp_cleanup.switch=false sp_cleanup.system_property=false diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..e71d465 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,21 @@ +{ + "editor.formatOnSave": true, + "editor.codeActionsOnSave": { + "source.organizeImports": "explicit", + "source.generate.finalModifiers": "explicit", + "source.fixAll": "explicit" + }, + "java.codeGeneration.useBlocks": true, + "java.saveActions.organizeImports": true, + "java.sources.organizeImports.starThreshold": 3, + "java.sources.organizeImports.staticStarThreshold": 3, + "java.test.config": { + "vmArgs": [ + "-Djava.util.logging.config.file=src/test/resources/logging.properties" + ] + }, + "sonarlint.connectedMode.project": { + "connectionId": "exasol", + "projectKey": "com.exasol:artifact-reference-checker-maven-plugin" + } +} diff --git a/README.md b/README.md index c0c03af..5578ec0 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Artifact Reference Checker Maven Plugin [![Build Status](https://github.com/exasol/artifact-reference-checker-maven-plugin/actions/workflows/ci-build.yml/badge.svg)](https://github.com/exasol/artifact-reference-checker-maven-plugin/actions/workflows/ci-build.yml) -[![Maven Central – Artifact reference checker and unifier](https://img.shields.io/maven-central/v/com.exasol/artifact-reference-checker-maven-plugin)](https://search.maven.org/artifact/com.exasol/artifact-reference-checker-maven-plugin) +[![Maven Central – Artifact reference checker and unifier](https://img.shields.io/maven-central/v/com.exasol/artifact-reference-checker-maven-plugin)](https://search.maven.org/artifact/com.exasol/artifact-reference-checker-maven-plugin) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=com.exasol%3Aartifact-reference-checker-maven-plugin&metric=alert_status)](https://sonarcloud.io/dashboard?id=com.exasol%3Aartifact-reference-checker-maven-plugin) @@ -66,4 +66,4 @@ Add the following lines to your `pom.xml` file. ## Information for Users * [Changelog](doc/changes/changelog.md) -* [Dependencies](dependencies.md) \ No newline at end of file +* [Dependencies](dependencies.md) diff --git a/dependencies.md b/dependencies.md index d21220a..2876ef6 100644 --- a/dependencies.md +++ b/dependencies.md @@ -5,8 +5,8 @@ | Dependency | License | | ---------------------------------------- | --------------------------------------------- | -| [Maven Plugin Tools Java Annotations][0] | [Apache License, Version 2.0][1] | -| [Maven Plugin API][2] | [Apache License, Version 2.0][1] | +| [Maven Plugin Tools Java Annotations][0] | [Apache-2.0][1] | +| [Maven Plugin API][2] | [Apache-2.0][1] | | [Maven Project Builder][3] | [The Apache Software License, Version 2.0][4] | | [error-reporting-java][5] | [MIT License][6] | @@ -14,45 +14,45 @@ | Dependency | License | | -------------------------------------- | -------------------------------- | -| [JUnit Jupiter Engine][7] | [Eclipse Public License v2.0][8] | +| [JUnit Jupiter API][7] | [Eclipse Public License v2.0][8] | | [JUnit Jupiter Params][7] | [Eclipse Public License v2.0][8] | -| [SLF4J JDK14 Binding][9] | [MIT License][10] | +| [SLF4J JDK14 Provider][9] | [MIT License][10] | | [Maven Plugin Integration Testing][11] | [MIT License][12] | | [Maven Project Version Getter][13] | [MIT License][14] | -| [JaCoCo :: Agent][15] | [Eclipse Public License 2.0][16] | ## Plugin Dependencies -| Dependency | License | -| ------------------------------------------------------- | --------------------------------------------- | -| [SonarQube Scanner for Maven][17] | [GNU LGPL 3][18] | -| [Apache Maven Compiler Plugin][19] | [Apache License, Version 2.0][1] | -| [Apache Maven Enforcer Plugin][20] | [Apache License, Version 2.0][1] | -| [Maven Flatten Plugin][21] | [Apache Software Licenese][4] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][22] | [ASL2][4] | -| [Maven Surefire Plugin][23] | [Apache License, Version 2.0][1] | -| [Versions Maven Plugin][24] | [Apache License, Version 2.0][1] | -| [Apache Maven Deploy Plugin][25] | [Apache License, Version 2.0][1] | -| [Apache Maven GPG Plugin][26] | [Apache License, Version 2.0][1] | -| [Apache Maven Source Plugin][27] | [Apache License, Version 2.0][1] | -| [Apache Maven Javadoc Plugin][28] | [Apache License, Version 2.0][1] | -| [Nexus Staging Maven Plugin][29] | [Eclipse Public License][30] | -| [Apache Maven Dependency Plugin][31] | [Apache License, Version 2.0][1] | -| [Maven Failsafe Plugin][32] | [Apache License, Version 2.0][1] | -| [JaCoCo :: Maven Plugin][33] | [Eclipse Public License 2.0][16] | -| [Maven Plugin Plugin][34] | [Apache License, Version 2.0][1] | -| [Project keeper maven plugin][35] | [The MIT License][36] | -| [error-code-crawler-maven-plugin][37] | [MIT License][38] | -| [Reproducible Build Maven Plugin][39] | [Apache 2.0][4] | -| [Maven Clean Plugin][40] | [The Apache Software License, Version 2.0][4] | -| [Maven Resources Plugin][41] | [The Apache Software License, Version 2.0][4] | -| [Maven JAR Plugin][42] | [The Apache Software License, Version 2.0][4] | -| [Maven Install Plugin][43] | [The Apache Software License, Version 2.0][4] | -| [Maven Site Plugin 3][44] | [The Apache Software License, Version 2.0][4] | +| Dependency | License | +| ------------------------------------------------------- | -------------------------------- | +| [Apache Maven Clean Plugin][15] | [Apache-2.0][1] | +| [Apache Maven Install Plugin][16] | [Apache-2.0][1] | +| [Apache Maven Resources Plugin][17] | [Apache-2.0][1] | +| [Apache Maven Site Plugin][18] | [Apache-2.0][1] | +| [SonarQube Scanner for Maven][19] | [GNU LGPL 3][20] | +| [Apache Maven Toolchains Plugin][21] | [Apache-2.0][1] | +| [Apache Maven Compiler Plugin][22] | [Apache-2.0][1] | +| [Apache Maven Enforcer Plugin][23] | [Apache-2.0][1] | +| [Maven Flatten Plugin][24] | [Apache Software Licenese][1] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][25] | [ASL2][4] | +| [Maven Surefire Plugin][26] | [Apache-2.0][1] | +| [Versions Maven Plugin][27] | [Apache License, Version 2.0][1] | +| [duplicate-finder-maven-plugin Maven Mojo][28] | [Apache License 2.0][29] | +| [Apache Maven Deploy Plugin][30] | [Apache-2.0][1] | +| [Apache Maven GPG Plugin][31] | [Apache-2.0][1] | +| [Apache Maven Source Plugin][32] | [Apache License, Version 2.0][1] | +| [Apache Maven Javadoc Plugin][33] | [Apache-2.0][1] | +| [Nexus Staging Maven Plugin][34] | [Eclipse Public License][35] | +| [Maven Failsafe Plugin][36] | [Apache-2.0][1] | +| [JaCoCo :: Maven Plugin][37] | [EPL-2.0][38] | +| [Quality Summarizer Maven Plugin][39] | [MIT License][40] | +| [Maven Plugin Plugin][41] | [Apache-2.0][1] | +| [Project Keeper Maven plugin][42] | [The MIT License][43] | +| [error-code-crawler-maven-plugin][44] | [MIT License][45] | +| [Reproducible Build Maven Plugin][46] | [Apache 2.0][4] | [0]: https://maven.apache.org/plugin-tools/maven-plugin-annotations [1]: https://www.apache.org/licenses/LICENSE-2.0.txt -[2]: https://maven.apache.org/ref/3.8.6/maven-plugin-api/ +[2]: https://maven.apache.org/ref/3.9.6/maven-plugin-api/ [3]: http://maven.apache.org/ [4]: http://www.apache.org/licenses/LICENSE-2.0.txt [5]: https://github.com/exasol/error-reporting-java/ @@ -65,33 +65,35 @@ [12]: https://github.com/exasol/maven-plugin-integration-testing/blob/main/LICENSE [13]: https://github.com/exasol/maven-project-version-getter/ [14]: https://github.com/exasol/maven-project-version-getter/blob/main/LICENSE -[15]: https://www.eclemma.org/jacoco/index.html -[16]: https://www.eclipse.org/legal/epl-2.0/ -[17]: http://sonarsource.github.io/sonar-scanner-maven/ -[18]: http://www.gnu.org/licenses/lgpl.txt -[19]: https://maven.apache.org/plugins/maven-compiler-plugin/ -[20]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[21]: https://www.mojohaus.org/flatten-maven-plugin/ -[22]: https://sonatype.github.io/ossindex-maven/maven-plugin/ -[23]: https://maven.apache.org/surefire/maven-surefire-plugin/ -[24]: http://www.mojohaus.org/versions-maven-plugin/ -[25]: https://maven.apache.org/plugins/maven-deploy-plugin/ -[26]: https://maven.apache.org/plugins/maven-gpg-plugin/ -[27]: https://maven.apache.org/plugins/maven-source-plugin/ -[28]: https://maven.apache.org/plugins/maven-javadoc-plugin/ -[29]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ -[30]: http://www.eclipse.org/legal/epl-v10.html -[31]: https://maven.apache.org/plugins/maven-dependency-plugin/ -[32]: https://maven.apache.org/surefire/maven-failsafe-plugin/ -[33]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[34]: https://maven.apache.org/plugin-tools/maven-plugin-plugin -[35]: https://github.com/exasol/project-keeper/ -[36]: https://github.com/exasol/project-keeper/blob/main/LICENSE -[37]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[38]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[39]: http://zlika.github.io/reproducible-build-maven-plugin -[40]: http://maven.apache.org/plugins/maven-clean-plugin/ -[41]: http://maven.apache.org/plugins/maven-resources-plugin/ -[42]: http://maven.apache.org/plugins/maven-jar-plugin/ -[43]: http://maven.apache.org/plugins/maven-install-plugin/ -[44]: http://maven.apache.org/plugins/maven-site-plugin/ +[15]: https://maven.apache.org/plugins/maven-clean-plugin/ +[16]: https://maven.apache.org/plugins/maven-install-plugin/ +[17]: https://maven.apache.org/plugins/maven-resources-plugin/ +[18]: https://maven.apache.org/plugins/maven-site-plugin/ +[19]: http://docs.sonarqube.org/display/PLUG/Plugin+Library/sonar-maven-plugin +[20]: http://www.gnu.org/licenses/lgpl.txt +[21]: https://maven.apache.org/plugins/maven-toolchains-plugin/ +[22]: https://maven.apache.org/plugins/maven-compiler-plugin/ +[23]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ +[24]: https://www.mojohaus.org/flatten-maven-plugin/ +[25]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[26]: https://maven.apache.org/surefire/maven-surefire-plugin/ +[27]: https://www.mojohaus.org/versions/versions-maven-plugin/ +[28]: https://basepom.github.io/duplicate-finder-maven-plugin +[29]: http://www.apache.org/licenses/LICENSE-2.0.html +[30]: https://maven.apache.org/plugins/maven-deploy-plugin/ +[31]: https://maven.apache.org/plugins/maven-gpg-plugin/ +[32]: https://maven.apache.org/plugins/maven-source-plugin/ +[33]: https://maven.apache.org/plugins/maven-javadoc-plugin/ +[34]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ +[35]: http://www.eclipse.org/legal/epl-v10.html +[36]: https://maven.apache.org/surefire/maven-failsafe-plugin/ +[37]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[38]: https://www.eclipse.org/legal/epl-2.0/ +[39]: https://github.com/exasol/quality-summarizer-maven-plugin/ +[40]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE +[41]: https://maven.apache.org/plugin-tools/maven-plugin-plugin +[42]: https://github.com/exasol/project-keeper/ +[43]: https://github.com/exasol/project-keeper/blob/main/LICENSE +[44]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[45]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[46]: http://zlika.github.io/reproducible-build-maven-plugin diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 736780c..bb4309d 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [0.4.3](changes_0.4.3.md) * [0.4.2](changes_0.4.2.md) * [0.4.1](changes_0.4.1.md) * [0.4.0](changes_0.4.0.md) diff --git a/doc/changes/changes_0.4.3.md b/doc/changes/changes_0.4.3.md new file mode 100644 index 0000000..4dc2ad1 --- /dev/null +++ b/doc/changes/changes_0.4.3.md @@ -0,0 +1,53 @@ +# Artifact reference checker and unifier 0.4.3, released 2024-12-16 + +Code name: Fix CVE-2024-47554 in commons-io:commons-io:jar:2.11.0:test + +## Summary + +This release updates dependencies to fix CVE-2024-47554 in `commons-io:commons-io:jar:2.11.0:test`. + +## Security + +* #28: Fixed CVE-2024-47554 in `commons-io:commons-io:jar:2.11.0:test` + +## Dependency Updates + +### Compile Dependency Updates + +* Updated `com.exasol:error-reporting-java:1.0.0` to `1.0.1` + +### Test Dependency Updates + +* Updated `com.exasol:maven-plugin-integration-testing:1.1.2` to `1.1.3` +* Updated `com.exasol:maven-project-version-getter:1.2.0` to `1.2.1` +* Removed `org.jacoco:org.jacoco.agent:0.8.8` +* Added `org.junit.jupiter:junit-jupiter-api:5.11.3` +* Removed `org.junit.jupiter:junit-jupiter-engine:5.8.2` +* Updated `org.junit.jupiter:junit-jupiter-params:5.8.2` to `5.11.3` +* Updated `org.slf4j:slf4j-jdk14:2.0.3` to `2.0.16` + +### Plugin Dependency Updates + +* Updated `com.exasol:project-keeper-maven-plugin:2.8.0` to `4.5.0` +* Added `com.exasol:quality-summarizer-maven-plugin:0.2.0` +* Updated `io.github.zlika:reproducible-build-maven-plugin:0.15` to `0.17` +* Updated `org.apache.maven.plugins:maven-clean-plugin:2.5` to `3.4.0` +* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.10.1` to `3.13.0` +* Removed `org.apache.maven.plugins:maven-dependency-plugin:3.3.0` +* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.0.0-M1` to `3.1.3` +* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.1.0` to `3.5.0` +* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.0.0-M5` to `3.5.2` +* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.0.1` to `3.2.7` +* Updated `org.apache.maven.plugins:maven-install-plugin:2.4` to `3.1.3` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.4.0` to `3.11.1` +* Updated `org.apache.maven.plugins:maven-plugin-plugin:3.6.4` to `3.15.1` +* Updated `org.apache.maven.plugins:maven-resources-plugin:2.6` to `3.3.1` +* Updated `org.apache.maven.plugins:maven-site-plugin:3.3` to `3.21.0` +* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M5` to `3.5.2` +* Added `org.apache.maven.plugins:maven-toolchains-plugin:3.2.0` +* Added `org.basepom.maven:duplicate-finder-maven-plugin:2.0.1` +* Updated `org.codehaus.mojo:flatten-maven-plugin:1.2.7` to `1.6.0` +* Updated `org.codehaus.mojo:versions-maven-plugin:2.10.0` to `2.18.0` +* Updated `org.jacoco:jacoco-maven-plugin:0.8.8` to `0.8.12` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184` to `5.0.0.4389` +* Updated `org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13` to `1.7.0` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 4e0d596..10d9313 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,15 +3,27 @@ 4.0.0 com.exasol artifact-reference-checker-maven-plugin-generated-parent - 0.4.2 + 0.4.3 pom UTF-8 UTF-8 11 + exasol + https://sonarcloud.io true + + + ossrh + https://oss.sonatype.org/content/repositories/snapshots + + + ossrh + https://oss.sonatype.org/service/local/staging/deploy/maven2/ + + MIT License @@ -32,35 +44,71 @@ scm:git:https://github.com/exasol/artifact-reference-checker-maven-plugin.git https://github.com/exasol/artifact-reference-checker-maven-plugin/ - - - org.jacoco - org.jacoco.agent - 0.8.8 - test - runtime - - + + + org.apache.maven.plugins + maven-clean-plugin + 3.4.0 + + + org.apache.maven.plugins + maven-install-plugin + 3.1.3 + + + org.apache.maven.plugins + maven-resources-plugin + 3.3.1 + + + org.apache.maven.plugins + maven-site-plugin + 3.21.0 + org.sonarsource.scanner.maven sonar-maven-plugin - 3.9.1.2184 + 5.0.0.4389 + + + org.apache.maven.plugins + maven-toolchains-plugin + 3.2.0 + + + + toolchain + + + + + + + ${java.version} + + + org.apache.maven.plugins maven-compiler-plugin - 3.10.1 + 3.13.0 ${java.version} ${java.version} + true + + -Xlint:all + -Werror + org.apache.maven.plugins maven-enforcer-plugin - 3.1.0 + 3.5.0 enforce-maven @@ -72,6 +120,9 @@ 3.6.3 + + 17 + @@ -80,7 +131,7 @@ org.codehaus.mojo flatten-maven-plugin - 1.2.7 + 1.6.0 true oss @@ -119,7 +170,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.0.0-M5 + 3.5.2 @@ -130,7 +181,7 @@ org.codehaus.mojo versions-maven-plugin - 2.10.0 + 2.18.0 display-updates @@ -143,12 +194,48 @@ file:///${project.basedir}/versionsMavenPluginRules.xml + false + true + true + true + false + true + true + true + false + true + true + + + + org.basepom.maven + duplicate-finder-maven-plugin + 2.0.1 + + + default + verify + + check + + + + + true + true + true + true + true + true + false + true + false org.apache.maven.plugins maven-deploy-plugin - 3.0.0-M1 + 3.1.3 true @@ -156,7 +243,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.0.1 + 3.2.7 sign-artifacts @@ -176,6 +263,9 @@ org.apache.maven.plugins maven-source-plugin + 3.2.1 @@ -189,7 +279,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.4.0 + 3.11.1 attach-javadocs @@ -204,16 +294,20 @@ true true true + true + ${java.version} org.sonatype.plugins nexus-staging-maven-plugin - 1.6.13 + 1.7.0 true ossrh https://oss.sonatype.org/ + 15 + 30 @@ -225,37 +319,14 @@ - - org.apache.maven.plugins - maven-dependency-plugin - 3.3.0 - - - copy-jacoco - - copy-dependencies - - compile - - org.jacoco.agent - runtime - ${project.build.directory}/jacoco-agent - true - - - - org.apache.maven.plugins maven-failsafe-plugin - 3.0.0-M5 + 3.5.2 - + -Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine} - - true - + ${test.excludeTags} @@ -271,7 +342,7 @@ org.jacoco jacoco-maven-plugin - 0.8.8 + 0.8.12 prepare-agent @@ -279,12 +350,6 @@ prepare-agent - - prepare-agent-integration - - prepare-agent-integration - - merge-results verify @@ -315,10 +380,23 @@ + + com.exasol + quality-summarizer-maven-plugin + 0.2.0 + + + summarize-metrics + + summarize + + + + com.exasol error-code-crawler-maven-plugin - 1.1.2 + 2.0.3 verify @@ -331,7 +409,7 @@ io.github.zlika reproducible-build-maven-plugin - 0.15 + 0.17 strip-jar diff --git a/pom.xml b/pom.xml index 8064a99..ec78551 100644 --- a/pom.xml +++ b/pom.xml @@ -3,59 +3,50 @@ 4.0.0 artifact-reference-checker-maven-plugin maven-plugin - 0.4.2 + 0.4.3 Artifact reference checker and unifier This Maven-Plugin helps you not to forget to change references to your artifacts. For example, if you reference your binary in the README.md file, this plugin will break the build, if you forgot to update the version number there. https://github.com/exasol/artifact-reference-checker-maven-plugin/ - - - ossrh - https://oss.sonatype.org/content/repositories/snapshots - - - ossrh - https://oss.sonatype.org/service/local/staging/deploy/maven2/ - - - 5.8.2 + 5.11.3 + 3.9.6 org.apache.maven.plugin-tools maven-plugin-annotations - 3.6.4 + 3.15.1 provided org.apache.maven maven-plugin-api - 3.8.6 + ${maven.version} provided org.apache.maven maven-project 2.2.1 + provided junit junit - provided com.exasol error-reporting-java - 1.0.0 + 1.0.1 org.junit.jupiter - junit-jupiter-engine + junit-jupiter-api ${junit.version} test @@ -68,33 +59,43 @@ org.slf4j slf4j-jdk14 - 2.0.3 + 2.0.16 test com.exasol maven-plugin-integration-testing - 1.1.2 + 1.1.3 test com.exasol maven-project-version-getter - 1.2.0 + 1.2.1 test + + org.apache.maven.plugins + maven-compiler-plugin + + + -Xlint:all,-processing + -Werror + + + org.apache.maven.plugins maven-plugin-plugin - 3.6.4 + 3.15.1 com.exasol project-keeper-maven-plugin - 2.8.0 + 4.5.0 @@ -119,12 +120,35 @@ + + org.basepom.maven + duplicate-finder-maven-plugin + + true + + + + org.codehaus.plexus + plexus-container-default + provided + + + classworlds + classworlds + provided + + + + about.html + + + artifact-reference-checker-maven-plugin-generated-parent com.exasol - 0.4.2 + 0.4.3 pk_generated_parent.pom diff --git a/release_config.yml b/release_config.yml deleted file mode 100644 index 44dac34..0000000 --- a/release_config.yml +++ /dev/null @@ -1,3 +0,0 @@ -release-platforms: - - GitHub - - Maven