From d6d2c26337e5d3f5d0b591833826679f2eea5175 Mon Sep 17 00:00:00 2001 From: Christoph Kuhnke Date: Tue, 9 Apr 2024 14:58:57 +0200 Subject: [PATCH] Updated dependencies (#47) * Updated dependencies * Downgraded to Exasol docker DB 8.24.0 - 8.25 brings a breaking change regarding access with TSAJ * Moved maven-compiler-plugin to front of plugins --------- Co-authored-by: Christoph Pirkl <4711730+kaklakariada@users.noreply.github.com> --- .gitattributes | 25 +- .github/workflows/broken_links_checker.yml | 3 + .github/workflows/ci-build-next-java.yml | 6 + .github/workflows/ci-build.yml | 155 ++++++++++--- .github/workflows/dependencies_check.yml | 78 +++++-- .github/workflows/dependencies_update.yml | 180 ++++++++++++++ .github/workflows/release.yml | 219 ++++++++++++++++++ ...elease_droid_prepare_original_checksum.yml | 39 ---- .../release_droid_print_quick_checksum.yml | 26 --- ...ase_droid_upload_github_release_assets.yml | 47 ---- .project-keeper.yml | 5 +- dependencies.md | 2 +- doc/changes/changelog.md | 1 + doc/changes/changes_3.0.1.md | 40 ++++ doc/user_guide/oracle_user_guide.md | 2 +- pk_generated_parent.pom | 34 ++- pom.xml | 41 ++-- release_config.yml | 3 - .../oracle/IntegrationTestConstants.java | 2 +- 19 files changed, 688 insertions(+), 220 deletions(-) create mode 100644 .github/workflows/dependencies_update.yml create mode 100644 .github/workflows/release.yml delete mode 100644 .github/workflows/release_droid_prepare_original_checksum.yml delete mode 100644 .github/workflows/release_droid_print_quick_checksum.yml delete mode 100644 .github/workflows/release_droid_upload_github_release_assets.yml create mode 100644 doc/changes/changes_3.0.1.md delete mode 100644 release_config.yml diff --git a/.gitattributes b/.gitattributes index 4a31adb..d55fa75 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,13 +1,12 @@ -pk_generated_parent.pom linguist-generated=true -dependencies.md linguist-generated=true -doc/changes/changelog.md linguist-generated=true -.github/workflows/broken_links_checker.yml linguist-generated=true -.github/workflows/ci-build.yml linguist-generated=true -.github/workflows/ci-build-next-java.yml linguist-generated=true -.github/workflows/dependencies_check.yml linguist-generated=true -.github/workflows/release_droid_print_quick_checksum.yml linguist-generated=true -.github/workflows/release_droid_upload_github_release_assets.yml linguist-generated=true -.github/workflows/release_droid_prepare_original_checksum.yml linguist-generated=true -.settings/org.eclipse.jdt.core.prefs linguist-generated=true -.settings/org.eclipse.jdt.ui.prefs linguist-generated=true -extension/package-lock.json linguist-generated=true +.github/workflows/broken_links_checker.yml linguist-generated=true +.github/workflows/ci-build-next-java.yml linguist-generated=true +.github/workflows/ci-build.yml linguist-generated=true +.github/workflows/dependencies_check.yml linguist-generated=true +.github/workflows/dependencies_update.yml linguist-generated=true +.github/workflows/release.yml linguist-generated=true +.settings/org.eclipse.jdt.core.prefs linguist-generated=true +.settings/org.eclipse.jdt.ui.prefs linguist-generated=true +dependencies.md linguist-generated=true +doc/changes/changelog.md linguist-generated=true +extension/package-lock.json linguist-generated=true +pk_generated_parent.pom linguist-generated=true diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index 0fbcad5..d7a38b4 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -13,6 +13,9 @@ on: jobs: linkChecker: runs-on: ubuntu-latest + defaults: + run: + shell: "bash" concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml index e3acdb7..8886e10 100644 --- a/.github/workflows/ci-build-next-java.yml +++ b/.github/workflows/ci-build-next-java.yml @@ -10,6 +10,12 @@ on: jobs: java-17-compatibility: runs-on: ubuntu-latest + defaults: + run: + shell: "bash" + permissions: + contents: read + checks: write # Allow scacap/action-surefire-report concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 4317696..d86ddd0 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -1,78 +1,165 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/ci-build-db-version-matrix.yml +# This file was generated by Project Keeper. name: CI Build on: push: - branches: - - main - pull_request: - + branches: [ + main + ] + + pull_request: null jobs: matrix-build: runs-on: ubuntu-20.04 - concurrency: - group: ${{ github.workflow }}-${{ github.ref }}-${{ matrix.exasol_db_version }} + defaults: + run: { + shell: bash + } + permissions: { + contents: read, + checks: write + } + concurrency: { + group: '${{ github.workflow }}-${{ github.ref }}-${{ matrix.exasol_db_version }}', cancel-in-progress: true + } strategy: fail-fast: false matrix: - exasol_db_version: ["7.1.25", "8.24.0"] - env: - DEFAULT_EXASOL_DB_VERSION: "7.1.25" + exasol_db_version: [ + 8.24.0, + 7.1.26 + ] + + env: { + DEFAULT_EXASOL_DB_VERSION: 8.24.0 + } steps: - name: Free Disk Space + id: free-disk-space if: ${{ true }} run: | sudo rm -rf /usr/local/lib/android sudo rm -rf /usr/share/dotnet - name: Checkout the repository + id: checkout uses: actions/checkout@v4 - with: + with: { fetch-depth: 0 + } - name: Set up JDKs + id: setup-java uses: actions/setup-java@v4 with: - distribution: "temurin" + distribution: temurin java-version: | 11 17 - cache: "maven" + cache: maven - name: Cache SonarCloud packages - uses: actions/cache@v3 - with: - path: ~/.sonar/cache - key: ${{ runner.os }}-sonar - restore-keys: ${{ runner.os }}-sonar - - name: Enable testcontainer reuse + id: cache-sonar + uses: actions/cache@v4 + with: { + path: ~/.sonar/cache, + key: '${{ runner.os }}-sonar', + restore-keys: '${{ runner.os }}-sonar' + } + - { + name: Enable testcontainer reuse, + id: enable-testcontainer-reuse, run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" + } - name: Run tests and build with Maven + id: build-pk-verify run: | mvn --batch-mode clean verify \ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ -DtrimStackTrace=false \ -Dcom.exasol.dockerdb.image=${{ matrix.exasol_db_version }} - env: - # Set additional environment variable as in scala projects the scalatest plugin does not forward - # the system property -Dcom.exasol.dockerdb.image to the test's implementation. - EXASOL_DB_VERSION: ${{ matrix.exasol_db_version }} - - name: Publish Test Report for Exasol ${{ matrix.exasol_db_version }} - uses: scacap/action-surefire-report@v1 - if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} - with: - github_token: ${{ secrets.GITHUB_TOKEN }} + env: { + EXASOL_DB_VERSION: '${{ matrix.exasol_db_version }}' + } - name: Sonar analysis + id: sonar-analysis if: ${{ env.SONAR_TOKEN != null && matrix.exasol_db_version == env.DEFAULT_EXASOL_DB_VERSION }} run: | mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \ -DtrimStackTrace=false \ -Dsonar.token=$SONAR_TOKEN - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - + env: { + GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}', + SONAR_TOKEN: '${{ secrets.SONAR_TOKEN }}' + } + - name: Verify Release Artifacts + id: verify-release-artifacts + run: "print_message() {\n local -r message=$1\n echo \"$message\"\n echo \"$message\" >> \"$GITHUB_STEP_SUMMARY\"\n}\n\nprint_message \"### Release Artifacts\"\n\nIFS=$'\\n' artifacts_array=($ARTIFACTS)\nmissing_files=()\nfor file in \"${artifacts_array[@]}\";\ndo \n echo \"Checking if file $file exists...\"\n if ! [[ -f \"$file\" ]]; then\n print_message \"* ⚠️ \\`$file\\` does not exist ⚠️\"\n echo \"Content of directory $(dirname \"$file\"):\"\n ls \"$(dirname \"$file\")\"\n missing_files+=(\"$file\")\n else\n print_message \"* \\`$file\\` ✅\" \n fi\ndone\nprint_message \"\"\nnumber_of_missing_files=${#missing_files[@]}\nif [[ $number_of_missing_files -gt 0 ]]; then\n print_message \"⚠️ $number_of_missing_files release artifact(s) missing ⚠️\"\n exit 1\nfi\n" + env: { + ARTIFACTS: '${{ steps.build-pk-verify.outputs.release-artifacts }}' + } + - name: Upload artifacts + id: upload-artifacts + uses: actions/upload-artifact@v4 + with: { + name: 'artifacts-exasol-${{ matrix.exasol_db_version }}', + path: '${{ steps.build-pk-verify.outputs.release-artifacts }}', + retention-days: 5 + } build: needs: matrix-build runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + permissions: { + contents: read, + issues: read + } + outputs: { + release-required: '${{ steps.check-release.outputs.release-required }}' + } steps: - - run: echo "Build successful" + - name: Checkout the repository + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up JDKs + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: | + 11 + 17 + cache: maven + - name: Check if release is needed + id: check-release + run: | + if mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects .; then + echo "### ✅ Release preconditions met, start release" >> "$GITHUB_STEP_SUMMARY" + echo "release-required=true" >> "$GITHUB_OUTPUT" + else + echo "### 🛑 Not all release preconditions met, skipping release" >> "$GITHUB_STEP_SUMMARY" + echo "See log output for details." >> "$GITHUB_STEP_SUMMARY" + echo "release-required=false" >> "$GITHUB_OUTPUT" + fi + env: { + GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + } + start_release: + needs: build + if: ${{ github.ref == 'refs/heads/main' && needs.build.outputs.release-required == 'true' }} + concurrency: { + cancel-in-progress: false, + group: release + } + secrets: inherit + permissions: { + contents: write, + actions: read, + issues: read + } + uses: ./.github/workflows/release.yml + with: { + started-from-ci: true + } diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 87b64ba..9c2365c 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -1,38 +1,80 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_check.yml -name: Report Security Issues for Repository +# This file was generated by Project Keeper. +name: Report Security Issues on: - workflow_dispatch: + workflow_dispatch: null schedule: - - cron: "0 2 * * *" - + - { + cron: 0 2 * * * + } jobs: report_security_issues: runs-on: ubuntu-latest - permissions: + defaults: + run: { + shell: bash + } + permissions: { + contents: read, issues: write - + } + outputs: { + created-issues: '${{ steps.security-issues.outputs.created-issues }}' + } + concurrency: { + group: '${{ github.workflow }}-report_security_issues', + cancel-in-progress: true + } steps: - - uses: actions/checkout@v4 + - { + name: Checkout, + id: checkout, + uses: actions/checkout@v4 + } - name: Set up JDKs + id: setup-jdks uses: actions/setup-java@v4 with: - distribution: "temurin" + distribution: temurin java-version: | 11 17 - cache: "maven" - + cache: maven - name: Generate ossindex report + id: ossindex-report run: | - mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \ + mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \ org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \ -Dossindex.reportFile=$(pwd)/ossindex-report.json \ -Dossindex.fail=false - - name: Report Security Issues + id: security-issues uses: exasol/python-toolbox/.github/actions/security-issues@main - with: - format: "maven" - command: "cat ossindex-report.json" - github-token: ${{ secrets.GITHUB_TOKEN }} + with: { + format: maven, + command: cat ossindex-report.json, + github-token: '${{ secrets.GITHUB_TOKEN }}' + } + - name: Output security issues (Debugging) + id: debug-print-security-issues + run: | + echo "$CREATED_ISSUES" > test.jsonl + cat test.jsonl + env: { + CREATED_ISSUES: '${{ steps.security-issues.outputs.created-issues }}' + } + start_dependency_udpate: + needs: report_security_issues + if: ${{ needs.report_security_issues.outputs.created-issues }} + concurrency: { + group: '${{ github.workflow }}-start_dependency_update', + cancel-in-progress: false + } + secrets: inherit + permissions: { + contents: write, + pull-requests: write + } + uses: ./.github/workflows/dependencies_update.yml + with: { + vulnerability_issues: '${{ needs.report_security_issues.outputs.created-issues }}' + } diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml new file mode 100644 index 0000000..9f536ee --- /dev/null +++ b/.github/workflows/dependencies_update.yml @@ -0,0 +1,180 @@ +# This file was generated by Project Keeper. +name: Update dependencies +on: + workflow_call: + inputs: + vulnerability_issues: { + description: GitHub issues for vulnerable dependencies as JSONL, + required: true, + type: string + } + workflow_dispatch: null +jobs: + update_dependencies: + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + permissions: { + contents: write, + pull-requests: write + } + concurrency: { + group: '${{ github.workflow }}', + cancel-in-progress: false + } + steps: + - uses: actions/checkout@v4 + id: checkout + with: { + fetch-depth: 0 + } + - name: Set up JDKs + id: setup-jdks + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: | + 11 + 17 + cache: maven + - name: Print issues + id: debug-print-issues + run: | + echo "Issues from Action input: $ISSUES" + env: { + ISSUES: '${{ inputs.vulnerability_issues }}' + } + - name: Fail if not running on a branch + id: check-branch + if: ${{ !startsWith(github.ref, 'refs/heads/') }} + uses: actions/github-script@v7 + with: + script: | + core.setFailed('Not running on a branch, github.ref is ${{ github.ref }}. Please start this workflow only on main or a branch') + - name: Update dependencies + id: update-dependencies + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:update-dependencies --projects . \ + -Dproject-keeper:vulnerabilities="$CREATED_ISSUES" + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } + - name: Project Keeper Fix + id: project-keeper-fix + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . + - name: Project Keeper Fix for updated Project Keeper version + id: project-keeper-fix-2 + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . + - name: Generate Pull Request comment + id: pr-comment + run: | + echo 'comment<> "$GITHUB_OUTPUT" + echo 'This Pull Request was created by [`dependencies_update.yml`](https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/dependencies_update.yml) workflow.' >> "$GITHUB_OUTPUT" + if [ -n "$CREATED_ISSUES" ]; then + echo 'It updates dependencies to fix the following vulnerabilities:' >> "$GITHUB_OUTPUT" + echo $CREATED_ISSUES | jq --raw-output '. | "* Closes " + .issue_url + " (" + .cve + ")"' >> "$GITHUB_OUTPUT" + else + echo 'It updates dependencies.' >> "$GITHUB_OUTPUT" + fi + echo >> "$GITHUB_OUTPUT" + echo '# ⚠️ This PR does not trigger CI workflows by default ⚠️' >> "$GITHUB_OUTPUT" + echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT" + echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT" + echo 'EOF' >> "$GITHUB_OUTPUT" + + cat "$GITHUB_OUTPUT" + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } + - name: Generate Pull Request Title + id: pr-title + run: | + if [ -n "$CREATED_ISSUES" ]; then + echo "Security issues are available" + echo "title=🔐 Update dependencies to fix vulnerabilities" >> "$GITHUB_OUTPUT" + else + echo "Security issues are not available" + echo "title=Update dependencies" >> "$GITHUB_OUTPUT" + fi + + cat "$GITHUB_OUTPUT" + env: { + CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' + } + - name: Configure git + id: configure-git + run: | + git config --global user.email "opensource@exasol.com" + git config --global user.name "Automatic Dependency Updater" + - name: Create branch + id: create-branch + if: ${{ github.ref == 'refs/heads/main' }} + run: | + branch_name="dependency-update/$(date "+%Y%m%d%H%M%S")" + echo "Creating branch $branch_name" + git checkout -b "$branch_name" + - name: Commit changes & push + id: publish-branch + if: ${{ startsWith(github.ref, 'refs/heads/' ) }} + run: | + branch_name=$(git rev-parse --abbrev-ref HEAD) + echo "Current branch: $branch_name" + echo "git diff --stat" + git diff --stat + echo "git diff --numstat" + git diff --numstat + echo "git diff --name-status" + git diff --name-status + echo "Adding untracked files:" + git add . --verbose --all + echo "Committing changes..." + git commit --message "$TITLE" + echo "Pushing branch $branch_name..." + git push --set-upstream origin "$branch_name" + echo "Done." + env: { + TITLE: '${{ steps.pr-title.outputs.title }}' + } + - name: Create pull request + id: create-pr + if: ${{ github.ref == 'refs/heads/main' }} + run: | + pr_url=$(gh pr create --base main --title "$TITLE" --body "$COMMENT") + echo "Created Pull Request: $pr_url" + echo "pr_url=$pr_url" >> "$GITHUB_OUTPUT" + env: { + COMMENT: '${{ steps.pr-comment.outputs.comment }}', + TITLE: '${{ steps.pr-title.outputs.title }}', + GH_TOKEN: '${{ github.token }}' + } + - name: Report failure Status to Slack channel + id: report-failure-slack + if: ${{ always() }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ secrets.GITHUB_TOKEN }}', + notification_title: 'Dependency check in {repo} has {status_message}', + message_format: '{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>', + notify_when: 'failure,cancelled,warnings' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } + - name: Report new Pull Request to Slack channel + id: report-pr-slack + if: ${{ steps.create-pr.outputs.pr_url }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ secrets.GITHUB_TOKEN }}', + notification_title: 'Dependency update for {repo} created a Pull Request', + message_format: '{workflow} created Pull Request ${{ steps.create-pr.outputs.pr_url }}' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..2a8bbf7 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,219 @@ +# This file was generated by Project Keeper. +name: Release +on: + workflow_call: + inputs: + started-from-ci: { + description: 'Marks this release as started from CI, skipping precondition check', + type: boolean, + required: true, + default: false + } + workflow_dispatch: + inputs: + skip-maven-central: { + description: Skip deployment to Maven Central, + required: true, + type: boolean, + default: false + } + skip-github-release: { + description: Skip creating the GitHub release, + required: true, + type: boolean, + default: false + } +jobs: + release: + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + concurrency: { + group: '${{ github.workflow }}', + cancel-in-progress: false + } + permissions: { + contents: write, + actions: read, + issues: read + } + steps: + - name: Checkout the repository + id: checkout + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up Maven Central Repository + id: configure-maven-central-credentials + if: ${{ false }} + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: | + 11 + 17 + cache: maven + server-id: ossrh + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }} + gpg-passphrase: MAVEN_GPG_PASSPHRASE + - name: Set up JDKs + id: setup-jdks + if: ${{ ! false }} + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: | + 11 + 17 + cache: maven + - name: Fail if not running on main branch + id: check-main-branch + if: ${{ github.ref != 'refs/heads/main' }} + uses: actions/github-script@v7 + with: + script: | + core.setFailed('Not running on main branch, github.ref is ${{ github.ref }}. Please start this workflow only on main') + - name: Check CI build of this commit succeeded + id: check-ci-build-status + if: ${{ ! inputs.started-from-ci }} + run: | + echo "Commit SHA: $COMMIT_SHA" + gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA + ci_build_status=$(gh run list --workflow ci-build.yml --branch main --event push --commit $COMMIT_SHA --json conclusion --template '{{range .}}{{.conclusion}}{{"\n"}}{{end}}') + echo "CI build status at commit $COMMIT_SHA was '$ci_build_status'" + if [[ "$ci_build_status" != "success" ]]; then + gh run list --workflow ci-build.yml --commit $COMMIT_SHA >> $GITHUB_STEP_SUMMARY + echo "Status of CI build for commit $COMMIT_SHA was '$ci_build_status', expected 'success'" >> $GITHUB_STEP_SUMMARY + cat $GITHUB_STEP_SUMMARY + exit 1 + fi + env: { + COMMIT_SHA: '${{ github.sha }}', + GH_TOKEN: '${{ github.token }}' + } + - name: Verify release preconditions + id: verify-release + run: | + mvn --batch-mode com.exasol:project-keeper-maven-plugin:verify-release --projects . + echo "$GITHUB_OUTPUT" + env: { + GITHUB_TOKEN: '${{ github.token }}' + } + - { + name: Build project, + id: build, + run: mvn --batch-mode -DskipTests clean verify + } + - { + name: List secret GPG keys, + id: list-secret-gpg-keys, + if: '${{ false && (! inputs.skip-maven-central) }}', + run: gpg --list-secret-keys + } + - name: Publish to Central Repository + id: deploy-maven-central + if: ${{ false && (! inputs.skip-maven-central) }} + run: | + echo "#### Maven Central Release" >> "$GITHUB_STEP_SUMMARY" + mvn --batch-mode -Dgpg.skip=false -DskipTests deploy + echo "Published to Maven Central ✅" >> "$GITHUB_STEP_SUMMARY" + env: { + MAVEN_USERNAME: '${{ secrets.OSSRH_USERNAME }}', + MAVEN_PASSWORD: '${{ secrets.OSSRH_PASSWORD }}', + MAVEN_GPG_PASSPHRASE: '${{ secrets.OSSRH_GPG_SECRET_KEY_PASSWORD }}' + } + - name: Calculate Artifact Checksums + id: artifact-checksum + if: ${{ ! inputs.skip-github-release }} + run: | + echo "Calculating sha256 checksum for artifact files" + echo "artifacts<> "$GITHUB_OUTPUT" + IFS=$'\n' artifacts_array=($ARTIFACTS) + for file in "${artifacts_array[@]}"; + do + full_path=$(realpath "$file") + echo "Calculate sha256sum for file '$full_path'" + file_dir="$(dirname "$full_path")" + file_name=$(basename "$full_path") + pushd "$file_dir" + checksum_file_name="${file_name}.sha256" + sha256sum "$file_name" > "$checksum_file_name" + echo "$full_path" >> "$GITHUB_OUTPUT" + echo "${file_dir}/$checksum_file_name" >> "$GITHUB_OUTPUT" + popd + done + echo "EOF" >> "$GITHUB_OUTPUT" + echo "Full artifact file list" + cat "$GITHUB_OUTPUT" + env: { + ARTIFACTS: '${{ steps.verify-release.outputs.release-artifacts }}' + } + - name: Create GitHub Release + id: create-github-release + if: ${{ ! inputs.skip-github-release }} + run: | + echo "### GitHub Release" >> "$GITHUB_STEP_SUMMARY" + IFS=$'\n' artifacts_array=($ARTIFACTS) + echo "#### Attaching Release Artifacts" >> "$GITHUB_STEP_SUMMARY" + for file in "${artifacts_array[@]}"; + do + echo "Attaching artifact '$file'" + echo "* \`$file\`" >> "$GITHUB_STEP_SUMMARY" + done + echo "" >> "$GITHUB_STEP_SUMMARY" + release_url=$(gh release create --latest --title "$TITLE" --notes "$NOTES" --target main $TAG "${artifacts_array[@]}") + echo "Created release $TAG with title '$TITLE' at $release_url ✅" >> "$GITHUB_STEP_SUMMARY" + echo "release-url=$release_url" >> "$GITHUB_OUTPUT" + + # [impl->dsn~release-workflow.create-golang-tags~1] + echo "#### Creating Additional Tags" >> "$GITHUB_STEP_SUMMARY" + IFS=$'\n' tags_array=($ADDITIONAL_TAGS) + for tag in "${tags_array[@]}"; + do + echo "Creating tag '$tag'" + git tag "$tag" + git push origin "$tag" + echo "* \`$tag\`" >> "$GITHUB_STEP_SUMMARY" + done + + git fetch --tags origin + env: { + GH_TOKEN: '${{ github.token }}', + TAG: '${{ steps.verify-release.outputs.release-tag }}', + ADDITIONAL_TAGS: '${{ steps.verify-release.outputs.additional-release-tags }}', + NOTES: '${{ steps.verify-release.outputs.release-notes }}', + TITLE: '${{ steps.verify-release.outputs.release-title }}', + ARTIFACTS: '${{ steps.artifact-checksum.outputs.artifacts }}' + } + - name: Report failure Status to Slack channel + id: report-failure-status-slack + if: ${{ always() }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ github.token }}', + notification_title: 'Release build in {repo} has {status_message}', + message_format: '{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>', + notify_when: 'failure,cancelled,warnings,skipped' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } + - name: Report new release to Slack channel + id: report-new-release-slack + if: ${{ steps.create-github-release.outputs.release-url }} + uses: ravsamhq/notify-slack-action@v2 + with: { + status: '${{ job.status }}', + token: '${{ github.token }}', + notification_title: 'Release build for {repo} created a new release', + message_format: '{workflow} created release ${{ steps.create-github-release.outputs.release-url }}' + } + env: { + SLACK_WEBHOOK_URL: '${{ secrets.INTEGRATION_TEAM_SLACK_NOTIFICATION_WEBHOOK }}' + } diff --git a/.github/workflows/release_droid_prepare_original_checksum.yml b/.github/workflows/release_droid_prepare_original_checksum.yml deleted file mode 100644 index 1a3db47..0000000 --- a/.github/workflows/release_droid_prepare_original_checksum.yml +++ /dev/null @@ -1,39 +0,0 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_prepare_original_checksum.yml -name: Release Droid - Prepare Original Checksum -on: - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-20.04 - steps: - - name: Free Disk Space - if: ${{ true }} - run: | - sudo rm -rf /usr/local/lib/android - sudo rm -rf /usr/share/dotnet - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDKs - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - - name: Enable testcontainer reuse - run: echo 'testcontainers.reuse.enable=true' > "$HOME/.testcontainers.properties" - - name: Run tests and build with Maven - run: mvn --batch-mode clean verify --file pom.xml - - name: Prepare checksum - run: find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum - - name: Upload checksum to the artifactory - uses: actions/upload-artifact@v3 - with: - name: original_checksum - retention-days: 5 - path: original_checksum diff --git a/.github/workflows/release_droid_print_quick_checksum.yml b/.github/workflows/release_droid_print_quick_checksum.yml deleted file mode 100644 index 86979cd..0000000 --- a/.github/workflows/release_droid_print_quick_checksum.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_print_quick_checksum.yml -name: Release Droid - Print Quick Checksum -on: - workflow_dispatch: - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDKs - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - - name: Build with Maven skipping tests - run: mvn --batch-mode clean verify -DskipTests - - name: Print checksum - run: echo 'checksum_start==';find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + | xargs;echo '==checksum_end' diff --git a/.github/workflows/release_droid_upload_github_release_assets.yml b/.github/workflows/release_droid_upload_github_release_assets.yml deleted file mode 100644 index b19f7cf..0000000 --- a/.github/workflows/release_droid_upload_github_release_assets.yml +++ /dev/null @@ -1,47 +0,0 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/release_droid_upload_github_release_assets.yml -name: Release Droid - Upload GitHub Release Assets -on: - workflow_dispatch: - inputs: - upload_url: - description: "Assets upload URL" - required: true - -jobs: - build: - runs-on: ubuntu-latest - steps: - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDKs - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: | - 11 - 17 - cache: "maven" - - name: Build with Maven skipping tests - run: mvn --batch-mode clean verify -DskipTests - - name: Generate sha256sum files - run: | - cd target - find . -maxdepth 1 -name \*.jar -exec bash -c 'sha256sum {} > {}.sha256' \; - - name: Upload assets to the GitHub release draft - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/*.jar - - name: Upload sha256sum files - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/*.sha256 - - name: Upload error-code-report - uses: shogo82148/actions-upload-release-asset@v1 - with: - upload_url: ${{ github.event.inputs.upload_url }} - asset_path: target/error_code_report.json diff --git a/.project-keeper.yml b/.project-keeper.yml index 5d177d6..5b08bf2 100644 --- a/.project-keeper.yml +++ b/.project-keeper.yml @@ -13,6 +13,7 @@ build: runnerOs: ubuntu-20.04 freeDiskSpace: true exasolDbVersions: - - "7.1.25" - "8.24.0" - + - "7.1.26" +excludes: + - "E-PK-CORE-17: Missing required file: 'release_config.yml'" diff --git a/dependencies.md b/dependencies.md index 2b06f63..62f40b9 100644 --- a/dependencies.md +++ b/dependencies.md @@ -58,7 +58,7 @@ | [Artifact reference checker and unifier][55] | [MIT License][56] | | [Apache Maven Dependency Plugin][57] | [Apache-2.0][15] | | [Maven Failsafe Plugin][58] | [Apache-2.0][15] | -| [JaCoCo :: Maven Plugin][59] | [Eclipse Public License 2.0][35] | +| [JaCoCo :: Maven Plugin][59] | [EPL-2.0][35] | | [error-code-crawler-maven-plugin][60] | [MIT License][61] | | [Reproducible Build Maven Plugin][62] | [Apache 2.0][46] | | [Apache Maven Clean Plugin][63] | [Apache-2.0][15] | diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index 61b4891..f078bc9 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [3.0.1](changes_3.0.1.md) * [3.0.0](changes_3.0.0.md) * [2.4.3](changes_2.4.3.md) * [2.4.2](changes_2.4.2.md) diff --git a/doc/changes/changes_3.0.1.md b/doc/changes/changes_3.0.1.md new file mode 100644 index 0000000..a806f90 --- /dev/null +++ b/doc/changes/changes_3.0.1.md @@ -0,0 +1,40 @@ +# Oracle Virtual Schema 3.0.1, released 2024-04-09 + +Code name: Fix vulnerability CVE-2024-29025 + +## Summary + +This release fixes vulnerabilities by updating dependencies. + +## Security + +* #46: Fixed vulnerability CVE-2024-29025 in test dependency `io.netty:netty-codec-http:jar:4.1.100.Final` + +## Dependency Updates + +### Virtual Schema for Oracle + +#### Test Dependency Updates + +* Updated `com.exasol:extension-manager-integration-test-java:0.5.7` to `0.5.9` +* Updated `com.exasol:hamcrest-resultset-matcher:1.6.4` to `1.6.5` +* Updated `com.exasol:test-db-builder-java:3.5.3` to `3.5.4` +* Updated `com.exasol:udf-debugging-java:0.6.11` to `0.6.13` +* Updated `nl.jqno.equalsverifier:equalsverifier:3.15.6` to `3.16.1` +* Updated `org.junit.jupiter:junit-jupiter:5.10.1` to `5.10.2` +* Updated `org.mockito:mockito-junit-jupiter:5.10.0` to `5.11.0` +* Updated `org.slf4j:slf4j-jdk14:2.0.11` to `2.0.12` +* Updated `org.testcontainers:junit-jupiter:1.19.3` to `1.19.7` +* Updated `org.testcontainers:oracle-xe:1.19.3` to `1.19.7` + +#### Plugin Dependency Updates + +* Updated `com.exasol:error-code-crawler-maven-plugin:1.3.1` to `2.0.2` +* Updated `com.exasol:project-keeper-maven-plugin:3.0.1` to `4.3.0` +* Updated `org.apache.maven.plugins:maven-assembly-plugin:3.6.0` to `3.7.1` +* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.11.0` to `3.13.0` +* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.2.3` to `3.2.5` +* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.3` to `3.2.5` +* Updated `org.codehaus.mojo:flatten-maven-plugin:1.5.0` to `1.6.0` +* Updated `org.jacoco:jacoco-maven-plugin:0.8.11` to `0.8.12` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.10.0.2594` to `3.11.0.3922` diff --git a/doc/user_guide/oracle_user_guide.md b/doc/user_guide/oracle_user_guide.md index 3a4b802..0cef541 100644 --- a/doc/user_guide/oracle_user_guide.md +++ b/doc/user_guide/oracle_user_guide.md @@ -48,7 +48,7 @@ The SQL statement below creates the adapter script, defines the Java class that ```sql CREATE JAVA ADAPTER SCRIPT ADAPTER.JDBC_ADAPTER AS %scriptclass com.exasol.adapter.RequestDispatcher; - %jar /buckets///virtual-schema-dist-12.0.0-oracle-3.0.0.jar; + %jar /buckets///virtual-schema-dist-12.0.0-oracle-3.0.1.jar; %jar /buckets///ojdbc.jar; / ; diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index ea47dd7..4b88095 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol oracle-virtual-schema-generated-parent - 3.0.0 + 3.0.1 pom UTF-8 @@ -47,7 +47,7 @@ org.sonarsource.scanner.maven sonar-maven-plugin - 3.10.0.2594 + 3.11.0.3922 org.apache.maven.plugins @@ -71,15 +71,14 @@ org.apache.maven.plugins maven-compiler-plugin - 3.11.0 + 3.13.0 ${java.version} ${java.version} true - - -Xlint:all,-processing - + -Xlint:all + -Werror @@ -109,7 +108,7 @@ org.codehaus.mojo flatten-maven-plugin - 1.5.0 + 1.6.0 true oss @@ -148,7 +147,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.2.3 + 3.2.5 @@ -172,6 +171,17 @@ file:///${project.basedir}/versionsMavenPluginRules.xml + false + true + true + true + false + true + true + true + false + true + true @@ -202,7 +212,7 @@ org.apache.maven.plugins maven-assembly-plugin - 3.6.0 + 3.7.1 src/assembly/all-dependencies.xml @@ -272,7 +282,7 @@ org.apache.maven.plugins maven-failsafe-plugin - 3.2.3 + 3.2.5 -Djava.util.logging.config.file=src/test/resources/logging.properties ${argLine} @@ -294,7 +304,7 @@ org.jacoco jacoco-maven-plugin - 0.8.11 + 0.8.12 prepare-agent @@ -341,7 +351,7 @@ com.exasol error-code-crawler-maven-plugin - 1.3.1 + 2.0.2 verify diff --git a/pom.xml b/pom.xml index 2533f36..3835c95 100644 --- a/pom.xml +++ b/pom.xml @@ -3,13 +3,13 @@ 4.0.0 com.exasol oracle-virtual-schema - 3.0.0 + 3.0.1 Virtual Schema for Oracle Virtual Schema for Oracle https://github.com/exasol/oracle-virtual-schema/ 12.0.0 - 1.19.3 + 1.19.7 src/main/,extension/src/ extension/src/*.test.ts @@ -57,26 +57,26 @@ org.junit.jupiter junit-jupiter - 5.10.1 + 5.10.2 test org.mockito mockito-junit-jupiter - 5.10.0 + 5.11.0 test nl.jqno.equalsverifier equalsverifier - 3.15.6 + 3.16.1 test org.slf4j slf4j-jdk14 - 2.0.11 + 2.0.12 test @@ -107,19 +107,19 @@ com.exasol test-db-builder-java - 3.5.3 + 3.5.4 test com.exasol udf-debugging-java - 0.6.11 + 0.6.13 test com.exasol hamcrest-resultset-matcher - 1.6.4 + 1.6.5 test @@ -139,31 +139,26 @@ com.exasol extension-manager-integration-test-java - 0.5.7 + 0.5.9 test - org.sonatype.ossindex.maven - ossindex-maven-plugin + org.apache.maven.plugins + maven-compiler-plugin - - - CVE-2020-36641 - - CVE-2023-4586 - + + -Xlint:all,-path + -Werror + com.exasol project-keeper-maven-plugin - 3.0.1 + 4.3.0 @@ -309,7 +304,7 @@ oracle-virtual-schema-generated-parent com.exasol - 3.0.0 + 3.0.1 pk_generated_parent.pom diff --git a/release_config.yml b/release_config.yml deleted file mode 100644 index 45f75e8..0000000 --- a/release_config.yml +++ /dev/null @@ -1,3 +0,0 @@ -release-platforms: - - GitHub -language: Java diff --git a/src/test/java/com/exasol/adapter/dialects/oracle/IntegrationTestConstants.java b/src/test/java/com/exasol/adapter/dialects/oracle/IntegrationTestConstants.java index 8f3725f..1679639 100644 --- a/src/test/java/com/exasol/adapter/dialects/oracle/IntegrationTestConstants.java +++ b/src/test/java/com/exasol/adapter/dialects/oracle/IntegrationTestConstants.java @@ -3,7 +3,7 @@ import java.nio.file.Path; public final class IntegrationTestConstants { - public static final String VIRTUAL_SCHEMAS_JAR_NAME_AND_VERSION = "virtual-schema-dist-12.0.0-oracle-3.0.0.jar"; + public static final String VIRTUAL_SCHEMAS_JAR_NAME_AND_VERSION = "virtual-schema-dist-12.0.0-oracle-3.0.1.jar"; public static final String ORACLE_CONTAINER_NAME = "gvenzl/oracle-xe:21.3.0-slim-faststart"; public static final Path VIRTUAL_SCHEMA_JAR = Path.of("target", VIRTUAL_SCHEMAS_JAR_NAME_AND_VERSION); public static final String SCHEMA_EXASOL = "SCHEMA_EXASOL";