From f6b522b89f534bc71cd405b4cd8edba650e60c99 Mon Sep 17 00:00:00 2001 From: Sergio del Amo Date: Wed, 8 Jan 2025 13:33:26 +0100 Subject: [PATCH] Dependency updates and apply Sonatype Scan Gradle Plugin (#2264) * core 4.7.9 * aws sdk v2 2.29.39 * use jetty version defined in servlet jetty * logging 1.5.1 * protect against NPE in log statement * add sonatype scan gradle plugin * define version in libs.versions.toml * sonatype 2.8.3 * only for java 17 * add env variables --- .github/workflows/gradle.yml | 8 ++++++++ .../ServiceRegistrationStatusTask.java | 2 +- buildSrc/build.gradle | 3 ++- ...micronaut.build.internal.aws-module.gradle | 19 +++++++++++++++++++ function-aws-api-proxy-test/build.gradle.kts | 1 + gradle/libs.versions.toml | 10 ++++++---- 6 files changed, 37 insertions(+), 6 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 571e79a24a..a091b93377 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -30,6 +30,8 @@ jobs: PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}" SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }} + OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }} steps: # https://github.com/actions/virtual-environments/issues/709 - name: "🗑 Free disk space" @@ -58,6 +60,12 @@ jobs: run: | [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ] + - name: "🚔 Sonatype Scan" + id: sonatypescan + if: matrix.java == '17' + run: | + ./gradlew ossIndexAudit --no-parallel + - name: "🛠 Build with Gradle" id: gradle run: | diff --git a/aws-service-discovery/src/main/java/io/micronaut/discovery/aws/servicediscovery/registration/ServiceRegistrationStatusTask.java b/aws-service-discovery/src/main/java/io/micronaut/discovery/aws/servicediscovery/registration/ServiceRegistrationStatusTask.java index 43dbe78098..a72f5d9bfa 100644 --- a/aws-service-discovery/src/main/java/io/micronaut/discovery/aws/servicediscovery/registration/ServiceRegistrationStatusTask.java +++ b/aws-service-discovery/src/main/java/io/micronaut/discovery/aws/servicediscovery/registration/ServiceRegistrationStatusTask.java @@ -72,7 +72,7 @@ public void run() { GetOperationResponse result = serviceDiscoveryClient.getOperation( GetOperationRequest.builder().operationId(operationId).build() ); - LOG.info("Service registration for operation {} resulted in {}", operationId, result.operation().status()); + LOG.info("Service registration for operation {} resulted in {}", operationId, result == null || result.operation() == null ? null : result.operation().status()); if (result.operation().status() == OperationStatus.FAIL || result.operation().status() == OperationStatus.SUCCESS) { registered = true; // either way we are done if (result.operation().status() == OperationStatus.FAIL) { diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index f6b7dbb9b7..75e272b53a 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -11,4 +11,5 @@ dependencies { implementation libs.javapoet implementation libs.gradle.micronaut implementation libs.gradle.kotlin -} + implementation(libs.sonatype.scan) +} \ No newline at end of file diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.aws-module.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.aws-module.gradle index a33ceb36ed..b5ebea1172 100644 --- a/buildSrc/src/main/groovy/io.micronaut.build.internal.aws-module.gradle +++ b/buildSrc/src/main/groovy/io.micronaut.build.internal.aws-module.gradle @@ -1,4 +1,23 @@ plugins { id "io.micronaut.build.internal.aws-base" id "io.micronaut.build.internal.module" + id("org.sonatype.gradle.plugins.scan") } +String ossIndexUsername = System.getenv("OSS_INDEX_USERNAME") ?: project.properties["ossIndexUsername"] +String ossIndexPassword = System.getenv("OSS_INDEX_PASSWORD") ?: project.properties["ossIndexPassword"] +boolean sonatypePluginConfigured = ossIndexUsername != null && ossIndexPassword != null +if (sonatypePluginConfigured) { + ossIndexAudit { + username = ossIndexUsername + password = ossIndexPassword + excludeCompileOnly = true + excludeCoordinates = [ + "org.eclipse.jetty:jetty-http:11.0.24" // no version of Jetty 11 patched https://ossindex.sonatype.org/component/pkg:maven/org.eclipse.jetty/jetty-http + ] + } +} +configurations.all { + resolutionStrategy { + force("commons-io:commons-io:2.14.0") // first version patched https://ossindex.sonatype.org/component/pkg:maven/commons-io/commons-io + } +} \ No newline at end of file diff --git a/function-aws-api-proxy-test/build.gradle.kts b/function-aws-api-proxy-test/build.gradle.kts index 05ef65887a..1432c7bef7 100644 --- a/function-aws-api-proxy-test/build.gradle.kts +++ b/function-aws-api-proxy-test/build.gradle.kts @@ -5,6 +5,7 @@ plugins { dependencies { api(mn.micronaut.http.server) api(projects.micronautFunctionAwsApiProxy) + implementation(platform(mnServlet.boms.jetty)) implementation(libs.jetty.server) testImplementation(mn.micronaut.http.client) testImplementation(mn.micronaut.jackson.databind) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 2df377e0e4..77154d55ae 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,5 +1,5 @@ [versions] -micronaut = "4.7.2" +micronaut = "4.7.9" micronaut-docs = "2.0.0" micronaut-test = "4.5.0" groovy = "4.0.22" @@ -7,12 +7,11 @@ spock = "2.3-groovy-4.0" bouncycastle = '1.70' fileupload = '0.0.6' -jetty = '11.0.24' logback-json-classic = '0.1.5' micronaut-discovery = "4.5.0" micronaut-groovy = "4.5.0" -micronaut-logging = "1.4.0" +micronaut-logging = "1.5.1" micronaut-mongodb = "5.5.0" micronaut-reactor = "3.6.0" micronaut-security = "4.11.2" @@ -35,6 +34,7 @@ micronaut-starter = "3.9.2" slf4j = "2.0.16" servlet-api = "2.5" javapoet = "1.13.0" +sonatype-scan = "2.8.3" # The following version should probably # be defined in Micronaut Graal but it's not shipped with a BOM yet @@ -90,7 +90,7 @@ bouncycastle-provider = { module = 'org.bouncycastle:bcprov-jdk15on', version.re fileupload = { module = 'org.javadelight:delight-fileupload', version.ref = 'fileupload' } graal-sdk = { module = 'org.graalvm.sdk:graal-sdk', version.ref = 'graal' } jackson-afterburner = { module = 'com.fasterxml.jackson.module:jackson-module-afterburner' } -jetty-server = { module = 'org.eclipse.jetty:jetty-server', version.ref = 'jetty' } +jetty-server = { module = 'org.eclipse.jetty:jetty-server' } jcl-over-slf4j = { module = 'org.slf4j:jcl-over-slf4j', version.ref = 'slf4j' } junit-jupiter-engine = { module = 'org.junit.jupiter:junit-jupiter-engine' } junit-jupiter-api = { module = 'org.junit.jupiter:junit-jupiter-api' } @@ -115,6 +115,8 @@ managed-awssdk-secretsmanager = { module = 'software.amazon.awssdk:secretsmanage managed-jcl-over-slf4j = { module = 'org.slf4j:jcl-over-slf4j', version.ref = 'slf4j' } servlet-api = { module = 'javax.servlet:servlet-api', version.ref = 'servlet-api' } +sonatype-scan = { module = "org.sonatype.gradle.plugins:scan-gradle-plugin", version.ref = "sonatype-scan" } + # Gradle gradle-micronaut = { module = "io.micronaut.gradle:micronaut-gradle-plugin", version.ref = "micronaut-gradle-plugin" }