From ea4665d7afe48770db099859d9a80dc72e317bfd Mon Sep 17 00:00:00 2001 From: Marco Biscaro Date: Fri, 6 Dec 2024 14:57:50 -0300 Subject: [PATCH 1/6] Upgrade GitHub actions --- .github/workflows/clojure.yml | 41 +++++++++++++++-------------------- .github/workflows/release.yml | 9 ++++---- 2 files changed, 22 insertions(+), 28 deletions(-) diff --git a/.github/workflows/clojure.yml b/.github/workflows/clojure.yml index 4cd99cd..1dd2f15 100644 --- a/.github/workflows/clojure.yml +++ b/.github/workflows/clojure.yml @@ -7,35 +7,28 @@ on: branches: [ master ] jobs: - test-using-java-11: - name: 'Test using Java 11' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - uses: actions/setup-java@v1 - with: - java-version: 11 - - name: Print java version - run: java -version + test-clojure: - - name: Install dependencies - run: lein deps + strategy: + matrix: + java-version: [11, 17, 21] - - name: Run clj tests - run: lein test - - lint: - name: 'Lint' runs-on: ubuntu-latest + steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 + + - uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: ${{ matrix.java-version }} - - uses: actions/setup-java@v1 - with: - java-version: 11 + - name: Print java version + run: java -version - - name: Lint check - run: lein lint + - name: Install dependencies + run: lein deps + - name: Run clj tests + run: lein test diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 134b1f6..51dbb10 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,15 +9,16 @@ jobs: test-clojure: strategy: matrix: - java-version: [8, 11] + java-version: [11, 17, 21] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - - uses: actions/setup-java@v1 + - uses: actions/setup-java@v4 with: + distribution: temurin java-version: ${{ matrix.java-version }} - name: Print java version @@ -34,7 +35,7 @@ jobs: runs-on: ubuntu-latest needs: [test-clojure] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4.2.2 - name: Install dependencies run: lein deps From d5fe4e065432f07be1d73e9a88a0050a7c2fc1aa Mon Sep 17 00:00:00 2001 From: Marco Biscaro Date: Fri, 6 Dec 2024 15:16:10 -0300 Subject: [PATCH 2/6] Upgrade dependencies --- project.clj | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/project.clj b/project.clj index e197247..efdbc99 100644 --- a/project.clj +++ b/project.clj @@ -7,23 +7,23 @@ :username :env/clojars_username :password :env/clojars_passwd :sign-releases false}]] - :dependencies [[cheshire/cheshire "5.11.0"] - [clj-http/clj-http "3.12.3"] - [org.clojure/core.cache "1.0.225"] - [com.auth0/java-jwt "4.0.0"] - [org.bouncycastle/bcpkix-jdk18on "1.78.1"] - [org.bouncycastle/bcpg-jdk18on "1.78.1"] + :dependencies [[cheshire/cheshire "5.13.0"] + [clj-http/clj-http "3.13.0"] + [org.clojure/core.cache "1.1.234"] + [com.auth0/java-jwt "4.4.0"] + [org.bouncycastle/bcpkix-jdk18on "1.79"] + [org.bouncycastle/bcpg-jdk18on "1.79"] [pandect/pandect "1.0.2"] [ring/ring-codec "1.2.0"] [crypto-equality/crypto-equality "1.0.1"] [org.bovinegenius/exploding-fish "0.3.6"]] - :plugins [[lein-ancient "0.6.15"] + :plugins [[lein-ancient "0.7.0"] [lein-changelog "0.3.2"] - [lein-cljfmt "0.6.4" :exclusions [org.clojure/clojure]] - [lein-cloverage "1.0.13"] + [lein-cljfmt "0.9.2" :exclusions [org.clojure/clojure]] + [lein-cloverage "1.2.4"] [lein-nsorg "0.3.0" :exclusions [org.clojure/clojure]] [lein-shell "0.5.0"]] - :profiles {:dev {:dependencies [[org.clojure/clojure "1.10.3"]]}} + :profiles {:dev {:dependencies [[org.clojure/clojure "1.12.0"]]}} :deploy-repositories [["releases" :clojars]] :aliases {"update-readme-version" ["shell" "sed" "-i" "s|\\\\[nubank/clj-github-app \"[0-9.]*\"\\\\]|[nubank/clj-github-app \"${:version}\"]|" "README.md"] "lint" ["do" ["cljfmt" "check"] ["nsorg"]] From 169873d2ab53fcdb6a3c332c1db289432e347ce5 Mon Sep 17 00:00:00 2001 From: Marco Biscaro Date: Fri, 6 Dec 2024 15:16:49 -0300 Subject: [PATCH 3/6] Remove org.bovinegenius/exploding-fish dependency Use java.net.URI to resolve URIs instead. --- project.clj | 3 +-- src/clj_github_app/client.clj | 15 ++++++++------- src/clj_github_app/token_manager.clj | 11 +++++++++-- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/project.clj b/project.clj index efdbc99..39e94b9 100644 --- a/project.clj +++ b/project.clj @@ -15,8 +15,7 @@ [org.bouncycastle/bcpg-jdk18on "1.79"] [pandect/pandect "1.0.2"] [ring/ring-codec "1.2.0"] - [crypto-equality/crypto-equality "1.0.1"] - [org.bovinegenius/exploding-fish "0.3.6"]] + [crypto-equality/crypto-equality "1.0.1"]] :plugins [[lein-ancient "0.7.0"] [lein-changelog "0.3.2"] [lein-cljfmt "0.9.2" :exclusions [org.clojure/clojure]] diff --git a/src/clj_github_app/client.clj b/src/clj_github_app/client.clj index 4c30561..163312b 100644 --- a/src/clj_github_app/client.clj +++ b/src/clj_github_app/client.clj @@ -2,9 +2,9 @@ (:require [clj-github-app.token-manager :as token-manager] [clj-http.client :as http] [clj-http.conn-mgr :as conn-mgr] - [clojure.string :as str] - [org.bovinegenius.exploding-fish :as uri]) - (:import (java.lang AutoCloseable))) + [clojure.string :as str]) + (:import (java.lang AutoCloseable) + (java.net URI))) (defprotocol AppClient (app-request* [_ opts]) @@ -25,10 +25,11 @@ (subs trimmed-url-or-path 1) trimmed-url-or-path))) -(defn resolve-url [path-or-url github-api-url] - (->> path-or-url - remove-leading-slash - (uri/resolve-uri (str github-api-url "/")))) +(defn resolve-url [path-or-url ^String github-api-url] + (-> (URI/create (str github-api-url "/")) + (.resolve ^String (remove-leading-slash path-or-url)) + .normalize + .toString)) (defrecord AppClientImpl [github-api-url token-manager connection-pool] AppClient diff --git a/src/clj_github_app/token_manager.clj b/src/clj_github_app/token_manager.clj index 17ac7f2..e3a263d 100644 --- a/src/clj_github_app/token_manager.clj +++ b/src/clj_github_app/token_manager.clj @@ -1,12 +1,12 @@ (ns clj-github-app.token-manager (:require [clj-http.client :as http] [clojure.core.cache :as cache] - [org.bovinegenius.exploding-fish :as uri] [ring.util.codec :as codec]) (:import (clojure.core.cache CacheProtocol) (com.auth0.jwt JWT) (com.auth0.jwt.algorithms Algorithm) (java.io StringReader) + (java.net URI) (java.security KeyFactory) (java.security.spec PKCS8EncodedKeySpec) (java.text SimpleDateFormat) @@ -83,6 +83,13 @@ (:token (cache/lookup (swap! cache cache/through-cache installation-id get-installation-token-fn) installation-id)))) +(defn- installation-token-uri + [github-api-url installation-id] + (-> (URI/create (str github-api-url "/")) + (.resolve (str "app/installations/" (codec/url-encode (str installation-id)) "/access_tokens")) + .normalize + .toString)) + (defn make-token-manager [github-api-url github-app-id private-key-pem-str] (let [signing-algorithm (make-signing-algorithm private-key-pem-str) cache (atom (GithubAppTokenCache. {}))] @@ -91,7 +98,7 @@ (fn [] (make-app-token signing-algorithm github-app-id)) (fn [installation-id] - (let [url (uri/resolve-uri (str github-api-url "/") (str "app/installations/" (codec/url-encode (str installation-id)) "/access_tokens"))] + (let [url (installation-token-uri github-api-url installation-id)] (:body (http/post url {:oauth-token (make-app-token signing-algorithm github-app-id) :as :json From db9221fb732b7742accf4746611cb6bfbd081d32 Mon Sep 17 00:00:00 2001 From: Marco Biscaro Date: Fri, 6 Dec 2024 15:19:25 -0300 Subject: [PATCH 4/6] Remove ring/ring-codec dependency Use java.net.URLEncoder to encode URLs instead. --- project.clj | 1 - src/clj_github_app/token_manager.clj | 11 +++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/project.clj b/project.clj index 39e94b9..5aa021d 100644 --- a/project.clj +++ b/project.clj @@ -14,7 +14,6 @@ [org.bouncycastle/bcpkix-jdk18on "1.79"] [org.bouncycastle/bcpg-jdk18on "1.79"] [pandect/pandect "1.0.2"] - [ring/ring-codec "1.2.0"] [crypto-equality/crypto-equality "1.0.1"]] :plugins [[lein-ancient "0.7.0"] [lein-changelog "0.3.2"] diff --git a/src/clj_github_app/token_manager.clj b/src/clj_github_app/token_manager.clj index e3a263d..7c5c4be 100644 --- a/src/clj_github_app/token_manager.clj +++ b/src/clj_github_app/token_manager.clj @@ -1,12 +1,12 @@ (ns clj-github-app.token-manager (:require [clj-http.client :as http] - [clojure.core.cache :as cache] - [ring.util.codec :as codec]) + [clojure.core.cache :as cache]) (:import (clojure.core.cache CacheProtocol) (com.auth0.jwt JWT) (com.auth0.jwt.algorithms Algorithm) (java.io StringReader) - (java.net URI) + (java.net URI URLEncoder) + (java.nio.charset StandardCharsets) (java.security KeyFactory) (java.security.spec PKCS8EncodedKeySpec) (java.text SimpleDateFormat) @@ -83,10 +83,13 @@ (:token (cache/lookup (swap! cache cache/through-cache installation-id get-installation-token-fn) installation-id)))) +(defn- url-encode [^String s] + (URLEncoder/encode s StandardCharsets/UTF_8)) + (defn- installation-token-uri [github-api-url installation-id] (-> (URI/create (str github-api-url "/")) - (.resolve (str "app/installations/" (codec/url-encode (str installation-id)) "/access_tokens")) + (.resolve (str "app/installations/" (url-encode (str installation-id)) "/access_tokens")) .normalize .toString)) From a45364cdac5d675139e9c97020a8f151d894c28d Mon Sep 17 00:00:00 2001 From: Marco Biscaro Date: Fri, 6 Dec 2024 15:22:39 -0300 Subject: [PATCH 5/6] Fix bcprov-jdk18on dependency We use the Provider component (bcprov-jdk18on), not the OpenPGP component (bcpg-jdk18on). --- project.clj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project.clj b/project.clj index 5aa021d..80f938a 100644 --- a/project.clj +++ b/project.clj @@ -12,7 +12,7 @@ [org.clojure/core.cache "1.1.234"] [com.auth0/java-jwt "4.4.0"] [org.bouncycastle/bcpkix-jdk18on "1.79"] - [org.bouncycastle/bcpg-jdk18on "1.79"] + [org.bouncycastle/bcprov-jdk18on "1.79"] [pandect/pandect "1.0.2"] [crypto-equality/crypto-equality "1.0.1"]] :plugins [[lein-ancient "0.7.0"] From 632e01c14b991afb8cf375a2a8f7af58a3e15497 Mon Sep 17 00:00:00 2001 From: Marco Biscaro Date: Fri, 6 Dec 2024 15:41:33 -0300 Subject: [PATCH 6/6] Version 0.3.0 --- CHANGELOG.md | 12 ++++++++++++ project.clj | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37ef6f2..434e042 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ## [Unreleased] +## [0.3.0] — 2024-12-06 +### Changed +* Upgrade dependencies + * cheshire from 5.11.0 to 5.13.0 + * clj-http from 3.12.3 to 3.13.0 + * org.clojure/core.cache from 1.0.225 to 1.1.234 + * com.auth0/java-jwt from 4.0.0 to 4.4.0 + * org.bouncycastle/* from 1.78.1 to 1.79 +* Remove some dependencies + * ring/ring-codec + * org.bovinegenius/exploding-fish + ## [0.2.2] — 2024-08-07 ### Changed * Bump dependencies diff --git a/project.clj b/project.clj index 80f938a..5544781 100644 --- a/project.clj +++ b/project.clj @@ -1,4 +1,4 @@ -(defproject nubank/clj-github-app "0.2.2" +(defproject nubank/clj-github-app "0.3.0" :description "A library to implement GitHub Apps in Clojure." :url "http://github.com/nubank/clj-github-app" :license {:name "Eclipse Public License"