From 5e64d864219c6ed1c38883049b5dbce5bbeb1088 Mon Sep 17 00:00:00 2001 From: Tun Loakthar Date: Wed, 26 Feb 2025 15:15:34 +0000 Subject: [PATCH 1/8] Add security.md file --- SECURITY.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..35f3c22 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,26 @@ +# Security + +If you believe you have found a new security vulnerability in this repository, please report it to us as follows. + +## Reporting Security Issues + +* Please do **not** report security vulnerabilities through public GitHub issues. + +* Please create a draft security advisory on the Github page: the reporting form is under `> Security > Advisories`. The URL is https://github.com/exasol/virtual-schema-common-java/security/advisories/new. + +* If you prefer to email, please send your report to `infosec@exasol.com`. + +## Guidelines + +* When reporting a vulnerability, please include as much information as possible, including the complete steps to reproduce the issue. + +* Avoid sending us executables. + +* Feel free to include any script you wrote and used but avoid sending us scripts that download and run binaries. + +* We will prioritise reports that show how the exploits work in realistic environments. + +* We prefer all communications to be in English. + +* We do not offer financial rewards. We are happy to acknowledge your research publicly when possible. + From 95986b99d07e04b02d43267c797ddd7ead237ee0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20B=C3=A4r?= Date: Thu, 13 Mar 2025 12:38:39 +0100 Subject: [PATCH 2/8] #247: Started requirement document --- doc/changes/changelog.md | 1 + doc/changes/changes_18.0.0.md | 17 +++++++ doc/user_requirements.md | 85 +++++++++++++++++++++++++++++++++++ pk_generated_parent.pom | 2 +- pom.xml | 6 +-- 5 files changed, 107 insertions(+), 4 deletions(-) create mode 100644 doc/changes/changes_18.0.0.md create mode 100644 doc/user_requirements.md diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md index e3dd0b8..2aafdd8 100644 --- a/doc/changes/changelog.md +++ b/doc/changes/changelog.md @@ -1,5 +1,6 @@ # Changes +* [18.0.0](changes_18.0.0.md) * [17.1.0](changes_17.1.0.md) * [17.0.1](changes_17.0.1.md) * [17.0.0](changes_17.0.0.md) diff --git a/doc/changes/changes_18.0.0.md b/doc/changes/changes_18.0.0.md new file mode 100644 index 0000000..cbfe127 --- /dev/null +++ b/doc/changes/changes_18.0.0.md @@ -0,0 +1,17 @@ +# Common Module of Exasol Virtual Schemas Adapters 18.0.0, released 2025-03-?? + +Code name: Property Validation Rework + +## Summary + +In this release we reworked the Virtual Schema property validation infrastructure. Many parts were in VS Common JDBC, although they are relevant for virtual schemas. + +## Features + +* #284: New property validation framework + +## Dependency Updates + +### Plugin Dependency Updates + +* Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `4.5.0` diff --git a/doc/user_requirements.md b/doc/user_requirements.md new file mode 100644 index 0000000..222f910 --- /dev/null +++ b/doc/user_requirements.md @@ -0,0 +1,85 @@ +# Features + +## Property Validation +`feat~property-validation~1` + +The VSCJ library provides the infrastructure for validating the input coming from virtual schema properties. + +Rationale: + +The validation on the one hand provides users with better information about properties that have been set incorrectly and on the other hand improves the security by preventing faulty or malicious property values to endanger the VS operation. + +Needs: req + +# High-level Requirements + +### Validating the Existence of Mandatory Properties +`req~validating-the-existence-of-mandatory-properties~1` + +VSCJ allows validating that a mandatory virtual schema property is set. + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + +### Validating That an Optional Property Is Allowed +`req~validating-that-an-optional-property-is-allowed~1` + +VSCJ allows validating that a property the user provides is a valid optional property. + +Rationale: + +It is a subtle source of errors if users provide a property that is not wanted by the virtual schema. Ignoring it is not a good options, since that has the potential to confuse the users. Imaging a situation where they misspell the property name. An error message would immediately tell them that this is not the property name they intended to provide. + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + +### Validating Boolean Properties +`req~validating-boolean-properties~1` + +VSCJ checks whether the value of a boolean property is `true` or `false`. + +Rationale: + +Boolean properties are often used as feature switches. + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + +### Validating Integer Properties +`req~validating-integer-properties~1` + +VSCJ checks whether a property is + +- a proper integer value +- withing the allowed interval + +Rationale: + +This is useful for configurations like a port range for example. + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + +### Validating Properties Containing Database Object IDS +`req~validating-properties-containing-database-objects-ids~1` + +VSCJ validates that a property referencing a database object contains a valid Exasol database object ID. + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index a60760f..99441ef 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -3,7 +3,7 @@ 4.0.0 com.exasol virtual-schema-common-java-generated-parent - 17.1.0 + 18.0.0 pom UTF-8 diff --git a/pom.xml b/pom.xml index 953e321..22fba98 100644 --- a/pom.xml +++ b/pom.xml @@ -2,7 +2,7 @@ 4.0.0 virtual-schema-common-java - 17.1.0 + 18.0.0 Common module of Exasol Virtual Schemas Adapters This is one of the modules of Virtual Schemas Adapters. The libraries provided by this project are the foundation of the adapter development, i.e. adapters must be implemented on top of them. @@ -72,7 +72,7 @@ com.exasol project-keeper-maven-plugin - 4.3.0 + 4.5.0 @@ -86,7 +86,7 @@ virtual-schema-common-java-generated-parent com.exasol - 17.1.0 + 18.0.0 pk_generated_parent.pom From 85e8e0102cd4e28643dc05adb99e5fda3228eae6 Mon Sep 17 00:00:00 2001 From: redcatbear Date: Thu, 13 Mar 2025 15:45:13 +0100 Subject: [PATCH 3/8] #284: User requirements draft --- README.md | 2 + doc/design.md | 1 + doc/user_requirements.md | 169 ++++++++++++++++++++++++++++++++++++--- 3 files changed, 163 insertions(+), 9 deletions(-) create mode 100644 doc/design.md diff --git a/README.md b/README.md index fe21557..1fc78ca 100644 --- a/README.md +++ b/README.md @@ -25,11 +25,13 @@ A Virtual Schema adapter is basically a [UDF](https://docs.exasol.com/database_c * [List of Virtual Schema dialects](https://github.com/exasol/virtual-schemas/blob/main/doc/user-guide/dialects.md) * [Changelog](doc/changes/changelog.md) +* [User Requirements](doc/user_requirements.md) * [Dependencies](dependencies.md) ## Information for Developers * [Virtual Schema API](doc/development/api/virtual_schema_api.md) +* [Software Design](doc/design.md) * [Capabilities list](doc/development/api/capabilities_list.md) ## Open Source Project Support diff --git a/doc/design.md b/doc/design.md new file mode 100644 index 0000000..8c1c2f8 --- /dev/null +++ b/doc/design.md @@ -0,0 +1 @@ +TBD - in a separate pull request. \ No newline at end of file diff --git a/doc/user_requirements.md b/doc/user_requirements.md index 222f910..217731a 100644 --- a/doc/user_requirements.md +++ b/doc/user_requirements.md @@ -1,6 +1,10 @@ -# Features +# System Requirement Specification (SRS) Virtual Schema Common Java (VSCJ) -## Property Validation +This document contains the system requirements for the Java bottom-layer base library for all Exasol Virtual Schema adapters. + +## Features + +### Property Validation `feat~property-validation~1` The VSCJ library provides the infrastructure for validating the input coming from virtual schema properties. @@ -11,9 +15,28 @@ The validation on the one hand provides users with better information about prop Needs: req -# High-level Requirements +## High-level Requirements + +### Property Validation + +Users provide properties with virtual schema definitions that serve as configuration. + +Here is a non-exhaustive list of typical properties that should give an idea of what they are used for: + +1. Name under which the virtual schema can be found in the Exasol database +2. ID of the connection object that stores the access data to the data source +3. Log level +4. Target host for logs +5. Connection type selector +6. Feature switch -### Validating the Existence of Mandatory Properties +Please refer to [Appendix A — Known Virtual Schema Property Types](#appendix-a--known-virtual-schema-property-types) for a more complete list. + +Note that some of these properties have relationships that require to validate them together. In the Exasol Virtual Schema for instance, the selected connection type decides which other connection properties are required. + +Also, some of the validations are so dialect-specific, that covering them in the VSCJ base library is not reasonable. + +#### Validating the Existence of Mandatory Properties `req~validating-the-existence-of-mandatory-properties~1` VSCJ allows validating that a mandatory virtual schema property is set. @@ -24,7 +47,7 @@ Covers: Needs: req -### Validating That an Optional Property Is Allowed +#### Validating That an Optional Property Is Allowed `req~validating-that-an-optional-property-is-allowed~1` VSCJ allows validating that a property the user provides is a valid optional property. @@ -39,7 +62,7 @@ Covers: Needs: req -### Validating Boolean Properties +#### Validating Boolean Properties `req~validating-boolean-properties~1` VSCJ checks whether the value of a boolean property is `true` or `false`. @@ -54,7 +77,7 @@ Covers: Needs: req -### Validating Integer Properties +#### Validating Integer Properties `req~validating-integer-properties~1` VSCJ checks whether a property is @@ -72,10 +95,36 @@ Covers: Needs: req -### Validating Properties Containing Database Object IDS +#### Validating Properties Containing Database Object IDS `req~validating-properties-containing-database-objects-ids~1` -VSCJ validates that a property referencing a database object contains a valid Exasol database object ID. +VSCJ validates that a property referencing a database object contains a valid [Exasol database object ID](https://docs.exasol.com/saas/sql_references/basiclanguageelements.htm#SQLidentifier). + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + +#### Validating String Property Values +`req~validating-string-property-values~1` + +VSCJ validates a string property against a given pattern. + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + +#### Validating Properties Referencing a Host +`req~validating-properties-referencing-a-host~1` + +VSCJ validates that a property contains a valid IP address or host name. + +Rationale: + +Almost all virtual schemas will point to a network service on a remote host, for example databases, cloud storage or general web services. Covers: @@ -83,3 +132,105 @@ Covers: Needs: req +#### Validating Properties with Enumerations +`req~validating-properties-with-enumerations~1` + +VSCJ validates that a property contains a value from a predefined set of valid enumeration values. + +Rationale: + +Certain properties must only accept specific predefined values to avoid configuration errors and ensure consistent behavior across schemas. For instance, a property representing a datatype mapping option. + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + +#### Validating Properties with Multi-Select Enumerations +`req~validating-properties-with-multi-select-enumerations~1` + +VSCJ validates that a property contains a comma-separated list of values, each belonging to the predefined set of valid enumeration values. + +Rationale: + +Some properties may allow multiple selections from a set of predefined options. For example, `EXCLUDED_CAPABILITIES` might specify features to disable, such as `ABS`, `REPEAT`, or `UNICODE`. Validating that all values in the list are part of the allowed enumeration prevents misconfiguration and ensures proper behavior. + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + +#### Validating Properties With Unix Paths +`req~validating-properties-with-unix-paths~1` + +VSCJ validates that a property contains a valid Unix path. + +Rationale: + +Document-based virtual schemas need a mapping file that is located in BucketFS. + +Covers: + +* [`feat~property-validation~1`](#property-validation) + +Needs: req + +#### Validation Dependencies +`req~validation-dependencies~1` + +VSCJ allows an adapter for an SQL dialect to enforce dependent validations. + +Rationale: + +Not all properties exist in isolation. In the Exasol virtual schema for example, which connection properties are required depends on which connection options are selected. +Note that the relationships can be complicated and highly dialect-specific, so any attempt to cover everything in VSCJ is bound to fail. Instead, we must only make sure in VSCJ that dialects can combine validations in a flexible way. Details and constraints are up to the [software design](design.md). + +Covers: + +* [`feat~property-validation~1`](#property-validation) + + +Needs: req + + + +### Known Limitations + +* For now, we limit the property validation to the value syntax and ranges. +* We don't validate that database objects that are referenced, actually exist during value validation. + +## Appendix A — Known Virtual Schema Property Types + +To make sure we don't forget requirements, here is a list of all known Virtual Schema properties as of 2025-03-13 and their types. + +Please note that the list will be outdated at some point. Its main purpose is to get a good sample of all property variants. + +| Property Name | Virtual Schema Dialect | Type | O/M | +|---------------------------------------------------------|------------------------------|---------------------------------------|-----| +| CATALOG_NAME | Multiple dialects | Database object ID (dialect-specific) | O | +| CONNECTION_NAME | All | Exasol database object ID | M | +| DEBUG_ADDRESS | All | <host>:<port> | O | +| DEBUG_LEVEL | All | Enumeration | O | +| EXA_CONNECTION_NAME | Exasol | Exasol database object ID | O | +| EXCLUDED_CAPABILITIES | All | Multi-select enum, comma-separated | O | +| GENERATE_JDBC_DATATYPE_MAPPING_FOR_EXA | Exasol | Boolean | O | +| GENERATE_JDBC_DATATYPE_MAPPING_FOR_OCI | Oracle | Boolean | O | +| IGNORE_ERRORS | All (for debugging purposes) | Boolean | O | +| IMPORT_FROM_EXA | Exasol | Boolean | O | +| IMPORT_FROM_ORA | Oracle | Boolean | O | +| IS_LOCAL | Exasol | Boolean | O | +| MAPPING | Azure Blob Storage | Unix file path | M | +| MAX_PARALLEL_UDFS | Azure Blob Storage | Integer | O | +| ORA_CONNECTION_NAME | Oracle | Exasol database object ID | O | +| ORACLE_CAST_NUMBER_TO_DECIMAL_WITH_PRECISION_AND_SCALE | Oracle | <Integer>,<Integer> | O | +| POSTGRESQL_IDENTIFIER_MAPPING | PostgreSQL | Enum | O | +| TABLE_FILTER | All (optional filtering) | Comma-separated list of object IDs | O | +| SCHEMA_NAME | Multiple dialects | Database object ID (dialect-specific) | M | + +You can see from the list that some property types are universal and others are highly dialect specific. And Exasol database object ID is only superficially similar to one of MySQL or PostgreSQL. + +Outdated properties, i.e. properties that don't play any role anymore or are already removed: + +* `DIALECT_NAME` \ No newline at end of file From 9be95edccf2c1912b2a9f85fd5654cccc34b4fa4 Mon Sep 17 00:00:00 2001 From: redcatbear Date: Fri, 14 Mar 2025 08:29:08 +0100 Subject: [PATCH 4/8] #284: Fixed review findings of @tomuben. --- doc/user_requirements.md | 44 ++++++++++++++++++++++++++++++++-------- 1 file changed, 35 insertions(+), 9 deletions(-) diff --git a/doc/user_requirements.md b/doc/user_requirements.md index 217731a..d82713b 100644 --- a/doc/user_requirements.md +++ b/doc/user_requirements.md @@ -2,12 +2,38 @@ This document contains the system requirements for the Java bottom-layer base library for all Exasol Virtual Schema adapters. +## Terms and Abbreviations + +###### Database object ID + +A unique identifier used to reference specific objects in a database. + +###### Dialect + +A specific implementation or variation of features, behaviors, or rules for interacting with a given data source or database type in the context of Virtual Schemas. + +###### Virtual Schema + +A database schema that only exists as a projection of an external data source. The data in the virtual schema is not permanently stored on the Exasol database. + +###### Virtual Schema Property + +A configuration option that controls the structure or behavior of a [virtual schema](#virtual-schema). + +###### VS + +See [Virtual Schema](#virtual-schema) + +###### VSCJ + +The abbreviation for "Virtual Schema Common Java", the base library designed for all Java Exasol Virtual Schema adapters. + ## Features ### Property Validation `feat~property-validation~1` -The VSCJ library provides the infrastructure for validating the input coming from virtual schema properties. +The VSCJ library provides the infrastructure for validating the input coming from [virtual schema properties](#virtual-schema-property). Rationale: @@ -34,12 +60,12 @@ Please refer to [Appendix A — Known Virtual Schema Property Types](#appendix-a Note that some of these properties have relationships that require to validate them together. In the Exasol Virtual Schema for instance, the selected connection type decides which other connection properties are required. -Also, some of the validations are so dialect-specific, that covering them in the VSCJ base library is not reasonable. +Also, some of the validations are so [dialect-specific](#dialect), that covering them in the VSCJ base library is not reasonable. #### Validating the Existence of Mandatory Properties `req~validating-the-existence-of-mandatory-properties~1` -VSCJ allows validating that a mandatory virtual schema property is set. +If a virtual schema property is mandatory, the VSCJ allows validating that it is set. Covers: @@ -50,11 +76,11 @@ Needs: req #### Validating That an Optional Property Is Allowed `req~validating-that-an-optional-property-is-allowed~1` -VSCJ allows validating that a property the user provides is a valid optional property. +If a virtual schema property is optional, VSCJ checks that the given property is known. Rationale: -It is a subtle source of errors if users provide a property that is not wanted by the virtual schema. Ignoring it is not a good options, since that has the potential to confuse the users. Imaging a situation where they misspell the property name. An error message would immediately tell them that this is not the property name they intended to provide. +It is a subtle source of errors if users provide a property that is not wanted by the virtual schema. Ignoring it is not a good option, since that has the potential to confuse the users. Imagine a situation where they misspell the property name. An error message would immediately tell them that this is not the property name they intended to provide. Covers: @@ -180,11 +206,11 @@ Needs: req #### Validation Dependencies `req~validation-dependencies~1` -VSCJ allows an adapter for an SQL dialect to enforce dependent validations. +VSCJ allows an adapter for an SQL [dialect](#dialect) to enforce dependent validations. Rationale: -Not all properties exist in isolation. In the Exasol virtual schema for example, which connection properties are required depends on which connection options are selected. +Not all properties exist in isolation. In the Exasol virtual schema for example, the required connection properties depend on the selected connection options. Note that the relationships can be complicated and highly dialect-specific, so any attempt to cover everything in VSCJ is bound to fail. Instead, we must only make sure in VSCJ that dialects can combine validations in a flexible way. Details and constraints are up to the [software design](design.md). Covers: @@ -199,7 +225,7 @@ Needs: req ### Known Limitations * For now, we limit the property validation to the value syntax and ranges. -* We don't validate that database objects that are referenced, actually exist during value validation. +* During value validation, we do not check if the referenced database objects actually exist. ## Appendix A — Known Virtual Schema Property Types @@ -233,4 +259,4 @@ You can see from the list that some property types are universal and others are Outdated properties, i.e. properties that don't play any role anymore or are already removed: -* `DIALECT_NAME` \ No newline at end of file +* `DIALECT_NAME` — obsolete since now each dialect has its own JAR package \ No newline at end of file From 5709f1d1fb71ae2fc70260e4288a43b8c8dba93e Mon Sep 17 00:00:00 2001 From: redcatbear Date: Fri, 14 Mar 2025 08:32:23 +0100 Subject: [PATCH 5/8] #284: Corrected headline capitalization. --- doc/user_requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/user_requirements.md b/doc/user_requirements.md index d82713b..80af9c4 100644 --- a/doc/user_requirements.md +++ b/doc/user_requirements.md @@ -4,7 +4,7 @@ This document contains the system requirements for the Java bottom-layer base li ## Terms and Abbreviations -###### Database object ID +###### Database Object ID A unique identifier used to reference specific objects in a database. From c81bcb5b8795f76935d9f270d2bc458aef4ed1c8 Mon Sep 17 00:00:00 2001 From: redcatbear Date: Fri, 14 Mar 2025 12:37:49 +0100 Subject: [PATCH 6/8] #284: Updated dependencies and PK. --- .github/workflows/broken_links_checker.yml | 6 +- .github/workflows/ci-build-next-java.yml | 43 ---------- .github/workflows/ci-build.yml | 92 ++++++++++++++++++-- .github/workflows/dependencies_check.yml | 2 +- .github/workflows/dependencies_update.yml | 16 ++-- .github/workflows/release.yml | 4 +- .settings/org.eclipse.jdt.core.prefs | 20 +++-- .settings/org.eclipse.jdt.ui.prefs | 6 ++ dependencies.md | 99 ++++++++++++---------- doc/changes/changes_18.0.0.md | 26 +++++- pk_generated_parent.pom | 59 ++++++++++--- pom.xml | 14 +-- release_config.yml | 4 - 13 files changed, 251 insertions(+), 140 deletions(-) delete mode 100644 .github/workflows/ci-build-next-java.yml delete mode 100644 release_config.yml diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml index d7a38b4..90488ca 100644 --- a/.github/workflows/broken_links_checker.yml +++ b/.github/workflows/broken_links_checker.yml @@ -5,14 +5,12 @@ name: Broken Links Checker on: schedule: - cron: "0 5 * * 0" - push: - branches: - - main - pull_request: jobs: linkChecker: runs-on: ubuntu-latest + permissions: + contents: read defaults: run: shell: "bash" diff --git a/.github/workflows/ci-build-next-java.yml b/.github/workflows/ci-build-next-java.yml deleted file mode 100644 index 8886e10..0000000 --- a/.github/workflows/ci-build-next-java.yml +++ /dev/null @@ -1,43 +0,0 @@ -# Generated by Project Keeper -# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/workflows/ci-build-next-java.yml -name: CI Build next Java -on: - push: - branches: - - main - pull_request: - -jobs: - java-17-compatibility: - runs-on: ubuntu-latest - defaults: - run: - shell: "bash" - permissions: - contents: read - checks: write # Allow scacap/action-surefire-report - concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - steps: - - name: Checkout the repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - distribution: "temurin" - java-version: 17 - cache: "maven" - - name: Run tests and build with Maven - run: | - mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \ - -Djava.version=17 \ - -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn - - name: Publish Test Report for Java 17 - uses: scacap/action-surefire-report@v1 - if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }} - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - fail_if_no_tests: false diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index 8cea999..dbd2de0 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -9,7 +9,7 @@ on: pull_request: null workflow_dispatch: null jobs: - build: + build-and-test: runs-on: ubuntu-latest defaults: run: { @@ -17,11 +17,10 @@ jobs: } permissions: { contents: read, - checks: write, issues: read } concurrency: { - group: '${{ github.workflow }}-${{ github.ref }}', + group: '${{ github.workflow }}-build-and-test-${{ github.ref }}', cancel-in-progress: true } outputs: { @@ -45,7 +44,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven @@ -94,6 +93,89 @@ jobs: path: '${{ steps.build-pk-verify.outputs.release-artifacts }}', retention-days: 5 } + - name: Configure link check + id: configure-link-check + run: | + mkdir -p ./target + echo '{"aliveStatusCodes": [429, 200], "ignorePatterns": [' \ + '{"pattern": "^https?://(www|dev).mysql.com/"},' \ + '{"pattern": "^https?://(www.)?opensource.org"}' \ + '{"pattern": "^https?://(www.)?eclipse.org"}' \ + '{"pattern": "^https?://projects.eclipse.org"}' \ + ']}' > ./target/broken_links_checker.json + - uses: gaurav-nelson/github-action-markdown-link-check@v1 + id: run-link-check + with: { + use-quiet-mode: yes, + use-verbose-mode: yes, + config-file: ./target/broken_links_checker.json + } + next-java-compatibility: + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + permissions: { + contents: read + } + concurrency: { + group: '${{ github.workflow }}-next-java-${{ github.ref }}', + cancel-in-progress: true + } + steps: + - name: Checkout the repository + id: checkout + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up JDK 17 + id: setup-java + uses: actions/setup-java@v4 + with: { + distribution: temurin, + java-version: '17', + cache: maven + } + - { + name: Run tests and build with Maven 17, + id: build-next-java, + run: mvn --batch-mode clean package -DtrimStackTrace=false -Djava.version=17 + } + build: + needs: [ + build-and-test, + next-java-compatibility + ] + runs-on: ubuntu-latest + defaults: + run: { + shell: bash + } + permissions: { + contents: read, + issues: read + } + outputs: { + release-required: '${{ steps.check-release.outputs.release-required }}' + } + steps: + - name: Checkout the repository + id: checkout + uses: actions/checkout@v4 + with: { + fetch-depth: 0 + } + - name: Set up JDKs + id: setup-java + uses: actions/setup-java@v4 + with: + distribution: temurin + java-version: |- + 11 + 17 + cache: maven - name: Check if release is needed id: check-release if: ${{ github.ref == 'refs/heads/main' }} @@ -102,7 +184,7 @@ jobs: echo "### ✅ Release preconditions met, start release" >> "$GITHUB_STEP_SUMMARY" echo "release-required=true" >> "$GITHUB_OUTPUT" else - echo "### 🛑 Release precondition not met, skipping release" >> "$GITHUB_STEP_SUMMARY" + echo "### 🛑 Not all release preconditions met, skipping release" >> "$GITHUB_STEP_SUMMARY" echo "See log output for details." >> "$GITHUB_STEP_SUMMARY" echo "release-required=false" >> "$GITHUB_OUTPUT" fi diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml index 9c2365c..02c5aa0 100644 --- a/.github/workflows/dependencies_check.yml +++ b/.github/workflows/dependencies_check.yml @@ -35,7 +35,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml index 9f536ee..c901506 100644 --- a/.github/workflows/dependencies_update.yml +++ b/.github/workflows/dependencies_update.yml @@ -35,7 +35,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven @@ -61,14 +61,6 @@ jobs: env: { CREATED_ISSUES: '${{ inputs.vulnerability_issues }}' } - - name: Project Keeper Fix - id: project-keeper-fix - run: | - mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - - name: Project Keeper Fix for updated Project Keeper version - id: project-keeper-fix-2 - run: | - mvn --batch-mode com.exasol:project-keeper-maven-plugin:fix --projects . - name: Generate Pull Request comment id: pr-comment run: | @@ -81,7 +73,11 @@ jobs: echo 'It updates dependencies.' >> "$GITHUB_OUTPUT" fi echo >> "$GITHUB_OUTPUT" - echo '# ⚠️ This PR does not trigger CI workflows by default ⚠️' >> "$GITHUB_OUTPUT" + echo '# ⚠️ Notes ⚠️' >> "$GITHUB_OUTPUT" + echo '## Run PK fix manually' >> "$GITHUB_OUTPUT" + echo 'Due to restrictions workflow `dependencies_update.yml` cannot update other workflows, see https://github.com/exasol/project-keeper/issues/578 for details.' >> "$GITHUB_OUTPUT" + echo 'Please checkout this PR locally and run `mvn com.exasol:project-keeper-maven-plugin:fix --projects .`' >> "$GITHUB_OUTPUT" + echo '## This PR does not trigger CI workflows' >> "$GITHUB_OUTPUT" echo 'Please click the **Close pull request** button and then **Reopen pull request** to trigger running checks.' >> "$GITHUB_OUTPUT" echo 'See https://github.com/exasol/project-keeper/issues/534 for details.' >> "$GITHUB_OUTPUT" echo 'EOF' >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 5be64c8..e4682a3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,7 +52,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven @@ -67,7 +67,7 @@ jobs: uses: actions/setup-java@v4 with: distribution: temurin - java-version: | + java-version: |- 11 17 cache: maven diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs index bb40c3f..6d0c568 100644 --- a/.settings/org.eclipse.jdt.core.prefs +++ b/.settings/org.eclipse.jdt.core.prefs @@ -1,15 +1,19 @@ eclipse.preferences.version=1 +org.eclipse.jdt.core.builder.annotationPath.allLocations=disabled org.eclipse.jdt.core.compiler.annotation.inheritNullAnnotations=disabled org.eclipse.jdt.core.compiler.annotation.missingNonNullByDefaultAnnotation=ignore org.eclipse.jdt.core.compiler.annotation.nonnull=org.eclipse.jdt.annotation.NonNull org.eclipse.jdt.core.compiler.annotation.nonnull.secondary= org.eclipse.jdt.core.compiler.annotation.nonnullbydefault=org.eclipse.jdt.annotation.NonNullByDefault org.eclipse.jdt.core.compiler.annotation.nonnullbydefault.secondary= +org.eclipse.jdt.core.compiler.annotation.notowning=org.eclipse.jdt.annotation.NotOwning org.eclipse.jdt.core.compiler.annotation.nullable=org.eclipse.jdt.annotation.Nullable org.eclipse.jdt.core.compiler.annotation.nullable.secondary= org.eclipse.jdt.core.compiler.annotation.nullanalysis=disabled +org.eclipse.jdt.core.compiler.annotation.owning=org.eclipse.jdt.annotation.Owning +org.eclipse.jdt.core.compiler.annotation.resourceanalysis=disabled org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled -org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate +org.eclipse.jdt.core.compiler.codegen.methodParameters=generate org.eclipse.jdt.core.compiler.codegen.targetPlatform=11 org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve org.eclipse.jdt.core.compiler.compliance=11 @@ -17,6 +21,7 @@ org.eclipse.jdt.core.compiler.debug.lineNumber=generate org.eclipse.jdt.core.compiler.debug.localVariable=generate org.eclipse.jdt.core.compiler.debug.sourceFile=generate org.eclipse.jdt.core.compiler.problem.APILeak=warning +org.eclipse.jdt.core.compiler.problem.annotatedTypeArgumentToUnannotated=info org.eclipse.jdt.core.compiler.problem.annotationSuperInterface=warning org.eclipse.jdt.core.compiler.problem.assertIdentifier=error org.eclipse.jdt.core.compiler.problem.autoboxing=ignore @@ -39,8 +44,10 @@ org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning org.eclipse.jdt.core.compiler.problem.hiddenCatchBlock=warning org.eclipse.jdt.core.compiler.problem.includeNullInfoFromAsserts=disabled org.eclipse.jdt.core.compiler.problem.incompatibleNonInheritedInterfaceMethod=warning +org.eclipse.jdt.core.compiler.problem.incompatibleOwningContract=warning org.eclipse.jdt.core.compiler.problem.incompleteEnumSwitch=warning org.eclipse.jdt.core.compiler.problem.indirectStaticAccess=ignore +org.eclipse.jdt.core.compiler.problem.insufficientResourceAnalysis=warning org.eclipse.jdt.core.compiler.problem.localVariableHiding=ignore org.eclipse.jdt.core.compiler.problem.methodWithConstructorName=warning org.eclipse.jdt.core.compiler.problem.missingDefaultCase=ignore @@ -56,15 +63,15 @@ org.eclipse.jdt.core.compiler.problem.noImplicitStringConversion=warning org.eclipse.jdt.core.compiler.problem.nonExternalizedStringLiteral=ignore org.eclipse.jdt.core.compiler.problem.nonnullParameterAnnotationDropped=warning org.eclipse.jdt.core.compiler.problem.nonnullTypeVariableFromLegacyInvocation=warning -org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=error +org.eclipse.jdt.core.compiler.problem.nullAnnotationInferenceConflict=warning org.eclipse.jdt.core.compiler.problem.nullReference=warning -org.eclipse.jdt.core.compiler.problem.nullSpecViolation=error -org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=warning +org.eclipse.jdt.core.compiler.problem.nullSpecViolation=warning +org.eclipse.jdt.core.compiler.problem.nullUncheckedConversion=ignore org.eclipse.jdt.core.compiler.problem.overridingPackageDefaultMethod=warning org.eclipse.jdt.core.compiler.problem.parameterAssignment=ignore org.eclipse.jdt.core.compiler.problem.pessimisticNullAnalysisForFreeTypeVariables=warning org.eclipse.jdt.core.compiler.problem.possibleAccidentalBooleanAssignment=ignore -org.eclipse.jdt.core.compiler.problem.potentialNullReference=ignore +org.eclipse.jdt.core.compiler.problem.potentialNullReference=warning org.eclipse.jdt.core.compiler.problem.potentiallyUnclosedCloseable=ignore org.eclipse.jdt.core.compiler.problem.rawTypeReference=warning org.eclipse.jdt.core.compiler.problem.redundantNullAnnotation=warning @@ -78,7 +85,8 @@ org.eclipse.jdt.core.compiler.problem.specialParameterHidingField=disabled org.eclipse.jdt.core.compiler.problem.staticAccessReceiver=warning org.eclipse.jdt.core.compiler.problem.suppressOptionalErrors=disabled org.eclipse.jdt.core.compiler.problem.suppressWarnings=enabled -org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=disabled +org.eclipse.jdt.core.compiler.problem.suppressWarningsNotFullyAnalysed=info +org.eclipse.jdt.core.compiler.problem.syntacticNullAnalysisForFields=enabled org.eclipse.jdt.core.compiler.problem.syntheticAccessEmulation=ignore org.eclipse.jdt.core.compiler.problem.terminalDeprecation=warning org.eclipse.jdt.core.compiler.problem.typeParameterHiding=warning diff --git a/.settings/org.eclipse.jdt.ui.prefs b/.settings/org.eclipse.jdt.ui.prefs index 1add06a..54d02ac 100644 --- a/.settings/org.eclipse.jdt.ui.prefs +++ b/.settings/org.eclipse.jdt.ui.prefs @@ -76,6 +76,7 @@ sp_cleanup.add_missing_nls_tags=false sp_cleanup.add_missing_override_annotations=true sp_cleanup.add_missing_override_annotations_interface_methods=true sp_cleanup.add_serial_version_id=false +sp_cleanup.also_simplify_lambda=false sp_cleanup.always_use_blocks=true sp_cleanup.always_use_parentheses_in_expressions=true sp_cleanup.always_use_this_for_non_static_field_access=true @@ -130,6 +131,7 @@ sp_cleanup.one_if_rather_than_duplicate_blocks_that_fall_through=false sp_cleanup.operand_factorization=false sp_cleanup.organize_imports=true sp_cleanup.overridden_assignment=false +sp_cleanup.overridden_assignment_move_decl=false sp_cleanup.plain_replacement=false sp_cleanup.precompile_regex=false sp_cleanup.primitive_comparison=false @@ -159,10 +161,12 @@ sp_cleanup.remove_unnecessary_casts=true sp_cleanup.remove_unnecessary_nls_tags=true sp_cleanup.remove_unused_imports=true sp_cleanup.remove_unused_local_variables=false +sp_cleanup.remove_unused_method_parameters=false sp_cleanup.remove_unused_private_fields=true sp_cleanup.remove_unused_private_members=false sp_cleanup.remove_unused_private_methods=true sp_cleanup.remove_unused_private_types=true +sp_cleanup.replace_deprecated_calls=false sp_cleanup.return_expression=false sp_cleanup.simplify_lambda_expression_and_method_ref=false sp_cleanup.single_used_field=false @@ -174,6 +178,8 @@ sp_cleanup.strictly_equal_or_different=false sp_cleanup.stringbuffer_to_stringbuilder=false sp_cleanup.stringbuilder=false sp_cleanup.stringbuilder_for_local_vars=false +sp_cleanup.stringconcat_stringbuffer_stringbuilder=false +sp_cleanup.stringconcat_to_textblock=false sp_cleanup.substring=false sp_cleanup.switch=false sp_cleanup.system_property=false diff --git a/dependencies.md b/dependencies.md index 9312d3e..d5c8247 100644 --- a/dependencies.md +++ b/dependencies.md @@ -13,7 +13,7 @@ | Dependency | License | | ------------------------------------------ | ---------------------------------------------- | -| [Hamcrest][7] | [BSD License 3][8] | +| [Hamcrest][7] | [BSD-3-Clause][8] | | [JSONassert][9] | [The Apache Software License, Version 2.0][10] | | [JUnit Jupiter (Aggregator)][11] | [Eclipse Public License v2.0][12] | | [mockito-junit-jupiter][13] | [MIT][14] | @@ -30,24 +30,29 @@ | Dependency | License | | ------------------------------------------------------- | --------------------------------- | -| [SonarQube Scanner for Maven][19] | [GNU LGPL 3][20] | -| [Apache Maven Toolchains Plugin][21] | [Apache License, Version 2.0][18] | -| [Apache Maven Compiler Plugin][22] | [Apache-2.0][18] | -| [Apache Maven Enforcer Plugin][23] | [Apache-2.0][18] | -| [Maven Flatten Plugin][24] | [Apache Software Licenese][18] | -| [org.sonatype.ossindex.maven:ossindex-maven-plugin][25] | [ASL2][10] | -| [Maven Surefire Plugin][26] | [Apache-2.0][18] | -| [Versions Maven Plugin][27] | [Apache License, Version 2.0][18] | -| [duplicate-finder-maven-plugin Maven Mojo][28] | [Apache License 2.0][29] | -| [Apache Maven Deploy Plugin][30] | [Apache-2.0][18] | -| [Apache Maven GPG Plugin][31] | [Apache-2.0][18] | -| [Apache Maven Source Plugin][32] | [Apache License, Version 2.0][18] | -| [Apache Maven Javadoc Plugin][33] | [Apache-2.0][18] | -| [Nexus Staging Maven Plugin][34] | [Eclipse Public License][35] | -| [JaCoCo :: Maven Plugin][36] | [EPL-2.0][37] | -| [error-code-crawler-maven-plugin][38] | [MIT License][39] | -| [Reproducible Build Maven Plugin][40] | [Apache 2.0][10] | -| [Project Keeper Maven plugin][41] | [The MIT License][42] | +| [Apache Maven Clean Plugin][19] | [Apache-2.0][18] | +| [Apache Maven Install Plugin][20] | [Apache-2.0][18] | +| [Apache Maven Resources Plugin][21] | [Apache-2.0][18] | +| [Apache Maven Site Plugin][22] | [Apache-2.0][18] | +| [SonarQube Scanner for Maven][23] | [GNU LGPL 3][24] | +| [Apache Maven Toolchains Plugin][25] | [Apache-2.0][18] | +| [Apache Maven Compiler Plugin][26] | [Apache-2.0][18] | +| [Apache Maven Enforcer Plugin][27] | [Apache-2.0][18] | +| [Maven Flatten Plugin][28] | [Apache Software Licenese][18] | +| [org.sonatype.ossindex.maven:ossindex-maven-plugin][29] | [ASL2][10] | +| [Maven Surefire Plugin][30] | [Apache-2.0][18] | +| [Versions Maven Plugin][31] | [Apache License, Version 2.0][18] | +| [duplicate-finder-maven-plugin Maven Mojo][32] | [Apache License 2.0][33] | +| [Apache Maven Deploy Plugin][34] | [Apache-2.0][18] | +| [Apache Maven GPG Plugin][35] | [Apache-2.0][18] | +| [Apache Maven Source Plugin][36] | [Apache License, Version 2.0][18] | +| [Apache Maven Javadoc Plugin][37] | [Apache-2.0][18] | +| [Nexus Staging Maven Plugin][38] | [Eclipse Public License][39] | +| [JaCoCo :: Maven Plugin][40] | [EPL-2.0][41] | +| [Quality Summarizer Maven Plugin][42] | [MIT License][43] | +| [error-code-crawler-maven-plugin][44] | [MIT License][45] | +| [Reproducible Build Maven Plugin][46] | [Apache 2.0][10] | +| [Project Keeper Maven plugin][47] | [The MIT License][48] | [0]: https://github.com/eclipse-ee4j/jsonp [1]: https://projects.eclipse.org/license/epl-2.0 @@ -57,7 +62,7 @@ [5]: https://github.com/exasol/error-reporting-java/ [6]: https://github.com/exasol/error-reporting-java/blob/main/LICENSE [7]: http://hamcrest.org/JavaHamcrest/ -[8]: http://opensource.org/licenses/BSD-3-Clause +[8]: https://raw.githubusercontent.com/hamcrest/JavaHamcrest/master/LICENSE [9]: https://github.com/skyscreamer/JSONassert [10]: http://www.apache.org/licenses/LICENSE-2.0.txt [11]: https://junit.org/junit5/ @@ -68,27 +73,33 @@ [16]: http://www.eclipse.org/legal/epl-v20.html [17]: https://www.jqno.nl/equalsverifier [18]: https://www.apache.org/licenses/LICENSE-2.0.txt -[19]: http://sonarsource.github.io/sonar-scanner-maven/ -[20]: http://www.gnu.org/licenses/lgpl.txt -[21]: https://maven.apache.org/plugins/maven-toolchains-plugin/ -[22]: https://maven.apache.org/plugins/maven-compiler-plugin/ -[23]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ -[24]: https://www.mojohaus.org/flatten-maven-plugin/ -[25]: https://sonatype.github.io/ossindex-maven/maven-plugin/ -[26]: https://maven.apache.org/surefire/maven-surefire-plugin/ -[27]: https://www.mojohaus.org/versions/versions-maven-plugin/ -[28]: https://basepom.github.io/duplicate-finder-maven-plugin -[29]: http://www.apache.org/licenses/LICENSE-2.0.html -[30]: https://maven.apache.org/plugins/maven-deploy-plugin/ -[31]: https://maven.apache.org/plugins/maven-gpg-plugin/ -[32]: https://maven.apache.org/plugins/maven-source-plugin/ -[33]: https://maven.apache.org/plugins/maven-javadoc-plugin/ -[34]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ -[35]: http://www.eclipse.org/legal/epl-v10.html -[36]: https://www.jacoco.org/jacoco/trunk/doc/maven.html -[37]: https://www.eclipse.org/legal/epl-2.0/ -[38]: https://github.com/exasol/error-code-crawler-maven-plugin/ -[39]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE -[40]: http://zlika.github.io/reproducible-build-maven-plugin -[41]: https://github.com/exasol/project-keeper/ -[42]: https://github.com/exasol/project-keeper/blob/main/LICENSE +[19]: https://maven.apache.org/plugins/maven-clean-plugin/ +[20]: https://maven.apache.org/plugins/maven-install-plugin/ +[21]: https://maven.apache.org/plugins/maven-resources-plugin/ +[22]: https://maven.apache.org/plugins/maven-site-plugin/ +[23]: http://docs.sonarqube.org/display/PLUG/Plugin+Library/sonar-maven-plugin +[24]: http://www.gnu.org/licenses/lgpl.txt +[25]: https://maven.apache.org/plugins/maven-toolchains-plugin/ +[26]: https://maven.apache.org/plugins/maven-compiler-plugin/ +[27]: https://maven.apache.org/enforcer/maven-enforcer-plugin/ +[28]: https://www.mojohaus.org/flatten-maven-plugin/ +[29]: https://sonatype.github.io/ossindex-maven/maven-plugin/ +[30]: https://maven.apache.org/surefire/maven-surefire-plugin/ +[31]: https://www.mojohaus.org/versions/versions-maven-plugin/ +[32]: https://basepom.github.io/duplicate-finder-maven-plugin +[33]: http://www.apache.org/licenses/LICENSE-2.0.html +[34]: https://maven.apache.org/plugins/maven-deploy-plugin/ +[35]: https://maven.apache.org/plugins/maven-gpg-plugin/ +[36]: https://maven.apache.org/plugins/maven-source-plugin/ +[37]: https://maven.apache.org/plugins/maven-javadoc-plugin/ +[38]: http://www.sonatype.com/public-parent/nexus-maven-plugins/nexus-staging/nexus-staging-maven-plugin/ +[39]: http://www.eclipse.org/legal/epl-v10.html +[40]: https://www.jacoco.org/jacoco/trunk/doc/maven.html +[41]: https://www.eclipse.org/legal/epl-2.0/ +[42]: https://github.com/exasol/quality-summarizer-maven-plugin/ +[43]: https://github.com/exasol/quality-summarizer-maven-plugin/blob/main/LICENSE +[44]: https://github.com/exasol/error-code-crawler-maven-plugin/ +[45]: https://github.com/exasol/error-code-crawler-maven-plugin/blob/main/LICENSE +[46]: http://zlika.github.io/reproducible-build-maven-plugin +[47]: https://github.com/exasol/project-keeper/ +[48]: https://github.com/exasol/project-keeper/blob/main/LICENSE diff --git a/doc/changes/changes_18.0.0.md b/doc/changes/changes_18.0.0.md index cbfe127..1e4e5c9 100644 --- a/doc/changes/changes_18.0.0.md +++ b/doc/changes/changes_18.0.0.md @@ -12,6 +12,30 @@ In this release we reworked the Virtual Schema property validation infrastructur ## Dependency Updates +### Test Dependency Updates + +* Updated `nl.jqno.equalsverifier:equalsverifier:3.16.1` to `3.19.1` +* Updated `org.hamcrest:hamcrest:2.2` to `3.0` +* Updated `org.itsallcode:junit5-system-extensions:1.2.0` to `1.2.2` +* Updated `org.junit.jupiter:junit-jupiter:5.10.2` to `5.12.0` +* Updated `org.mockito:mockito-junit-jupiter:5.11.0` to `5.16.0` +* Updated `org.skyscreamer:jsonassert:1.5.1` to `1.5.3` + ### Plugin Dependency Updates -* Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `4.5.0` +* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.2` to `2.0.3` +* Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `5.0.0` +* Added `com.exasol:quality-summarizer-maven-plugin:0.2.0` +* Updated `io.github.zlika:reproducible-build-maven-plugin:0.16` to `0.17` +* Updated `org.apache.maven.plugins:maven-clean-plugin:3.2.0` to `3.4.0` +* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.1` to `3.1.3` +* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0` +* Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.2` to `3.2.7` +* Updated `org.apache.maven.plugins:maven-install-plugin:3.1.1` to `3.1.3` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.6.3` to `3.11.1` +* Updated `org.apache.maven.plugins:maven-site-plugin:3.12.1` to `3.21.0` +* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.2` +* Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0` +* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.2` to `2.18.0` +* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922` to `5.0.0.4389` +* Updated `org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13` to `1.7.0` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 99441ef..5795e5f 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -47,15 +47,35 @@ + + org.apache.maven.plugins + maven-clean-plugin + 3.4.0 + + + org.apache.maven.plugins + maven-install-plugin + 3.1.3 + + + org.apache.maven.plugins + maven-resources-plugin + 3.3.1 + + + org.apache.maven.plugins + maven-site-plugin + 3.21.0 + org.sonarsource.scanner.maven sonar-maven-plugin - 3.11.0.3922 + 5.0.0.4389 org.apache.maven.plugins maven-toolchains-plugin - 3.1.0 + 3.2.0 @@ -88,7 +108,7 @@ org.apache.maven.plugins maven-enforcer-plugin - 3.4.1 + 3.5.0 enforce-maven @@ -150,7 +170,7 @@ org.apache.maven.plugins maven-surefire-plugin - 3.2.5 + 3.5.2 @@ -161,7 +181,7 @@ org.codehaus.mojo versions-maven-plugin - 2.16.2 + 2.18.0 display-updates @@ -215,7 +235,7 @@ org.apache.maven.plugins maven-deploy-plugin - 3.1.1 + 3.1.3 true @@ -223,7 +243,7 @@ org.apache.maven.plugins maven-gpg-plugin - 3.2.2 + 3.2.7 sign-artifacts @@ -244,8 +264,8 @@ org.apache.maven.plugins maven-source-plugin + Failed to execute goal org.apache.maven.plugins:maven-source-plugin:3.3.0:jar-no-fork (attach-sources) on project project-keeper-shared-model-classes: Presumably you have configured maven-source-plugn to execute twice times in your build. You have to configure a classifier for at least on of them. + Using goal "jar-no-fork" didn't help. See https://stackoverflow.com/questions/76305897/maven-build-fails-after-upgrading-to-maven-source-plugin-from-3-2-1-to-3-3-0 --> 3.2.1 @@ -259,7 +279,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.6.3 + 3.11.1 attach-javadocs @@ -281,7 +301,7 @@ org.sonatype.plugins nexus-staging-maven-plugin - 1.6.13 + 1.7.0 true ossrh @@ -340,10 +360,23 @@ + + com.exasol + quality-summarizer-maven-plugin + 0.2.0 + + + summarize-metrics + + summarize + + + + com.exasol error-code-crawler-maven-plugin - 2.0.2 + 2.0.3 verify @@ -356,7 +389,7 @@ io.github.zlika reproducible-build-maven-plugin - 0.16 + 0.17 strip-jar diff --git a/pom.xml b/pom.xml index 22fba98..d52d259 100644 --- a/pom.xml +++ b/pom.xml @@ -28,37 +28,37 @@ org.hamcrest hamcrest - 2.2 + 3.0 test org.skyscreamer jsonassert - 1.5.1 + 1.5.3 test org.junit.jupiter junit-jupiter - 5.10.2 + 5.12.0 test org.mockito mockito-junit-jupiter - 5.11.0 + 5.16.0 test org.itsallcode junit5-system-extensions - 1.2.0 + 1.2.2 test nl.jqno.equalsverifier equalsverifier - 3.16.1 + 3.19.1 test @@ -72,7 +72,7 @@ com.exasol project-keeper-maven-plugin - 4.5.0 + 5.0.0 diff --git a/release_config.yml b/release_config.yml deleted file mode 100644 index 473c219..0000000 --- a/release_config.yml +++ /dev/null @@ -1,4 +0,0 @@ -release-platforms: - - GitHub - - Maven -language: Java From 1054c7dfb1953b6430dd8b67bbcc12b6a9ee6e24 Mon Sep 17 00:00:00 2001 From: redcatbear Date: Fri, 14 Mar 2025 12:43:32 +0100 Subject: [PATCH 7/8] #284: PK and security policy. --- .github/workflows/ci-build.yml | 9 ++++++++- .settings/org.eclipse.jdt.core.prefs | 4 ++-- SECURITY.md | 13 ++++++------- doc/changes/changes_18.0.0.md | 10 ++++++---- pk_generated_parent.pom | 16 ++++++++-------- src/test/resources/logging.properties | 2 +- 6 files changed, 31 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml index dbd2de0..7c087e9 100644 --- a/.github/workflows/ci-build.yml +++ b/.github/workflows/ci-build.yml @@ -6,7 +6,14 @@ on: main ] - pull_request: null + pull_request: + types: [ + opened, + synchronize, + reopened, + ready_for_review + ] + workflow_dispatch: null jobs: build-and-test: diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs index 6d0c568..7644ed3 100644 --- a/.settings/org.eclipse.jdt.core.prefs +++ b/.settings/org.eclipse.jdt.core.prefs @@ -241,7 +241,7 @@ org.eclipse.jdt.core.formatter.indent_empty_lines=false org.eclipse.jdt.core.formatter.indent_statements_compare_to_block=true org.eclipse.jdt.core.formatter.indent_statements_compare_to_body=true org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_cases=true -org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=false +org.eclipse.jdt.core.formatter.indent_switchstatements_compare_to_switch=true org.eclipse.jdt.core.formatter.indentation.size=4 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_enum_constant=insert org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_field=insert @@ -447,7 +447,7 @@ org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_enum_constan org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_declaration=do not insert org.eclipse.jdt.core.formatter.insert_space_between_empty_parens_in_method_invocation=do not insert org.eclipse.jdt.core.formatter.join_lines_in_comments=true -org.eclipse.jdt.core.formatter.join_wrapped_lines=true +org.eclipse.jdt.core.formatter.join_wrapped_lines=false org.eclipse.jdt.core.formatter.keep_annotation_declaration_on_one_line=one_line_never org.eclipse.jdt.core.formatter.keep_anonymous_type_declaration_on_one_line=one_line_never org.eclipse.jdt.core.formatter.keep_code_block_on_one_line=one_line_never diff --git a/SECURITY.md b/SECURITY.md index 35f3c22..4573221 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,17 +10,16 @@ If you believe you have found a new security vulnerability in this repository, p * If you prefer to email, please send your report to `infosec@exasol.com`. -## Guidelines +## Guidelines -* When reporting a vulnerability, please include as much information as possible, including the complete steps to reproduce the issue. +* When reporting a vulnerability, please include as much information as possible, including the complete steps to reproduce the issue. * Avoid sending us executables. -* Feel free to include any script you wrote and used but avoid sending us scripts that download and run binaries. +* Feel free to include any script you wrote and used but avoid sending us scripts that download and run binaries. -* We will prioritise reports that show how the exploits work in realistic environments. +* We will prioritise reports that show how the exploits work in realistic environments. -* We prefer all communications to be in English. - -* We do not offer financial rewards. We are happy to acknowledge your research publicly when possible. +* We prefer all communications to be in English. +* We do not offer financial rewards. We are happy to acknowledge your research publicly when possible. diff --git a/doc/changes/changes_18.0.0.md b/doc/changes/changes_18.0.0.md index 1e4e5c9..c427f83 100644 --- a/doc/changes/changes_18.0.0.md +++ b/doc/changes/changes_18.0.0.md @@ -27,15 +27,17 @@ In this release we reworked the Virtual Schema property validation infrastructur * Updated `com.exasol:project-keeper-maven-plugin:4.3.0` to `5.0.0` * Added `com.exasol:quality-summarizer-maven-plugin:0.2.0` * Updated `io.github.zlika:reproducible-build-maven-plugin:0.16` to `0.17` -* Updated `org.apache.maven.plugins:maven-clean-plugin:3.2.0` to `3.4.0` -* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.1` to `3.1.3` +* Updated `org.apache.maven.plugins:maven-clean-plugin:3.2.0` to `3.4.1` +* Updated `org.apache.maven.plugins:maven-compiler-plugin:3.13.0` to `3.14.0` +* Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.1` to `3.1.4` * Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0` * Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.2` to `3.2.7` -* Updated `org.apache.maven.plugins:maven-install-plugin:3.1.1` to `3.1.3` -* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.6.3` to `3.11.1` +* Updated `org.apache.maven.plugins:maven-install-plugin:3.1.1` to `3.1.4` +* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.6.3` to `3.11.2` * Updated `org.apache.maven.plugins:maven-site-plugin:3.12.1` to `3.21.0` * Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.2` * Updated `org.apache.maven.plugins:maven-toolchains-plugin:3.1.0` to `3.2.0` +* Updated `org.codehaus.mojo:flatten-maven-plugin:1.6.0` to `1.7.0` * Updated `org.codehaus.mojo:versions-maven-plugin:2.16.2` to `2.18.0` * Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.11.0.3922` to `5.0.0.4389` * Updated `org.sonatype.plugins:nexus-staging-maven-plugin:1.6.13` to `1.7.0` diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom index 5795e5f..72dcd44 100644 --- a/pk_generated_parent.pom +++ b/pk_generated_parent.pom @@ -50,12 +50,12 @@ org.apache.maven.plugins maven-clean-plugin - 3.4.0 + 3.4.1 org.apache.maven.plugins maven-install-plugin - 3.1.3 + 3.1.4 org.apache.maven.plugins @@ -94,7 +94,7 @@ org.apache.maven.plugins maven-compiler-plugin - 3.13.0 + 3.14.0 ${java.version} ${java.version} @@ -118,7 +118,7 @@ - 3.6.3 + 3.8.7 17 @@ -131,7 +131,7 @@ org.codehaus.mojo flatten-maven-plugin - 1.6.0 + 1.7.0 true oss @@ -185,7 +185,7 @@ display-updates - package + verify display-plugin-updates display-dependency-updates @@ -235,7 +235,7 @@ org.apache.maven.plugins maven-deploy-plugin - 3.1.3 + 3.1.4 true @@ -279,7 +279,7 @@ org.apache.maven.plugins maven-javadoc-plugin - 3.11.1 + 3.11.2 attach-javadocs diff --git a/src/test/resources/logging.properties b/src/test/resources/logging.properties index 8c97abe..8d41bf2 100644 --- a/src/test/resources/logging.properties +++ b/src/test/resources/logging.properties @@ -2,5 +2,5 @@ handlers=java.util.logging.ConsoleHandler .level=INFO java.util.logging.ConsoleHandler.level=ALL java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter -java.util.logging.SimpleFormatter.format=%1$tF %1$tT.%1$tL [%4$-7s] %5$s %n +java.util.logging.SimpleFormatter.format=%1$tF %1$tT.%1$tL [%4$-7s] %5$s %6$s%n com.exasol.level=ALL From 231f86719899c7d367477ee700380621ed7a388c Mon Sep 17 00:00:00 2001 From: redcatbear Date: Fri, 14 Mar 2025 12:47:04 +0100 Subject: [PATCH 8/8] #284: Fixed versions. --- doc/changes/changes_18.0.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/changes/changes_18.0.0.md b/doc/changes/changes_18.0.0.md index c427f83..741404b 100644 --- a/doc/changes/changes_18.0.0.md +++ b/doc/changes/changes_18.0.0.md @@ -32,7 +32,7 @@ In this release we reworked the Virtual Schema property validation infrastructur * Updated `org.apache.maven.plugins:maven-deploy-plugin:3.1.1` to `3.1.4` * Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.1` to `3.5.0` * Updated `org.apache.maven.plugins:maven-gpg-plugin:3.2.2` to `3.2.7` -* Updated `org.apache.maven.plugins:maven-install-plugin:3.1.1` to `3.1.4` +* Updated `org.apache.maven.plugins:maven-install-plugin:3.1.2` to `3.1.4` * Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.6.3` to `3.11.2` * Updated `org.apache.maven.plugins:maven-site-plugin:3.12.1` to `3.21.0` * Updated `org.apache.maven.plugins:maven-surefire-plugin:3.2.5` to `3.5.2`