Merge pull request #17 from secure-software-engineering/maintenance

Maintenance

Author: anddann

.github/workflows/maven.yml

@@ -10,9 +10,9 @@ name: Java CI with Maven
 
 on:
   push:
-    branches: [ develop ]
+    branches: [ main ]
   pull_request:
-    branches: [ develop ]
+    branches: [ main ]
 
 jobs:
   build:
@@ -36,7 +36,13 @@ jobs:
                 "id": "github-anddann",
                 "username": "${{ secrets.ACTOR }}",
                 "password": "${{ secrets.DEPLOY_GITHUB_TOKEN }}"
-            }]
+            },
+            {
+                "id": "github",
+                "username": "${{ secrets.ACTOR }}",
+                "password": "${{ secrets.DEPLOY_GITHUB_TOKEN }}"
+            }
+            ]
       - name: Build with Maven
         run: mvn -B package --file pom.xml
         #  Shared REPO requies different token  <!-- https://dev.to/jakub_zalas/how-to-publish-maven-packages-to-a-single-github-repository-3lkc -->

pom.xml

@@ -14,19 +14,21 @@
         <enforced-maven-version>3.6.1</enforced-maven-version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <spotbugs-maven-plugin.version>4.0.0</spotbugs-maven-plugin.version>
-        <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version>
-        <maven-surefire-plugin.version>3.0.0-M4</maven-surefire-plugin.version>
-        <maven-javadoc-plugin.version>3.1.1</maven-javadoc-plugin.version>
-        <maven-source-plugin.version>3.2.0</maven-source-plugin.version>
-        <maven-jar-plugin.version>3.2.0</maven-jar-plugin.version>
-        <fmt-maven-plugin.version>2.9</fmt-maven-plugin.version>
-        <maven-scm-plugin.version>1.11.2</maven-scm-plugin.version>
-        <maven-enforcer-plugin.version>3.0.0-M2</maven-enforcer-plugin.version>
+        <maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
+        <maven-surefire-plugin.version>3.5.1</maven-surefire-plugin.version>
+        <maven-javadoc-plugin.version>3.10.1</maven-javadoc-plugin.version>
+        <maven-source-plugin.version>3.3.1</maven-source-plugin.version>
+        <maven-jar-plugin.version>3.4.2</maven-jar-plugin.version>
+        <spotless.version>2.43.0</spotless.version>
+        <maven-scm-plugin.version>2.1.0</maven-scm-plugin.version>
+        <maven-enforcer-plugin.version>3.5.0</maven-enforcer-plugin.version>
         <skipFormatPlugin>true</skipFormatPlugin>
-        <versions-maven-plugin.version>2.7</versions-maven-plugin.version>
+        <versions-maven-plugin.version>2.17</versions-maven-plugin.version>
         <!-- dependency versions -->
-        <slf4j.version>1.7.30</slf4j.version>
+        <slf4j.version>2.0.16</slf4j.version>
         <junit.version>4.13</junit.version>
+        <maven-release-plugin.version>3.0.0-M6</maven-release-plugin.version>
+        <lombok.version>1.18.34</lombok.version>
     </properties>
 
 
@@ -60,7 +62,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-release-plugin</artifactId>
-                <version>3.0.0-M6</version>
+                <version>${maven-release-plugin.version}</version>
                 <configuration>
                     <checkModificationExcludes>
                         <checkModificationExclude>pom.xml</checkModificationExclude>
@@ -93,9 +95,18 @@
                 <artifactId>maven-compiler-plugin</artifactId>
                 <version>${maven-compiler-plugin.version}</version>
                 <configuration>
-                    <source>1.8</source>
-                    <target>1.8</target>
+                    <source>11</source>
+                    <target>11</target>
+                    <release>11</release>
+                    <annotationProcessorPaths>
+                        <path>
+                            <groupId>org.projectlombok</groupId>
+                            <artifactId>lombok</artifactId>
+                            <version>${lombok.version}</version>
+                        </path>
+                    </annotationProcessorPaths>
                 </configuration>
+
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
@@ -137,17 +148,49 @@
                 </executions>
             </plugin>
             <plugin>
-                <groupId>com.coveo</groupId>
-                <artifactId>fmt-maven-plugin</artifactId>
-                <version>${fmt-maven-plugin.version}</version>
-                <executions>
-                    <execution>
-                        <id>format</id>
-                        <goals>
-                            <goal>format</goal>
-                        </goals>
-                    </execution>
-                </executions>
+                <groupId>com.diffplug.spotless</groupId>
+                <artifactId>spotless-maven-plugin</artifactId>
+                <version>${spotless.version}</version>
+                <configuration>
+                    <!-- optional: limit format enforcement to just the files changed by this feature branch -->
+                    <ratchetFrom>origin/main</ratchetFrom>
+                    <formats>
+                        <!-- you can define as many formats as you want, each is independent -->
+                        <format>
+                            <!-- define the files to apply to -->
+                            <includes>
+                                <include>.gitattributes</include>
+                                <include>.gitignore</include>
+                            </includes>
+                            <!-- define the steps to apply to those files -->
+                            <trimTrailingWhitespace/>
+                            <endWithNewline/>
+                            <indent>
+                                <tabs>true</tabs>
+                                <spacesPerTab>4</spacesPerTab>
+                            </indent>
+                        </format>
+                    </formats>
+                    <!-- define a language-specific format -->
+                    <java>
+                        <!-- no need to specify files, inferred automatically, but you can if you want -->
+
+                        <!-- apply a specific flavor of google-java-format and reflow long strings -->
+                        <googleJavaFormat>
+                            <version>1.8</version>
+                            <style>AOSP</style>
+                            <reflowLongStrings>true</reflowLongStrings>
+                            <formatJavadoc>false</formatJavadoc>
+                        </googleJavaFormat>
+
+                        <!-- make sure every file has the following copyright header.
+                          optionally, Spotless can set copyright years by digging
+                          through git history (see "license" section below) -->
+                        <licenseHeader>
+                            <content>/* (C)$YEAR */</content>  <!-- or <file>${project.basedir}/license-header</file> -->
+                        </licenseHeader>
+                    </java>
+                </configuration>
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
@@ -244,7 +287,7 @@
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
-            <version>1.18.8</version>
+            <version>${lombok.version}</version>
             <scope>provided</scope>
         </dependency>
         <dependency>

src/main/java/de/upb/upcy/update/build/PipelineRunner.java

@@ -23,6 +23,7 @@
 import org.slf4j.LoggerFactory;
 
 public class PipelineRunner {
+
   private static final Logger LOGGER = LoggerFactory.getLogger(PipelineRunner.class);
   private final String projectName;
   private final Path projectPomFile;
@@ -54,7 +55,7 @@ public Map<String, MavenInvokerProject> run() {
       if (integerStringStringTriple.getLeft() != 0) {
         throw new MavenInvokerProject.BuildToolException(integerStringStringTriple.getRight());
       }
-      LOGGER.info("Successfully build initial with clean compile install");
+      LOGGER.info("Successfully initial build with clean compile install");
 
     } catch (MavenInvokerProject.BuildToolException e) {
       LOGGER.error("Could not build pom file: {}", projectPomFile.toAbsolutePath());
@@ -103,7 +104,7 @@ public Map<String, MavenInvokerProject> run() {
 
     List<Future<org.apache.commons.lang3.tuple.Pair<String, MavenInvokerProject>>> futures;
     try {
-      LOGGER.info("Found #{} projects to build", tasks.size());
+      LOGGER.info("Found #{} sub-modules to build", tasks.size());
       futures = executorService.invokeAll(tasks);
       for (Future<org.apache.commons.lang3.tuple.Pair<String, MavenInvokerProject>> future :
           futures) {
@@ -117,6 +118,7 @@ public Map<String, MavenInvokerProject> run() {
       }
 
       // now invoke the root project pom
+      LOGGER.info("Build root/main module  #{}", projectPomFile.toAbsolutePath().toString());
       futures = executorService.invokeAll(rootProjectCallable);
       for (Future<org.apache.commons.lang3.tuple.Pair<String, MavenInvokerProject>> future :
           futures) {

src/main/java/de/upb/upcy/update/recommendation/RecommendationAlgorithm.java

@@ -101,7 +101,7 @@ public static boolean isRelevantCompileDependency(GraphModel.Artifact artifact)
   }
 
   public Pair<DefaultDirectedGraph<GraphModel.Artifact, GraphModel.Dependency>, GraphModel>
-      getDepGraph(Path jsonDepGraph) throws IOException {
+  getDepGraph(Path jsonDepGraph) throws IOException {
     pairGraph = GraphParser.parseGraph(jsonDepGraph);
     return pairGraph;
   }
@@ -195,6 +195,11 @@ public List<UpdateSuggestion> run(String gavOfLibraryToUpdate, String targetGav)
                     new IllegalStateException(
                         "Cannot find library to update with gav: " + gavOfLibraryToUpdate));
 
+    if (isRelevantCompileDependency(libToUpdateInDepGraph)) {
+      LOGGER.error("Only compile dependencies are currently supported");
+      return Collections.emptyList();
+    }
+
     if (shrinkedCG == null || shrinkedCG.vertexSet().isEmpty() || shrinkedCG.edgeSet().isEmpty()) {
       LOGGER.error("Empty shrinked CG");
     }
@@ -214,7 +219,7 @@ public List<UpdateSuggestion> run(String gavOfLibraryToUpdate, String targetGav)
     // get the weight -- if weight 0-- we are done
     if (simpleUpdateSuggestion.getStatus() == UpdateSuggestion.SuggestionStatus.SUCCESS
         && (simpleUpdateSuggestion.getViolations() == null
-            || simpleUpdateSuggestion.getViolations().isEmpty())) {
+        || simpleUpdateSuggestion.getViolations().isEmpty())) {
       LOGGER.info("Simple Update does not produce any violations, Done");
       return Collections.singletonList(simpleUpdateSuggestion);
     }

src/main/java/de/upb/upcy/update/recommendation/cypher/SinkRootQuery.java

@@ -69,6 +69,7 @@ public String generateQuery(Collection<GraphModel.Artifact> boundNodes) {
     if (sinkRoots.size() == 1) {
 
       GraphModel.Artifact rootNode = (GraphModel.Artifact) sinkRoots.keySet().toArray()[0];
+      // if the root node is equal the library to update or both nodes belong to the same framework
       if ((rootNode == libToUpdateInDepGraph
               || blossomGraphCreator.isBlossomNode(rootNode, sharedNode))
           && sharedNode == libToUpdateInDepGraph) {