diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 018233a4..b34b7df1 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -15,6 +15,10 @@ jobs: name: Relative performance benchmarking runs-on: ubuntu-latest + permissions: + contents: 'read' + id-token: 'write' + steps: - uses: actions/checkout@v6 @@ -25,6 +29,13 @@ jobs: distribution: 'temurin' cache: 'gradle' + - name: Authenticate to GCP + uses: google-github-actions/auth@v3 + with: + token_format: access_token + workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' + service_account: 'dsp-artifact-registry-push@dsp-artifact-registry.iam.gserviceaccount.com' + # Run benchmark via JMH gradle plugin https://github.com/melix/jmh-gradle-plugin - name: Run benchmark run: | diff --git a/.github/workflows/build-test-and-publish.yml b/.github/workflows/build-test-and-publish.yml index f1e083f7..fb69eed4 100644 --- a/.github/workflows/build-test-and-publish.yml +++ b/.github/workflows/build-test-and-publish.yml @@ -18,6 +18,10 @@ on: jobs: build: + permissions: + contents: 'read' + id-token: 'write' + runs-on: ubuntu-latest steps: @@ -28,7 +32,12 @@ jobs: java-version: '17' distribution: 'temurin' cache: 'gradle' - + - name: Authenticate to GCP + uses: google-github-actions/auth@v3 + with: + token_format: access_token + workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' + service_account: 'dsp-artifact-registry-push@dsp-artifact-registry.iam.gserviceaccount.com' - name: Build all projects without running tests run: ./gradlew --build-cache build -x test @@ -36,6 +45,9 @@ jobs: needs: [ build ] runs-on: ubuntu-latest + permissions: + contents: 'read' + id-token: 'write' steps: - uses: actions/checkout@v6 - name: Set up JDK @@ -44,7 +56,12 @@ jobs: java-version: '17' distribution: 'temurin' cache: 'gradle' - + - name: Authenticate to GCP + uses: google-github-actions/auth@v3 + with: + token_format: access_token + workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' + service_account: 'dsp-artifact-registry-push@dsp-artifact-registry.iam.gserviceaccount.com' - name: SourceClear scan env: SRCCLR_API_TOKEN: ${{ secrets.SRCCLR_API_TOKEN }} @@ -53,6 +70,9 @@ jobs: unit-tests-and-sonarqube: needs: [ build ] runs-on: ubuntu-latest + permissions: + contents: 'read' + id-token: 'write' steps: - uses: actions/checkout@v6 # Needed by sonar to get the git history for the branch the PR will be merged into. @@ -64,6 +84,12 @@ jobs: java-version: '17' distribution: 'temurin' cache: 'gradle' + - name: Authenticate to GCP + uses: google-github-actions/auth@v3 + with: + token_format: access_token + workload_identity_provider: 'projects/1038484894585/locations/global/workloadIdentityPools/github-wi-pool/providers/github-wi-provider' + service_account: 'dsp-artifact-registry-push@dsp-artifact-registry.iam.gserviceaccount.com' - name: Test with coverage run: ./gradlew --build-cache test jacocoTestReport --scan - name: SonarQube scan for library diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index fbc3ed3f..ece82f2c 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -9,8 +9,8 @@ repositories { dependencies { implementation 'com.diffplug.spotless:spotless-plugin-gradle:8.4.0' implementation 'com.srcclr.gradle:com.srcclr.gradle.gradle.plugin:3.1.12' - implementation 'org.sonarqube:org.sonarqube.gradle.plugin:4.4.1.3373' + implementation 'org.sonarqube:org.sonarqube.gradle.plugin:5.1.0.4882' implementation 'info.picocli:picocli:4.7.7' - implementation 'com.gorylenko.gradle-git-properties:gradle-git-properties:2.4.1' + implementation 'com.gorylenko.gradle-git-properties:gradle-git-properties:2.5.7' implementation 'org.jfrog.buildinfo:build-info-extractor-gradle:6.0.4' } \ No newline at end of file diff --git a/buildSrc/src/main/groovy/bio.terra.pfb.java-common-conventions.gradle b/buildSrc/src/main/groovy/bio.terra.pfb.java-common-conventions.gradle index 095e9658..6228df1c 100644 --- a/buildSrc/src/main/groovy/bio.terra.pfb.java-common-conventions.gradle +++ b/buildSrc/src/main/groovy/bio.terra.pfb.java-common-conventions.gradle @@ -9,7 +9,7 @@ plugins { boolean isCiServer = System.getenv().containsKey("CI") ext { - junit_version = '5.10.0' + junit_version = '5.14.3' mockito_version = '5.5.0' } @@ -22,9 +22,9 @@ java { dependencies { testImplementation 'org.hamcrest:hamcrest:2.2' - testImplementation "org.junit.jupiter:junit-jupiter-api:$junit_version" - testImplementation "org.junit.jupiter:junit-jupiter-params:$junit_version" - testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junit_version" + testImplementation("org.junit.jupiter:junit-jupiter:$junit_version") + testRuntimeOnly("org.junit.platform:junit-platform-launcher") + testImplementation "org.mockito:mockito-core:$mockito_version" testImplementation "org.mockito:mockito-junit-jupiter:$mockito_version" } diff --git a/cli/build.gradle b/cli/build.gradle index 0f47c1b8..b9e496e8 100644 --- a/cli/build.gradle +++ b/cli/build.gradle @@ -6,7 +6,7 @@ application { mainClass = 'bio.terra.pfb.JavaPfbCommand' } -version gradle.releaseVersion +version = gradle.releaseVersion apply from: "generators.gradle" repositories { diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index 033e24c4..d997cfc6 100644 Binary files a/gradle/wrapper/gradle-wrapper.jar and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index d4081da4..c61a118f 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-9.4.1-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME diff --git a/gradlew b/gradlew index fcb6fca1..739907df 100755 --- a/gradlew +++ b/gradlew @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright © 2015-2021 the original authors. +# Copyright © 2015 the original authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -15,6 +15,8 @@ # See the License for the specific language governing permissions and # limitations under the License. # +# SPDX-License-Identifier: Apache-2.0 +# ############################################################################## # @@ -55,7 +57,7 @@ # Darwin, MinGW, and NonStop. # # (3) This script is generated from the Groovy template -# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# https://github.com/gradle/gradle/blob/2d6327017519d23b96af35865dc997fcb544fb40/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt # within the Gradle project. # # You can find Gradle at https://github.com/gradle/gradle/. @@ -83,7 +85,8 @@ done # This is normally unused # shellcheck disable=SC2034 APP_BASE_NAME=${0##*/} -APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit +# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036) +APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit # Use the maximum available, or set MAX_FD != -1 to use that value. MAX_FD=maximum @@ -111,7 +114,6 @@ case "$( uname )" in #( NONSTOP* ) nonstop=true ;; esac -CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar # Determine the Java command to use to start the JVM. @@ -144,7 +146,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then case $MAX_FD in #( max*) # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. - # shellcheck disable=SC3045 + # shellcheck disable=SC2039,SC3045 MAX_FD=$( ulimit -H -n ) || warn "Could not query maximum file descriptor limit" esac @@ -152,7 +154,7 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then '' | soft) :;; #( *) # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. - # shellcheck disable=SC3045 + # shellcheck disable=SC2039,SC3045 ulimit -n "$MAX_FD" || warn "Could not set maximum file descriptor limit to $MAX_FD" esac @@ -169,7 +171,6 @@ fi # For Cygwin or MSYS, switch paths to Windows format before running java if "$cygwin" || "$msys" ; then APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) - CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) JAVACMD=$( cygpath --unix "$JAVACMD" ) @@ -201,16 +202,15 @@ fi # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' -# Collect all arguments for the java command; -# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of -# shell script including quotes and variable substitutions, so put them in -# double quotes to make sure that they get re-expanded; and -# * put everything else in single quotes, so that it's not re-expanded. +# Collect all arguments for the java command: +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments, +# and any embedded shellness will be escaped. +# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be +# treated as '${Hostname}' itself on the command line. set -- \ "-Dorg.gradle.appname=$APP_BASE_NAME" \ - -classpath "$CLASSPATH" \ - org.gradle.wrapper.GradleWrapperMain \ + -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \ "$@" # Stop when "xargs" is not available. diff --git a/gradlew.bat b/gradlew.bat index 6689b85b..e509b2dd 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -13,6 +13,8 @@ @rem See the License for the specific language governing permissions and @rem limitations under the License. @rem +@rem SPDX-License-Identifier: Apache-2.0 +@rem @if "%DEBUG%"=="" @echo off @rem ########################################################################## @@ -43,11 +45,11 @@ set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 if %ERRORLEVEL% equ 0 goto execute -echo. -echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. +echo. 1>&2 +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 goto fail @@ -57,22 +59,21 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe if exist "%JAVA_EXE%" goto execute -echo. -echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% -echo. -echo Please set the JAVA_HOME variable in your environment to match the -echo location of your Java installation. +echo. 1>&2 +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 goto fail :execute @rem Setup the command line -set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar @rem Execute Gradle -"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %* :end @rem End local scope for the variables with windows NT shell diff --git a/library/build.gradle b/library/build.gradle index a8f96efb..c1bdcc0e 100644 --- a/library/build.gradle +++ b/library/build.gradle @@ -4,17 +4,17 @@ plugins { id 'bio.terra.pfb.java-library-conventions' id 'com.github.davidmc24.gradle.plugin.avro' version '1.9.1' id 'me.champeau.jmh' version '0.7.3' - id 'com.google.cloud.artifactregistry.gradle-plugin' version '2.1.5' + id 'com.google.cloud.artifactregistry.gradle-plugin' version '2.2.5' } repositories { maven { // Terra proxy for maven central - url 'https://us-central1-maven.pkg.dev/dsp-artifact-registry/maven-central/' + url = 'https://us-central1-maven.pkg.dev/dsp-artifact-registry/maven-central/' } mavenCentral() maven { - url 'https://us-central1-maven.pkg.dev/dsp-artifact-registry/libs-release/' + url = 'https://us-central1-maven.pkg.dev/dsp-artifact-registry/libs-release/' } } diff --git a/library/src/test/java/bio/terra/pfb/utils/CompareOutputUtils.java b/library/src/test/java/bio/terra/pfb/utils/CompareOutputUtils.java index 1e5262cd..0c0cb695 100644 --- a/library/src/test/java/bio/terra/pfb/utils/CompareOutputUtils.java +++ b/library/src/test/java/bio/terra/pfb/utils/CompareOutputUtils.java @@ -13,11 +13,8 @@ import java.nio.file.Paths; import java.util.List; import org.skyscreamer.jsonassert.JSONAssert; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; public class CompareOutputUtils { - private static final Logger logger = LoggerFactory.getLogger(CompareOutputUtils.class); public static void assertJavaPfbIsPyPFB( String fileName, PfbCommandType commandType, String filePath, FileExtension fileExtension)