Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to Java 21 and Spring Boot 3 #62

Merged
merged 4 commits into from
Jun 10, 2024
Merged

Upgrade to Java 21 and Spring Boot 3 #62

merged 4 commits into from
Jun 10, 2024

Conversation

WadeBarnes
Copy link
Member

@WadeBarnes WadeBarnes commented May 29, 2024
edited
Loading

Description

This PR includes the following proposed change(s):

  • Upgrade project and development environment to Java 21
  • Upgrade to Spring Boot 3.x
  • Bump jag-cdds version
  • Add dependabot configuration to help manage dependencies.
  • Update all GitHub Actions - by dependabot
  • Update project dependencies based on update recommendations from dependabot
  • Address all Critical and High vulnerabilities identified by dependabot and Trivy

Update Trivy workflow

  • Set version on the aquasecurity/trivy-action so dependabot can manage the updates.
  • Set limit-severities-for-sarif: true so Trivy does not fail for Medium and Low vulnerabilities.

Update documentation

  • Add section on how to perform vulnerability scanning locally.

Type of change

  • Java and related dependency upgrades.
  • Workflow updates
  • Documentation updates

How Has This Been Tested?

  • Running the project's unit tests.
  • Ensuring the automated tests pass for the PR.

Checklist:

  • I have performed a self-review of my own code
  • New and existing unit tests pass locally with my changes
  • I have made corresponding changes to the documentation

@WadeBarnes WadeBarnes requested a review from KFloodBCGov May 29, 2024 18:35
@WadeBarnes WadeBarnes marked this pull request as draft June 6, 2024 17:42
@WadeBarnes WadeBarnes force-pushed the java-upgrade branch 3 times, most recently from 6c3cd61 to 75b418a Compare June 6, 2024 18:53
@WadeBarnes WadeBarnes changed the title Upgrade to Java 17 Upgrade to Java 17 and Spring Boot 3 Jun 6, 2024
@WadeBarnes WadeBarnes requested a review from jianmingtu June 6, 2024 19:07
@WadeBarnes WadeBarnes marked this pull request as ready for review June 6, 2024 19:07
@WadeBarnes
Copy link
Member Author

WadeBarnes commented Jun 6, 2024
edited
Loading

It's worth noting that since the upgrade the following schema validation errors occur, but don't seem to affect the build or artifacts. @jianmingtu indicated he's seen this with the other ORDS projects too.

The validation stops at the first error. The issue is not specific to the dx:AgencyIdentifierType type definition. If that is commented out, the validation fails at the next complex type.

It would be nice to figure this out, because it wasn't happening before the upgrade and should not be happening now.

[INFO] --- jaxb30:0.15.0:generate (default) @ jag-cdds ---
[INFO] Sources are not up-to-date, XJC will be executed.
[ERROR] Error while parsing schema(s).Location [ file:/workspaces/jag-cdds/src/main/resources/xsdSchemas/cdds-models-1.xsd{9,108}].
org.xml.sax.SAXParseException: src-resolve: Cannot resolve the name 'dx:AgencyIdentifierType' to a(n) 'type definition' component.
    at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException (ErrorHandlerWrapper.java:204)
    at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error (ErrorHandlerWrapper.java:135)
    at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError (XMLErrorReporter.java:396)
    at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.reportSchemaErr (XSDHandler.java:4254)
    at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.reportSchemaError (XSDHandler.java:4237)
    at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.getGlobalDecl (XSDHandler.java:1728)
    at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDElementTraverser.traverseNamedElement (XSDElementTraverser.java:405)
    at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDElementTraverser.traverseLocal (XSDElementTraverser.java:194)
    at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.traverseLocalElements (XSDHandler.java:3707)
    at com.sun.org.apache.xerces.internal.impl.xs.traversers.XSDHandler.parseSchema (XSDHandler.java:666)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadSchema (XMLSchemaLoader.java:618)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar (XMLSchemaLoader.java:577)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadGrammar (XMLSchemaLoader.java:543)
    at com.sun.org.apache.xerces.internal.jaxp.validation.XMLSchemaFactory.newSchema (XMLSchemaFactory.java:281)
    at com.sun.tools.xjc.reader.xmlschema.parser.SchemaConstraintChecker.check (SchemaConstraintChecker.java:81)
    at org.jvnet.mjiip.v_3_0.XJC30Mojo.loadModel (XJC30Mojo.java:87)
    at org.jvnet.mjiip.v_3_0.XJC30Mojo.doExecute (XJC30Mojo.java:53)
    at org.jvnet.mjiip.v_3_0.XJC30Mojo.doExecute (XJC30Mojo.java:35)
    at org.jvnet.jaxb2.maven2.RawXJCMojo.doExecute (RawXJCMojo.java:568)
    at org.jvnet.jaxb2.maven2.RawXJCMojo.execute (RawXJCMojo.java:367)
    at org.jvnet.jaxb2.maven2.RawXJC3Mojo.execute (RawXJC3Mojo.java:27)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:126)
    at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:328)
    at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:316)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:212)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:174)
    at org.apache.maven.lifecycle.internal.MojoExecutor.access$000 (MojoExecutor.java:75)
    at org.apache.maven.lifecycle.internal.MojoExecutor$1.run (MojoExecutor.java:162)
    at org.apache.maven.plugin.DefaultMojosExecutionStrategy.execute (DefaultMojosExecutionStrategy.java:39)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:159)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:105)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:73)
    at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:53)
    at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:118)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:261)
    at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:173)
    at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:101)
    at org.apache.maven.cli.MavenCli.execute (MavenCli.java:904)
    at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:281)
    at org.apache.maven.cli.MavenCli.main (MavenCli.java:204)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0 (Native Method)
    at jdk.internal.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:77)
    at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke (Method.java:568)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:255)
    at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:201)
    at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:361)
    at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:314)
[ERROR] SchemaConstraintChecker failed

@WadeBarnes WadeBarnes changed the title Upgrade to Java 17 and Spring Boot 3 Upgrade to Java 21 and Spring Boot 3 Jun 6, 2024
@WadeBarnes
Copy link
Member Author

@jianmingtu, @KFloodBCGov, I just added a commit to upgrade to Java 21.

jianmingtu
jianmingtu approved these changes Jun 6, 2024
View reviewed changes
Copy link

@jianmingtu jianmingtu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@WadeBarnes
Copy link
Member Author

Thanks @jianmingtu. I need to coordinate the merge of #50 before this one gets merged. That will require a little rebasing and conflict resolution that I've already tested locally.

@WadeBarnes WadeBarnes force-pushed the java-upgrade branch 2 times, most recently from f3ef1d6 to cf38274 Compare June 10, 2024 20:40
@WadeBarnes
Copy link
Member Author

The changes on the release/1.1 branch have been merged. This PR has been rebased on those changes and the merge conflicts have been resolved.

@WadeBarnes
Upgrade to Java 17 and Spring Boot 3
28ec852 
- Upgrade project and development environment to Java 17
- Upgrade to Spring Boot 3.x
- Bump jag-cdds version
- Add dependabot configuration to help manage dependencies.
- Update all GitHub Actions - by dependabot
- Update project dependencies based on update recommendations from dependabot
- Address all Critical and High vulnerabilities identified by dependabot and Trivy

Signed-off-by: Wade Barnes <wade@neoterictech.ca>
@WadeBarnes
Update Trivy workflow
c884859 
- Set version on the `aquasecurity/trivy-action` so dependabot can manage the updates.
- Set `limit-severities-for-sarif: true` so Trivy does not fail for Medium and Low vulnerabilities.

Signed-off-by: Wade Barnes <wade@neoterictech.ca>
@WadeBarnes
Update documentation
5c223fe 
- Add section on how to perform vulnerability scanning locally.

Signed-off-by: Wade Barnes <wade@neoterictech.ca>
@WadeBarnes
Upgrade to Java 21
58ec276 
- Upgrade project and development environment to Java 21

Signed-off-by: Wade Barnes <wade@neoterictech.ca>
@WadeBarnes WadeBarnes merged commit 6137afa into main Jun 10, 2024
3 checks passed
This was referenced Jun 10, 2024
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jianmingtu jianmingtu jianmingtu approved these changes

@sturufous sturufous sturufous approved these changes

@KFloodBCGov KFloodBCGov Awaiting requested review from KFloodBCGov

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@WadeBarnes @sturufous @jianmingtu