Merge pull request #1 from open-feature/main

rebase with master

.clomonitor.yml

@@ -0,0 +1,12 @@
+
+# CLOMonitor metadata file
+# This file must be located at the root of the repository
+
+# Checks exemptions
+
+# Check identifiers are here https://github.com/cncf/clomonitor/blob/main/docs/checks.md#exemptions (look for "id")
+exemptions:
+  - check: signed_releases
+    reason: "Our releases are signed on Maven Central"
+  - check: artifacthub_badge
+    reason: "Java library, not a k8s thing. We use Maven Central"

.github/workflows/lint-pr.yml

@@ -7,11 +7,17 @@ on:
       - edited
       - synchronize
 
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   main:
+    permissions:
+      pull-requests: read  # for amannn/action-semantic-pull-request to analyze PRs
+      statuses: write  # for amannn/action-semantic-pull-request to mark status of analyzed PR
     name: Validate PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@v4
+      - uses: amannn/action-semantic-pull-request@7c194c28652f0faf98ad437c6cf291406d387b43
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/merge.yml

@@ -12,7 +12,6 @@ on:
     branches: [ master, main ]
 
 permissions:
-  packages: write
   contents: read
 
 jobs:
@@ -21,9 +20,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@8230315d06ad95c617244d2f265d237a1682d445
     - name: Set up JDK 8
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@3617c43588448d532250f5c331dffcca90e398f1
       with:
         java-version: '8'
         distribution: 'temurin'
@@ -33,7 +32,7 @@ jobs:
         server-password: ${{ secrets.OSSRH_PASSWORD }}
 
     - name: Cache local Maven repository
-      uses: actions/cache@v2
+      uses: actions/cache@8bec1e4cc329270e6364af0aee38d62e50012e62
       with:
         path: ~/.m2/repository
         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
@@ -50,7 +49,7 @@ jobs:
       run: mvn --batch-mode --update-snapshots verify
 
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v2
+      uses: codecov/codecov-action@e0fbd592d323cb2991fb586fdd260734fcb41fcb
       with:
         flags: unittests # optional
         name: coverage # optional

.github/workflows/pullrequest.yml

@@ -3,37 +3,51 @@ on:
   pull_request:
     branches: [ master, main ]
 permissions:
-  packages: write
   contents: read
 
 jobs:
   build:
     runs-on: ubuntu-latest
+    services:
+      flagd:
+        image: ghcr.io/open-feature/flagd-testbed:latest
+        ports:
+          - 8013:8013
+
     steps:
       - name: Check out the code
-        uses: actions/checkout@v3
+        uses: actions/checkout@8230315d06ad95c617244d2f265d237a1682d445
+
       - name: Set up JDK 8
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@3617c43588448d532250f5c331dffcca90e398f1
         with:
           java-version: '8'
           distribution: 'temurin'
           cache: maven
 
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@297ec80a468c234608046f51ee8c65da128a1e94
+        with:
+          languages: java
+
       - name: Cache local Maven repository
-        uses: actions/cache@v2
+        uses: actions/cache@8bec1e4cc329270e6364af0aee38d62e50012e62
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
           restore-keys: |
             ${{ runner.os }}-maven-
 
       - name: Build with Maven
-        run: mvn --batch-mode --update-snapshots verify
+        run: mvn --batch-mode --update-snapshots verify -P integration-test
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2
+        uses: codecov/codecov-action@e0fbd592d323cb2991fb586fdd260734fcb41fcb
         with:
           flags: unittests # optional
           name: coverage # optional
           fail_ci_if_error: true # optional (default = false)
           verbose: true # optional (default = false)
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@297ec80a468c234608046f51ee8c65da128a1e94

.github/workflows/release.yml

@@ -7,13 +7,19 @@ on:
     branches:
       - main
 name: Run Release Please
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
 jobs:
   release-please:
+    permissions:
+      contents: write  # for google-github-actions/release-please-action to create release commit
+      pull-requests: write  # for google-github-actions/release-please-action to create release PR
     runs-on: ubuntu-latest
 
     # Release-please creates a PR that tracks all changes
     steps:
-      - uses: google-github-actions/release-please-action@v3
+      - uses: google-github-actions/release-please-action@069d7229d7b10308de85bc606a91e0033e259c8e
         id: release
         with:
           command: manifest
@@ -23,10 +29,10 @@ jobs:
       # These steps are only run if this was a merged release-please PR
       - name: checkout
         if: ${{ steps.release.outputs.releases_created }}
-        uses: actions/checkout@v3
+        uses: actions/checkout@8230315d06ad95c617244d2f265d237a1682d445
       - name: Set up JDK 8
         if: ${{ steps.release.outputs.releases_created }}
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@3617c43588448d532250f5c331dffcca90e398f1
         with:
           java-version: '8'
           distribution: 'temurin'

.github/workflows/static-code-scanning.yaml

@@ -0,0 +1,44 @@
+name: "Code Scanning - Action"
+
+# Docs for this at https://github.com/github/codeql-action#usage
+
+on:
+  schedule:
+    #        ┌───────────── minute (0 - 59)
+    #        │  ┌───────────── hour (0 - 23)
+    #        │  │ ┌───────────── day of the month (1 - 31)
+    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        *  * * * *
+    - cron: '30 1 * * 1'
+
+permissions:  # added using https://github.com/step-security/secure-workflows
+  contents: read
+
+jobs:
+  CodeQL-Build:
+    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
+    runs-on: ubuntu-latest
+
+    permissions:
+      # required for all workflows
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@8230315d06ad95c617244d2f265d237a1682d445
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@297ec80a468c234608046f51ee8c65da128a1e94
+        with:
+          languages: java
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@297ec80a468c234608046f51ee8c65da128a1e94
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@297ec80a468c234608046f51ee8c65da128a1e94

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "test-harness"]
+	path = test-harness
+	url = https://github.com/open-feature/test-harness

.release-please-manifest.json

@@ -1 +1 @@
-{".":"0.2.1"}
+{".":"1.0.0"}

CHANGELOG.md

@@ -1,5 +1,61 @@
 # Changelog
 
+## [1.0.0](https://github.com/open-feature/java-sdk/compare/v0.3.1...v1.0.0) (2022-10-25)
+
+
+### Miscellaneous Chores
+
+* release 1.0.0 ([#163](https://github.com/open-feature/java-sdk/issues/163)) ([c9ba9c9](https://github.com/open-feature/java-sdk/commit/c9ba9c9275ad4417a206b148e830fa78d265adb6))
+
+## [0.3.1](https://github.com/open-feature/java-sdk/compare/v0.3.0...v0.3.1) (2022-10-13)
+
+
+### Bug Fixes
+
+* merge eval context ([#149](https://github.com/open-feature/java-sdk/issues/149)) ([fad0f35](https://github.com/open-feature/java-sdk/commit/fad0f35fc8a6469672ef67820f1850f20741b66a))
+
+## [0.3.0](https://github.com/open-feature/java-sdk/compare/v0.2.2...v0.3.0) (2022-10-13)
+
+
+### ⚠ BREAKING CHANGES
+
+* add rw locks to client/api, hook accessor name (#131)
+* use evaluation context interface (#112)
+* Change the package name. Everyone knows it's java (or it doesn't matter) (#111)
+* errorCode as enum, reason as string (#80)
+* use value for object resolver
+* use instant not zoneddatetime
+
+### Features
+
+* Add asObjectMap to get the EvaluationContext as Map<String,Object> ([#75](https://github.com/open-feature/java-sdk/issues/75)) ([2eec1a5](https://github.com/open-feature/java-sdk/commit/2eec1a5519b9efab7d7f9dc8b1cbd84d9218368b))
+* add object to value wrapper ([0152a1e](https://github.com/open-feature/java-sdk/commit/0152a1eef93ea1b5253ddae78718a9805c98aaf7))
+* add rw locks to client/api, hook accessor name ([#131](https://github.com/open-feature/java-sdk/issues/131)) ([2192932](https://github.com/open-feature/java-sdk/commit/21929328630eba00be741392457f68bacf59f376))
+* errorCode as enum, reason as string ([#80](https://github.com/open-feature/java-sdk/issues/80)) ([84f220d](https://github.com/open-feature/java-sdk/commit/84f220d8139035a1222d13b2dd6f8b048932c192))
+* Support for generating CycloneDX sboms ([#119](https://github.com/open-feature/java-sdk/issues/119)) ([9647c3f](https://github.com/open-feature/java-sdk/commit/9647c3f04d8ace10a9d512bfe30fd9ef2c5631d1))
+* use evaluation context interface ([#112](https://github.com/open-feature/java-sdk/issues/112)) ([e9732b5](https://github.com/open-feature/java-sdk/commit/e9732b582dc9e3fa7be51c834e1afe7ad890c4e3))
+* use instant not zoneddatetime ([3e62414](https://github.com/open-feature/java-sdk/commit/3e6241422266825f267043e4acd116803c4939b0))
+* use value for object resolver ([5d26247](https://github.com/open-feature/java-sdk/commit/5d262470e8ec47d2af35f0aabe55e8c969e992ac))
+
+
+### Bug Fixes
+
+* **deps:** update dependency io.cucumber:cucumber-bom to v7.8.0 ([#100](https://github.com/open-feature/java-sdk/issues/100)) ([5e96d14](https://github.com/open-feature/java-sdk/commit/5e96d140c1195a1e8eb175feae3ec29db4439367))
+* **deps:** update junit5 monorepo ([#92](https://github.com/open-feature/java-sdk/issues/92)) ([8ca655a](https://github.com/open-feature/java-sdk/commit/8ca655a788273c61e5270ce7bf175064f42d605d))
+* isList check in Value checks type of list ([#70](https://github.com/open-feature/java-sdk/issues/70)) ([81ab071](https://github.com/open-feature/java-sdk/commit/81ab0710ea56af65eb65c7f95832b8f58c559a51))
+
+
+### Code Refactoring
+
+* Change the package name. Everyone knows it's java (or it doesn't matter) ([#111](https://github.com/open-feature/java-sdk/issues/111)) ([6eeeddd](https://github.com/open-feature/java-sdk/commit/6eeeddd2ea8040b47d1fd507b68d42c3bce52db4))
+
+## [0.2.2](https://github.com/open-feature/java-sdk/compare/dev.openfeature.javasdk-v0.2.1...dev.openfeature.javasdk-v0.2.2) (2022-09-20)
+
+
+### Features
+
+* Add asObjectMap to get the EvaluationContext as Map<String,Object> ([#75](https://github.com/open-feature/java-sdk/issues/75)) ([2eec1a5](https://github.com/open-feature/java-sdk/commit/2eec1a5519b9efab7d7f9dc8b1cbd84d9218368b))
+
 ## [0.2.1](https://github.com/open-feature/java-sdk/compare/dev.openfeature.javasdk-v0.2.0...dev.openfeature.javasdk-v0.2.1) (2022-09-13)
 
 

CODEOWNERS

@@ -0,0 +1 @@
+@open-feature/java-maintainers

README.md

@@ -1,9 +1,9 @@
 # OpenFeature SDK for Java
 
-[![Maven Central](https://maven-badges.herokuapp.com/maven-central/dev.openfeature/javasdk/badge.svg)](https://maven-badges.herokuapp.com/maven-central/dev.openfeature/javasdk)
-[![javadoc](https://javadoc.io/badge2/dev.openfeature/javasdk/javadoc.svg)](https://javadoc.io/doc/dev.openfeature/javasdk) 
-[![Project Status: WIP – Initial development is in progress, but there has not yet been a stable, usable release suitable for the public.](https://www.repostatus.org/badges/latest/wip.svg)](https://www.repostatus.org/#wip)
-[![Specification](https://img.shields.io/static/v1?label=Specification&message=v0.4.0&color=yellow)](https://github.com/open-feature/spec/tree/v0.4.0)
+[![Maven Central](https://maven-badges.herokuapp.com/maven-central/dev.openfeature/sdk/badge.svg)](https://maven-badges.herokuapp.com/maven-central/dev.openfeature/sdk)
+[![javadoc](https://javadoc.io/badge2/dev.openfeature/sdk/javadoc.svg)](https://javadoc.io/doc/dev.openfeature/sdk) 
+[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)
+[![v0.5.1](https://img.shields.io/static/v1?label=Specification&message=v0.5.1&color=yellow)](https://github.com/open-feature/spec/tree/v0.5.1)
 [![Known Vulnerabilities](https://snyk.io/test/github/open-feature/java-sdk/badge.svg)](https://snyk.io/test/github/open-feature/java-sdk)
 [![on-merge](https://github.com/open-feature/java-sdk/actions/workflows/merge.yml/badge.svg)](https://github.com/open-feature/java-sdk/actions/workflows/merge.yml)
 [![codecov](https://codecov.io/gh/open-feature/java-sdk/branch/main/graph/badge.svg?token=XMS9L7PBY1)](https://codecov.io/gh/open-feature/java-sdk)
@@ -20,7 +20,7 @@ This library is intended to be used in server-side contexts and has not been eva
 While `Boolean` provides the simplest introduction, we offer a variety of flag types.
 
 ```java
-import dev.openfeature.javasdk.Structure;
+import dev.openfeature.sdk.Structure;
 
 class MyClass {
     public UI booleanExample() {
@@ -53,6 +53,8 @@ class MyClass {
 }
 ```
 
+For complete documentation, visit: https://docs.openfeature.dev/docs/category/concepts
+
 ## Requirements
 - Java 8+
 
@@ -65,8 +67,8 @@ class MyClass {
 ```xml
 <dependency>
     <groupId>dev.openfeature</groupId>
-    <artifactId>javasdk</artifactId>
-    <version>0.2.1</version>
+    <artifactId>sdk</artifactId>
+    <version>1.0.0</version>
 </dependency>
 ```
 <!-- x-release-please-end-version -->
@@ -90,7 +92,7 @@ If you would like snapshot builds, this is the relevant repository information:
 <!-- x-release-please-start-version -->
 ```groovy
 dependencies {
-    implementation 'dev.openfeature:javasdk:0.2.1'
+    implementation 'dev.openfeature:sdk:1.0.0'
 }
 ```
 <!-- x-release-please-end-version -->
@@ -112,10 +114,20 @@ We hold regular meetings which you can see [here](https://github.com/open-featur
 
 We are also present on the `#openfeature` channel in the [CNCF slack](https://slack.cncf.io/).
 
+## Developing
+
+### Integration tests
+
+The continuous integration runs a set of [gherkin integration tests](https://github.com/open-feature/test-harness/blob/main/features/evaluation.feature) using [`flagd`](https://github.com/open-feature/flagd). These tests do not run with the default maven profile. If you'd like to run them locally, you can start the flagd testbed with `docker run -p 8013:8013 ghcr.io/open-feature/flagd-testbed:latest` and then run `mvn test -P integration-test`.
+
 ## Releasing
 
 See [releasing](./docs/release.md).
 
+### Software Bill of Materials (SBOM)
+
+We publish SBOMs with all of our releases as of 0.3.0. You can find them in Maven Central alongside the artifacts.
+
 ## Contributors
 
 Thanks so much to our contributors.

checkstyle.xml

@@ -280,7 +280,7 @@
              value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF, METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
         </module>
         <module name="JavadocMethod">
-            <property name="scope" value="public"/>
+            <property name="accessModifiers" value="public"/>
             <property name="allowMissingParamTags" value="true"/>
             <property name="allowMissingReturnTag" value="true"/>
             <property name="allowedAnnotations" value="Override, Test"/>