Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to Quarkus 3.15.2 #355

Merged
merged 1 commit into from
Nov 27, 2024
Merged

Upgrade to Quarkus 3.15.2 #355

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
75 changes: 53 additions & 22 deletions domino/api/src/main/java/io/quarkus/domino/manifest/ManifestGenerator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURL;
import io.quarkus.bom.resolver.EffectiveModelResolver;
import io.quarkus.bootstrap.resolver.maven.BootstrapMavenContext;
import io.quarkus.bootstrap.resolver.maven.BootstrapMavenException;
import io.quarkus.bootstrap.resolver.maven.MavenArtifactResolver;
import io.quarkus.domino.ReleaseRepo;
Expand All @@ -17,6 +16,7 @@
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
Expand All @@ -25,10 +25,9 @@
import java.util.function.Consumer;
import org.apache.maven.model.MailingList;
import org.apache.maven.model.Model;
import org.cyclonedx.BomGeneratorFactory;
import org.cyclonedx.CycloneDxSchema;
import org.cyclonedx.CycloneDxSchema.Version;
import org.cyclonedx.generators.json.BomJsonGenerator;
import org.cyclonedx.Version;
import org.cyclonedx.exception.GeneratorException;
import org.cyclonedx.generators.BomGeneratorFactory;
import org.cyclonedx.model.Bom;
import org.cyclonedx.model.Component;
import org.cyclonedx.model.ExternalReference;
Expand All @@ -45,6 +44,7 @@ public static class Builder {
private MavenArtifactResolver resolver;
private Path outputFile;
private List<SbomTransformer> transformers = List.of();
private String schemaVersion;

private Builder() {
}
Expand All @@ -67,6 +67,31 @@ public Builder addTransformer(SbomTransformer transformer) {
return this;
}

public Builder setSchemaVersion(String schemaVersion) {
this.schemaVersion = schemaVersion;
return this;
}

private Version getSchemaVersion() {
if (schemaVersion == null) {
return Collections.max(List.of(Version.values()));
}
for (var v : Version.values()) {
if (schemaVersion.equals(v.getVersionString())) {
return v;
}
}
var versions = Version.values();
var sb = new StringBuilder();
sb.append("Requested CycloneDX schema version ").append(schemaVersion)
.append(" does not appear in the list of supported versions: ")
.append(versions[0].getVersionString());
for (int i = 1; i < versions.length; ++i) {
sb.append(", ").append(versions[i].getVersionString());
}
throw new IllegalArgumentException(sb.toString());
}

public ManifestGenerator build() {
return new ManifestGenerator(this);
}
Expand All @@ -83,23 +108,28 @@ private MavenArtifactResolver getInitializedResolver() {
}
}

public static void main(String[] args) throws Exception {

System.out.println(Version.valueOf("1.6"));
}

public static Builder builder() {
return new Builder();
}

private final BootstrapMavenContext mavenCtx;
private final MavenArtifactResolver artifactResolver;
private final EffectiveModelResolver effectiveModelResolver;

private final Path outputFile;
private final List<SbomTransformer> transformers;
private final Version schemaVersion;

private ManifestGenerator(Builder builder) {
artifactResolver = builder.getInitializedResolver();
mavenCtx = artifactResolver.getMavenContext();
effectiveModelResolver = new EffectiveModelResolver(artifactResolver);
outputFile = builder.outputFile;
transformers = builder.transformers;
schemaVersion = builder.getSchemaVersion();
}

public Consumer<Collection<ReleaseRepo>> toConsumer() {
Expand All @@ -114,8 +144,12 @@ public Consumer<Collection<ReleaseRepo>> toConsumer() {

bom = runTransformers(bom);

final BomJsonGenerator bomGenerator = BomGeneratorFactory.createJson(schemaVersion(), bom);
final String bomString = bomGenerator.toJsonString();
final String bomString;
try {
bomString = BomGeneratorFactory.createJson(schemaVersion, bom).toJsonString();
} catch (GeneratorException e) {
throw new RuntimeException("Failed to generate an SBOM in JSON format", e);
}
if (outputFile == null) {
System.out.println(bomString);
} else {
Expand All @@ -138,7 +172,7 @@ public Consumer<Collection<ReleaseRepo>> toConsumer() {
private void addComponent(Bom bom, ReleaseRepo release, ArtifactCoords coords, List<RemoteRepository> repos) {
final Model model = effectiveModelResolver.resolveEffectiveModel(coords, repos);
final Component c = new Component();
extractMetadata(release.getRevision(), model, c);
extractMetadata(release.getRevision(), model, c, schemaVersion);
if (c.getPublisher() == null) {
c.setPublisher("central");
}
Expand Down Expand Up @@ -199,7 +233,7 @@ private Bom runTransformers(Bom bom) {
return bom;
}

static void extractMetadata(ScmRevision releaseId, Model project, Component component) {
static void extractMetadata(ScmRevision releaseId, Model project, Component component, Version schemaVersion) {
if (component.getPublisher() == null) {
// If we don't already have publisher information, retrieve it.
if (project.getOrganization() != null) {
Expand All @@ -214,10 +248,10 @@ static void extractMetadata(ScmRevision releaseId, Model project, Component comp
|| component.getLicenseChoice().getLicenses().isEmpty()) {
// If we don't already have license information, retrieve it.
if (project.getLicenses() != null) {
component.setLicenseChoice(resolveMavenLicenses(project.getLicenses(), false));
component.setLicenseChoice(resolveMavenLicenses(project.getLicenses(), false, schemaVersion));
}
}
if (CycloneDxSchema.Version.VERSION_10 != schemaVersion()) {
if (Version.VERSION_10 != schemaVersion) {
if (project.getUrl() != null) {
if (!doesComponentHaveExternalReference(component, ExternalReference.Type.WEBSITE)) {
addExternalReference(ExternalReference.Type.WEBSITE, project.getUrl(), component);
Expand Down Expand Up @@ -266,17 +300,17 @@ static void extractMetadata(ScmRevision releaseId, Model project, Component comp
}

static LicenseChoice resolveMavenLicenses(List<org.apache.maven.model.License> projectLicenses,
boolean includeLicenseText) {
boolean includeLicenseText, Version schemaVersion) {
final LicenseChoice licenseChoice = new LicenseChoice();
for (org.apache.maven.model.License artifactLicense : projectLicenses) {
boolean resolved = false;
if (artifactLicense.getName() != null) {
final LicenseChoice resolvedByName = LicenseResolver.resolve(artifactLicense.getName(), includeLicenseText);
resolved = resolveLicenseInfo(licenseChoice, resolvedByName);
resolved = resolveLicenseInfo(licenseChoice, resolvedByName, schemaVersion);
}
if (artifactLicense.getUrl() != null && !resolved) {
final LicenseChoice resolvedByUrl = LicenseResolver.resolve(artifactLicense.getUrl(), includeLicenseText);
resolved = resolveLicenseInfo(licenseChoice, resolvedByUrl);
resolved = resolveLicenseInfo(licenseChoice, resolvedByUrl, schemaVersion);
}
if (artifactLicense.getName() != null && !resolved) {
final License license = new License();
Expand All @@ -295,24 +329,21 @@ static LicenseChoice resolveMavenLicenses(List<org.apache.maven.model.License> p
return licenseChoice;
}

static boolean resolveLicenseInfo(LicenseChoice licenseChoice, LicenseChoice licenseChoiceToResolve) {
static boolean resolveLicenseInfo(LicenseChoice licenseChoice, LicenseChoice licenseChoiceToResolve,
Version schemaVersion) {
if (licenseChoiceToResolve != null) {
if (licenseChoiceToResolve.getLicenses() != null && !licenseChoiceToResolve.getLicenses().isEmpty()) {
licenseChoice.addLicense(licenseChoiceToResolve.getLicenses().get(0));
return true;
} else if (licenseChoiceToResolve.getExpression() != null &&
Version.VERSION_10 != schemaVersion()) {
Version.VERSION_10 != schemaVersion) {
licenseChoice.setExpression(licenseChoiceToResolve.getExpression());
return true;
}
}
return false;
}

static Version schemaVersion() {
return Version.VERSION_15;
}

private static boolean doesComponentHaveExternalReference(final Component component, final ExternalReference.Type type) {
if (component.getExternalReferences() != null && !component.getExternalReferences().isEmpty()) {
for (final ExternalReference ref : component.getExternalReferences()) {
Expand Down
43 changes: 38 additions & 5 deletions domino/api/src/main/java/io/quarkus/domino/manifest/SbomGenerator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,9 @@
import java.util.ServiceLoader;
import java.util.Set;
import org.apache.maven.model.Model;
import org.cyclonedx.BomGeneratorFactory;
import org.cyclonedx.generators.json.BomJsonGenerator;
import org.cyclonedx.Version;
import org.cyclonedx.exception.GeneratorException;
import org.cyclonedx.generators.BomGeneratorFactory;
import org.cyclonedx.model.Bom;
import org.cyclonedx.model.Component;
import org.cyclonedx.model.Component.Type;
Expand All @@ -47,6 +48,7 @@ public class SbomGenerator {
public class Builder {

private boolean built;
private String schemaVersion;

private Builder() {
}
Expand Down Expand Up @@ -95,6 +97,11 @@ public Builder setTopComponents(List<VisitedComponent> topComponents) {
return this;
}

public Builder setSchemaVersion(String schemaVersion) {
this.schemaVersion = schemaVersion;
return this;
}

public SbomGenerator build() {
ensureNotBuilt();

Expand All @@ -109,9 +116,30 @@ public SbomGenerator build() {
}
}
effectiveModelResolver = new EffectiveModelResolver(resolver);
SbomGenerator.this.schemaVersion = getSchemaVersion();
return SbomGenerator.this;
}

private Version getSchemaVersion() {
if (schemaVersion == null) {
return Collections.max(List.of(Version.values()));
}
for (var v : Version.values()) {
if (schemaVersion.equals(v.getVersionString())) {
return v;
}
}
var versions = Version.values();
var sb = new StringBuilder();
sb.append("Requested CycloneDX schema version ").append(schemaVersion)
.append(" does not appear in the list of supported versions: ")
.append(versions[0].getVersionString());
for (int i = 1; i < versions.length; ++i) {
sb.append(", ").append(versions[i].getVersionString());
}
throw new IllegalArgumentException(sb.toString());
}

private void ensureNotBuilt() {
if (built) {
throw new IllegalStateException("This builder instance has already been built");
Expand All @@ -130,6 +158,7 @@ public static Builder builder() {
private boolean enableTransformers;
private List<VisitedComponent> topComponents;
private boolean recordDependencies = true;
private Version schemaVersion;

private Bom bom;
private Set<String> addedBomRefs;
Expand All @@ -154,8 +183,12 @@ public Bom generate() {

addProductInfo(metadata);

final BomJsonGenerator bomGenerator = BomGeneratorFactory.createJson(ManifestGenerator.schemaVersion(), bom);
final String bomString = bomGenerator.toJsonString();
final String bomString;
try {
bomString = BomGeneratorFactory.createJson(schemaVersion, bom).toJsonString();
} catch (GeneratorException e) {
throw new RuntimeException("Failed to generate an SBOM in JSON format", e);
}
if (outputFile == null) {
System.out.println(bomString);
} else {
Expand Down Expand Up @@ -185,7 +218,7 @@ private void addComponent(VisitedComponent visited) {
final Model model = effectiveModelResolver.resolveEffectiveModel(visited.getArtifactCoords(),
visited.getRepositories());
final Component c = new Component();
ManifestGenerator.extractMetadata(visited.getRevision(), model, c);
ManifestGenerator.extractMetadata(visited.getRevision(), model, c, schemaVersion);
if (c.getPublisher() == null) {
c.setPublisher("central");
}
Expand Down
7 changes: 6 additions & 1 deletion domino/app/src/main/java/io/quarkus/domino/cli/Report.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,10 @@ public class Report extends BaseDepsToBuildCommand {
"--manifest" }, description = "Generate an SBOM with dependency trees", defaultValue = "false")
public boolean manifest;

@CommandLine.Option(names = {
"--cdx-schema-version" }, description = "CycloneDX spec version. Can be used only with the --manifest argument. Defaults to the latest supported by the integrated CycloneDX library.")
public String cdxSchemaVersion;

@CommandLine.Option(names = {
"--flat-manifest" }, description = "Generate an SBOM without dependency tree information", defaultValue = "false")
public boolean flatManifest;
Expand Down Expand Up @@ -69,7 +73,8 @@ protected void initResolver(ProjectDependencyResolver.Builder resolverBuilder) {
.setProductInfo(resolverBuilder.getDependencyConfig().getProductInfo())
.setEnableTransformers(enableSbomTransformers)
.setRecordDependencies(
!(flatManifest || MANIFEST_DEPS_NONE.equals(manifestDependencies))),
!(flatManifest || MANIFEST_DEPS_NONE.equals(manifestDependencies)))
.setSchemaVersion(cdxSchemaVersion),
resolverBuilder.getDependencyConfig()));
}
}
Expand Down
13 changes: 12 additions & 1 deletion maven-plugin/src/main/java/io/quarkus/bom/decomposer/maven/DependenciesToBuildMojo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,9 +176,19 @@ public class DependenciesToBuildMojo extends AbstractMojo {
@Parameter(property = "includeAlreadyBuilt", required = false)
boolean includeAlreadyBuilt;

/**
* Whether to generate an SBOM
*/
@Parameter(required = false, property = "manifest")
boolean manifest;

/**
* In case {@link #manifest} is enabled, this option can be used to request a specific version of the CycloneDX schema.
* The default version will be the latest supported by the integrated CycloneDX library.
*/
@Parameter(required = false, property = "cdxSchemaVersion")
String cdxSchemaVersion;

/**
* Indicates whether to record artifact dependencies in the manifest and if so, which strategy to use.
* Supported values are:
Expand Down Expand Up @@ -344,7 +354,8 @@ public void execute() throws MojoExecutionException, MojoFailureException {
.setOutputFile(outputFile == null ? null : outputFile.toPath())
.setEnableTransformers(false)
.setRecordDependencies(!flatManifest)
.setProductInfo(dependencyConfig.getProductInfo()),
.setProductInfo(dependencyConfig.getProductInfo())
.setSchemaVersion(cdxSchemaVersion),
dependencyConfig);
depsResolver.addDependencyTreeVisitor(sbomGenerator).build().resolveDependencies();
} else {
Expand Down
8 changes: 1 addition & 7 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,9 +52,8 @@

<assertj.version>3.25.3</assertj.version>
<commons-text.version>1.10.0</commons-text.version>
<cyclonedx.version>8.0.3</cyclonedx.version>
<gradle-tooling.version>8.1.1</gradle-tooling.version>
<quarkus.version>3.8.5</quarkus.version>
<quarkus.version>3.15.2</quarkus.version>
<quarkus-jgit.version>3.1.0</quarkus-jgit.version>
<jgit.version>6.9.0.202403050737-r</jgit.version>
<json-unit-assertj.version>3.2.7</json-unit-assertj.version>
Expand Down Expand Up @@ -190,11 +189,6 @@
<artifactId>quarkus-jgit</artifactId>
<version>${quarkus-jgit.version}</version>
</dependency>
<dependency>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-core-java</artifactId>
<version>${cyclonedx.version}</version>
</dependency>
<dependency>
<groupId>io.github.redhat-appstudio.jvmbuild</groupId>
<artifactId>hacbs-build-recipies-database</artifactId>
Expand Down
Loading