From 9682c61c37387e8fa222caa6bb48fad2a47703d4 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 11 Apr 2024 16:49:18 +0800 Subject: [PATCH 01/53] Sync changes in https://github.com/apache/eventmesh/pull/4719 --- tools/dependency-check/check-dependencies.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tools/dependency-check/check-dependencies.sh b/tools/dependency-check/check-dependencies.sh index 5353df817e..3842323c1f 100644 --- a/tools/dependency-check/check-dependencies.sh +++ b/tools/dependency-check/check-dependencies.sh @@ -1,4 +1,4 @@ -#!/usr/bin bash +#!/bin/bash # # Licensed to the Apache Software Foundation (ASF) under one or more # contributor license agreements. See the NOTICE file distributed with @@ -34,14 +34,14 @@ self_modules_txt='tools/dependency-check/self-modules.txt' # store all third part dependencies third_party_dependencies_txt='tools/dependency-check/third-party-dependencies.txt' -mkdir $decompress_conf || true +mkdir -p $decompress_conf tar -zxf build/eventmesh*.tar.gz -C $decompress_conf ./gradlew printProjects | grep '.jar' > "$self_modules_txt" -find "$decompress_conf" -name "*.jar" -exec basename {} \; | uniq | sort > "$all_dependencies_txt" +find "$decompress_conf" -name "*.jar" -exec basename {} \; | sort | uniq > "$all_dependencies_txt" -grep -wvf "$self_modules_txt" "$all_dependencies_txt" | uniq | sort > "$third_party_dependencies_txt" +grep -wvf "$self_modules_txt" "$all_dependencies_txt" | sort | uniq > "$third_party_dependencies_txt" # If the check is success it will return 0 sort "$known_third_party_dependencies_txt" | diff - "$third_party_dependencies_txt" From 4100a72871264c917579156baa8de09e56805982 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 11 Apr 2024 17:13:27 +0800 Subject: [PATCH 02/53] minor change --- .github/dependabot.yml | 1 - tools/dependency-check/check-dependencies.sh | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fec01fab24..26700f23d2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -21,7 +21,6 @@ version: 2 updates: - package-ecosystem: "gradle" directory: "/" - open-pull-requests-limit: 20 schedule: interval: "weekly" ignore: diff --git a/tools/dependency-check/check-dependencies.sh b/tools/dependency-check/check-dependencies.sh index 3842323c1f..c8d9a9f566 100644 --- a/tools/dependency-check/check-dependencies.sh +++ b/tools/dependency-check/check-dependencies.sh @@ -21,15 +21,15 @@ # This will not check the license legality # ******************************************************************** -# Used to store the tmp files. +# Used to store the tmp files decompress_conf='build/tmp' -# store all dependencies from our binary jar. +# store all dependencies from our binary jar all_dependencies_txt='tools/dependency-check/all-dependencies.txt' # store all our known dependencies known_third_party_dependencies_txt='tools/dependency-check/known-dependencies.txt' -# Below files is generated by this script. -# store all EventMesh self module's name. +# Below files is generated by this script +# store all EventMesh self module's name self_modules_txt='tools/dependency-check/self-modules.txt' # store all third part dependencies third_party_dependencies_txt='tools/dependency-check/third-party-dependencies.txt' From 335c80cbdb7c841a923c3db5836afb2cf6fe3f6e Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 11 Apr 2024 17:24:19 +0800 Subject: [PATCH 03/53] Only keep the artifact name --- tools/dependency-check/check-dependencies.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tools/dependency-check/check-dependencies.sh b/tools/dependency-check/check-dependencies.sh index c8d9a9f566..5da6656432 100644 --- a/tools/dependency-check/check-dependencies.sh +++ b/tools/dependency-check/check-dependencies.sh @@ -43,6 +43,9 @@ find "$decompress_conf" -name "*.jar" -exec basename {} \; | sort | uniq > "$all grep -wvf "$self_modules_txt" "$all_dependencies_txt" | sort | uniq > "$third_party_dependencies_txt" +# Only keep the artifact name +sed -i 's/-[0-9].*\.jar//g' "$third_party_dependencies_txt" + # If the check is success it will return 0 sort "$known_third_party_dependencies_txt" | diff - "$third_party_dependencies_txt" @@ -53,4 +56,4 @@ then else echo "Dependencies check failed, please check if you add known dependencies" exit $compareCode -fi +fi \ No newline at end of file From bac8c92a84a312ff4aa0cb026ee1b0d26e1c8a2d Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 11 Apr 2024 17:28:58 +0800 Subject: [PATCH 04/53] Run `sed -i 's/-[0-9].*\.jar//g'` --- tools/dependency-check/known-dependencies.txt | 720 +++++++++--------- 1 file changed, 360 insertions(+), 360 deletions(-) diff --git a/tools/dependency-check/known-dependencies.txt b/tools/dependency-check/known-dependencies.txt index b30ca5d5ed..7b06cb25e7 100644 --- a/tools/dependency-check/known-dependencies.txt +++ b/tools/dependency-check/known-dependencies.txt @@ -1,360 +1,360 @@ -FastInfoset-1.2.15.jar -ST4-4.3.4.jar -accessors-smart-2.4.7.jar -alibabacloud-gateway-spi-0.0.1.jar -amqp-client-5.16.0.jar -animal-sniffer-annotations-1.19.jar -annotations-2.20.29.jar -annotations-4.1.1.4.jar -antlr-2.7.7.jar -antlr-runtime-3.5.3.jar -antlr4-4.13.0.jar -antlr4-runtime-4.13.0.jar -aopalliance-1.0.jar -apache-client-2.20.29.jar -arns-2.20.29.jar -asm-9.1.jar -asm-9.2.jar -asm-analysis-9.2.jar -asm-commons-9.2.jar -asm-tree-9.2.jar -asm-util-9.2.jar -assertj-core-2.6.0.jar -async-http-client-2.12.0.jar -async-http-client-netty-utils-2.12.0.jar -audience-annotations-0.12.0.jar -auth-2.20.29.jar -aws-core-2.20.29.jar -aws-query-protocol-2.20.29.jar -aws-xml-protocol-2.20.29.jar -bcpkix-jdk15on-1.69.jar -bcpkix-jdk15on-1.70.jar -bcprov-ext-jdk15on-1.69.jar -bcprov-ext-jdk15on-1.70.jar -bcprov-jdk15on-1.69.jar -bcprov-jdk15on-1.70.jar -bcutil-jdk15on-1.69.jar -bcutil-jdk15on-1.70.jar -bolt-1.1.6.jar -bouncy-castle-bc-2.10.1-pkg.jar -bouncy-castle-bc-2.11.1-pkg.jar -bson-3.12.11.jar -byte-buddy-1.11.0.jar -byte-buddy-1.12.18.jar -cache-api-1.1.1.jar -checker-qual-3.12.0.jar -classmate-1.5.1.jar -cloudevents-api-2.4.2.jar -cloudevents-core-2.4.2.jar -cloudevents-http-vertx-2.3.0.jar -cloudevents-json-jackson-2.4.2.jar -cloudevents-kafka-2.4.2.jar -cloudevents-protobuf-2.4.2.jar -commons-beanutils-1.9.4.jar -commons-cli-1.2.jar -commons-codec-1.11.jar -commons-codec-1.15.jar -commons-collections-3.2.2.jar -commons-collections4-4.1.jar -commons-digester-2.1.jar -commons-io-2.11.0.jar -commons-lang3-3.6.jar -commons-logging-1.2.jar -commons-text-1.9.jar -commons-validator-1.7.jar -consul-api-1.4.5.jar -credentials-java-0.2.4.jar -crt-core-2.20.29.jar -curator-client-5.4.0.jar -curator-framework-5.4.0.jar -curator-recipes-5.4.0.jar -dingtalk-2.0.61.jar -disruptor-3.4.2.jar -dledger-0.3.1.2.jar -dom4j-2.0.3.jar -druid-1.2.20.jar -endpoint-util-0.0.7.jar -endpoints-spi-2.20.29.jar -error_prone_annotations-2.9.0.jar -eventstream-1.0.1.jar -failureaccess-1.0.1.jar -fastjson-1.2.69_noneautotype.jar -fastjson2-2.0.48.jar -gateway-dingtalk-1.0.2.jar -google-auth-library-credentials-0.22.2.jar -grpc-api-1.43.2.jar -grpc-auth-1.39.0.jar -grpc-context-1.43.2.jar -grpc-core-1.43.2.jar -grpc-grpclb-1.17.1.jar -grpc-netty-1.43.2.jar -grpc-netty-shaded-1.43.2.jar -grpc-protobuf-1.42.2.jar -grpc-protobuf-1.43.2.jar -grpc-protobuf-lite-1.42.2.jar -grpc-protobuf-lite-1.43.2.jar -grpc-stub-1.43.2.jar -gson-2.8.2.jar -guava-31.0.1-jre.jar -guava-retrying-2.0.0.jar -guice-4.2.2.jar -hibernate-commons-annotations-5.1.2.Final.jar -hibernate-core-5.6.15.Final.jar -hibernate-validator-6.2.0.Final.jar -http-client-spi-2.20.29.jar -httpasyncclient-4.1.3.jar -httpclient-4.5.13.jar -httpcore-4.4.13.jar -httpcore-nio-4.4.6.jar -httpmime-4.5.13.jar -icu4j-72.1.jar -ini4j-0.5.4.jar -ipaddress-5.3.3.jar -istack-commons-runtime-3.0.7.jar -j2objc-annotations-1.3.jar -jackson-annotations-2.13.0.jar -jackson-core-2.13.0.jar -jackson-databind-2.13.0.jar -jackson-dataformat-yaml-2.13.0.jar -jackson-datatype-jsr310-2.13.0.jar -jakarta.annotation-api-1.3.5.jar -jakarta.validation-api-2.0.2.jar -jandex-2.4.2.Final.jar -javassist-3.24.0-GA.jar -javax.activation-1.2.0.jar -javax.activation-api-1.2.0.jar -javax.annotation-api-1.3.2.jar -javax.inject-1.jar -javax.persistence-api-2.2.jar -javax.ws.rs-api-2.1.jar -jaxb-api-2.3.0.jar -jaxb-api-2.3.1.jar -jaxb-core-2.3.0.jar -jaxb-impl-2.3.0.jar -jaxb-runtime-2.3.1.jar -jaxen-1.1.6.jar -jboss-logging-3.4.1.Final.jar -jboss-logging-3.4.3.Final.jar -jboss-marshalling-2.0.11.Final.jar -jboss-marshalling-river-2.0.11.Final.jar -jboss-transaction-api_1.2_spec-1.1.1.Final.jar -jcip-annotations-1.0.jar -jcommander-1.78.jar -jcommander-1.82.jar -jetcd-common-0.3.0.jar -jetcd-core-0.3.0.jar -jetcd-resolver-0.3.0.jar -jjwt-api-0.11.1.jar -jjwt-impl-0.11.1.jar -jjwt-jackson-0.11.1.jar -jna-4.2.2.jar -jodd-bean-5.1.6.jar -jodd-core-5.1.6.jar -json-path-2.7.0.jar -json-smart-2.4.7.jar -json-utils-2.20.29.jar -jsr305-3.0.2.jar -jul-to-slf4j-1.7.33.jar -kafka-clients-3.0.0.jar -listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar -log4j-api-2.22.1.jar -log4j-core-2.22.1.jar -log4j-slf4j-impl-2.22.1.jar -log4j-slf4j2-impl-2.22.1.jar -logback-classic-1.2.10.jar -logback-core-1.2.10.jar -lz4-java-1.7.1.jar -lz4-java-1.8.0.jar -metrics-annotation-4.1.0.jar -metrics-core-4.1.0.jar -metrics-healthchecks-4.1.0.jar -metrics-json-4.1.0.jar -metrics-spi-2.20.29.jar -mongodb-driver-3.12.11.jar -mongodb-driver-core-3.12.11.jar -mysql-binlog-connector-java-0.28.0.jar -mysql-connector-j-8.0.32.jar -nacos-auth-plugin-2.2.1.jar -nacos-client-2.2.1.jar -nacos-encryption-plugin-2.2.1.jar -netty-3.10.6.Final.jar -netty-all-4.1.79.Final.jar -netty-buffer-4.1.100.Final.jar -netty-buffer-4.1.79.Final.jar -netty-buffer-4.1.86.Final.jar -netty-codec-4.1.100.Final.jar -netty-codec-4.1.79.Final.jar -netty-codec-4.1.86.Final.jar -netty-codec-dns-4.1.100.Final.jar -netty-codec-dns-4.1.79.Final.jar -netty-codec-haproxy-4.1.79.Final.jar -netty-codec-http-4.1.100.Final.jar -netty-codec-http-4.1.79.Final.jar -netty-codec-http-4.1.86.Final.jar -netty-codec-http2-4.1.100.Final.jar -netty-codec-http2-4.1.79.Final.jar -netty-codec-http2-4.1.86.Final.jar -netty-codec-memcache-4.1.79.Final.jar -netty-codec-mqtt-4.1.79.Final.jar -netty-codec-redis-4.1.79.Final.jar -netty-codec-smtp-4.1.79.Final.jar -netty-codec-socks-4.1.100.Final.jar -netty-codec-socks-4.1.79.Final.jar -netty-codec-stomp-4.1.79.Final.jar -netty-codec-xml-4.1.79.Final.jar -netty-common-4.1.100.Final.jar -netty-common-4.1.79.Final.jar -netty-common-4.1.86.Final.jar -netty-handler-4.1.100.Final.jar -netty-handler-4.1.79.Final.jar -netty-handler-4.1.86.Final.jar -netty-handler-proxy-4.1.100.Final.jar -netty-handler-proxy-4.1.79.Final.jar -netty-nio-client-2.20.29.jar -netty-reactive-streams-2.0.4.jar -netty-resolver-4.1.100.Final.jar -netty-resolver-4.1.79.Final.jar -netty-resolver-4.1.86.Final.jar -netty-resolver-dns-4.1.100.Final.jar -netty-resolver-dns-4.1.79.Final.jar -netty-resolver-dns-classes-macos-4.1.79.Final.jar -netty-resolver-dns-native-macos-4.1.79.Final-osx-aarch_64.jar -netty-resolver-dns-native-macos-4.1.79.Final-osx-x86_64.jar -netty-tcnative-boringssl-static-2.0.48.Final.jar -netty-tcnative-boringssl-static-2.0.51.Final.jar -netty-tcnative-classes-2.0.48.Final.jar -netty-tcnative-classes-2.0.51.Final.jar -netty-transport-4.1.100.Final.jar -netty-transport-4.1.79.Final.jar -netty-transport-4.1.86.Final.jar -netty-transport-classes-epoll-4.1.79.Final.jar -netty-transport-classes-epoll-4.1.86.Final.jar -netty-transport-classes-kqueue-4.1.79.Final.jar -netty-transport-native-epoll-4.1.79.Final-linux-aarch_64.jar -netty-transport-native-epoll-4.1.79.Final-linux-x86_64.jar -netty-transport-native-epoll-4.1.79.Final.jar -netty-transport-native-kqueue-4.1.79.Final-osx-aarch_64.jar -netty-transport-native-kqueue-4.1.79.Final-osx-x86_64.jar -netty-transport-native-unix-common-4.1.100.Final.jar -netty-transport-native-unix-common-4.1.79.Final.jar -netty-transport-native-unix-common-4.1.86.Final.jar -netty-transport-rxtx-4.1.79.Final.jar -netty-transport-sctp-4.1.79.Final.jar -netty-transport-udt-4.1.79.Final.jar -oapi-sdk-2.0.28.jar -okhttp-3.14.9.jar -okio-1.17.2.jar -openapiutil-0.2.1.jar -openmessaging-api-2.2.1-pubsub.jar -opentelemetry-api-1.3.0.jar -opentelemetry-api-metrics-1.3.0-alpha.jar -opentelemetry-context-1.3.0.jar -opentelemetry-exporter-jaeger-1.4.0.jar -opentelemetry-exporter-prometheus-1.3.0-alpha.jar -opentelemetry-exporter-zipkin-1.3.0.jar -opentelemetry-sdk-1.3.0.jar -opentelemetry-sdk-common-1.3.0.jar -opentelemetry-sdk-metrics-1.3.0-alpha.jar -opentelemetry-sdk-trace-1.3.0.jar -opentelemetry-semconv-1.3.0-alpha.jar -org.abego.treelayout.core-1.0.3.jar -org.jacoco.agent-0.8.4-runtime.jar -perfmark-api-0.23.0.jar -pinpoint-annotations-2.4.1.jar -pinpoint-bootstrap-2.4.1.jar -pinpoint-bootstrap-core-2.4.1.jar -pinpoint-commons-2.4.1.jar -pinpoint-commons-buffer-2.4.1.jar -pinpoint-commons-profiler-2.4.1.jar -pinpoint-grpc-2.4.1.jar -pinpoint-profiler-2.4.1.jar -pinpoint-rpc-2.4.1.jar -pravega-client-0.11.0.jar -pravega-common-0.11.0.jar -pravega-shared-authplugin-0.11.0.jar -pravega-shared-controller-api-0.11.0.jar -pravega-shared-protocol-0.11.0.jar -pravega-shared-security-0.11.0.jar -profiles-2.20.29.jar -proto-google-common-protos-2.0.1.jar -protobuf-java-3.19.2.jar -protobuf-java-3.21.5.jar -protobuf-java-3.21.9.jar -protobuf-java-util-3.15.0.jar -protobuf-java-util-3.17.2.jar -protobuf-java-util-3.21.5.jar -protobuf-java-util-3.5.1.jar -protocol-core-2.20.29.jar -pull-parser-2.jar -pulsar-client-2.10.1.jar -pulsar-client-2.11.1.jar -pulsar-client-admin-api-2.10.1.jar -pulsar-client-admin-api-2.11.1.jar -pulsar-client-api-2.10.1.jar -pulsar-client-api-2.11.1.jar -reactive-streams-1.0.3.jar -reactor-core-3.4.13.jar -redisson-3.17.3.jar -regions-2.20.29.jar -relaxngDatatype-20020414.jar -rocketmq-acl-4.9.5.jar -rocketmq-broker-4.9.5.jar -rocketmq-client-4.9.5.jar -rocketmq-common-4.9.5.jar -rocketmq-filter-4.9.5.jar -rocketmq-logging-4.9.5.jar -rocketmq-namesrv-4.9.5.jar -rocketmq-remoting-4.9.5.jar -rocketmq-srvutil-4.9.5.jar -rocketmq-store-4.9.5.jar -rocketmq-tools-4.9.5.jar -rxjava-3.0.12.jar -s3-2.20.29.jar -sdk-core-2.20.29.jar -simpleclient-0.8.1.jar -simpleclient_common-0.8.1.jar -simpleclient_httpserver-0.8.1.jar -slack-api-client-1.1.6.jar -slack-api-model-1.1.6.jar -slack-app-backend-1.1.6.jar -slf4j-api-2.0.9.jar -snakeyaml-1.30.jar -snappy-java-1.1.8.1.jar -spring-aop-5.3.15.jar -spring-beans-5.3.20.jar -spring-boot-2.5.9.jar -spring-boot-autoconfigure-2.5.9.jar -spring-boot-starter-2.5.9.jar -spring-boot-starter-logging-2.5.9.jar -spring-boot-starter-validation-2.5.9.jar -spring-context-5.3.15.jar -spring-core-5.3.20.jar -spring-expression-5.3.15.jar -spring-jcl-5.3.20.jar -spring-messaging-5.3.20.jar -stax-api-1.0-2.jar -stax-ex-1.8.jar -tea-1.2.7.jar -tea-openapi-0.2.8.jar -tea-util-0.2.21.jar -tea-xml-0.1.5.jar -third-party-jackson-core-2.20.29.jar -tomcat-embed-el-9.0.56.jar -txw2-2.3.1.jar -utils-2.20.29.jar -validation-api-1.1.0.Final.jar -vertx-auth-common-4.4.6.jar -vertx-bridge-common-4.4.6.jar -vertx-core-4.4.6.jar -vertx-web-4.4.6.jar -vertx-web-client-4.0.0.jar -vertx-web-common-4.4.6.jar -xpp3-1.1.4c.jar -xsdlib-2013.6.1.jar -zipkin-2.23.2.jar -zipkin-reporter-2.16.3.jar -zipkin-sender-okhttp3-2.16.3.jar -zookeeper-3.7.1.jar -zookeeper-jute-3.7.1.jar -zstd-jni-1.5.0-2.jar -zstd-jni-1.5.2-2.jar +FastInfoset +ST4 +accessors-smart +alibabacloud-gateway-spi +amqp-client +animal-sniffer-annotations +annotations +annotations +antlr +antlr-runtime +antlr4 +antlr4-runtime +aopalliance +apache-client +arns +asm +asm +asm-analysis +asm-commons +asm-tree +asm-util +assertj-core +async-http-client +async-http-client-netty-utils +audience-annotations +auth +aws-core +aws-query-protocol +aws-xml-protocol +bcpkix-jdk15on +bcpkix-jdk15on +bcprov-ext-jdk15on +bcprov-ext-jdk15on +bcprov-jdk15on +bcprov-jdk15on +bcutil-jdk15on +bcutil-jdk15on +bolt +bouncy-castle-bc +bouncy-castle-bc +bson +byte-buddy +byte-buddy +cache-api +checker-qual +classmate +cloudevents-api +cloudevents-core +cloudevents-http-vertx +cloudevents-json-jackson +cloudevents-kafka +cloudevents-protobuf +commons-beanutils +commons-cli +commons-codec +commons-codec +commons-collections +commons-collections4 +commons-digester +commons-io +commons-lang3 +commons-logging +commons-text +commons-validator +consul-api +credentials-java +crt-core +curator-client +curator-framework +curator-recipes +dingtalk +disruptor +dledger +dom4j +druid +endpoint-util +endpoints-spi +error_prone_annotations +eventstream +failureaccess +fastjson +fastjson2 +gateway-dingtalk +google-auth-library-credentials +grpc-api +grpc-auth +grpc-context +grpc-core +grpc-grpclb +grpc-netty +grpc-netty-shaded +grpc-protobuf +grpc-protobuf +grpc-protobuf-lite +grpc-protobuf-lite +grpc-stub +gson +guava +guava-retrying +guice +hibernate-commons-annotations +hibernate-core +hibernate-validator +http-client-spi +httpasyncclient +httpclient +httpcore +httpcore-nio +httpmime +icu4j +ini4j +ipaddress +istack-commons-runtime +j2objc-annotations +jackson-annotations +jackson-core +jackson-databind +jackson-dataformat-yaml +jackson-datatype-jsr310 +jakarta.annotation-api +jakarta.validation-api +jandex +javassist +javax.activation +javax.activation-api +javax.annotation-api +javax.inject +javax.persistence-api +javax.ws.rs-api +jaxb-api +jaxb-api +jaxb-core +jaxb-impl +jaxb-runtime +jaxen +jboss-logging +jboss-logging +jboss-marshalling +jboss-marshalling-river +jboss-transaction-api_1.2_spec +jcip-annotations +jcommander +jcommander +jetcd-common +jetcd-core +jetcd-resolver +jjwt-api +jjwt-impl +jjwt-jackson +jna +jodd-bean +jodd-core +json-path +json-smart +json-utils +jsr305 +jul-to-slf4j +kafka-clients +listenablefuture +log4j-api +log4j-core +log4j-slf4j-impl +log4j-slf4j2-impl +logback-classic +logback-core +lz4-java +lz4-java +metrics-annotation +metrics-core +metrics-healthchecks +metrics-json +metrics-spi +mongodb-driver +mongodb-driver-core +mysql-binlog-connector-java +mysql-connector-j +nacos-auth-plugin +nacos-client +nacos-encryption-plugin +netty +netty-all +netty-buffer +netty-buffer +netty-buffer +netty-codec +netty-codec +netty-codec +netty-codec-dns +netty-codec-dns +netty-codec-haproxy +netty-codec-http +netty-codec-http +netty-codec-http +netty-codec-http2 +netty-codec-http2 +netty-codec-http2 +netty-codec-memcache +netty-codec-mqtt +netty-codec-redis +netty-codec-smtp +netty-codec-socks +netty-codec-socks +netty-codec-stomp +netty-codec-xml +netty-common +netty-common +netty-common +netty-handler +netty-handler +netty-handler +netty-handler-proxy +netty-handler-proxy +netty-nio-client +netty-reactive-streams +netty-resolver +netty-resolver +netty-resolver +netty-resolver-dns +netty-resolver-dns +netty-resolver-dns-classes-macos +netty-resolver-dns-native-macos +netty-resolver-dns-native-macos +netty-tcnative-boringssl-static +netty-tcnative-boringssl-static +netty-tcnative-classes +netty-tcnative-classes +netty-transport +netty-transport +netty-transport +netty-transport-classes-epoll +netty-transport-classes-epoll +netty-transport-classes-kqueue +netty-transport-native-epoll +netty-transport-native-epoll +netty-transport-native-epoll +netty-transport-native-kqueue +netty-transport-native-kqueue +netty-transport-native-unix-common +netty-transport-native-unix-common +netty-transport-native-unix-common +netty-transport-rxtx +netty-transport-sctp +netty-transport-udt +oapi-sdk +okhttp +okio +openapiutil +openmessaging-api +opentelemetry-api +opentelemetry-api-metrics +opentelemetry-context +opentelemetry-exporter-jaeger +opentelemetry-exporter-prometheus +opentelemetry-exporter-zipkin +opentelemetry-sdk +opentelemetry-sdk-common +opentelemetry-sdk-metrics +opentelemetry-sdk-trace +opentelemetry-semconv +org.abego.treelayout.core +org.jacoco.agent +perfmark-api +pinpoint-annotations +pinpoint-bootstrap +pinpoint-bootstrap-core +pinpoint-commons +pinpoint-commons-buffer +pinpoint-commons-profiler +pinpoint-grpc +pinpoint-profiler +pinpoint-rpc +pravega-client +pravega-common +pravega-shared-authplugin +pravega-shared-controller-api +pravega-shared-protocol +pravega-shared-security +profiles +proto-google-common-protos +protobuf-java +protobuf-java +protobuf-java +protobuf-java-util +protobuf-java-util +protobuf-java-util +protobuf-java-util +protocol-core +pull-parser +pulsar-client +pulsar-client +pulsar-client-admin-api +pulsar-client-admin-api +pulsar-client-api +pulsar-client-api +reactive-streams +reactor-core +redisson +regions +relaxngDatatype +rocketmq-acl +rocketmq-broker +rocketmq-client +rocketmq-common +rocketmq-filter +rocketmq-logging +rocketmq-namesrv +rocketmq-remoting +rocketmq-srvutil +rocketmq-store +rocketmq-tools +rxjava +s3 +sdk-core +simpleclient +simpleclient_common +simpleclient_httpserver +slack-api-client +slack-api-model +slack-app-backend +slf4j-api +snakeyaml +snappy-java +spring-aop +spring-beans +spring-boot +spring-boot-autoconfigure +spring-boot-starter +spring-boot-starter-logging +spring-boot-starter-validation +spring-context +spring-core +spring-expression +spring-jcl +spring-messaging +stax-api +stax-ex +tea +tea-openapi +tea-util +tea-xml +third-party-jackson-core +tomcat-embed-el +txw2 +utils +validation-api +vertx-auth-common +vertx-bridge-common +vertx-core +vertx-web +vertx-web-client +vertx-web-common +xpp3 +xsdlib +zipkin +zipkin-reporter +zipkin-sender-okhttp3 +zookeeper +zookeeper-jute +zstd-jni +zstd-jni From b1bba8bd26a0557e46a27a287dfc7a698eda49fb Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 11 Apr 2024 17:35:11 +0800 Subject: [PATCH 05/53] Run `sort known-dependencies.txt | uniq > known-dependencies-unique.txt` --- tools/dependency-check/known-dependencies.txt | 53 ------------------- 1 file changed, 53 deletions(-) diff --git a/tools/dependency-check/known-dependencies.txt b/tools/dependency-check/known-dependencies.txt index 7b06cb25e7..aaadcfdd3f 100644 --- a/tools/dependency-check/known-dependencies.txt +++ b/tools/dependency-check/known-dependencies.txt @@ -5,7 +5,6 @@ alibabacloud-gateway-spi amqp-client animal-sniffer-annotations annotations -annotations antlr antlr-runtime antlr4 @@ -14,7 +13,6 @@ aopalliance apache-client arns asm -asm asm-analysis asm-commons asm-tree @@ -28,19 +26,13 @@ aws-core aws-query-protocol aws-xml-protocol bcpkix-jdk15on -bcpkix-jdk15on -bcprov-ext-jdk15on bcprov-ext-jdk15on bcprov-jdk15on -bcprov-jdk15on -bcutil-jdk15on bcutil-jdk15on bolt bouncy-castle-bc -bouncy-castle-bc bson byte-buddy -byte-buddy cache-api checker-qual classmate @@ -53,7 +45,6 @@ cloudevents-protobuf commons-beanutils commons-cli commons-codec -commons-codec commons-collections commons-collections4 commons-digester @@ -90,8 +81,6 @@ grpc-grpclb grpc-netty grpc-netty-shaded grpc-protobuf -grpc-protobuf -grpc-protobuf-lite grpc-protobuf-lite grpc-stub gson @@ -128,19 +117,16 @@ javax.inject javax.persistence-api javax.ws.rs-api jaxb-api -jaxb-api jaxb-core jaxb-impl jaxb-runtime jaxen jboss-logging -jboss-logging jboss-marshalling jboss-marshalling-river jboss-transaction-api_1.2_spec jcip-annotations jcommander -jcommander jetcd-common jetcd-core jetcd-resolver @@ -164,7 +150,6 @@ log4j-slf4j2-impl logback-classic logback-core lz4-java -lz4-java metrics-annotation metrics-core metrics-healthchecks @@ -180,64 +165,35 @@ nacos-encryption-plugin netty netty-all netty-buffer -netty-buffer -netty-buffer -netty-codec netty-codec -netty-codec -netty-codec-dns netty-codec-dns netty-codec-haproxy netty-codec-http -netty-codec-http -netty-codec-http -netty-codec-http2 -netty-codec-http2 netty-codec-http2 netty-codec-memcache netty-codec-mqtt netty-codec-redis netty-codec-smtp netty-codec-socks -netty-codec-socks netty-codec-stomp netty-codec-xml netty-common -netty-common -netty-common -netty-handler -netty-handler netty-handler netty-handler-proxy -netty-handler-proxy netty-nio-client netty-reactive-streams netty-resolver -netty-resolver -netty-resolver -netty-resolver-dns netty-resolver-dns netty-resolver-dns-classes-macos netty-resolver-dns-native-macos -netty-resolver-dns-native-macos netty-tcnative-boringssl-static -netty-tcnative-boringssl-static -netty-tcnative-classes netty-tcnative-classes netty-transport -netty-transport -netty-transport -netty-transport-classes-epoll netty-transport-classes-epoll netty-transport-classes-kqueue netty-transport-native-epoll -netty-transport-native-epoll -netty-transport-native-epoll -netty-transport-native-kqueue netty-transport-native-kqueue netty-transport-native-unix-common -netty-transport-native-unix-common -netty-transport-native-unix-common netty-transport-rxtx netty-transport-sctp netty-transport-udt @@ -278,19 +234,11 @@ pravega-shared-security profiles proto-google-common-protos protobuf-java -protobuf-java -protobuf-java -protobuf-java-util -protobuf-java-util -protobuf-java-util protobuf-java-util protocol-core pull-parser pulsar-client -pulsar-client pulsar-client-admin-api -pulsar-client-admin-api -pulsar-client-api pulsar-client-api reactive-streams reactor-core @@ -357,4 +305,3 @@ zipkin-sender-okhttp3 zookeeper zookeeper-jute zstd-jni -zstd-jni From d51c5becccb8a473e6eed6c709f4c47516650941 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 11 Apr 2024 17:49:07 +0800 Subject: [PATCH 06/53] Allow CI to run on branches with namespace in the branch name in forked repos --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e6018573c6..cd16be25c7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,9 +21,9 @@ name: "Continuous Integration" on: push: - branches: [ '*' ] + branches: [ '**' ] pull_request: - branches: [ '*' ] + branches: [ '**' ] jobs: build: From f4b938a6637db5d54cc2e50d55506e328c751ce6 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 11 Apr 2024 18:57:59 +0800 Subject: [PATCH 07/53] Correct typo and remove useless command --- .github/workflows/ci.yml | 3 ++- tools/dependency-check/check-dependencies.sh | 12 ++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cd16be25c7..71055bab5f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -96,6 +96,7 @@ jobs: - name: Check third party dependencies run: | - ./gradlew clean dist -x spotlessJava -x test -x checkstyleMain -x javaDoc && ./gradlew installPlugin && ./gradlew tar && sh tools/dependency-check/check-dependencies.sh && echo "Thirty party dependencies check success" + ./gradlew clean dist -x spotlessJava -x test -x checkstyleMain -x javaDoc && ./gradlew installPlugin && ./gradlew tar + bash tools/dependency-check/check-dependencies.sh env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} diff --git a/tools/dependency-check/check-dependencies.sh b/tools/dependency-check/check-dependencies.sh index 5da6656432..5caa59e827 100644 --- a/tools/dependency-check/check-dependencies.sh +++ b/tools/dependency-check/check-dependencies.sh @@ -23,15 +23,15 @@ # Used to store the tmp files decompress_conf='build/tmp' -# store all dependencies from our binary jar -all_dependencies_txt='tools/dependency-check/all-dependencies.txt' # store all our known dependencies known_third_party_dependencies_txt='tools/dependency-check/known-dependencies.txt' # Below files is generated by this script -# store all EventMesh self module's name +# store all dependencies from EventMesh binary jar +all_dependencies_txt='tools/dependency-check/all-dependencies.txt' +# store all EventMesh self modules' name self_modules_txt='tools/dependency-check/self-modules.txt' -# store all third part dependencies +# store all third party dependencies third_party_dependencies_txt='tools/dependency-check/third-party-dependencies.txt' mkdir -p $decompress_conf @@ -52,8 +52,8 @@ sort "$known_third_party_dependencies_txt" | diff - "$third_party_dependencies_t compareCode=$? if [ $compareCode -eq 0 ] then - echo "Dependencies check success" + echo "Dependency check success" else - echo "Dependencies check failed, please check if you add known dependencies" + echo "Dependency check failed. Please check if you add known dependencies" exit $compareCode fi \ No newline at end of file From 9694f41300e30d3c3efd1bfc465f4235e30dc818 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 11 Apr 2024 19:17:43 +0800 Subject: [PATCH 08/53] Use `sort -u -o` instead of `uniq` to remove duplicate artifacts with different version --- tools/dependency-check/check-dependencies.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/dependency-check/check-dependencies.sh b/tools/dependency-check/check-dependencies.sh index 5caa59e827..4239d76f57 100644 --- a/tools/dependency-check/check-dependencies.sh +++ b/tools/dependency-check/check-dependencies.sh @@ -45,6 +45,7 @@ grep -wvf "$self_modules_txt" "$all_dependencies_txt" | sort | uniq > "$third_pa # Only keep the artifact name sed -i 's/-[0-9].*\.jar//g' "$third_party_dependencies_txt" +sort -u -o "$third_party_dependencies_txt" "$third_party_dependencies_txt" # If the check is success it will return 0 sort "$known_third_party_dependencies_txt" | diff - "$third_party_dependencies_txt" From 62b6fff7e5d1a46844e2d72dff6ee844cdf96cfd Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 11 Apr 2024 20:22:28 +0800 Subject: [PATCH 09/53] Enlarge open-pull-requests-limit --- .github/dependabot.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 26700f23d2..c025778dc5 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -21,6 +21,7 @@ version: 2 updates: - package-ecosystem: "gradle" directory: "/" + open-pull-requests-limit: 10 schedule: interval: "weekly" ignore: From 9143ee3e75118309e2d9ee299586810b24a86878 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Sun, 14 Apr 2024 23:09:38 +0800 Subject: [PATCH 10/53] minor: polish tips --- tools/dependency-check/check-dependencies.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/dependency-check/check-dependencies.sh b/tools/dependency-check/check-dependencies.sh index 4239d76f57..4ad723e6c3 100644 --- a/tools/dependency-check/check-dependencies.sh +++ b/tools/dependency-check/check-dependencies.sh @@ -53,8 +53,8 @@ sort "$known_third_party_dependencies_txt" | diff - "$third_party_dependencies_t compareCode=$? if [ $compareCode -eq 0 ] then - echo "Dependency check success" + echo "Dependency check success." else - echo "Dependency check failed. Please check if you add known dependencies" + echo "Dependency check failed. Please add new dependencies to known-dependencies.txt." exit $compareCode fi \ No newline at end of file From 4e79cfa1130cca3f4364ec8ed9a1f0d4e5461492 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 12:22:07 +0800 Subject: [PATCH 11/53] Test apache/skywalking-eyes/dependency CI result --- .github/workflows/ci.yml | 4 ++-- .licenserc.yaml | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 71055bab5f..ca50d1649d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -89,8 +89,8 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 - - name: Check license header - uses: apache/skywalking-eyes@main + - name: Check Dependencies' License + uses: apache/skywalking-eyes/dependency@0.6.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.licenserc.yaml b/.licenserc.yaml index c820f8ba74..02ed56e288 100644 --- a/.licenserc.yaml +++ b/.licenserc.yaml @@ -46,3 +46,7 @@ header: - '**/*.txt' comment: on-failure + + dependency: + files: + - build.gradle From d69be55a6c1b2777ed0bc6516f05949e154f4bba Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 12:35:21 +0800 Subject: [PATCH 12/53] Fix 'unable to find version `0.6.0`' --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ca50d1649d..33782ead3a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -90,7 +90,7 @@ jobs: uses: actions/checkout@v3 - name: Check Dependencies' License - uses: apache/skywalking-eyes/dependency@0.6.0 + uses: apache/skywalking-eyes/dependency@main env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 82a0f6b96f7f1ee932e15d0d27cb10e6ef924b70 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 12:50:03 +0800 Subject: [PATCH 13/53] See debug log to prove it works --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 33782ead3a..b7a885e513 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -91,8 +91,8 @@ jobs: - name: Check Dependencies' License uses: apache/skywalking-eyes/dependency@main - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + log: debug - name: Check third party dependencies run: | From 3e73b4c84822e26b5d4ea6735a77a3115b757d96 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 13:12:46 +0800 Subject: [PATCH 14/53] skywalking-eyes/dependency doesn't support gradle, test basic actions/dependency-review-action --- .github/workflows/ci.yml | 38 +++++++++++++++++------------------ .github/workflows/license.yml | 24 ++++++++++++++++++++++ 2 files changed, 43 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/license.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b7a885e513..47a184c54e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,22 +81,22 @@ jobs: - name: Upload coverage report to codecov.io run: bash <(curl -s https://codecov.io/bash) || echo 'Failed to upload coverage report!' - license-check: - name: License Check - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Check Dependencies' License - uses: apache/skywalking-eyes/dependency@main - with: - log: debug - - - name: Check third party dependencies - run: | - ./gradlew clean dist -x spotlessJava -x test -x checkstyleMain -x javaDoc && ./gradlew installPlugin && ./gradlew tar - bash tools/dependency-check/check-dependencies.sh - env: - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} +# license-check: +# name: License Check +# runs-on: ubuntu-latest +# +# steps: +# - name: Checkout repository +# uses: actions/checkout@v3 +# +# - name: Check Dependencies' License +# uses: apache/skywalking-eyes/dependency@main +# with: +# log: debug +# +# - name: Check third party dependencies +# run: | +# ./gradlew clean dist -x spotlessJava -x test -x checkstyleMain -x javaDoc && ./gradlew installPlugin && ./gradlew tar +# bash tools/dependency-check/check-dependencies.sh +# env: +# GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml new file mode 100644 index 0000000000..1a3fb19bee --- /dev/null +++ b/.github/workflows/license.yml @@ -0,0 +1,24 @@ +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: 'Checkout Repository' + uses: actions/checkout@v4 + - name: 'Dependency Review' + uses: actions/dependency-review-action@v4 + with: + vulnerability-check: true + fail-on-severity: critical + license-check: true + # MX4J, DOM4J, Eclipse Distribution License 1.0, Cup Parser Generator +# allow-licenses: | +# Apache-2.0, Apache-1.1, PHP-3.01, +# BSD-2-Clause, BSD-3-Clause, PostgreSQL, BSD-3-Clause-LBNL, +# MIT, X11, ISC, SMLNJ, MIT-0 +# ICU, \ No newline at end of file From 7938772552fdf47b93e4097e199b2964823ae5a1 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 13:51:37 +0800 Subject: [PATCH 15/53] Add all denied licenses --- .github/dependabot.yml | 4 ++++ .github/workflows/license.yml | 13 +++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c025778dc5..3c6826d4a6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,3 +27,7 @@ updates: ignore: - dependency-name: "*" update-types: ["version-update:semver-major"] + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 1a3fb19bee..a85c0f75c3 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -13,9 +13,18 @@ jobs: - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: - vulnerability-check: true - fail-on-severity: critical + vulnerability-check: false license-check: true + # Compatible/Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html + # Special notice for GPL licenses: https://www.apache.org/licenses/GPL-compatibility.html + # Find SPDX identifiers here: https://spdx.org/licenses/ + deny-licenses: | + MS-LPL, ASL, RSAL, BUSL-1.1, + CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0 +# GPL-1.0, GPL-2.0, GPL-3.0, AGPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, +# GPL-1.0-only, GPL-2.0-only, GPL-3.0-only, AGPL-3.0-only, LGPL-2.0-only, LGPL-2.1-only, LGPL-3.0-only, + QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, + BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON # MX4J, DOM4J, Eclipse Distribution License 1.0, Cup Parser Generator # allow-licenses: | # Apache-2.0, Apache-1.1, PHP-3.01, From 67428e6453b50e677b54ec097afa978f366ab812 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 14:06:58 +0800 Subject: [PATCH 16/53] Remove redundant check --- .github/workflows/ci.yml | 20 -- .github/workflows/license.yml | 12 +- .licenserc.yaml | 52 --- tools/dependency-check/check-dependencies.sh | 60 ---- tools/dependency-check/known-dependencies.txt | 307 ------------------ 5 files changed, 3 insertions(+), 448 deletions(-) delete mode 100644 .licenserc.yaml delete mode 100644 tools/dependency-check/check-dependencies.sh delete mode 100644 tools/dependency-check/known-dependencies.txt diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 47a184c54e..d36135b100 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -80,23 +80,3 @@ jobs: - name: Upload coverage report to codecov.io run: bash <(curl -s https://codecov.io/bash) || echo 'Failed to upload coverage report!' - -# license-check: -# name: License Check -# runs-on: ubuntu-latest -# -# steps: -# - name: Checkout repository -# uses: actions/checkout@v3 -# -# - name: Check Dependencies' License -# uses: apache/skywalking-eyes/dependency@main -# with: -# log: debug -# -# - name: Check third party dependencies -# run: | -# ./gradlew clean dist -x spotlessJava -x test -x checkstyleMain -x javaDoc && ./gradlew installPlugin && ./gradlew tar -# bash tools/dependency-check/check-dependencies.sh -# env: -# GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index a85c0f75c3..daa39eca36 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -1,4 +1,4 @@ -name: 'Dependency Review' +name: 'License Check' on: [pull_request] permissions: @@ -21,13 +21,7 @@ jobs: deny-licenses: | MS-LPL, ASL, RSAL, BUSL-1.1, CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0 -# GPL-1.0, GPL-2.0, GPL-3.0, AGPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, -# GPL-1.0-only, GPL-2.0-only, GPL-3.0-only, AGPL-3.0-only, LGPL-2.0-only, LGPL-2.1-only, LGPL-3.0-only, + GPL-1.0, GPL-2.0, GPL-3.0, AGPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, + GPL-1.0-only, GPL-2.0-only, GPL-3.0-only, AGPL-3.0-only, LGPL-2.0-only, LGPL-2.1-only, LGPL-3.0-only, QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON - # MX4J, DOM4J, Eclipse Distribution License 1.0, Cup Parser Generator -# allow-licenses: | -# Apache-2.0, Apache-1.1, PHP-3.01, -# BSD-2-Clause, BSD-3-Clause, PostgreSQL, BSD-3-Clause-LBNL, -# MIT, X11, ISC, SMLNJ, MIT-0 -# ICU, \ No newline at end of file diff --git a/.licenserc.yaml b/.licenserc.yaml deleted file mode 100644 index 02ed56e288..0000000000 --- a/.licenserc.yaml +++ /dev/null @@ -1,52 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# - -header: - license: - spdx-id: Apache-2.0 - copyright-owner: Apache Software Foundation - - paths-ignore: - - 'eventmesh-operator/config/crd/bases' - - 'eventmesh-operator/config/rbac' - - '.github/PULL_REQUEST_TEMPLATE' - - '.gitmodules' - - '**/.gitkeep' - - '**/.gitignore' - - '**/.dockerignore' - - '**/*.md' - - '**/*.json' - - '**/*.ftl' - - '**/*.iml' - - '**/*.ini' - - '**/*.crt' - - '**/*.pem' - - '**/go.sum' - - '**/Cargo.lock' - - 'LICENSE' - - 'NOTICE' - - 'gradlew' - - 'gradlew.bat' - - '**/*.txt' - - comment: on-failure - - dependency: - files: - - build.gradle diff --git a/tools/dependency-check/check-dependencies.sh b/tools/dependency-check/check-dependencies.sh deleted file mode 100644 index 4ad723e6c3..0000000000 --- a/tools/dependency-check/check-dependencies.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# ******************************************************************** -# This script used to check the dependencies are all in our exception. -# This will not check the license legality -# ******************************************************************** - -# Used to store the tmp files -decompress_conf='build/tmp' -# store all our known dependencies -known_third_party_dependencies_txt='tools/dependency-check/known-dependencies.txt' - -# Below files is generated by this script -# store all dependencies from EventMesh binary jar -all_dependencies_txt='tools/dependency-check/all-dependencies.txt' -# store all EventMesh self modules' name -self_modules_txt='tools/dependency-check/self-modules.txt' -# store all third party dependencies -third_party_dependencies_txt='tools/dependency-check/third-party-dependencies.txt' - -mkdir -p $decompress_conf -tar -zxf build/eventmesh*.tar.gz -C $decompress_conf - -./gradlew printProjects | grep '.jar' > "$self_modules_txt" - -find "$decompress_conf" -name "*.jar" -exec basename {} \; | sort | uniq > "$all_dependencies_txt" - -grep -wvf "$self_modules_txt" "$all_dependencies_txt" | sort | uniq > "$third_party_dependencies_txt" - -# Only keep the artifact name -sed -i 's/-[0-9].*\.jar//g' "$third_party_dependencies_txt" -sort -u -o "$third_party_dependencies_txt" "$third_party_dependencies_txt" - -# If the check is success it will return 0 -sort "$known_third_party_dependencies_txt" | diff - "$third_party_dependencies_txt" - -compareCode=$? -if [ $compareCode -eq 0 ] -then - echo "Dependency check success." -else - echo "Dependency check failed. Please add new dependencies to known-dependencies.txt." - exit $compareCode -fi \ No newline at end of file diff --git a/tools/dependency-check/known-dependencies.txt b/tools/dependency-check/known-dependencies.txt deleted file mode 100644 index aaadcfdd3f..0000000000 --- a/tools/dependency-check/known-dependencies.txt +++ /dev/null @@ -1,307 +0,0 @@ -FastInfoset -ST4 -accessors-smart -alibabacloud-gateway-spi -amqp-client -animal-sniffer-annotations -annotations -antlr -antlr-runtime -antlr4 -antlr4-runtime -aopalliance -apache-client -arns -asm -asm-analysis -asm-commons -asm-tree -asm-util -assertj-core -async-http-client -async-http-client-netty-utils -audience-annotations -auth -aws-core -aws-query-protocol -aws-xml-protocol -bcpkix-jdk15on -bcprov-ext-jdk15on -bcprov-jdk15on -bcutil-jdk15on -bolt -bouncy-castle-bc -bson -byte-buddy -cache-api -checker-qual -classmate -cloudevents-api -cloudevents-core -cloudevents-http-vertx -cloudevents-json-jackson -cloudevents-kafka -cloudevents-protobuf -commons-beanutils -commons-cli -commons-codec -commons-collections -commons-collections4 -commons-digester -commons-io -commons-lang3 -commons-logging -commons-text -commons-validator -consul-api -credentials-java -crt-core -curator-client -curator-framework -curator-recipes -dingtalk -disruptor -dledger -dom4j -druid -endpoint-util -endpoints-spi -error_prone_annotations -eventstream -failureaccess -fastjson -fastjson2 -gateway-dingtalk -google-auth-library-credentials -grpc-api -grpc-auth -grpc-context -grpc-core -grpc-grpclb -grpc-netty -grpc-netty-shaded -grpc-protobuf -grpc-protobuf-lite -grpc-stub -gson -guava -guava-retrying -guice -hibernate-commons-annotations -hibernate-core -hibernate-validator -http-client-spi -httpasyncclient -httpclient -httpcore -httpcore-nio -httpmime -icu4j -ini4j -ipaddress -istack-commons-runtime -j2objc-annotations -jackson-annotations -jackson-core -jackson-databind -jackson-dataformat-yaml -jackson-datatype-jsr310 -jakarta.annotation-api -jakarta.validation-api -jandex -javassist -javax.activation -javax.activation-api -javax.annotation-api -javax.inject -javax.persistence-api -javax.ws.rs-api -jaxb-api -jaxb-core -jaxb-impl -jaxb-runtime -jaxen -jboss-logging -jboss-marshalling -jboss-marshalling-river -jboss-transaction-api_1.2_spec -jcip-annotations -jcommander -jetcd-common -jetcd-core -jetcd-resolver -jjwt-api -jjwt-impl -jjwt-jackson -jna -jodd-bean -jodd-core -json-path -json-smart -json-utils -jsr305 -jul-to-slf4j -kafka-clients -listenablefuture -log4j-api -log4j-core -log4j-slf4j-impl -log4j-slf4j2-impl -logback-classic -logback-core -lz4-java -metrics-annotation -metrics-core -metrics-healthchecks -metrics-json -metrics-spi -mongodb-driver -mongodb-driver-core -mysql-binlog-connector-java -mysql-connector-j -nacos-auth-plugin -nacos-client -nacos-encryption-plugin -netty -netty-all -netty-buffer -netty-codec -netty-codec-dns -netty-codec-haproxy -netty-codec-http -netty-codec-http2 -netty-codec-memcache -netty-codec-mqtt -netty-codec-redis -netty-codec-smtp -netty-codec-socks -netty-codec-stomp -netty-codec-xml -netty-common -netty-handler -netty-handler-proxy -netty-nio-client -netty-reactive-streams -netty-resolver -netty-resolver-dns -netty-resolver-dns-classes-macos -netty-resolver-dns-native-macos -netty-tcnative-boringssl-static -netty-tcnative-classes -netty-transport -netty-transport-classes-epoll -netty-transport-classes-kqueue -netty-transport-native-epoll -netty-transport-native-kqueue -netty-transport-native-unix-common -netty-transport-rxtx -netty-transport-sctp -netty-transport-udt -oapi-sdk -okhttp -okio -openapiutil -openmessaging-api -opentelemetry-api -opentelemetry-api-metrics -opentelemetry-context -opentelemetry-exporter-jaeger -opentelemetry-exporter-prometheus -opentelemetry-exporter-zipkin -opentelemetry-sdk -opentelemetry-sdk-common -opentelemetry-sdk-metrics -opentelemetry-sdk-trace -opentelemetry-semconv -org.abego.treelayout.core -org.jacoco.agent -perfmark-api -pinpoint-annotations -pinpoint-bootstrap -pinpoint-bootstrap-core -pinpoint-commons -pinpoint-commons-buffer -pinpoint-commons-profiler -pinpoint-grpc -pinpoint-profiler -pinpoint-rpc -pravega-client -pravega-common -pravega-shared-authplugin -pravega-shared-controller-api -pravega-shared-protocol -pravega-shared-security -profiles -proto-google-common-protos -protobuf-java -protobuf-java-util -protocol-core -pull-parser -pulsar-client -pulsar-client-admin-api -pulsar-client-api -reactive-streams -reactor-core -redisson -regions -relaxngDatatype -rocketmq-acl -rocketmq-broker -rocketmq-client -rocketmq-common -rocketmq-filter -rocketmq-logging -rocketmq-namesrv -rocketmq-remoting -rocketmq-srvutil -rocketmq-store -rocketmq-tools -rxjava -s3 -sdk-core -simpleclient -simpleclient_common -simpleclient_httpserver -slack-api-client -slack-api-model -slack-app-backend -slf4j-api -snakeyaml -snappy-java -spring-aop -spring-beans -spring-boot -spring-boot-autoconfigure -spring-boot-starter -spring-boot-starter-logging -spring-boot-starter-validation -spring-context -spring-core -spring-expression -spring-jcl -spring-messaging -stax-api -stax-ex -tea -tea-openapi -tea-util -tea-xml -third-party-jackson-core -tomcat-embed-el -txw2 -utils -validation-api -vertx-auth-common -vertx-bridge-common -vertx-core -vertx-web -vertx-web-client -vertx-web-common -xpp3 -xsdlib -zipkin -zipkin-reporter -zipkin-sender-okhttp3 -zookeeper -zookeeper-jute -zstd-jni From 2e48a532c4482735a151f70e634846a483dd04c5 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 14:10:34 +0800 Subject: [PATCH 17/53] Remove not included SPDX: ASL, RSAL --- .github/workflows/license.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index daa39eca36..d53fa6ea77 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -15,12 +15,12 @@ jobs: with: vulnerability-check: false license-check: true - # Compatible/Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html + # Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html # Special notice for GPL licenses: https://www.apache.org/licenses/GPL-compatibility.html # Find SPDX identifiers here: https://spdx.org/licenses/ deny-licenses: | - MS-LPL, ASL, RSAL, BUSL-1.1, - CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0 + MS-LPL, BUSL-1.1, + CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0, GPL-1.0, GPL-2.0, GPL-3.0, AGPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, GPL-1.0-only, GPL-2.0-only, GPL-3.0-only, AGPL-3.0-only, LGPL-2.0-only, LGPL-2.1-only, LGPL-3.0-only, QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, From bb9acc87ca988c52c2d1514ec02cd33aaf1667c7 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 16:35:19 +0800 Subject: [PATCH 18/53] Add a useful printAllDependencyTrees task --- build.gradle | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build.gradle b/build.gradle index 3cd8460b9a..e3de5007dc 100644 --- a/build.gradle +++ b/build.gradle @@ -231,6 +231,9 @@ subprojects { delete 'dist' } + // Print all dependencies trees, useful for finding artifacts + tasks.register('printAllDependencyTrees', DependencyReportTask) {} + jacoco { toolVersion = "0.8.6" } From e83b6a82265566a7591c64277d15a448e5980413 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 17:10:34 +0800 Subject: [PATCH 19/53] Exampt safe artifact under multiple licenses --- .github/workflows/license.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index d53fa6ea77..f0072ad91e 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -25,3 +25,4 @@ jobs: GPL-1.0-only, GPL-2.0-only, GPL-3.0-only, AGPL-3.0-only, LGPL-2.0-only, LGPL-2.1-only, LGPL-3.0-only, QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON + allow-dependencies-licenses: 'pkg:maven/com.rabbitmq/amqp-client' \ No newline at end of file From ce7d63233f1c65fd8fe507347a1171b4f5dc7a25 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 19:27:40 +0800 Subject: [PATCH 20/53] Exempt more safe artifacts (Looks like the last of them) --- .github/workflows/license.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index f0072ad91e..632f556de1 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -25,4 +25,7 @@ jobs: GPL-1.0-only, GPL-2.0-only, GPL-3.0-only, AGPL-3.0-only, LGPL-2.0-only, LGPL-2.1-only, LGPL-3.0-only, QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON - allow-dependencies-licenses: 'pkg:maven/com.rabbitmq/amqp-client' \ No newline at end of file + # Artifacts with multiple licenses, where at least one license is compatible with Apache 2.0, are allowed. + allow-dependencies-licenses: | + 'pkg:maven/com.rabbitmq/amqp-client, pkg:maven/ch.qos.logback/logback-classic, pkg:maven/ch.qos.logback/logback-core, + pkg:maven/javax.xml.stream/stax-api' \ No newline at end of file From 45ca6d64dfda21b2fefb5147581d10ac4945c641 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 19:44:07 +0800 Subject: [PATCH 21/53] 'allow-dependencies-licenses' attribute only supports single-line text --- .github/workflows/license.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 632f556de1..4571d4360f 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -18,7 +18,7 @@ jobs: # Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html # Special notice for GPL licenses: https://www.apache.org/licenses/GPL-compatibility.html # Find SPDX identifiers here: https://spdx.org/licenses/ - deny-licenses: | + deny-licenses: > MS-LPL, BUSL-1.1, CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0, GPL-1.0, GPL-2.0, GPL-3.0, AGPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, @@ -26,6 +26,7 @@ jobs: QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON # Artifacts with multiple licenses, where at least one license is compatible with Apache 2.0, are allowed. - allow-dependencies-licenses: | - 'pkg:maven/com.rabbitmq/amqp-client, pkg:maven/ch.qos.logback/logback-classic, pkg:maven/ch.qos.logback/logback-core, - pkg:maven/javax.xml.stream/stax-api' \ No newline at end of file + allow-dependencies-licenses: > + pkg:maven/com.rabbitmq/amqp-client, + pkg:maven/ch.qos.logback/logback-classic, pkg:maven/ch.qos.logback/logback-core, + pkg:maven/javax.xml.stream/stax-api \ No newline at end of file From 194ab5839d1a1063dc6717d50eb66dedbb445238 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 16 Apr 2024 11:14:38 +0800 Subject: [PATCH 22/53] Add a TODO comment --- .github/workflows/license.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 4571d4360f..215c780bc6 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -26,6 +26,7 @@ jobs: QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON # Artifacts with multiple licenses, where at least one license is compatible with Apache 2.0, are allowed. + # TODO This attribute can be removed after https://github.com/actions/dependency-review-action/issues/670 is resolved. allow-dependencies-licenses: > pkg:maven/com.rabbitmq/amqp-client, pkg:maven/ch.qos.logback/logback-classic, pkg:maven/ch.qos.logback/logback-core, From 2daf146573940e9fa8cd2116c2dc4d3759fadd1c Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 16 Apr 2024 12:22:29 +0800 Subject: [PATCH 23/53] Add more file extensions for checkstyle --- build.gradle | 2 +- eventmesh-sdks/eventmesh-sdk-go/.golangci.yml | 25 ++++++++--------- eventmesh-sdks/eventmesh-sdk-rust/Cargo.toml | 28 +++++++++---------- style/checkStyle.xml | 21 ++++++++++---- style/checkstyle-header-c.txt | 14 ++++++++++ ...header1.txt => checkstyle-header-java.txt} | 0 ...eader3.txt => checkstyle-header-shell.txt} | 0 style/checkstyle-header-xml.txt | 18 ++++++++++++ ...header2.txt => checkstyle-header-yaml.txt} | 0 9 files changed, 74 insertions(+), 34 deletions(-) create mode 100644 style/checkstyle-header-c.txt rename style/{checkstyle-header1.txt => checkstyle-header-java.txt} (100%) rename style/{checkstyle-header3.txt => checkstyle-header-shell.txt} (100%) create mode 100644 style/checkstyle-header-xml.txt rename style/{checkstyle-header2.txt => checkstyle-header-yaml.txt} (100%) diff --git a/build.gradle b/build.gradle index e3de5007dc..71f58c66e0 100644 --- a/build.gradle +++ b/build.gradle @@ -119,7 +119,7 @@ allprojects { } importOrder ('\\#org.apache.eventmesh','\\#org.apache','\\#java','\\#javax','\\#org','\\#io','\\#net','\\#junit','\\#com','\\#lombok', 'org.apache.eventmesh','org.apache','java','javax','org','io','net','junit','com','lombok') - licenseHeaderFile rootProject.file('style/checkstyle-header1.txt') + licenseHeaderFile rootProject.file('style/checkstyle-header-java.txt') eclipse().configFile("${rootDir}/style/task/eventmesh-spotless-formatter.xml") removeUnusedImports() } diff --git a/eventmesh-sdks/eventmesh-sdk-go/.golangci.yml b/eventmesh-sdks/eventmesh-sdk-go/.golangci.yml index 5fe51209d7..9b1e3ec439 100644 --- a/eventmesh-sdks/eventmesh-sdk-go/.golangci.yml +++ b/eventmesh-sdks/eventmesh-sdk-go/.golangci.yml @@ -1,21 +1,20 @@ # -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # - # Options for analysis running. run: # The default concurrency value is the number of available CPU. diff --git a/eventmesh-sdks/eventmesh-sdk-rust/Cargo.toml b/eventmesh-sdks/eventmesh-sdk-rust/Cargo.toml index 0209e3d5e5..42bf18682c 100644 --- a/eventmesh-sdks/eventmesh-sdk-rust/Cargo.toml +++ b/eventmesh-sdks/eventmesh-sdk-rust/Cargo.toml @@ -1,20 +1,20 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# http://www.apache.org/licenses/LICENSE-2.0 # +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + [package] name = "eventmesh" version = "1.9.0" diff --git a/style/checkStyle.xml b/style/checkStyle.xml index cfa1972893..71523b819d 100644 --- a/style/checkStyle.xml +++ b/style/checkStyle.xml @@ -24,20 +24,29 @@ - + - - + + - - + + - + + + + + + + + + + diff --git a/style/checkstyle-header-c.txt b/style/checkstyle-header-c.txt new file mode 100644 index 0000000000..63f7276486 --- /dev/null +++ b/style/checkstyle-header-c.txt @@ -0,0 +1,14 @@ +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. diff --git a/style/checkstyle-header1.txt b/style/checkstyle-header-java.txt similarity index 100% rename from style/checkstyle-header1.txt rename to style/checkstyle-header-java.txt diff --git a/style/checkstyle-header3.txt b/style/checkstyle-header-shell.txt similarity index 100% rename from style/checkstyle-header3.txt rename to style/checkstyle-header-shell.txt diff --git a/style/checkstyle-header-xml.txt b/style/checkstyle-header-xml.txt new file mode 100644 index 0000000000..6a9947a49a --- /dev/null +++ b/style/checkstyle-header-xml.txt @@ -0,0 +1,18 @@ + + diff --git a/style/checkstyle-header2.txt b/style/checkstyle-header-yaml.txt similarity index 100% rename from style/checkstyle-header2.txt rename to style/checkstyle-header-yaml.txt From 2e733d404205e634a7a7140087c80acf4effc0dd Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 16 Apr 2024 12:42:39 +0800 Subject: [PATCH 24/53] Resolve some checkstyle header violations --- .github/dependabot.yml | 26 ++++++++--------- .github/workflows/ci.yml | 26 ++++++++--------- .github/workflows/codeql.yml | 26 ++++++++--------- .github/workflows/docker.yaml | 27 +++++++++-------- .github/workflows/license.yml | 29 +++++++++++++++++++ .github/workflows/stale.yml | 26 ++++++++--------- docker/Dockerfile_jdk11 | 27 +++++++++-------- docker/Dockerfile_jdk8 | 27 +++++++++-------- ....apache.io.openmessaging.producer.Producer | 27 +++++++++-------- ....apache.io.openmessaging.producer.Producer | 27 +++++++++-------- style/checkStyle.xml | 7 +++-- style/checkstyle-header-xml.txt | 1 - 12 files changed, 146 insertions(+), 130 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3c6826d4a6..1a6cb7361a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,20 +1,18 @@ # -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # version: 2 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d36135b100..c304598f85 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,20 +1,18 @@ # -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # name: "Continuous Integration" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d8a345a39f..9f8c2ab5be 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,20 +1,18 @@ # -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # name: "CodeQL" diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index ab49c8204e..9bfd296d3f 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,21 +1,20 @@ # -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # + name: Docker on: release: diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 215c780bc6..cec8ede86d 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -1,3 +1,20 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + name: 'License Check' on: [pull_request] @@ -5,6 +22,18 @@ permissions: contents: read jobs: + license-check: + name: License Check + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Check license header + uses: apache/skywalking-eyes@main + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} dependency-review: runs-on: ubuntu-latest steps: diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 728d32adfa..963e93c129 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,20 +1,18 @@ # -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # name: 'Remind stale issues and PRs' diff --git a/docker/Dockerfile_jdk11 b/docker/Dockerfile_jdk11 index 95eaeb9851..14afdb7406 100644 --- a/docker/Dockerfile_jdk11 +++ b/docker/Dockerfile_jdk11 @@ -1,21 +1,20 @@ # -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # + FROM openjdk:11-jdk as builder WORKDIR /build COPY . . diff --git a/docker/Dockerfile_jdk8 b/docker/Dockerfile_jdk8 index 78c16290f5..59dc1ae757 100644 --- a/docker/Dockerfile_jdk8 +++ b/docker/Dockerfile_jdk8 @@ -1,21 +1,20 @@ # -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # + FROM openjdk:11-jdk as builder_11 WORKDIR /build COPY . . diff --git a/eventmesh-storage-plugin/eventmesh-storage-kafka/src/test/resources/META-INF/services/org.apache.io.openmessaging.producer.Producer b/eventmesh-storage-plugin/eventmesh-storage-kafka/src/test/resources/META-INF/services/org.apache.io.openmessaging.producer.Producer index 358b84da4b..250a802e47 100644 --- a/eventmesh-storage-plugin/eventmesh-storage-kafka/src/test/resources/META-INF/services/org.apache.io.openmessaging.producer.Producer +++ b/eventmesh-storage-plugin/eventmesh-storage-kafka/src/test/resources/META-INF/services/org.apache.io.openmessaging.producer.Producer @@ -1,20 +1,19 @@ # -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # + org.apache.eventmesh.connector.kafka.producer.ProducerImpl \ No newline at end of file diff --git a/eventmesh-storage-plugin/eventmesh-storage-rocketmq/src/test/resources/META-INF/services/org.apache.io.openmessaging.producer.Producer b/eventmesh-storage-plugin/eventmesh-storage-rocketmq/src/test/resources/META-INF/services/org.apache.io.openmessaging.producer.Producer index 930fe625e0..3041042c69 100644 --- a/eventmesh-storage-plugin/eventmesh-storage-rocketmq/src/test/resources/META-INF/services/org.apache.io.openmessaging.producer.Producer +++ b/eventmesh-storage-plugin/eventmesh-storage-rocketmq/src/test/resources/META-INF/services/org.apache.io.openmessaging.producer.Producer @@ -1,20 +1,19 @@ # -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# http://www.apache.org/licenses/LICENSE-2.0 # -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # + ProducerImpl \ No newline at end of file diff --git a/style/checkStyle.xml b/style/checkStyle.xml index 71523b819d..87930c8b02 100644 --- a/style/checkStyle.xml +++ b/style/checkStyle.xml @@ -14,7 +14,6 @@ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License. - ~ --> - + @@ -36,6 +35,7 @@ + @@ -67,6 +67,7 @@ + @@ -376,4 +377,4 @@ - + \ No newline at end of file diff --git a/style/checkstyle-header-xml.txt b/style/checkstyle-header-xml.txt index 6a9947a49a..4acb57c648 100644 --- a/style/checkstyle-header-xml.txt +++ b/style/checkstyle-header-xml.txt @@ -14,5 +14,4 @@ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ~ See the License for the specific language governing permissions and ~ limitations under the License. - ~ --> From 6d4fa7567aa0777239ccc60191ae801002e4790c Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 16 Apr 2024 13:50:11 +0800 Subject: [PATCH 25/53] Add back apache/skywalking-eyes --- .github/workflows/license.yml | 14 ++-------- licenserc.yaml | 48 +++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 12 deletions(-) create mode 100644 licenserc.yaml diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index cec8ede86d..dbc419f71d 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -22,23 +22,13 @@ permissions: contents: read jobs: - license-check: - name: License Check - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Check license header - uses: apache/skywalking-eyes@main - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} dependency-review: runs-on: ubuntu-latest steps: - name: 'Checkout Repository' uses: actions/checkout@v4 + - name: 'Check license header' + uses: apache/skywalking-eyes@main - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: diff --git a/licenserc.yaml b/licenserc.yaml new file mode 100644 index 0000000000..c820f8ba74 --- /dev/null +++ b/licenserc.yaml @@ -0,0 +1,48 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +header: + license: + spdx-id: Apache-2.0 + copyright-owner: Apache Software Foundation + + paths-ignore: + - 'eventmesh-operator/config/crd/bases' + - 'eventmesh-operator/config/rbac' + - '.github/PULL_REQUEST_TEMPLATE' + - '.gitmodules' + - '**/.gitkeep' + - '**/.gitignore' + - '**/.dockerignore' + - '**/*.md' + - '**/*.json' + - '**/*.ftl' + - '**/*.iml' + - '**/*.ini' + - '**/*.crt' + - '**/*.pem' + - '**/go.sum' + - '**/Cargo.lock' + - 'LICENSE' + - 'NOTICE' + - 'gradlew' + - 'gradlew.bat' + - '**/*.txt' + + comment: on-failure From 047450fc2c684abc317b6ddd5f3b76aae30473b3 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 16 Apr 2024 13:56:06 +0800 Subject: [PATCH 26/53] Fix downloaded file didn't have a `.` --- licenserc.yaml => .licenserc.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename licenserc.yaml => .licenserc.yaml (100%) diff --git a/licenserc.yaml b/.licenserc.yaml similarity index 100% rename from licenserc.yaml rename to .licenserc.yaml From f235a0139c138e09eec58a52c1fc862e4fff98d2 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 17 Apr 2024 23:42:49 +0800 Subject: [PATCH 27/53] Disable Go deps update & Must pass CI before merge --- .asf.yaml | 6 ++++++ .github/dependabot.yml | 12 ++++++++++-- .github/workflows/ci.yml | 2 +- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/.asf.yaml b/.asf.yaml index 8bcc57a651..5fbcbc1b34 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -44,6 +44,12 @@ github: master: required_status_checks: strict: true + contexts: + - dependency-review + - Build (ubuntu-latest, 8, java) + - Build (ubuntu-latest, 11, java) + - Build (macOS-latest, 8, java) + - Build (macOS-latest, 11, java) required_pull_request_reviews: dismiss_stale_reviews: true required_approving_review_count: 2 diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 1a6cb7361a..b4b1d8e39d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -19,12 +19,20 @@ version: 2 updates: - package-ecosystem: "gradle" directory: "/" - open-pull-requests-limit: 10 + open-pull-requests-limit: 15 schedule: interval: "weekly" ignore: - dependency-name: "*" - update-types: ["version-update:semver-major"] + update-types: [ "version-update:semver-major" ] + - package-ecosystem: "gomod" + directory: "eventmesh-sdks/eventmesh-sdk-go" + schedule: + interval: "monthly" + ignore: + - dependency-name: "*" + # Disabled temporarily since the Go SDK is not integrated with CI + update-types: [ "version-update:semver-major", "version-update:semver-minor", "version-update:semver-patch" ] - package-ecosystem: "github-actions" directory: "/" schedule: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c304598f85..79f4009c59 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: matrix: os: [ ubuntu-latest, macOS-latest ] java: [ 8, 11 ] - language: ['java'] + language: [ 'java' ] runs-on: ${{ matrix.os }} steps: From fb2391759df0269e1a7764f3ce2679ed8d1fe5d4 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 18 Apr 2024 12:20:53 +0800 Subject: [PATCH 28/53] No need to force up-to-date & Auto-approve only --- .asf.yaml | 2 +- .github/workflows/auto-dependabot.yml | 42 +++++++++++++++++++++++++++ .github/workflows/license.yml | 3 +- 3 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/auto-dependabot.yml diff --git a/.asf.yaml b/.asf.yaml index 5fbcbc1b34..20b181eb19 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -43,7 +43,7 @@ github: protected_branches: master: required_status_checks: - strict: true + strict: false contexts: - dependency-review - Build (ubuntu-latest, 8, java) diff --git a/.github/workflows/auto-dependabot.yml b/.github/workflows/auto-dependabot.yml new file mode 100644 index 0000000000..0d43a05866 --- /dev/null +++ b/.github/workflows/auto-dependabot.yml @@ -0,0 +1,42 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Dependabot Auto-approve +on: pull_request_target + +permissions: + contents: write + pull-requests: write + +jobs: + # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions + # Pull request Auto merge is not enabled for this repository + dependabot: + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Approve PR + run: gh pr review --approve "$PR_URL" + env: + PR_URL: ${{ github.event.pull_request.html_url }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index dbc419f71d..739b8b0215 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -46,7 +46,8 @@ jobs: BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON # Artifacts with multiple licenses, where at least one license is compatible with Apache 2.0, are allowed. # TODO This attribute can be removed after https://github.com/actions/dependency-review-action/issues/670 is resolved. + # TODO logback can be removed after merging https://github.com/apache/eventmesh/pull/4719 allow-dependencies-licenses: > pkg:maven/com.rabbitmq/amqp-client, pkg:maven/ch.qos.logback/logback-classic, pkg:maven/ch.qos.logback/logback-core, - pkg:maven/javax.xml.stream/stax-api \ No newline at end of file + pkg:maven/javax.xml.stream/stax-api From 87dc5a9415d922b09ad17efb62dbe9cb691351e9 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 18 Apr 2024 12:37:08 +0800 Subject: [PATCH 29/53] Remove the slash at the end of the homepage url in Repo GitHub desc --- .asf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.asf.yaml b/.asf.yaml index 20b181eb19..90167d8934 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -17,7 +17,7 @@ github: description: EventMesh is a new generation serverless event middleware for building distributed event-driven applications. - homepage: https://eventmesh.apache.org/ + homepage: https://eventmesh.apache.org labels: - pubsub - event-mesh From f666bb8a704d07d7f527f3a2ef2846823085bc3d Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 18 Apr 2024 13:38:53 +0800 Subject: [PATCH 30/53] Skip patch updates temporarily to reduce PR noise --- .github/dependabot.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b4b1d8e39d..363653d483 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -24,7 +24,8 @@ updates: interval: "weekly" ignore: - dependency-name: "*" - update-types: [ "version-update:semver-major" ] + # Skip patch updates temporarily to reduce PR noise + update-types: [ "version-update:semver-major", "version-update:semver-patch" ] - package-ecosystem: "gomod" directory: "eventmesh-sdks/eventmesh-sdk-go" schedule: From 0261ef6174d0a431074226b96589c375b4f11242 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 18 Apr 2024 15:14:16 +0800 Subject: [PATCH 31/53] Logback removed after https://github.com/apache/eventmesh/pull/4831/commits/be06ef7441d58b6cf148ca6fe7457525502fcf4d --- .github/workflows/license.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 739b8b0215..62045d827c 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -46,8 +46,6 @@ jobs: BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON # Artifacts with multiple licenses, where at least one license is compatible with Apache 2.0, are allowed. # TODO This attribute can be removed after https://github.com/actions/dependency-review-action/issues/670 is resolved. - # TODO logback can be removed after merging https://github.com/apache/eventmesh/pull/4719 allow-dependencies-licenses: > pkg:maven/com.rabbitmq/amqp-client, - pkg:maven/ch.qos.logback/logback-classic, pkg:maven/ch.qos.logback/logback-core, pkg:maven/javax.xml.stream/stax-api From b0b657b1619e99ae6e3a08cdd2a2bb070d0f73e1 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 22 Apr 2024 22:33:03 +0800 Subject: [PATCH 32/53] Accept patch update --- .asf.yaml | 4 +--- .github/dependabot.yml | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.asf.yaml b/.asf.yaml index 90167d8934..36f6293d04 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -17,7 +17,7 @@ github: description: EventMesh is a new generation serverless event middleware for building distributed event-driven applications. - homepage: https://eventmesh.apache.org + homepage: https://eventmesh.apache.org/ labels: - pubsub - event-mesh @@ -48,8 +48,6 @@ github: - dependency-review - Build (ubuntu-latest, 8, java) - Build (ubuntu-latest, 11, java) - - Build (macOS-latest, 8, java) - - Build (macOS-latest, 11, java) required_pull_request_reviews: dismiss_stale_reviews: true required_approving_review_count: 2 diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 363653d483..b4b1d8e39d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -24,8 +24,7 @@ updates: interval: "weekly" ignore: - dependency-name: "*" - # Skip patch updates temporarily to reduce PR noise - update-types: [ "version-update:semver-major", "version-update:semver-patch" ] + update-types: [ "version-update:semver-major" ] - package-ecosystem: "gomod" directory: "eventmesh-sdks/eventmesh-sdk-go" schedule: From 9f91fa4293f9da94e2dc382b5c978c7f45e2bd9b Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 23 Apr 2024 16:23:34 +0800 Subject: [PATCH 33/53] Submit dependency graph --- .github/workflows/ci.yml | 8 ++++---- .github/workflows/codeql.yml | 12 ++++++------ .github/workflows/greetings.yml | 2 +- .github/workflows/license.yml | 6 ++++-- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 79f4009c59..f8c5190f67 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,7 +36,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - if: matrix.language == 'cpp' || matrix.language == 'csharp' name: Build C @@ -46,10 +46,10 @@ jobs: make -C ./eventmesh-sdks/eventmesh-sdk-c - name: Setup Gradle - uses: gradle/gradle-build-action@v2 + uses: gradle/actions/setup-gradle@v3 - name: Set up JDK 11 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: 11 @@ -60,7 +60,7 @@ jobs: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: ${{ matrix.java }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9f8c2ab5be..beda8b34fa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -19,9 +19,9 @@ name: "CodeQL" on: push: - branches: [ '*' ] + branches: [ '**' ] pull_request: - branches: [ '*' ] + branches: [ '**' ] jobs: build: @@ -29,12 +29,12 @@ jobs: strategy: fail-fast: false matrix: - language: ['java', 'go'] + language: [ 'java', 'go' ] runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL uses: github/codeql-action/init@v2 @@ -46,11 +46,11 @@ jobs: languages: ${{ matrix.language }} - name: Setup Gradle - uses: gradle/gradle-build-action@v2 + uses: gradle/actions/setup-gradle@v3 if: matrix.language == 'java' - name: Set up JDK 11 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: 11 diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml index 740ea6a246..ea438849df 100644 --- a/.github/workflows/greetings.yml +++ b/.github/workflows/greetings.yml @@ -19,7 +19,7 @@ name: Greetings -on: [pull_request_target, issues] +on: [ pull_request_target, issues ] jobs: greeting: diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 62045d827c..28f67c1fb3 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -16,10 +16,10 @@ # name: 'License Check' -on: [pull_request] +on: [ pull_request ] permissions: - contents: read + contents: write jobs: dependency-review: @@ -29,6 +29,8 @@ jobs: uses: actions/checkout@v4 - name: 'Check license header' uses: apache/skywalking-eyes@main + - name: 'Generate and submit dependency graph' + uses: gradle/actions/dependency-submission@v3 - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: From d4bc876aced9cd2a5bcf03885077a8aa1b497b1b Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 23 Apr 2024 16:51:28 +0800 Subject: [PATCH 34/53] Follow https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories --- .github/workflows/codeql.yml | 6 +++++ .github/workflows/dependency-graph.yml | 37 ++++++++++++++++++++++++++ .github/workflows/license.yml | 9 ++++--- 3 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/dependency-graph.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index beda8b34fa..8fa5b516f4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -56,6 +56,12 @@ jobs: java-version: 11 if: matrix.language == 'java' + # Submit dependency graph Step 1 + - name: Generate and save dependency graph + uses: gradle/actions/dependency-submission@v3 + with: + dependency-graph: generate-and-upload + # https://docs.gradle.org/current/userguide/performance.html - name: Build run: ./gradlew clean assemble compileTestJava --no-build-cache --parallel --daemon diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml new file mode 100644 index 0000000000..6c2f04e2a8 --- /dev/null +++ b/.github/workflows/dependency-graph.yml @@ -0,0 +1,37 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories +name: Submit dependency graph + +on: + workflow_run: + workflows: [ 'CodeQL' ] + types: [ completed ] + +permissions: + contents: write + +jobs: + submit-dependency-graph: + runs-on: ubuntu-latest + steps: + # Submit dependency graph Step 2 + - name: Download and submit dependency graph + uses: gradle/actions/dependency-submission@v3 + with: + dependency-graph: download-and-submit # Download saved dependency-graph and submit diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 28f67c1fb3..29bc74496e 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -19,7 +19,7 @@ name: 'License Check' on: [ pull_request ] permissions: - contents: write + contents: read jobs: dependency-review: @@ -27,13 +27,16 @@ jobs: steps: - name: 'Checkout Repository' uses: actions/checkout@v4 + - name: 'Check license header' uses: apache/skywalking-eyes@main - - name: 'Generate and submit dependency graph' - uses: gradle/actions/dependency-submission@v3 + - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: + # Post 'Submit dependency graph' + retry-on-snapshot-warnings: true + retry-on-snapshot-warnings-timeout: 600 vulnerability-check: false license-check: true # Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html From 183a1af8f46df4993ba83595f82b1da5621455b3 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 23 Apr 2024 17:31:13 +0800 Subject: [PATCH 35/53] try to sort dependency graph workflow exec seq --- .github/workflows/codeql.yml | 10 ++--- .../workflows/generate-dependency-graph.yml | 39 +++++++++++++++++++ ...-graph.yml => submit-dependency-graph.yml} | 4 +- 3 files changed, 46 insertions(+), 7 deletions(-) create mode 100644 .github/workflows/generate-dependency-graph.yml rename .github/workflows/{dependency-graph.yml => submit-dependency-graph.yml} (93%) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8fa5b516f4..42a2d466b9 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -56,11 +56,11 @@ jobs: java-version: 11 if: matrix.language == 'java' - # Submit dependency graph Step 1 - - name: Generate and save dependency graph - uses: gradle/actions/dependency-submission@v3 - with: - dependency-graph: generate-and-upload +# # Submit dependency graph Step 1 +# - name: Generate and save dependency graph +# uses: gradle/actions/dependency-submission@v3 +# with: +# dependency-graph: generate-and-upload # https://docs.gradle.org/current/userguide/performance.html - name: Build diff --git a/.github/workflows/generate-dependency-graph.yml b/.github/workflows/generate-dependency-graph.yml new file mode 100644 index 0000000000..88ac608d25 --- /dev/null +++ b/.github/workflows/generate-dependency-graph.yml @@ -0,0 +1,39 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +name: Generate and save dependency graph + +on: + pull_request: + +permissions: + contents: read # 'write' permission is not available + +jobs: + dependency-submission: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 + with: + distribution: zulu + java-version: 11 + + - name: Generate and save dependency graph + uses: gradle/actions/dependency-submission@v3 + with: + dependency-graph: generate-and-upload \ No newline at end of file diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/submit-dependency-graph.yml similarity index 93% rename from .github/workflows/dependency-graph.yml rename to .github/workflows/submit-dependency-graph.yml index 6c2f04e2a8..30d8537895 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/submit-dependency-graph.yml @@ -16,11 +16,11 @@ # # https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories -name: Submit dependency graph +name: Download and submit dependency graph on: workflow_run: - workflows: [ 'CodeQL' ] + workflows: [ 'Generate and save dependency graph' ] types: [ completed ] permissions: From 5c0c0703bb900d04cafa2b17d772c126e5164d5d Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 23 Apr 2024 18:31:26 +0800 Subject: [PATCH 36/53] `workflow_run` event will only trigger a workflow run if the workflow file is on the default branch --- .github/workflows/codeql.yml | 13 ++++--- ...endency-graph.yml => dependency-graph.yml} | 4 +- .../workflows/generate-dependency-graph.yml | 39 ------------------- 3 files changed, 10 insertions(+), 46 deletions(-) rename .github/workflows/{submit-dependency-graph.yml => dependency-graph.yml} (93%) delete mode 100644 .github/workflows/generate-dependency-graph.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 42a2d466b9..a915d3a631 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -23,6 +23,9 @@ on: pull_request: branches: [ '**' ] +permissions: + contents: read + jobs: build: name: Analyze @@ -56,11 +59,11 @@ jobs: java-version: 11 if: matrix.language == 'java' -# # Submit dependency graph Step 1 -# - name: Generate and save dependency graph -# uses: gradle/actions/dependency-submission@v3 -# with: -# dependency-graph: generate-and-upload + # Submit dependency graph Step 1 + - name: Generate and save dependency graph + uses: gradle/actions/dependency-submission@v3 + with: + dependency-graph: generate-and-upload # https://docs.gradle.org/current/userguide/performance.html - name: Build diff --git a/.github/workflows/submit-dependency-graph.yml b/.github/workflows/dependency-graph.yml similarity index 93% rename from .github/workflows/submit-dependency-graph.yml rename to .github/workflows/dependency-graph.yml index 30d8537895..6c2f04e2a8 100644 --- a/.github/workflows/submit-dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -16,11 +16,11 @@ # # https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories -name: Download and submit dependency graph +name: Submit dependency graph on: workflow_run: - workflows: [ 'Generate and save dependency graph' ] + workflows: [ 'CodeQL' ] types: [ completed ] permissions: diff --git a/.github/workflows/generate-dependency-graph.yml b/.github/workflows/generate-dependency-graph.yml deleted file mode 100644 index 88ac608d25..0000000000 --- a/.github/workflows/generate-dependency-graph.yml +++ /dev/null @@ -1,39 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -name: Generate and save dependency graph - -on: - pull_request: - -permissions: - contents: read # 'write' permission is not available - -jobs: - dependency-submission: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-java@v4 - with: - distribution: zulu - java-version: 11 - - - name: Generate and save dependency graph - uses: gradle/actions/dependency-submission@v3 - with: - dependency-graph: generate-and-upload \ No newline at end of file From 2f7c34ab75a92871d80b32b841a591ec6ffd846a Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 23 Apr 2024 19:27:52 +0800 Subject: [PATCH 37/53] Grant required permission of CodeQL --- .github/workflows/ci.yml | 4 +++- .../{codeql.yml => code-scanning.yml} | 20 +++++++++++-------- .github/workflows/dependency-graph.yml | 4 ++-- .github/workflows/license.yml | 2 +- 4 files changed, 18 insertions(+), 12 deletions(-) rename .github/workflows/{codeql.yml => code-scanning.yml} (89%) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f8c5190f67..88f5577ca9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,9 @@ name: "Continuous Integration" on: push: - branches: [ '**' ] + branches: + - '**' + - '!dependabot/**' pull_request: branches: [ '**' ] diff --git a/.github/workflows/codeql.yml b/.github/workflows/code-scanning.yml similarity index 89% rename from .github/workflows/codeql.yml rename to .github/workflows/code-scanning.yml index a915d3a631..77c14fc4c7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/code-scanning.yml @@ -15,15 +15,18 @@ # limitations under the License. # -name: "CodeQL" +name: 'Code Scanning' on: push: - branches: [ '**' ] + branches: + - '**' + - '!dependabot/**' pull_request: branches: [ '**' ] permissions: + security-events: write contents: read jobs: @@ -40,7 +43,7 @@ jobs: uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. @@ -49,28 +52,29 @@ jobs: languages: ${{ matrix.language }} - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 if: matrix.language == 'java' + uses: gradle/actions/setup-gradle@v3 - name: Set up JDK 11 + if: matrix.language == 'java' uses: actions/setup-java@v4 with: distribution: 'zulu' java-version: 11 - if: matrix.language == 'java' - # Submit dependency graph Step 1 + # Pre Submit dependency graph - name: Generate and save dependency graph + if: matrix.language == 'java' uses: gradle/actions/dependency-submission@v3 with: dependency-graph: generate-and-upload # https://docs.gradle.org/current/userguide/performance.html - name: Build + if: matrix.language == 'java' run: ./gradlew clean assemble compileTestJava --no-build-cache --parallel --daemon env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - if: matrix.language == 'java' - name: Perform CodeQL analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 6c2f04e2a8..63ef216040 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -16,11 +16,12 @@ # # https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories +# 'Pre Submit dependency graph' in the 'Code Scanning' workflow and 'Post Submit dependency graph' in the 'License Check' workflow name: Submit dependency graph on: workflow_run: - workflows: [ 'CodeQL' ] + workflows: [ 'Code Scanning' ] types: [ completed ] permissions: @@ -30,7 +31,6 @@ jobs: submit-dependency-graph: runs-on: ubuntu-latest steps: - # Submit dependency graph Step 2 - name: Download and submit dependency graph uses: gradle/actions/dependency-submission@v3 with: diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 29bc74496e..34383fcb30 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -34,7 +34,7 @@ jobs: - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: - # Post 'Submit dependency graph' + # Post Submit dependency graph retry-on-snapshot-warnings: true retry-on-snapshot-warnings-timeout: 600 vulnerability-check: false From df3532d5a707b9eb9d9ad8bf61dde33801ac329a Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Tue, 23 Apr 2024 19:37:11 +0800 Subject: [PATCH 38/53] Attempt to fix 'No dependency graph files found to submit' --- .github/workflows/code-scanning.yml | 10 +++------- .github/workflows/dependency-graph.yml | 2 +- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 77c14fc4c7..30ec1c50f0 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -51,9 +51,12 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main languages: ${{ matrix.language }} + # Pre Submit dependency graph - name: Setup Gradle if: matrix.language == 'java' uses: gradle/actions/setup-gradle@v3 + with: + dependency-graph: generate-and-upload - name: Set up JDK 11 if: matrix.language == 'java' @@ -62,13 +65,6 @@ jobs: distribution: 'zulu' java-version: 11 - # Pre Submit dependency graph - - name: Generate and save dependency graph - if: matrix.language == 'java' - uses: gradle/actions/dependency-submission@v3 - with: - dependency-graph: generate-and-upload - # https://docs.gradle.org/current/userguide/performance.html - name: Build if: matrix.language == 'java' diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 63ef216040..8aee73d4a3 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -32,6 +32,6 @@ jobs: runs-on: ubuntu-latest steps: - name: Download and submit dependency graph - uses: gradle/actions/dependency-submission@v3 + uses: gradle/actions/setup-gradle@v3 with: dependency-graph: download-and-submit # Download saved dependency-graph and submit From c5820c4c1b6eb6fd45772b0c7a321755628f02a8 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 00:51:46 +0800 Subject: [PATCH 39/53] Attempt to fix 'No dependency graph files found to submit' try 2 --- .github/workflows/code-scanning.yml | 14 +++++++------- .github/workflows/dependency-graph.yml | 11 ++++++++++- .github/workflows/docker.yml | 2 ++ 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 30ec1c50f0..1ecced6111 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -51,13 +51,6 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main languages: ${{ matrix.language }} - # Pre Submit dependency graph - - name: Setup Gradle - if: matrix.language == 'java' - uses: gradle/actions/setup-gradle@v3 - with: - dependency-graph: generate-and-upload - - name: Set up JDK 11 if: matrix.language == 'java' uses: actions/setup-java@v4 @@ -65,6 +58,13 @@ jobs: distribution: 'zulu' java-version: 11 + # Pre Submit dependency graph + - name: Setup Gradle + if: matrix.language == 'java' + uses: gradle/gradle-build-action@v2 + with: + dependency-graph: generate-and-upload + # https://docs.gradle.org/current/userguide/performance.html - name: Build if: matrix.language == 'java' diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 8aee73d4a3..59d1b8e96e 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -31,7 +31,16 @@ jobs: submit-dependency-graph: runs-on: ubuntu-latest steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Java + uses: actions/setup-java@v4 + with: + distribution: 'zulu' + java-version: 11 + - name: Download and submit dependency graph - uses: gradle/actions/setup-gradle@v3 + uses: gradle/gradle-build-action@v2 with: dependency-graph: download-and-submit # Download saved dependency-graph and submit diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 9bfd296d3f..e902826e97 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -26,11 +26,13 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v3 + - name: Login to DockerHub uses: docker/login-action@v2 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Docker meta id: meta uses: docker/metadata-action@v4 From d4c21d441cf8311ce211bca5ce6550470689a12b Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 01:02:56 +0800 Subject: [PATCH 40/53] Attempt to fix 'No dependency graph files found to submit' try 3 --- .github/workflows/code-scanning.yml | 3 ++- .github/workflows/dependency-graph.yml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 1ecced6111..09d8427f3e 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -63,7 +63,8 @@ jobs: if: matrix.language == 'java' uses: gradle/gradle-build-action@v2 with: - dependency-graph: generate-and-upload + dependency-graph: 'generate-and-upload' + dependency-graph-continue-on-failure: false # https://docs.gradle.org/current/userguide/performance.html - name: Build diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 59d1b8e96e..f06fad9ccf 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -44,3 +44,4 @@ jobs: uses: gradle/gradle-build-action@v2 with: dependency-graph: download-and-submit # Download saved dependency-graph and submit + dependency-graph-continue-on-failure: false From b2ff90ed424050b5a93232cba31596487a6d36ff Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 01:06:51 +0800 Subject: [PATCH 41/53] Attempt to fix 'No dependency graph files found to submit' try 4 --- .github/workflows/code-scanning.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 09d8427f3e..bc653c4bd7 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -63,7 +63,7 @@ jobs: if: matrix.language == 'java' uses: gradle/gradle-build-action@v2 with: - dependency-graph: 'generate-and-upload' + dependency-graph: generate dependency-graph-continue-on-failure: false # https://docs.gradle.org/current/userguide/performance.html From c75cb6683360bdfb319f3c13183fe5906f5dff1d Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 13:10:18 +0800 Subject: [PATCH 42/53] Try to check dependency-review --- .github/workflows/code-scanning.yml | 1 - .github/workflows/dependency-graph.yml | 1 - build.gradle | 2 +- 3 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index bc653c4bd7..b32eb038a7 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -64,7 +64,6 @@ jobs: uses: gradle/gradle-build-action@v2 with: dependency-graph: generate - dependency-graph-continue-on-failure: false # https://docs.gradle.org/current/userguide/performance.html - name: Build diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index f06fad9ccf..59d1b8e96e 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -44,4 +44,3 @@ jobs: uses: gradle/gradle-build-action@v2 with: dependency-graph: download-and-submit # Download saved dependency-graph and submit - dependency-graph-continue-on-failure: false diff --git a/build.gradle b/build.gradle index 6741cdefa1..a1bbeb7ede 100644 --- a/build.gradle +++ b/build.gradle @@ -527,7 +527,7 @@ subprojects { dependency "org.yaml:snakeyaml:1.30" dependency "org.javassist:javassist:3.24.0-GA" - dependency "com.alibaba.nacos:nacos-client:2.2.1" + dependency "com.alibaba.nacos:nacos-client:2.2.3" dependency 'org.apache.zookeeper:zookeeper:3.7.1' dependency 'org.apache.curator:curator-client:5.4.0' From 95ab20d42191501b8744f97c5605fbd23294b8dc Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 13:41:07 +0800 Subject: [PATCH 43/53] Only check bundled dependencies --- .github/workflows/code-scanning.yml | 3 ++- .github/workflows/license.yml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index b32eb038a7..3d636c24ea 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -65,11 +65,12 @@ jobs: with: dependency-graph: generate - # https://docs.gradle.org/current/userguide/performance.html + # https://github.com/gradle/gradle-build-action/tree/release/v2?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph - name: Build if: matrix.language == 'java' run: ./gradlew clean assemble compileTestJava --no-build-cache --parallel --daemon env: + DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: runtimeClasspath GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - name: Perform CodeQL analysis diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 34383fcb30..cfa1556d69 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -36,7 +36,7 @@ jobs: with: # Post Submit dependency graph retry-on-snapshot-warnings: true - retry-on-snapshot-warnings-timeout: 600 + retry-on-snapshot-warnings-timeout: 720 vulnerability-check: false license-check: true # Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html From 96f39e13dc6d1db148fc6e8cacaac18fdb2ae285 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 14:27:50 +0800 Subject: [PATCH 44/53] Fix 'No snapshots were found for the head SHA' attempt 1 --- .github/workflows/code-scanning.yml | 4 ++-- .github/workflows/license.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 3d636c24ea..1b91511656 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -64,13 +64,13 @@ jobs: uses: gradle/gradle-build-action@v2 with: dependency-graph: generate + cache-disabled: true # https://github.com/gradle/gradle-build-action/tree/release/v2?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph - name: Build if: matrix.language == 'java' - run: ./gradlew clean assemble compileTestJava --no-build-cache --parallel --daemon + run: ./gradlew clean assemble compileTestJava --parallel --daemon env: - DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: runtimeClasspath GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - name: Perform CodeQL analysis diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index cfa1556d69..dd0ea65072 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -36,7 +36,7 @@ jobs: with: # Post Submit dependency graph retry-on-snapshot-warnings: true - retry-on-snapshot-warnings-timeout: 720 + retry-on-snapshot-warnings-timeout: 900 vulnerability-check: false license-check: true # Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html From 3de89a51b7443a7e937cd7d699b21163a7a1d795 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 15:00:41 +0800 Subject: [PATCH 45/53] Test runtimeClasspath dependencies --- .github/workflows/ci.yml | 8 +++++++- .github/workflows/code-scanning.yml | 1 - .github/workflows/dependency-graph.yml | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 88f5577ca9..fbd559c682 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,6 +25,9 @@ on: pull_request: branches: [ '**' ] +permissions: + contents: read + jobs: build: name: Build @@ -48,7 +51,9 @@ jobs: make -C ./eventmesh-sdks/eventmesh-sdk-c - name: Setup Gradle - uses: gradle/actions/setup-gradle@v3 + uses: gradle/gradle-build-action@v2 + with: + dependency-graph: generate - name: Set up JDK 11 uses: actions/setup-java@v4 @@ -71,6 +76,7 @@ jobs: - name: Build run: ./gradlew clean build dist jacocoTestReport -x spotlessJava -x generateGrammarSource --parallel --daemon env: + DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: runtimeClasspath GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - name: Install plugin diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 1b91511656..465c1d9bba 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -63,7 +63,6 @@ jobs: if: matrix.language == 'java' uses: gradle/gradle-build-action@v2 with: - dependency-graph: generate cache-disabled: true # https://github.com/gradle/gradle-build-action/tree/release/v2?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 59d1b8e96e..16861c6a61 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -16,12 +16,12 @@ # # https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories -# 'Pre Submit dependency graph' in the 'Code Scanning' workflow and 'Post Submit dependency graph' in the 'License Check' workflow +# 'Pre Submit dependency graph' in the 'Continuous Integration' workflow and 'Post Submit dependency graph' in the 'License Check' workflow name: Submit dependency graph on: workflow_run: - workflows: [ 'Code Scanning' ] + workflows: [ 'Continuous Integration' ] types: [ completed ] permissions: From 18751cc133fc889130a9c4765b86831cbcd477b8 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 15:29:26 +0800 Subject: [PATCH 46/53] Revert "Test runtimeClasspath dependencies" This reverts commit 3de89a51b7443a7e937cd7d699b21163a7a1d795. --- .github/workflows/ci.yml | 8 +------- .github/workflows/code-scanning.yml | 1 + .github/workflows/dependency-graph.yml | 4 ++-- 3 files changed, 4 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fbd559c682..88f5577ca9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,9 +25,6 @@ on: pull_request: branches: [ '**' ] -permissions: - contents: read - jobs: build: name: Build @@ -51,9 +48,7 @@ jobs: make -C ./eventmesh-sdks/eventmesh-sdk-c - name: Setup Gradle - uses: gradle/gradle-build-action@v2 - with: - dependency-graph: generate + uses: gradle/actions/setup-gradle@v3 - name: Set up JDK 11 uses: actions/setup-java@v4 @@ -76,7 +71,6 @@ jobs: - name: Build run: ./gradlew clean build dist jacocoTestReport -x spotlessJava -x generateGrammarSource --parallel --daemon env: - DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: runtimeClasspath GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - name: Install plugin diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 465c1d9bba..1b91511656 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -63,6 +63,7 @@ jobs: if: matrix.language == 'java' uses: gradle/gradle-build-action@v2 with: + dependency-graph: generate cache-disabled: true # https://github.com/gradle/gradle-build-action/tree/release/v2?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 16861c6a61..59d1b8e96e 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -16,12 +16,12 @@ # # https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories -# 'Pre Submit dependency graph' in the 'Continuous Integration' workflow and 'Post Submit dependency graph' in the 'License Check' workflow +# 'Pre Submit dependency graph' in the 'Code Scanning' workflow and 'Post Submit dependency graph' in the 'License Check' workflow name: Submit dependency graph on: workflow_run: - workflows: [ 'Continuous Integration' ] + workflows: [ 'Code Scanning' ] types: [ completed ] permissions: From 14e449fc106ce65e403275aced0fe9eeba78bf60 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 15:33:26 +0800 Subject: [PATCH 47/53] Try to retry 1 hr wo wait for snapshot update --- .github/workflows/license.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index dd0ea65072..14ea52285c 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -36,7 +36,7 @@ jobs: with: # Post Submit dependency graph retry-on-snapshot-warnings: true - retry-on-snapshot-warnings-timeout: 900 + retry-on-snapshot-warnings-timeout: 3600 vulnerability-check: false license-check: true # Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html From b96139c0dfe605b7b6fbf7ac822cc705429b7095 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 16:31:02 +0800 Subject: [PATCH 48/53] Test https://github.com/gradle/actions/issues/196#issuecomment-2074366829 --- .github/workflows/code-scanning.yml | 4 ++-- .github/workflows/dependency-graph.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 1b91511656..10c510f54f 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -61,9 +61,9 @@ jobs: # Pre Submit dependency graph - name: Setup Gradle if: matrix.language == 'java' - uses: gradle/gradle-build-action@v2 + uses: gradle/actions/setup-gradle@v3 with: - dependency-graph: generate + dependency-graph: generate-and-upload cache-disabled: true # https://github.com/gradle/gradle-build-action/tree/release/v2?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 59d1b8e96e..1a32c40f9c 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -41,6 +41,6 @@ jobs: java-version: 11 - name: Download and submit dependency graph - uses: gradle/gradle-build-action@v2 + uses: gradle/actions/dependency-submission@v3.3.0 with: dependency-graph: download-and-submit # Download saved dependency-graph and submit From 66ea15838eddb9de353be1361b43b5699e7101ee Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Wed, 24 Apr 2024 21:59:04 +0800 Subject: [PATCH 49/53] Add todo comments --- .github/workflows/dependency-graph.yml | 1 + .github/workflows/license.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 1a32c40f9c..ad0f2f8bcf 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -41,6 +41,7 @@ jobs: java-version: 11 - name: Download and submit dependency graph + # TODO Can be upgraded to v3 after https://github.com/gradle/actions/issues/196 is resolved. uses: gradle/actions/dependency-submission@v3.3.0 with: dependency-graph: download-and-submit # Download saved dependency-graph and submit diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 14ea52285c..806ce2fafc 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -36,6 +36,7 @@ jobs: with: # Post Submit dependency graph retry-on-snapshot-warnings: true + # TODO Can be reduced to 15min after https://github.com/actions/dependency-review-action/issues/632 is resolved. retry-on-snapshot-warnings-timeout: 3600 vulnerability-check: false license-check: true From 6593458600ea3438ead1bbd012c2178dbf28f586 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 25 Apr 2024 03:49:42 +0800 Subject: [PATCH 50/53] Keep implementation and compileOnly for now --- .github/workflows/code-scanning.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 10c510f54f..b543b5f842 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -66,11 +66,12 @@ jobs: dependency-graph: generate-and-upload cache-disabled: true - # https://github.com/gradle/gradle-build-action/tree/release/v2?tab=readme-ov-file#filtering-which-gradle-configurations-contribute-to-the-dependency-graph - name: Build if: matrix.language == 'java' run: ./gradlew clean assemble compileTestJava --parallel --daemon env: + # TODO exclude compileOnly after https://github.com/gradle/actions/issues/198 is resolved + DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: '[Ii]mplementation.*|[Rr]untime.*|[Cc]ompile.*|[Aa]pi.*' GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - name: Perform CodeQL analysis From a37e0e1cf9be2341232e0014da9bb95b571d8454 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 25 Apr 2024 13:20:27 +0800 Subject: [PATCH 51/53] Keep runtimeOnly deps --- .github/workflows/code-scanning.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index b543b5f842..7402c194d3 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -58,20 +58,26 @@ jobs: distribution: 'zulu' java-version: 11 - # Pre Submit dependency graph - name: Setup Gradle if: matrix.language == 'java' uses: gradle/actions/setup-gradle@v3 with: - dependency-graph: generate-and-upload cache-disabled: true + # Pre Submit dependency graph + - name: Generate and upload dependency graph + if: matrix.language == 'java' + # TODO Can be upgraded to v3 after https://github.com/gradle/actions/issues/196 is resolved. + uses: gradle/actions/dependency-submission@v3.3.0 + with: + dependency-graph: generate-and-upload + env: + DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: '[rR]untimeClasspath' + - name: Build if: matrix.language == 'java' run: ./gradlew clean assemble compileTestJava --parallel --daemon env: - # TODO exclude compileOnly after https://github.com/gradle/actions/issues/198 is resolved - DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: '[Ii]mplementation.*|[Rr]untime.*|[Cc]ompile.*|[Aa]pi.*' GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} - name: Perform CodeQL analysis From ace11a28a3c24b047a32a679493e7f5d36043c24 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 25 Apr 2024 18:48:17 +0800 Subject: [PATCH 52/53] [Breaking Change] Remove dependency-review-action and wait for its bugfix --- .github/workflows/code-scanning.yml | 10 ------ .github/workflows/dependency-graph.yml | 47 -------------------------- .github/workflows/license.yml | 25 -------------- 3 files changed, 82 deletions(-) delete mode 100644 .github/workflows/dependency-graph.yml diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml index 7402c194d3..04166f7485 100644 --- a/.github/workflows/code-scanning.yml +++ b/.github/workflows/code-scanning.yml @@ -64,16 +64,6 @@ jobs: with: cache-disabled: true - # Pre Submit dependency graph - - name: Generate and upload dependency graph - if: matrix.language == 'java' - # TODO Can be upgraded to v3 after https://github.com/gradle/actions/issues/196 is resolved. - uses: gradle/actions/dependency-submission@v3.3.0 - with: - dependency-graph: generate-and-upload - env: - DEPENDENCY_GRAPH_INCLUDE_CONFIGURATIONS: '[rR]untimeClasspath' - - name: Build if: matrix.language == 'java' run: ./gradlew clean assemble compileTestJava --parallel --daemon diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml deleted file mode 100644 index ad0f2f8bcf..0000000000 --- a/.github/workflows/dependency-graph.yml +++ /dev/null @@ -1,47 +0,0 @@ -# -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# https://github.com/gradle/actions/blob/main/docs/dependency-submission.md#usage-with-pull-requests-from-public-forked-repositories -# 'Pre Submit dependency graph' in the 'Code Scanning' workflow and 'Post Submit dependency graph' in the 'License Check' workflow -name: Submit dependency graph - -on: - workflow_run: - workflows: [ 'Code Scanning' ] - types: [ completed ] - -permissions: - contents: write - -jobs: - submit-dependency-graph: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Setup Java - uses: actions/setup-java@v4 - with: - distribution: 'zulu' - java-version: 11 - - - name: Download and submit dependency graph - # TODO Can be upgraded to v3 after https://github.com/gradle/actions/issues/196 is resolved. - uses: gradle/actions/dependency-submission@v3.3.0 - with: - dependency-graph: download-and-submit # Download saved dependency-graph and submit diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 806ce2fafc..ef929b6743 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -30,28 +30,3 @@ jobs: - name: 'Check license header' uses: apache/skywalking-eyes@main - - - name: 'Dependency Review' - uses: actions/dependency-review-action@v4 - with: - # Post Submit dependency graph - retry-on-snapshot-warnings: true - # TODO Can be reduced to 15min after https://github.com/actions/dependency-review-action/issues/632 is resolved. - retry-on-snapshot-warnings-timeout: 3600 - vulnerability-check: false - license-check: true - # Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html - # Special notice for GPL licenses: https://www.apache.org/licenses/GPL-compatibility.html - # Find SPDX identifiers here: https://spdx.org/licenses/ - deny-licenses: > - MS-LPL, BUSL-1.1, - CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0, - GPL-1.0, GPL-2.0, GPL-3.0, AGPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, - GPL-1.0-only, GPL-2.0-only, GPL-3.0-only, AGPL-3.0-only, LGPL-2.0-only, LGPL-2.1-only, LGPL-3.0-only, - QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, - BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON - # Artifacts with multiple licenses, where at least one license is compatible with Apache 2.0, are allowed. - # TODO This attribute can be removed after https://github.com/actions/dependency-review-action/issues/670 is resolved. - allow-dependencies-licenses: > - pkg:maven/com.rabbitmq/amqp-client, - pkg:maven/javax.xml.stream/stax-api From 51e6d6f6936de916c3c4ad0cb0f2583a610c003b Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Thu, 25 Apr 2024 18:53:19 +0800 Subject: [PATCH 53/53] Add checkDeniedLicense into CI --- .github/workflows/license.yml | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index ef929b6743..cc52bdd49f 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -25,8 +25,22 @@ jobs: dependency-review: runs-on: ubuntu-latest steps: - - name: 'Checkout Repository' + - name: Checkout Repository uses: actions/checkout@v4 - - name: 'Check license header' + - name: Check license header uses: apache/skywalking-eyes@main + + - name: Set up JDK 11 + uses: actions/setup-java@v4 + with: + distribution: 'zulu' + java-version: 11 + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@v3 + + - name: Check license compatibility + run: ./gradlew clean checkDeniedLicense + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }}