Quarkus 3.27.2

[overheadhunter]

No description provided.

[coderabbitai]

Walkthrough

Updated backend Quarkus BOM from 3.20.5 to 3.27.2 and edited CHANGELOG.md. Adjusted application.properties keys and test/dev profiles (renamed Swagger UI key, removed a dev Keycloak start-command, added test Keycloak/OIDC flags). Converted many JPA embedded ID inner classes to Java records (AccessToken, VaultAccess, EffectiveVaultAccess, EffectiveGroupMembership, EffectiveWot, WotEntry, LegacyAccessToken, RecoveredEmergencyKeyShares) and updated call sites to use record accessors and new constructors; small resource-level construction/access updates (DeviceResource, EmergencyAccessResource, UsersResource, VaultResource). Also changed final Docker base image to eclipse-temurin:21.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Emergency Access #390: Modifies EmergencyAccessResource and RecoveredEmergencyKeyShares Id usage/shape — directly overlaps entity/usage changes.
• SQL optimizations #372: Touches Effective* entities and VaultAccess Id conversions — related to embedded ID → record conversions.
• Add create-vaults role #296: Modifies VaultResource and VaultAccess Id accessors — overlaps VaultResource changes.

Suggested labels

dependencies, java

Suggested reviewers

• SailReal

🚥 Pre-merge checks | ✅ 1 | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 11.11% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (17 files): ⚔️ .github/workflows/build.yml (content) ⚔️ CHANGELOG.md (content) ⚔️ backend/pom.xml (content) ⚔️ backend/src/main/docker/Dockerfile.jvm (content) ⚔️ backend/src/main/java/org/cryptomator/hub/api/DeviceResource.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/api/EmergencyAccessResource.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/api/UsersResource.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/api/VaultResource.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/entities/AccessToken.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/entities/EffectiveGroupMembership.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/entities/EffectiveVaultAccess.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/entities/EffectiveWot.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/entities/LegacyAccessToken.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/entities/RecoveredEmergencyKeyShares.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/entities/VaultAccess.java (content) ⚔️ backend/src/main/java/org/cryptomator/hub/entities/WotEntry.java (content) ⚔️ backend/src/main/resources/application.properties (content) These conflicts must be resolved before merging into develop.	Resolve conflicts locally and push changes to this branch.
Description check	❓ Inconclusive	No description was provided by the author, making it impossible to assess whether it relates to the changeset.	Add a brief description explaining the Quarkus upgrade, any migration steps required, or testing performed to validate the upgrade.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Quarkus 3.27.2' directly corresponds to the main change in the PR, which updates Quarkus from 3.20.5 to 3.27.2 across multiple build and configuration files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/quarkus-3.27

⚔️ Resolve merge conflicts (beta)

• Auto-commit resolved conflicts to branch feature/quarkus-3.27
• Create stacked PR with resolved conflicts
• Post resolved changes as copyable diffs in a comment

---

No actionable comments were generated in the recent review. 🎉

🧹 Recent nitpick comments

backend/src/main/docker/Dockerfile.jvm (1)

13-13: Use eclipse-temurin:21-jre instead of the full JDK image.

This is a JVM application (runs java -jar quarkus-run.jar), so the full JDK is unnecessary. The eclipse-temurin:21-jre variant is ~161 MB smaller (287 MB vs 448 MB) and removes unused compiler tools, reducing both image size and attack surface.

♻️ Suggested change

-FROM eclipse-temurin:21
+FROM eclipse-temurin:21-jre

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@backend/src/main/java/org/cryptomator/hub/entities/LegacyAccessToken.java`:
- Around line 83-87: The AccessId embeddable record should implement
Serializable to improve interoperability with JPA 3.1 environments and features
like clustering or second-level cache; update the record declaration for
AccessId (record AccessId(...)) to add "implements Serializable", keep the
existing `@Embeddable` and `@Column` annotations intact, and import or add
java.io.Serializable as needed.

🧹 Nitpick comments (1)

backend/src/main/java/org/cryptomator/hub/entities/AccessToken.java (1)

110-112: No @Column annotations on AccessId record components — verify this is intentional.

Unlike every other @Embeddable record in this PR (e.g., VaultAccess.Id, WotEntry.Id, LegacyAccessToken.AccessId), AccessToken.AccessId does not have @Column annotations on its components. This works because @MapsId("userId") / @MapsId("vaultId") on the user and vault relationships (lines 40–47) drive the column mapping. Just flagging the inconsistency for awareness — if it was intentional (i.e., the old class also lacked @Column), this is fine.

#!/bin/bash
# Verify whether the old AccessId class had `@Column` annotations before this change
git log --all --oneline -n 20 -- 'backend/src/main/java/org/cryptomator/hub/entities/AccessToken.java'

[Copilot]

Pull request overview

This PR updates Quarkus from version 3.20.5 to 3.27.2 LTS and performs necessary code changes to maintain compatibility with the newer version.

Changes:

• Updated Quarkus platform version from 3.20.5 to 3.27.2 in pom.xml and CHANGELOG
• Refactored JPA composite ID classes from mutable Serializable classes to immutable records
• Updated configuration properties to use renamed property names (enable → enabled)

Reviewed changes

Copilot reviewed 15 out of 15 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
backend/pom.xml	Updated quarkus.platform.version from 3.20.5 to 3.27.2
CHANGELOG.md	Updated version reference in changelog
backend/src/main/resources/application.properties	Updated property names (enable → enabled), removed deprecated start-command property, added test configuration to disable dev services
backend/src/main/java/org/cryptomator/hub/entities/WotEntry.java	Converted embedded ID class from mutable class to immutable record
backend/src/main/java/org/cryptomator/hub/entities/VaultAccess.java	Converted embedded ID class to record, removed default initialization
backend/src/main/java/org/cryptomator/hub/entities/RecoveredEmergencyKeyShares.java	Converted embedded ID class to record, removed default initialization
backend/src/main/java/org/cryptomator/hub/entities/LegacyAccessToken.java	Converted embedded ID class to record, removed default initialization
backend/src/main/java/org/cryptomator/hub/entities/EffectiveWot.java	Converted embedded ID class to record
backend/src/main/java/org/cryptomator/hub/entities/EffectiveVaultAccess.java	Converted embedded ID class to record, updated method calls from getter to record accessor
backend/src/main/java/org/cryptomator/hub/entities/EffectiveGroupMembership.java	Converted embedded ID class to record, updated instantiation pattern
backend/src/main/java/org/cryptomator/hub/entities/AccessToken.java	Converted embedded ID class to record, removed default initialization
backend/src/main/java/org/cryptomator/hub/api/VaultResource.java	Updated ID accessor calls from getter methods to record accessors
backend/src/main/java/org/cryptomator/hub/api/UsersResource.java	Updated ID instantiation and accessor calls to use record pattern
backend/src/main/java/org/cryptomator/hub/api/EmergencyAccessResource.java	Updated ID instantiation to use record constructor
backend/src/main/java/org/cryptomator/hub/api/DeviceResource.java	Updated ID accessor calls to use record accessors

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[SailReal]

LGTM! The simplifications are great 👍

As we sometimes had trouble with native images during Quarkus updates, have you tested this with native images as well?

[overheadhunter]

Tested with both JVM and native images locally. Interestingly I only found a (preexisting) issue in the JVM image.