From b7ece91fcf2500b3b7b762ad05880066606413cf Mon Sep 17 00:00:00 2001 From: Dominik Pinsel Date: Thu, 12 Oct 2023 13:43:24 +0200 Subject: [PATCH] ci: DEPENDENCIES are not automated updated and verified during a release Signed-off-by: Dominik Pinsel --- .gitignore | 2 + .releaserc | 7 +++ DEPENDENCIES | 4 +- charts/managed-identity-wallet/Chart.yaml | 2 +- scripts/update_dependencies_file.sh | 60 +++++++++++++++++++++++ update_dependcies.sh | 31 ------------ 6 files changed, 72 insertions(+), 34 deletions(-) create mode 100755 scripts/update_dependencies_file.sh delete mode 100755 update_dependcies.sh diff --git a/.gitignore b/.gitignore index 4ccaea240..f3cd0bd87 100644 --- a/.gitignore +++ b/.gitignore @@ -39,6 +39,8 @@ out *.releaseBackup release.properties +# eclipse dash license library, downloaded from /scripts/update-dependencies_file.sh +org.eclipse.dash.licenses-1.0.3-*.jar local.properties *.swp diff --git a/.releaserc b/.releaserc index 500b6643d..03a901a3b 100644 --- a/.releaserc +++ b/.releaserc @@ -20,6 +20,12 @@ "prepareCmd": "sed -i 's/appVersion:.*/appVersion: ${nextRelease.version}/g' ./charts/managed-identity-wallet/Chart.yaml" } ], + [ + "@semantic-release/exec", + { + "prepareCmd": "./scripts/update_dependencies_file.sh" + } + ], "@semantic-release/release-notes-generator", [ "@semantic-release/changelog", @@ -32,6 +38,7 @@ { "assets": [ "CHANGELOG.md", + "DEPENDENCIES", "gradle.properties", "./charts/managed-identity-wallet/Chart.yaml" ], diff --git a/DEPENDENCIES b/DEPENDENCIES index 835657722..236db4f27 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -106,8 +106,8 @@ maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved maven/mavencentral/jakarta.json/jakarta.json-api/2.1.2, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, #7907 maven/mavencentral/jakarta.persistence/jakarta.persistence-api/3.1.0, EPL-2.0 OR BSD-3-Clause AND (EPL-2.0 OR BSD-3-Clause AND BSD-3-Clause), approved, #7696 maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.1, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, #7697 -maven/mavencentral/jakarta.validation/jakarta.validation-api/2.0.2, Apache-2.0, approved, clearlydefined -maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, clearlydefined +maven/mavencentral/jakarta.validation/jakarta.validation-api/2.0.2, Apache-2.0, approved, ee4j.validation +maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, ee4j.validation maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.0, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/4.0.0, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/javax.activation/javax.activation-api/1.2.0, (CDDL-1.1 OR GPL-2.0 WITH Classpath-exception-2.0) AND Apache-2.0, approved, CQ18740 diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index ac2bfcb00..100e5b508 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -26,7 +26,7 @@ description: | type: application version: 0.1.0 -appVersion: 0.0.1 +appVersion: 0.1.0 home: https://github.com/eclipse-tractusx/managed-identity-wallet keywords: diff --git a/scripts/update_dependencies_file.sh b/scripts/update_dependencies_file.sh new file mode 100755 index 000000000..09cdcfddc --- /dev/null +++ b/scripts/update_dependencies_file.sh @@ -0,0 +1,60 @@ +# +# /******************************************************************************** +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ +# + +#!/bin/bash + +# To update the latest version of the Eclipse Dash License tool get latest build from their repository +# https://repo.eclipse.org/content/repositories/dash-licenses-snapshots/org/eclipse/dash/dash-licenses-parent/1.0.3-SNAPSHOT/ +# then execute this curl call: +# curl --output /lib/org.eclipse.dash.licenses-1.0.3.jar \ +# https://repo.eclipse.org/service/local/repositories/dash-licenses-snapshots/content/org/eclipse/dash/org.eclipse.dash.licenses/1.0.3-SNAPSHOT/org.eclipse.dash.licenses-1.0.3-20231009.055043-138.jar + +# Why do it this way? Because there is no gradle plugin provided from the Eclipse Dash License tool and the name of the jar file in the repository changes daily. +# Loading it dynamically would requires quite a bit of scripting. So it was ether a script or putting the jar file in the repository. + + +REPO_URL="https://repo.eclipse.org/service/local/repositories/dash-licenses-snapshots/content/org/eclipse/dash/org.eclipse.dash.licenses/1.0.3-SNAPSHOT/" +GROUP_ID="org.eclipse.dash" +ARTIFACT_ID="org.eclipse.dash.licenses" +VERSION="1.0.3-SNAPSHOT" + +# Retrieve the latest JAR file from the repository +JAR_FILE=$(curl -s "${REPO_URL}" | grep -o "${ARTIFACT_ID}-.*\.jar" | sort -V | tail -n 1) + +# Download the JAR file to the current directory +curl -O "${REPO_URL}${JAR_FILE}" + +echo "Downloaded ${JAR_FILE}" + +update DEPENDENCIES file +./gradlew dependencies \ + | grep -Poh "(?<=\s)[\w\.-]+:[\w\.-]+:[^:\s]+" \ + | sort \ + | uniq \ + | java -jar $JAR_FILE -summary DEPENDENCIES - + +grep -q rejected DEPENDENCIES && ( + echo "Restricted dependencies found. Please check DEPENDENCIES file for details." + exit 1 + ) || ( + echo "No restricted dependencies found." + exit 0 + ) diff --git a/update_dependcies.sh b/update_dependcies.sh deleted file mode 100755 index a74ad6d49..000000000 --- a/update_dependcies.sh +++ /dev/null @@ -1,31 +0,0 @@ -# -# /******************************************************************************** -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ********************************************************************************/ -# - -#!/bin/bash - -# download the latest version of the Eclipse Dash License tool -curl --output org.eclipse.dash.licenses.jar \ - https://repo.eclipse.org/service/local/repositories/dash-licenses-snapshots/content/org/eclipse/dash/org.eclipse.dash.licenses/1.0.3-SNAPSHOT/org.eclipse.dash.licenses-1.0.3-20230725.055026-63.jar - -# update DEPENDENCIES file -./gradlew dependencies | grep -Poh "(?<=\s)[\w\.-]+:[\w\.-]+:[^:\s]+" | grep -v "^org\.eclipse" | sort | uniq | - java -jar org.eclipse.dash.licenses.jar -summary DEPENDENCIES - | - grep restricted