From f99517e84de86c4e5d2d89273d3d146658e512c7 Mon Sep 17 00:00:00 2001 From: Martin Wittlinger Date: Thu, 31 Aug 2023 16:10:55 +0200 Subject: [PATCH] =?UTF-8?q?feat:=20=E2=9C=A8=20Add=20the=20concept=20of=20?= =?UTF-8?q?different=20default=20checksum=20algorithms=20depending=20on=20?= =?UTF-8?q?the=20trust=20source=20(#398)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: MartinWitt --- README.md | 2 +- .../maven_lockfile/AbstractLockfileMojo.java | 19 +++++---- .../maven_lockfile/GenerateLockFileMojo.java | 11 +++-- .../maven_lockfile/LockFileFacade.java | 18 ++++---- .../maven_lockfile/ValidateChecksumMojo.java | 13 +++--- .../checksum/AbstractChecksumCalculator.java | 8 +++- .../FileSystemChecksumCalculator.java | 5 +++ .../checksum/RemoteChecksumCalculator.java | 5 +++ .../maven_lockfile/data/Config.java | 7 +++- .../data/{Metadata.java => Environment.java} | 8 ++-- .../maven_lockfile/data/LockFile.java | 17 ++++---- .../maven_lockfile/data/MetaData.java | 26 ++++++++++++ .../maven_lockfile/graph/DependencyNode.java | 26 ++++++++---- .../reporting/LockFileDifference.java | 8 ++-- .../maven_lockfile/JsonUtilsTest.java | 27 ++++++++++++ .../src/test/java/it/IntegrationTestsIT.java | 6 ++- .../freezeJunit/lockfile.json | 42 ++++++++++++------- .../lockfile.json | 42 ++++++++++++------- .../lockfile.json | 42 ++++++++++++------- template/README.md | 2 +- 20 files changed, 234 insertions(+), 100 deletions(-) rename maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/{Metadata.java => Environment.java} (88%) create mode 100644 maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/MetaData.java create mode 100644 maven_plugin/src/test/java/io/github/chains_project/maven_lockfile/JsonUtilsTest.java diff --git a/README.md b/README.md index ad796c37..063fe994 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ If you invoke build afterward, the exact versions from the lockfile are used. - `reduced` will reduce the lockfile only containing the dependencies after dependency resolution conflicts are resolved. This format is smaller, and easier to review and read. Only use this if you do not need the full dependency tree. - `includeMavenPlugins` will include the maven plugins in the lockfile. This is useful if you want to validate the Maven plugins as well. -- `checksumAlgorithm` will set the checksum algorithm used to generate the lockfile. The default is `SHA-256`. +- `checksumAlgorithm` will set the checksum algorithm used to generate the lockfile. The default depends on your checksum mode. - `checksumMode` will set the checksum mode used to generate the lockfile. See [Checksum Modes](/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/ChecksumModes.java) for more information. - `skip` will skip the execution of the plugin. This is useful if you would like to disable the plugin for a specific module. - `getConfigFromFile` will read the configuration of maven lockfile from the existing lockfile. diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/AbstractLockfileMojo.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/AbstractLockfileMojo.java index c59b110f..c7c7756c 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/AbstractLockfileMojo.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/AbstractLockfileMojo.java @@ -1,10 +1,11 @@ package io.github.chains_project.maven_lockfile; +import com.google.common.base.Strings; import io.github.chains_project.maven_lockfile.checksum.AbstractChecksumCalculator; import io.github.chains_project.maven_lockfile.checksum.FileSystemChecksumCalculator; import io.github.chains_project.maven_lockfile.checksum.RemoteChecksumCalculator; import io.github.chains_project.maven_lockfile.data.Config; -import io.github.chains_project.maven_lockfile.data.Metadata; +import io.github.chains_project.maven_lockfile.data.Environment; import org.apache.maven.execution.MavenSession; import org.apache.maven.plugin.AbstractMojo; import org.apache.maven.plugin.MojoExecution; @@ -37,7 +38,7 @@ public abstract class AbstractLockfileMojo extends AbstractMojo { @Component protected DependencyResolver dependencyResolver; - @Parameter(defaultValue = "false", property = "includeMavenPlugins") + @Parameter(property = "includeMavenPlugins") protected String includeMavenPlugins; @Parameter(defaultValue = "${maven.version}") @@ -46,13 +47,13 @@ public abstract class AbstractLockfileMojo extends AbstractMojo { @Parameter(defaultValue = "${java.version}") protected String javaVersion; - @Parameter(defaultValue = "sha1", property = "checksumAlgorithm") + @Parameter(property = "checksumAlgorithm") protected String checksumAlgorithm; @Parameter(defaultValue = "maven_local", property = "checksumMode") protected String checksumMode; - @Parameter(defaultValue = "false", property = "reduced") + @Parameter(property = "reduced") protected String reduced; @Parameter(defaultValue = "false", property = "skip") @@ -61,9 +62,9 @@ public abstract class AbstractLockfileMojo extends AbstractMojo { @Parameter(defaultValue = "${mojoExecution}", readonly = true) protected MojoExecution mojo; - protected Metadata generateMetaInformation() { + protected Environment generateMetaInformation() { String osName = System.getProperty("os.name"); - return new Metadata(osName, mavenVersion, javaVersion); + return new Environment(osName, mavenVersion, javaVersion); } protected AbstractChecksumCalculator getChecksumCalculator() throws MojoExecutionException { @@ -91,11 +92,13 @@ protected AbstractChecksumCalculator getChecksumCalculator(Config config) throws } protected Config getConfig() { + String chosenAlgo = Strings.isNullOrEmpty(checksumAlgorithm) ? "SHA-256" : checksumAlgorithm; + String chosenMode = Strings.isNullOrEmpty(checksumMode) ? "maven_local" : checksumMode; return new Config( Boolean.parseBoolean(includeMavenPlugins), Boolean.parseBoolean(reduced), mojo.getPlugin().getVersion(), - checksumMode, - checksumAlgorithm); + chosenMode, + chosenAlgo); } } diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/GenerateLockFileMojo.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/GenerateLockFileMojo.java index f3c7ed0d..589b3687 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/GenerateLockFileMojo.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/GenerateLockFileMojo.java @@ -4,8 +4,9 @@ import io.github.chains_project.maven_lockfile.checksum.AbstractChecksumCalculator; import io.github.chains_project.maven_lockfile.data.Config; +import io.github.chains_project.maven_lockfile.data.Environment; import io.github.chains_project.maven_lockfile.data.LockFile; -import io.github.chains_project.maven_lockfile.data.Metadata; +import io.github.chains_project.maven_lockfile.data.MetaData; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; @@ -39,16 +40,18 @@ public void execute() throws MojoExecutionException { getLog().info("Skipping maven-lockfile"); } try { - Metadata metadata = generateMetaInformation(); + Environment environment = generateMetaInformation(); LockFile lockFileFromFile = Files.exists(getLockFilePath(project)) ? LockFile.readLockFile(getLockFilePath(project)) : null; - Config config = getConfig(lockFileFromFile); + Config config = Boolean.parseBoolean(getConfigFromFile) ? getConfig(lockFileFromFile) : getConfig(); + MetaData metaData = new MetaData(environment, config); + if (lockFileFromFile == null) { getLog().info("No lockfile found. Generating new lockfile."); } AbstractChecksumCalculator checksumCalculator = getChecksumCalculator(config); LockFile lockFile = LockFileFacade.generateLockFileFromProject( - session, project, dependencyCollectorBuilder, checksumCalculator, config, metadata); + session, project, dependencyCollectorBuilder, checksumCalculator, metaData); Path lockFilePath = LockFileFacade.getLockFilePath(project); Files.writeString(lockFilePath, JsonUtils.toJson(lockFile)); diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java index 935996b3..4e6408e9 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/LockFileFacade.java @@ -4,11 +4,10 @@ import com.google.common.graph.MutableGraph; import io.github.chains_project.maven_lockfile.checksum.AbstractChecksumCalculator; import io.github.chains_project.maven_lockfile.data.ArtifactId; -import io.github.chains_project.maven_lockfile.data.Config; import io.github.chains_project.maven_lockfile.data.GroupId; import io.github.chains_project.maven_lockfile.data.LockFile; import io.github.chains_project.maven_lockfile.data.MavenPlugin; -import io.github.chains_project.maven_lockfile.data.Metadata; +import io.github.chains_project.maven_lockfile.data.MetaData; import io.github.chains_project.maven_lockfile.data.VersionNumber; import io.github.chains_project.maven_lockfile.graph.DependencyGraph; import java.nio.file.Path; @@ -76,7 +75,6 @@ private LockFileFacade() { * @param project The project to generate a lock file for. * @param dependencyCollectorBuilder The dependency collector builder to use for generating the dependency graph. * @param checksumCalculator The checksum calculator to use for calculating the checksums of the artifacts. - * @param config The config to use for generating the lock file. * @param metadata The metadata to include in the lock file. * @return A lock file for the project. */ @@ -85,16 +83,19 @@ public static LockFile generateLockFileFromProject( MavenProject project, DependencyCollectorBuilder dependencyCollectorBuilder, AbstractChecksumCalculator checksumCalculator, - Config config, - Metadata metadata) { + MetaData metadata) { LOGGER.info("Generating lock file for project " + project.getArtifactId()); List plugins = new ArrayList<>(); - if (config.isIncludeMavenPlugins()) { + if (metadata.getConfig().isIncludeMavenPlugins()) { plugins = getAllPlugins(project); } // Get all the artifacts for the dependencies in the project var graph = LockFileFacade.graph( - session, project, dependencyCollectorBuilder, checksumCalculator, config.isReduced()); + session, + project, + dependencyCollectorBuilder, + checksumCalculator, + metadata.getConfig().isReduced()); var roots = graph.getGraph().stream().filter(v -> v.getParent() == null).collect(Collectors.toList()); return new LockFile( GroupId.of(project.getGroupId()), @@ -102,8 +103,7 @@ public static LockFile generateLockFileFromProject( VersionNumber.of(project.getVersion()), roots, plugins, - metadata, - config); + metadata); } private static List getAllPlugins(MavenProject project) { diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/ValidateChecksumMojo.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/ValidateChecksumMojo.java index 203a0411..ab690cc4 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/ValidateChecksumMojo.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/ValidateChecksumMojo.java @@ -4,8 +4,9 @@ import io.github.chains_project.maven_lockfile.checksum.AbstractChecksumCalculator; import io.github.chains_project.maven_lockfile.data.Config; +import io.github.chains_project.maven_lockfile.data.Environment; import io.github.chains_project.maven_lockfile.data.LockFile; -import io.github.chains_project.maven_lockfile.data.Metadata; +import io.github.chains_project.maven_lockfile.data.MetaData; import io.github.chains_project.maven_lockfile.reporting.LockFileDifference; import java.io.IOException; import java.util.Objects; @@ -35,16 +36,18 @@ public void execute() throws MojoExecutionException { getLog().info("Skipping maven-lockfile"); } try { - Metadata metadata = generateMetaInformation(); + Environment environment = generateMetaInformation(); + LockFile lockFileFromFile = LockFile.readLockFile(getLockFilePath(project)); Config config = lockFileFromFile.getConfig() == null ? getConfig() : lockFileFromFile.getConfig(); + MetaData metaData = new MetaData(environment, config); getLog().warn("No config was found in the lock file. Using default config."); AbstractChecksumCalculator checksumCalculator = getChecksumCalculator(config); LockFile lockFileFromProject = LockFileFacade.generateLockFileFromProject( - session, project, dependencyCollectorBuilder, checksumCalculator, config, metadata); - if (!Objects.equals(lockFileFromFile.getMetadata(), lockFileFromProject.getMetadata())) { + session, project, dependencyCollectorBuilder, checksumCalculator, metaData); + if (!Objects.equals(lockFileFromFile.getEnvironment(), lockFileFromProject.getEnvironment())) { getLog().warn( - "Lock file metadata does not match project metadata. This could be due to a change in the environment."); + "Lock file environment does not match project environment. This could be due to a change in the environment."); } if (!lockFileFromFile.equals(lockFileFromProject)) { var diff = LockFileDifference.diff(lockFileFromFile, lockFileFromProject); diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/AbstractChecksumCalculator.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/AbstractChecksumCalculator.java index ecbb816f..971935e2 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/AbstractChecksumCalculator.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/AbstractChecksumCalculator.java @@ -7,7 +7,11 @@ public abstract class AbstractChecksumCalculator { protected String checksumAlgorithm; AbstractChecksumCalculator(String checksumAlgorithm) { - this.checksumAlgorithm = checksumAlgorithm; + if (checksumAlgorithm == null || checksumAlgorithm.isEmpty()) { + this.checksumAlgorithm = getDefaultChecksumAlgorithm(); + } else { + this.checksumAlgorithm = checksumAlgorithm; + } } /** @@ -18,4 +22,6 @@ public String getChecksumAlgorithm() { } public abstract String calculateChecksum(Artifact artifact); + + public abstract String getDefaultChecksumAlgorithm(); } diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/FileSystemChecksumCalculator.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/FileSystemChecksumCalculator.java index b4bb6ac7..ec7ab394 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/FileSystemChecksumCalculator.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/FileSystemChecksumCalculator.java @@ -74,4 +74,9 @@ private Optional calculateChecksumInternal(Artifact artifact) { public String calculateChecksum(Artifact artifact) { return calculateChecksumInternal(resolveDependency(artifact)).orElse(""); } + + @Override + public String getDefaultChecksumAlgorithm() { + return "SHA-256"; + } } diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/RemoteChecksumCalculator.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/RemoteChecksumCalculator.java index 9b08aedb..44b40809 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/RemoteChecksumCalculator.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/RemoteChecksumCalculator.java @@ -39,4 +39,9 @@ public String calculateChecksum(Artifact artifact) { throw new RuntimeException("Could not resolve artifact: " + artifact.getArtifactId(), e); } } + + @Override + public String getDefaultChecksumAlgorithm() { + return "sha1"; + } } diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Config.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Config.java index c04808d4..4e159f90 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Config.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Config.java @@ -1,5 +1,8 @@ package io.github.chains_project.maven_lockfile.data; +import io.github.chains_project.maven_lockfile.checksum.ChecksumModes; +import io.github.chains_project.maven_lockfile.checksum.FileSystemChecksumCalculator; + public class Config { private final boolean includeMavenPlugins; @@ -25,8 +28,8 @@ public Config() { this.includeMavenPlugins = false; this.reduced = false; this.mavenLockfileVersion = "1"; - this.checksumMode = "maven_local"; - this.checksumAlgorithm = "sha1"; + this.checksumMode = ChecksumModes.MAVEN_LOCAL.name(); + this.checksumAlgorithm = new FileSystemChecksumCalculator(null, null, null).getDefaultChecksumAlgorithm(); } /** * @return the includeMavenPlugins diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Metadata.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Environment.java similarity index 88% rename from maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Metadata.java rename to maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Environment.java index 476e1703..88edf442 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Metadata.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/Environment.java @@ -5,13 +5,13 @@ /** * Metadata about the environment in which the lock file was generated. This includes the OS name, the Maven version and the Java version. */ -public class Metadata { +public class Environment { private final String osName; private final String mavenVersion; private final String javaVersion; - public Metadata(String osName, String mavenVersion, String javaVersion) { + public Environment(String osName, String mavenVersion, String javaVersion) { this.osName = osName; this.mavenVersion = mavenVersion; this.javaVersion = javaVersion; @@ -51,10 +51,10 @@ public boolean equals(Object obj) { if (this == obj) { return true; } - if (!(obj instanceof Metadata)) { + if (!(obj instanceof Environment)) { return false; } - Metadata other = (Metadata) obj; + Environment other = (Environment) obj; return Objects.equals(osName, other.osName) && Objects.equals(mavenVersion, other.mavenVersion) && Objects.equals(javaVersion, other.javaVersion); diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/LockFile.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/LockFile.java index 3398635f..2c04346f 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/LockFile.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/LockFile.java @@ -34,8 +34,7 @@ public class LockFile { private final List mavenPlugins; - private final Metadata metadata; - private final Config config; + private final MetaData metaData; public LockFile( GroupId groupId, @@ -43,15 +42,13 @@ public LockFile( VersionNumber versionNumber, List dependencies, List mavenPlugins, - Metadata metadata, - Config config) { + MetaData metaData) { this.dependencies = dependencies == null ? Collections.emptyList() : dependencies; this.name = name; this.version = versionNumber; this.groupId = groupId; this.mavenPlugins = mavenPlugins == null ? Collections.emptyList() : mavenPlugins; - this.metadata = metadata; - this.config = config; + this.metaData = metaData; } /** * Create a lock file object from a serialized JSON string. @@ -97,8 +94,8 @@ public List getMavenPlugins() { /** * @return the metadata about the environment in which the lock file was generated */ - public Metadata getMetadata() { - return metadata; + public Environment getEnvironment() { + return metaData.getEnvironment(); } /** @@ -106,7 +103,7 @@ public Metadata getMetadata() { */ @Nullable public Config getConfig() { - return config; + return metaData.getConfig(); } @Override @@ -127,7 +124,7 @@ public boolean equals(Object obj) { && Objects.equals(groupId, other.groupId) && Objects.equals(version, other.version) && lockfileVersion == other.lockfileVersion - && Objects.equals(dependencies, other.dependencies) + && Objects.equals(nullToEmpty(dependencies), nullToEmpty(other.dependencies)) && Objects.equals(nullToEmpty(mavenPlugins), nullToEmpty(other.mavenPlugins)); } diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/MetaData.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/MetaData.java new file mode 100644 index 00000000..65382469 --- /dev/null +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/data/MetaData.java @@ -0,0 +1,26 @@ +package io.github.chains_project.maven_lockfile.data; + +public class MetaData { + + private final Environment environment; + private final Config config; + + public MetaData(Environment environment, Config config) { + this.environment = environment; + this.config = config; + } + + /** + * @return the config + */ + public Config getConfig() { + return config; + } + + /** + * @return the environment + */ + public Environment getEnvironment() { + return environment; + } +} diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java index 054da068..34e537aa 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/graph/DependencyNode.java @@ -128,7 +128,17 @@ public String getSelectedVersion() { @Override public int hashCode() { - return Objects.hash(artifactId, groupId, version, parent, children, checksum); + return Objects.hash( + groupId, + artifactId, + version, + checksumAlgorithm, + checksum, + scope, + selectedVersion, + id, + parent, + children); } @Override @@ -140,14 +150,16 @@ public boolean equals(Object obj) { return false; } DependencyNode other = (DependencyNode) obj; - return Objects.equals(artifactId, other.artifactId) - && Objects.equals(groupId, other.groupId) + return Objects.equals(groupId, other.groupId) + && Objects.equals(artifactId, other.artifactId) && Objects.equals(version, other.version) - && Objects.equals(parent, other.parent) - && Objects.equals(children, other.children) - && Objects.equals(checksum, other.checksum) && Objects.equals(checksumAlgorithm, other.checksumAlgorithm) - && Objects.equals(scope, other.scope); + && Objects.equals(checksum, other.checksum) + && scope == other.scope + && Objects.equals(selectedVersion, other.selectedVersion) + && Objects.equals(id, other.id) + && Objects.equals(parent, other.parent) + && Objects.equals(children, other.children); } @Override diff --git a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/reporting/LockFileDifference.java b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/reporting/LockFileDifference.java index 6ebb11e9..bbbe1dcc 100644 --- a/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/reporting/LockFileDifference.java +++ b/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/reporting/LockFileDifference.java @@ -45,25 +45,25 @@ public static LockFileDifference diff(LockFile lockFileFromFile, LockFile lockFi * @return the missingDependenciesInFile */ public Set getMissingDependenciesInFile() { - return missingDependenciesInFile; + return new HashSet<>(missingDependenciesInFile); } /** * @return the missingDependenciesInProject */ public Set getMissingDependenciesInProject() { - return missingDependenciesInProject; + return new HashSet<>(missingDependenciesInProject); } /** * @return the missingPluginsInFile */ public Set getMissingPluginsInFile() { - return missingPluginsInFile; + return new HashSet<>(missingPluginsInFile); } /** * @return the missingPluginsInProject */ public Set getMissingPluginsInProject() { - return missingPluginsInProject; + return new HashSet<>(missingPluginsInProject); } } diff --git a/maven_plugin/src/test/java/io/github/chains_project/maven_lockfile/JsonUtilsTest.java b/maven_plugin/src/test/java/io/github/chains_project/maven_lockfile/JsonUtilsTest.java new file mode 100644 index 00000000..4d406991 --- /dev/null +++ b/maven_plugin/src/test/java/io/github/chains_project/maven_lockfile/JsonUtilsTest.java @@ -0,0 +1,27 @@ +package io.github.chains_project.maven_lockfile; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotEquals; + +import com.google.common.collect.Sets; +import io.github.chains_project.maven_lockfile.graph.DependencyNode; +import java.util.HashSet; +import java.util.Set; +import org.instancio.Instancio; +import org.junit.jupiter.api.Test; + +public class JsonUtilsTest { + + @Test + void set_view_to_json_does_not_return_null() { + + Instancio.create(DependencyNode.class); + Set set = new HashSet<>(); + set.add(Instancio.create(DependencyNode.class)); + Set set2 = new HashSet<>(); + set2.add(Instancio.create(DependencyNode.class)); + var result = new HashSet<>(Sets.difference(set, set2)); + assertEquals(result.size(), 1); + assertNotEquals(JsonUtils.toJson(result), "null"); + } +} diff --git a/maven_plugin/src/test/java/it/IntegrationTestsIT.java b/maven_plugin/src/test/java/it/IntegrationTestsIT.java index 11eb3cfa..65ab3587 100644 --- a/maven_plugin/src/test/java/it/IntegrationTestsIT.java +++ b/maven_plugin/src/test/java/it/IntegrationTestsIT.java @@ -39,7 +39,8 @@ public void singleDependency(MavenExecutionResult result) throws Exception { assertThat(junitDep.getArtifactId()).extracting(v -> v.getValue()).isEqualTo("spoon-core"); assertThat(junitDep.getGroupId()).extracting(v -> v.getValue()).isEqualTo("fr.inria.gforge.spoon"); assertThat(junitDep.getVersion()).extracting(v -> v.getValue()).isEqualTo("10.3.0"); - assertThat(junitDep.getChecksum()).isEqualTo("d94722f53c95e49d8c1628708e3a168dc748e956"); + assertThat(junitDep.getChecksum()) + .isEqualTo("37a43de039cf9a6701777106e3c5921e7131e5417fa707709abf791d3d8d9174"); } @MavenTest @@ -54,7 +55,8 @@ public void singleDependencyCheckCorrect(MavenExecutionResult result) throws Exc assertThat(junitDep.getArtifactId()).extracting(v -> v.getValue()).isEqualTo("junit-jupiter-api"); assertThat(junitDep.getGroupId()).extracting(v -> v.getValue()).isEqualTo("org.junit.jupiter"); assertThat(junitDep.getVersion()).extracting(v -> v.getValue()).isEqualTo("5.9.2"); - assertThat(junitDep.getChecksum()).isEqualTo("fed843581520eac594bc36bb4b0f55e7b947dda9"); + assertThat(junitDep.getChecksum()) + .isEqualTo("f767a170f97127b0ad3582bf3358eabbbbe981d9f96411853e629d9276926fd5"); } @MavenTest diff --git a/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/freezeJunit/lockfile.json b/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/freezeJunit/lockfile.json index 47d71990..5e7e8491 100644 --- a/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/freezeJunit/lockfile.json +++ b/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/freezeJunit/lockfile.json @@ -8,18 +8,20 @@ "groupId": "org.junit.jupiter", "artifactId": "junit-jupiter-api", "version": "5.9.2", - "checksumAlgorithm": "sha1", - "checksum": "fed843581520eac594bc36bb4b0f55e7b947dda9", + "checksumAlgorithm": "SHA-256", + "checksum": "f767a170f97127b0ad3582bf3358eabbbbe981d9f96411853e629d9276926fd5", "scope": "test", + "selectedVersion": "5.9.2", "id": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [ { "groupId": "org.apiguardian", "artifactId": "apiguardian-api", "version": "1.1.2", - "checksumAlgorithm": "sha1", - "checksum": "a231e0d844d2721b0fa1b238006d15c6ded6842a", + "checksumAlgorithm": "SHA-256", + "checksum": "b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38", "scope": "test", + "selectedVersion": "1.1.2", "id": "org.apiguardian:apiguardian-api:1.1.2", "parent": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [] @@ -28,9 +30,10 @@ "groupId": "org.junit.platform", "artifactId": "junit-platform-commons", "version": "1.9.2", - "checksumAlgorithm": "sha1", - "checksum": "6f9f8621d8230cd38aa42e58ccbc0c00569131ce", + "checksumAlgorithm": "SHA-256", + "checksum": "624a3d745ef1d28e955a6a67af8edba0fdfc5c9bad680a73f67a70bb950a683d", "scope": "test", + "selectedVersion": "1.9.2", "id": "org.junit.platform:junit-platform-commons:1.9.2", "parent": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [ @@ -38,9 +41,10 @@ "groupId": "org.apiguardian", "artifactId": "apiguardian-api", "version": "1.1.2", - "checksumAlgorithm": "sha1", - "checksum": "a231e0d844d2721b0fa1b238006d15c6ded6842a", + "checksumAlgorithm": "SHA-256", + "checksum": "b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38", "scope": "test", + "selectedVersion": "1.1.2", "id": "org.apiguardian:apiguardian-api:1.1.2", "parent": "org.junit.platform:junit-platform-commons:1.9.2", "children": [] @@ -51,9 +55,10 @@ "groupId": "org.opentest4j", "artifactId": "opentest4j", "version": "1.2.0", - "checksumAlgorithm": "sha1", - "checksum": "28c11eb91f9b6d8e200631d46e20a7f407f2a046", + "checksumAlgorithm": "SHA-256", + "checksum": "58812de60898d976fb81ef3b62da05c6604c18fd4a249f5044282479fc286af2", "scope": "test", + "selectedVersion": "1.2.0", "id": "org.opentest4j:opentest4j:1.2.0", "parent": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [] @@ -62,9 +67,18 @@ } ], "mavenPlugins": [], - "metadata": { - "osName": "Windows 11", - "mavenVersion": "3.9.1", - "javaVersion": "19.0.2" + "metaData": { + "environment": { + "osName": "Windows 11", + "mavenVersion": "3.9.1", + "javaVersion": "19.0.2" + }, + "config": { + "includeMavenPlugins": false, + "reduced": false, + "mavenLockfileVersion": "4.1.1-SNAPSHOT", + "checksumMode": "maven_local", + "checksumAlgorithm": "SHA-256" + } } } \ No newline at end of file diff --git a/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/singleDependencyCheckCorrect/lockfile.json b/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/singleDependencyCheckCorrect/lockfile.json index 47d71990..5e7e8491 100644 --- a/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/singleDependencyCheckCorrect/lockfile.json +++ b/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/singleDependencyCheckCorrect/lockfile.json @@ -8,18 +8,20 @@ "groupId": "org.junit.jupiter", "artifactId": "junit-jupiter-api", "version": "5.9.2", - "checksumAlgorithm": "sha1", - "checksum": "fed843581520eac594bc36bb4b0f55e7b947dda9", + "checksumAlgorithm": "SHA-256", + "checksum": "f767a170f97127b0ad3582bf3358eabbbbe981d9f96411853e629d9276926fd5", "scope": "test", + "selectedVersion": "5.9.2", "id": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [ { "groupId": "org.apiguardian", "artifactId": "apiguardian-api", "version": "1.1.2", - "checksumAlgorithm": "sha1", - "checksum": "a231e0d844d2721b0fa1b238006d15c6ded6842a", + "checksumAlgorithm": "SHA-256", + "checksum": "b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38", "scope": "test", + "selectedVersion": "1.1.2", "id": "org.apiguardian:apiguardian-api:1.1.2", "parent": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [] @@ -28,9 +30,10 @@ "groupId": "org.junit.platform", "artifactId": "junit-platform-commons", "version": "1.9.2", - "checksumAlgorithm": "sha1", - "checksum": "6f9f8621d8230cd38aa42e58ccbc0c00569131ce", + "checksumAlgorithm": "SHA-256", + "checksum": "624a3d745ef1d28e955a6a67af8edba0fdfc5c9bad680a73f67a70bb950a683d", "scope": "test", + "selectedVersion": "1.9.2", "id": "org.junit.platform:junit-platform-commons:1.9.2", "parent": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [ @@ -38,9 +41,10 @@ "groupId": "org.apiguardian", "artifactId": "apiguardian-api", "version": "1.1.2", - "checksumAlgorithm": "sha1", - "checksum": "a231e0d844d2721b0fa1b238006d15c6ded6842a", + "checksumAlgorithm": "SHA-256", + "checksum": "b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38", "scope": "test", + "selectedVersion": "1.1.2", "id": "org.apiguardian:apiguardian-api:1.1.2", "parent": "org.junit.platform:junit-platform-commons:1.9.2", "children": [] @@ -51,9 +55,10 @@ "groupId": "org.opentest4j", "artifactId": "opentest4j", "version": "1.2.0", - "checksumAlgorithm": "sha1", - "checksum": "28c11eb91f9b6d8e200631d46e20a7f407f2a046", + "checksumAlgorithm": "SHA-256", + "checksum": "58812de60898d976fb81ef3b62da05c6604c18fd4a249f5044282479fc286af2", "scope": "test", + "selectedVersion": "1.2.0", "id": "org.opentest4j:opentest4j:1.2.0", "parent": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [] @@ -62,9 +67,18 @@ } ], "mavenPlugins": [], - "metadata": { - "osName": "Windows 11", - "mavenVersion": "3.9.1", - "javaVersion": "19.0.2" + "metaData": { + "environment": { + "osName": "Windows 11", + "mavenVersion": "3.9.1", + "javaVersion": "19.0.2" + }, + "config": { + "includeMavenPlugins": false, + "reduced": false, + "mavenLockfileVersion": "4.1.1-SNAPSHOT", + "checksumMode": "maven_local", + "checksumAlgorithm": "SHA-256" + } } } \ No newline at end of file diff --git a/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/singleDependencyCheckMustFail/lockfile.json b/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/singleDependencyCheckMustFail/lockfile.json index 0b60ad31..674ee142 100644 --- a/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/singleDependencyCheckMustFail/lockfile.json +++ b/maven_plugin/src/test/resources-its/it/IntegrationTestsIT/singleDependencyCheckMustFail/lockfile.json @@ -8,18 +8,20 @@ "groupId": "org.junit.jupiter", "artifactId": "junit-jupiter-api", "version": "5.9.2", - "checksumAlgorithm": "sha1", - "checksum": "fed843581520eac594bc36bb4b0f55e7b947dda9", + "checksumAlgorithm": "SHA-256", + "checksum": "f767a170f97127b0ad3582bf3358eabbbbe981d9f96411853e629d9276926fd5_TEMPER_ATTACK", "scope": "test", + "selectedVersion": "5.9.2", "id": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [ { "groupId": "org.apiguardian", "artifactId": "apiguardian-api", "version": "1.1.2", - "checksumAlgorithm": "sha1", - "checksum": "a231e0d844d2721b0fa1b238006d15c6ded6842aaaaa", + "checksumAlgorithm": "SHA-256", + "checksum": "b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38", "scope": "test", + "selectedVersion": "1.1.2", "id": "org.apiguardian:apiguardian-api:1.1.2", "parent": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [] @@ -28,9 +30,10 @@ "groupId": "org.junit.platform", "artifactId": "junit-platform-commons", "version": "1.9.2", - "checksumAlgorithm": "sha1", - "checksum": "6f9f8621d8230cd38aa42e58ccbc0c00569131ce", + "checksumAlgorithm": "SHA-256", + "checksum": "624a3d745ef1d28e955a6a67af8edba0fdfc5c9bad680a73f67a70bb950a683d", "scope": "test", + "selectedVersion": "1.9.2", "id": "org.junit.platform:junit-platform-commons:1.9.2", "parent": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [ @@ -38,9 +41,10 @@ "groupId": "org.apiguardian", "artifactId": "apiguardian-api", "version": "1.1.2", - "checksumAlgorithm": "sha1", - "checksum": "a231e0d844d2721b0fa1b238006d15c6ded6842a", + "checksumAlgorithm": "SHA-256", + "checksum": "b509448ac506d607319f182537f0b35d71007582ec741832a1f111e5b5b70b38", "scope": "test", + "selectedVersion": "1.1.2", "id": "org.apiguardian:apiguardian-api:1.1.2", "parent": "org.junit.platform:junit-platform-commons:1.9.2", "children": [] @@ -51,9 +55,10 @@ "groupId": "org.opentest4j", "artifactId": "opentest4j", "version": "1.2.0", - "checksumAlgorithm": "sha1", - "checksum": "28c11eb91f9b6d8e200631d46e20a7f407f2a046", + "checksumAlgorithm": "SHA-256", + "checksum": "58812de60898d976fb81ef3b62da05c6604c18fd4a249f5044282479fc286af2", "scope": "test", + "selectedVersion": "1.2.0", "id": "org.opentest4j:opentest4j:1.2.0", "parent": "org.junit.jupiter:junit-jupiter-api:5.9.2", "children": [] @@ -62,9 +67,18 @@ } ], "mavenPlugins": [], - "metadata": { - "osName": "Windows 11", - "mavenVersion": "3.9.1", - "javaVersion": "19.0.2" + "metaData": { + "environment": { + "osName": "Windows 11", + "mavenVersion": "3.9.1", + "javaVersion": "19.0.2" + }, + "config": { + "includeMavenPlugins": false, + "reduced": false, + "mavenLockfileVersion": "4.1.1-SNAPSHOT", + "checksumMode": "maven_local", + "checksumAlgorithm": "SHA-256" + } } } \ No newline at end of file diff --git a/template/README.md b/template/README.md index 857bcfee..6649e90b 100644 --- a/template/README.md +++ b/template/README.md @@ -65,7 +65,7 @@ If you invoke build afterward, the exact versions from the lockfile are used. - `reduced` will reduce the lockfile only containing the dependencies after dependency resolution conflicts are resolved. This format is smaller, and easier to review and read. Only use this if you do not need the full dependency tree. - `includeMavenPlugins` will include the maven plugins in the lockfile. This is useful if you want to validate the Maven plugins as well. -- `checksumAlgorithm` will set the checksum algorithm used to generate the lockfile. The default is `SHA-256`. +- `checksumAlgorithm` will set the checksum algorithm used to generate the lockfile. The default depends on your checksum mode. - `checksumMode` will set the checksum mode used to generate the lockfile. See [Checksum Modes](/maven_plugin/src/main/java/io/github/chains_project/maven_lockfile/checksum/ChecksumModes.java) for more information. - `skip` will skip the execution of the plugin. This is useful if you would like to disable the plugin for a specific module. - `getConfigFromFile` will read the configuration of maven lockfile from the existing lockfile.