Merge branch 'main' into repo_automated-security-fixes

hub4j · Sep 5, 2024 · 0ca1d44 · 0ca1d44
2 parents b3c4d12 + 07b6003
commit 0ca1d44
Show file tree

Hide file tree

Showing 20 changed files with 8,763 additions and 27 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -41,6 +41,12 @@ jobs:
         # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
 
     steps:
+    - name: Set up JDK
+      uses: actions/setup-java@v2
+      with:
+        distribution: 'temurin'
+        java-version: 17
+
     - name: Checkout repository
       uses: actions/checkout@v4
 

diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml
@@ -60,12 +60,14 @@ jobs:
       run: mvn -B clean site -D enable-ci --file pom.xml
   test:
     name: test (${{ matrix.os }}, Java ${{ matrix.java }})
+    # Does not require build output, but orders execution to prevent launching test workflows when simple build fails 
+    needs: build
     runs-on: ${{ matrix.os }}-latest
     strategy:
       fail-fast: false
       matrix:
         os: [ ubuntu, windows ]
-        java: [ 11, 17 ]
+        java: [ 17, 21 ]
     steps:
     - uses: actions/checkout@v4
     - name: Set up JDK
@@ -128,3 +130,22 @@ jobs:
         cache: 'maven'
     - name: Maven Test (no build) Java 8
       run: mvn -B surefire:test -DfailIfNoTests -Dsurefire.excludesFile=src/test/resources/slow-or-flaky-tests.txt
+
+  test-java-11:
+    name: test Java 11 (no-build)
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/download-artifact@v4
+      with:
+        name: maven-target-directory
+        path: target
+    - name: Set up JDK
+      uses: actions/setup-java@v4
+      with:
+        java-version: 8
+        distribution: 'temurin'
+        cache: 'maven'
+    - name: Maven Test (no build) Java 11
+      run: mvn -B surefire:test -DfailIfNoTests -Dsurefire.excludesFile=src/test/resources/slow-or-flaky-tests.txt
diff --git a/pom.xml b/pom.xml
@@ -32,6 +32,7 @@
   </distributionManagement>
 
   <properties>
+    <spring.boot.version>3.3.3</spring.boot.version>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <spotbugs-maven-plugin.version>4.8.6.1</spotbugs-maven-plugin.version>
     <spotbugs.version>4.8.6</spotbugs.version>
@@ -89,7 +90,7 @@
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-help-plugin</artifactId>
-          <version>3.4.0</version>
+          <version>3.5.0</version>
         </plugin>
         <plugin>
           <artifactId>maven-surefire-plugin</artifactId>
@@ -240,33 +241,27 @@
             <autoReleaseAfterClose>true</autoReleaseAfterClose>
           </configuration>
         </plugin>
-        <plugin>
-          <groupId>org.codehaus.mojo</groupId>
-          <artifactId>animal-sniffer-maven-plugin</artifactId>
-          <version>1.22</version>
-          <configuration>
-            <signature>
-              <groupId>org.codehaus.mojo.signature</groupId>
-              <artifactId>java18</artifactId>
-              <version>1.0</version>
-            </signature>
-            <ignores>
-              java.net.http.*
-            </ignores>
-          </configuration>
-          <executions>
-            <execution>
-              <id>ensure-java-1.8-class-library</id>
-              <phase>test</phase>
-              <goals>
-                <goal>check</goal>
-              </goals>
-            </execution>
-          </executions>
-        </plugin>
       </plugins>
     </pluginManagement>
     <plugins>
+      <!--
+      This plugin is used to generate AOT metadata during tests so that it can be
+      compared against those in META-INF/native-image/org.kohsuke/github-api/*.
+      The tests are located in src/test/java/org.kohsuke.aot
+      -->
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+        <version>${spring.boot.version}</version>
+        <executions>
+          <execution>
+            <id>process-test-aot</id>
+            <goals>
+              <goal>process-test-aot</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-site-plugin</artifactId>
@@ -497,6 +492,16 @@
       <version>${hamcrest.version}</version>
       <scope>test</scope>
     </dependency>
+    <!--
+    This plugin is used to start a spring boot application during tests
+    to generate AOT metadata. See also spring-boot-maven-plugin
+    -->
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <version>${spring.boot.version}</version>
+      <scope>test</scope>
+    </dependency>
     <!-- This is needed in order to force junit4 and JTH tests to use newer hamcrest version -->
     <dependency>
       <groupId>org.hamcrest</groupId>
@@ -528,6 +533,13 @@
       <version>4.2.1</version>
       <scope>test</scope>
     </dependency>
+    <!-- junit vintage engine is used because junit4 and junit5 tests are required -->
+    <dependency>
+      <groupId>org.junit.vintage</groupId>
+      <artifactId>junit-vintage-engine</artifactId>
+      <version>5.10.2</version>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>com.fasterxml.jackson.core</groupId>
       <artifactId>jackson-databind</artifactId>
@@ -653,7 +665,7 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-simple</artifactId>
-      <version>2.0.13</version>
+      <version>2.0.16</version>
       <scope>test</scope>
     </dependency>
   </dependencies>

diff --git a/src/main/java/org/kohsuke/github/GHRepository.java b/src/main/java/org/kohsuke/github/GHRepository.java
@@ -3745,6 +3745,21 @@ public PagedIterable<GHRepositoryRule> listRulesForBranch(String branch) throws
                 .toIterable(GHRepositoryRule[].class, null);
     }
 
+    /**
+     * Check, if vulnerability alerts are enabled for this repository
+     * (https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#check-if-vulnerability-alerts-are-enabled-for-a-repository).
+     *
+     * @return true, if vulnerability alerts are enabled
+     * @throws IOException
+     *             the io exception
+     */
+    public boolean isVulnerabilityAlertsEnabled() throws IOException {
+        return root().createRequest()
+                .method("GET")
+                .withUrlPath(getApiTailUrl("/vulnerability-alerts"))
+                .fetchHttpStatusCode() == 204;
+    }
+
     /**
      * A {@link GHRepositoryBuilder} that allows multiple properties to be updated per request.
      *