Closed StefanKock closed 1 year ago
I tried to update the swagger
libraries as well as the swagger-maven-plugin
but I was running in all sorts of problems including the generated openapi documentation being nearly empty. https://github.com/kbuntrock/openapi-maven-plugin seems to be the only alternative which is currently maintained.
I'm done with the server side stack and Maven plugins (all changes on PR #11257 to be continued). Someone needs to pick this ticket up for the android and gradle part.
I updated the PR to the current state of development and updated versions that were outdated after 2022-12-27.
I added another dependency update that was overlooked:
org.geotools:gt-shapefile ............................... 26.2 -> 28.0
org.geotools:gt-shapefile ............................... 26.2 -> 28.2
@StefanKock Let's include spring expression update 5.3.23 -> 5.3.27 https://spring.io/security/cve-2023-20863
@StefanKock Let's include spring expression update 5.3.23 -> 5.3.27 https://spring.io/security/cve-2023-20863
I'll do this. The last change was with #11441: 4.3.30.RELEASE -> 5.3.25. That's why spring-context did not show up for update on 2023-03-17.
Android Updates:
Gradle 7.0.2 --> 8.0
app build.gradle: com.google.gms:google-services:4.3.10 --> 4.3.15 com.google.firebase:firebase-crashlytics-gradle:2.9.0 --> 2.9.5 com.google.firebase:perf-plugin:1.4.1 --> 1.4.2 org.jacoco:org.jacoco.core:0.8.5 --> 0.8.9 org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.8 --> 3.3
sormas-app build.gradle: implementation platform('com.google.firebase:firebase-bom:29.0.0') --> 31.5.0 implementation 'androidx.appcompat:appcompat:1.3.1' --> 1.6.1 implementation 'com.google.android.material:material:1.5.0-alpha05' --> 1.8.0 implementation 'com.squareup.retrofit2:retrofit:2.4.0' --> 2.9.0 implementation 'com.squareup.retrofit2:converter-gson:2.4.0' --> 2.9.0 implementation 'com.j256.ormlite:ormlite-core:5.1' --> 6.1 implementation 'com.google.guava:guava:31.0.1-android' --> 31.1.1-android implementation 'com.opencsv:opencsv:5.5.2' --> 5.7.1 implementation 'org.jsoup:jsoup:1.14.3' --> 1.15.4 implementation 'io.reactivex:rxandroid:1.0.1' --> 1.2.1 implementation 'io.reactivex:rxjava:1.0.14' --> 1.3.8 implementation 'com.fasterxml.jackson.core:jackson-core:2.12.4' --> 2.14.2 implementation 'com.fasterxml.jackson.core:jackson-annotations:2.12.4' --> 2.14.2 implementation 'androidx.lifecycle:lifecycle-extensions:2.2.0' --> 2.6.1 implementation 'androidx.paging:paging-runtime:3.0.1' --> 3.1.1 implementation 'androidx.work:work-runtime-ktx:2.7.1' --> 2.8.1 implementation 'io.crowdcode.sormas.lbds:lbds-android-messaging:1.4.6' --> 1.4.8 implementation 'org.slf4j:slf4j-api:1.7.36' --> 2.0.7 testImplementation 'org.robolectric:robolectric:4.2.1' --> 4.10 testImplementation 'org.mockito:mockito-core:4.3.1' --> 5.3.0 androidTestImplementation 'androidx.annotation:annotation:1.2.0' --> 1.5.0 androidTestImplementation 'androidx.test:runner:1.4.0' --> 1.5.2 androidTestImplementation 'androidx.test:rules:1.4.0' --> 1.5.2 androidTestImplementation 'androidx.test.espresso:espresso-core:3.4.0' --> 3.5.1
Note on the update process:
gradle dependencyUpdates
task of the gradle versions plugin. Double check using the project structure dialog > Suggestions dialog of Android Studio.With the update to gradle 8, Java SDK 17 is needed on build systems.
OpenJDK 17.0.2 is available on our Jenkins now.
I have updated the used JDK versions of Jenkins for all jobs that build the android-app to JDK 17: sormas-Build, sormas-app, sormas-Release. To avoid future problems, also sormas-Reports.
Build jobs fail due to Maven not be new enough:
[INFO] >>> maven-javadoc-plugin:3.4.1:aggregate > compile @ sormas-base >>> [INFO]
[INFO] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> [INFO] Forking sormas-base 1.84.0-SNAPSHOT [INFO] >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> [INFO] [INFO] --- maven-enforcer-plugin:3.1.0:enforce (enforce-versions) @ sormas-base --- [ERROR] Rule 0: org.apache.maven.plugins.enforcer.RequireMavenVersion failed with message: Detected Maven Version: 3.3.9 is not in the allowed range 3.6.3.
I changed the Maven version in Jenkins from 3.3.9 to 3.9.2, builds are started again.
Four next problems uncovered:
de.symeda.sormas.api.utils.DateHelperTest.testParseDateTimeWithExceptionForDeFormat
Unable to parse date [21.04.2021 1:30 nachm.]
java.text.ParseException: Unable to parse date [21.04.2021 1:30 nachm.] at de.symeda.sormas.api.utils.DateHelper.parseDateWithException(DateHelper.java:242) at de.symeda.sormas.api.utils.DateHelper.parseDateTimeWithException(DateHelper.java:197) at de.symeda.sormas.api.utils.DateHelperTest.testParseDateTimeWithExceptionForDeFormat(DateHelperTest.java:340) ...
2. sormas-Build job, module sormas-ui: bean-test seems to have compatibility problems with JDK 17
Suppressed: java.lang.NullPointerException: Cannot invoke "javax.enterprise.inject.spi.BeanManager.fireEvent(Object, java.lang.annotation.Annotation[])" because the return value of "info.novatec.beantest.api.BeanProviderHelper.getBeanManager()" is null at info.novatec.beantest.api.BeanProviderHelper.fireShutdownEvent(BeanProviderHelper.java:104) ...
3. sormas-Build job, sonarqube scanner complains that code is not compatible with Java 7.
-> Guessing that changing to property `maven.compiler.release` with #6699 causes a fallback. Trying to fix this by increasing the `sonar-maven-plugin` version from 3.6.0.1398 to 3.9.1.2184 on Jenkins (SONAR_MAVEN_GOAL).
[INFO] Sensor JavaSensor [java] [INFO] Configured Java source version (sonar.java.source): 7 ... [ERROR] Unable to parse source file : 'sormas-rest/src/main/java/de/symeda/sormas/rest/resources/ImmunizationResource.java'
Solved:
[INFO] Sensor JavaSensor [java] [INFO] Configured Java source version (sonar.java.source): 11
4. sormas-Reports job fails with a dependency not found.
-> Fixed by not updating Maven from 3.3.9 to 3.6.3 instead of 3.8.6 or 3.9.2
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-site-plugin:3.12.1:site (default-site) on project sormas-base: Error generating maven-project-info-reports-plugin:3.4.1:dependency-convergence report: Could not build dependency tree: Could not collect dependencies: de.symeda.sormas:sormas-widgetset:jar:1.84.0-SNAPSHOT: Failed to collect dependencies at com.vaadin:vaadin-compatibility-client:jar:8.14.3 -> com.vaadin:vaadin-client:jar:8.14.3 -> com.vaadin:vaadin-server:jar:8.14.3 -> com.vaadin:vaadin-push:jar:8.14.3 -> com.vaadin.external.atmosphere:atmosphere-runtime:jar:2.4.30.vaadin4 -> org.atmosphere.jboss.as:jboss-as-websockets:jar:0.5 -> org.jboss.as:jboss-as-server:jar:7.1.1.Final -> org.jboss.as:jboss-as-controller:jar:7.1.1.Final -> org.jboss.as:jboss-as-controller-client:jar:7.1.1.Final -> org.jboss.as:jboss-as-protocol:jar:7.1.1.Final -> org.jboss.logging:jboss-logging:jar:3.4.2.Final -> org.apache.logging.log4j:log4j-api:jar:2.11.2 -> org.apache.logging.log4j:log4j-api-java9:zip:2.11.2: Failed to read artifact descriptor for org.apache.logging.log4j:log4j-api-java9:zip:2.11.2: The following artifacts could not be resolved: org.apache.logging.log4j:log4j-api-java9:pom:2.11.2 (absent): Could not transfer artifact org.apache.logging.log4j:log4j-api-java9:pom:2.11.2 from/to maven-default-http-blocker (http://0.0.0.0/): Blocked mirror for repositories: [oss.sonatype.org (http://oss.sonatype.org/content/repositories/releases, default, releases+snapshots), oss.sonatype.org-snapshot (http://oss.sonatype.org/content/repositories/snapshots, default, releases+snapshots), codehaus (http://repository.codehaus.org/, default, releases+snapshots), codehaus-snapshots (http://snapshots.repository.codehaus.org/, default, releases+snapshots), jboss-public-repository-group (http://repository.jboss.org/nexus/content/groups/public/, default, releases+snapshots)] -> [Help 1]
Problem 2 is adressed by https://github.com/hzi-braunschweig/SORMAS-Project/issues/11618
Afterwards we should also increase the JDK version of the GitHub CI to 17.
When trying to release 1.84.0, we ran into the problem that the promotion in sormas-Build
still used a too old Maven version.
[sormas-Build] $ mvn -f sormas-base/pom.xml -DNextDevVersion=1.85.0-SNAPSHOT -DdevelopmentVersion=1.85.0-SNAPSHOT jgitflow:release-start -Pwith-app -Dmaven.test.skip=true -e -X
Apache Maven 3.3.9 (bb52d8502b132ec0a5a3f4c09453c07478323dc5; 2015-11-10T17:41:47+01:00)
Maven home: /usr/local/maven/apache-maven-3.3.9
Java version: 17.0.2, vendor: Oracle Corporation
Java home: /usr/lib/jvm/jdk-17.0.2
In the build steps was Maven-Version (Standard) selected, which seems to fall back to running the installed mvn on the host system (and not the installation managed by Jenkins). I now chose Maven-Version Maven (coming from the Jenkins tools config).
Problem Description
Some dependencies have newer versions that should be updated.
Proposed Change
Update easy to increase dependencies all at once.
Acceptance Criteria
android-app
are switched to JDK 17.Implementation Details
Move this from
sormas-api
todependencyManagement
insormas-base
:Update the following maven plugins:
~50 dependencies have newer versions, from which most are probably due to be updated (if no incompatibilies face up).
Dependency Update analysis
android-app
Out of scope are dependencies provided by payara (glassfish/modules).
Plugin Update analysis
```bash mvn versions:display-plugin-updates [INFO] The following plugin updates are available: [INFO] com.vaadin:vaadin-maven-plugin ............ 8.14.3 -> 24.0.0.alpha6 [INFO] io.openapitools.swagger:swagger-maven-plugin ....... 2.1.2 -> 2.1.6 [INFO] [WARNING] The following plugins do not have their version specified: [WARNING] maven-clean-plugin ........................ (from super-pom) 2.2 [WARNING] maven-dependency-plugin ................... (from super-pom) 2.8 [WARNING] maven-install-plugin ...................... (from super-pom) 2.2 [INFO] [WARNING] Project does not define minimum Maven version, default is: 2.0 [INFO] Plugins require minimum Maven version of: 3.3.9 [INFO] Note: the super-pom from Maven 3.6.3 defines some of the plugin [INFO] versions and may be influencing the plugins required minimum Maven [INFO] version. [INFO] [ERROR] Project does not define required minimum version of Maven. [ERROR] Update the pom.xml to contain maven-enforcer-plugin to [ERROR] force the Maven version which is needed to build this project. [ERROR] See https://maven.apache.org/enforcer/enforcer-rules/requireMavenVersion.html [ERROR] Using the minimum version of Maven: 3.3.9 [INFO] [INFO] Require Maven 2.0.1 to use the following plugin updates: [INFO] maven-war-plugin ................................... 3.2.3 -> 2.0.2 [INFO] [INFO] Require Maven 2.0.2 to use the following plugin updates: [INFO] maven-javadoc-plugin ................................. 3.2.0 -> 2.2 [INFO] maven-site-plugin ............................. 3.9.1 -> 2.0-beta-7 [INFO] [INFO] Require Maven 2.0.3 to use the following plugin updates: [INFO] maven-dependency-plugin ................ 2.8 -> 2.2-SONATYPE-810529 [INFO] maven-surefire-report-plugin ................ 2.22.2 -> 2.4.3-JBOSS [INFO] [INFO] Require Maven 2.0.4 to use the following plugin updates: [INFO] maven-ejb-plugin ..................................... 3.0.1 -> 2.1 [INFO] maven-project-info-reports-plugin .................. 3.1.1 -> 2.0.1 [INFO] org.codehaus.mojo:properties-maven-plugin .... 1.0.0 -> 1.0-alpha-1 [INFO] [INFO] Require Maven 2.0.6 to use the following plugin updates: [INFO] maven-changelog-plugin ................................. 2.3 -> 2.2 [INFO] maven-changes-plugin ................................ 2.12.1 -> 2.4 [INFO] maven-clean-plugin ................................... 3.2.0 -> 2.5 [INFO] maven-deploy-plugin ................................ 2.8.2 -> 2.8.1 [INFO] maven-ear-plugin ..................................... 3.0.1 -> 2.9 [INFO] maven-ejb-plugin ..................................... 3.0.1 -> 2.3 [INFO] maven-install-plugin ............................... 3.1.0 -> 2.5.1 [INFO] maven-jar-plugin ..................................... 3.1.1 -> 2.4 [INFO] maven-javadoc-plugin ................................. 3.2.0 -> 2.3 [INFO] maven-project-info-reports-plugin .................. 3.1.1 -> 2.1.2 [INFO] maven-resources-plugin ............................... 3.1.0 -> 2.6 [INFO] maven-site-plugin .................................. 3.9.1 -> 2.0.1 [INFO] maven-source-plugin ................................ 3.1.0 -> 2.1.2 [INFO] maven-surefire-plugin ............................. 2.22.0 -> 2.4.3 [INFO] maven-surefire-report-plugin ...................... 2.22.2 -> 2.7.1 [INFO] maven-war-plugin ..................................... 3.2.3 -> 2.4 [INFO] org.codehaus.mojo:properties-maven-plugin .... 1.0.0 -> 1.0-alpha-2 [INFO] [INFO] Require Maven 2.0.8 to use the following plugin updates: [INFO] maven-javadoc-plugin ................................. 3.2.0 -> 2.4 [INFO] [INFO] Require Maven 2.0.9 to use the following plugin updates: [INFO] maven-compiler-plugin ................................ 3.8.1 -> 3.1 [INFO] maven-dependency-plugin ....................................... 2.8 [INFO] maven-failsafe-plugin .............................. 2.19.1 -> 2.17 [INFO] maven-javadoc-plugin ............................... 3.2.0 -> 2.8.1 [INFO] maven-source-plugin ................................ 3.1.0 -> 2.2.1 [INFO] maven-surefire-plugin .............................. 2.22.0 -> 2.17 [INFO] maven-surefire-report-plugin ....................... 2.22.2 -> 2.17 [INFO] [INFO] Require Maven 2.1.0 to use the following plugin updates: [INFO] maven-project-info-reports-plugin .................... 3.1.1 -> 2.2 [INFO] maven-site-plugin .................................. 3.9.1 -> 2.1.1 [INFO] org.jacoco:jacoco-maven-plugin ........ 0.8.5 -> 0.6.3.201306030806 [INFO] [INFO] Require Maven 2.2.0 to use the following plugin updates: [INFO] maven-project-info-reports-plugin .................... 3.1.1 -> 2.6 [INFO] maven-site-plugin .................................... 3.9.1 -> 3.0 [INFO] [INFO] Require Maven 2.2.1 to use the following plugin updates: [INFO] external.atlassian.jgitflow:jgitflow-maven-plugin ........ 1.0-m5.1 [INFO] maven-changelog-plugin ........................................ 2.3 [INFO] maven-changes-plugin ............................... 2.12.1 -> 2.11 [INFO] maven-clean-plugin ................................. 3.2.0 -> 2.6.1 [INFO] maven-compiler-plugin ................................ 3.8.1 -> 3.3 [INFO] maven-dependency-plugin ............................... 2.8 -> 2.10 [INFO] maven-deploy-plugin ......................................... 2.8.2 [INFO] maven-ear-plugin .................................. 3.0.1 -> 2.10.1 [INFO] maven-ejb-plugin ................................... 3.0.1 -> 2.5.1 [INFO] maven-failsafe-plugin .............................. 2.19.1 -> 2.20 [INFO] maven-install-plugin ............................... 3.1.0 -> 2.5.2 [INFO] maven-jar-plugin ..................................... 3.1.1 -> 2.6 [INFO] maven-javadoc-plugin .............................. 3.2.0 -> 2.10.3 [INFO] maven-project-info-reports-plugin .................. 3.1.1 -> 2.8.1 [INFO] maven-resources-plugin ............................... 3.1.0 -> 2.7 [INFO] maven-site-plugin .................................... 3.9.1 -> 3.4 [INFO] maven-source-plugin .................................. 3.1.0 -> 2.4 [INFO] maven-surefire-plugin .............................. 2.22.0 -> 2.20 [INFO] maven-surefire-report-plugin ....................... 2.22.2 -> 2.20 [INFO] maven-war-plugin ..................................... 3.2.3 -> 2.6 [INFO] org.codehaus.mojo:versions-maven-plugin .............. 2.8.1 -> 2.2 [INFO] org.jacoco:jacoco-maven-plugin ........ 0.8.5 -> 0.7.6.201602180812 [INFO] [INFO] Require Maven 3.0 to use the following plugin updates: [INFO] maven-clean-plugin ................................. 3.2.0 -> 3.1.0 [INFO] maven-dependency-plugin .............................. 2.8 -> 3.1.1 [INFO] maven-ear-plugin ............................................ 3.0.1 [INFO] maven-ejb-plugin ............................................ 3.0.1 [INFO] maven-failsafe-plugin ............................ 2.19.1 -> 2.22.0 [INFO] maven-jar-plugin ................................... 3.1.1 -> 3.1.0 [INFO] maven-javadoc-plugin ............................... 3.2.0 -> 3.0.1 [INFO] maven-project-info-reports-plugin .................. 3.1.1 -> 3.0.0 [INFO] maven-resources-plugin ...................................... 3.1.0 [INFO] maven-site-plugin .................................. 3.9.1 -> 3.7.1 [INFO] maven-surefire-plugin ...................................... 2.22.0 [INFO] maven-surefire-report-plugin ..................... 2.22.2 -> 2.22.0 [INFO] maven-war-plugin ................................... 3.2.3 -> 3.2.2 [INFO] org.codehaus.mojo:properties-maven-plugin ................... 1.0.0 [INFO] org.codehaus.mojo:versions-maven-plugin .............. 2.8.1 -> 2.7 [INFO] org.jacoco:jacoco-maven-plugin ..................... 0.8.5 -> 0.8.8 [INFO] [INFO] Require Maven 3.0.4 to use the following plugin updates: [INFO] maven-changes-plugin ....................................... 2.12.1 [INFO] maven-compiler-plugin ...................... 3.8.1 -> 3.7.0-jboss-1 [INFO] maven-source-plugin ................................ 3.1.0 -> 3.0.1 [INFO] [INFO] Require Maven 3.0.5 to use the following plugin updates: [INFO] maven-compiler-plugin ...................... 3.8.1 -> 3.8.1-jboss-2 [INFO] maven-dependency-plugin .............................. 2.8 -> 3.1.2 [INFO] maven-deploy-plugin ............................. 2.8.2 -> 3.0.0-M2 [INFO] maven-ear-plugin ................................... 3.0.1 -> 3.1.0 [INFO] maven-failsafe-plugin .......................... 2.19.1 -> 3.0.0-M5 [INFO] maven-install-plugin ............................ 3.1.0 -> 3.0.0-M1 [INFO] maven-jar-plugin ................................... 3.1.1 -> 3.2.0 [INFO] maven-javadoc-plugin ............................... 3.2.0 -> 3.3.2 [INFO] maven-project-info-reports-plugin .................. 3.1.1 -> 3.2.2 [INFO] maven-site-plugin ................................. 3.9.1 -> 3.11.0 [INFO] maven-source-plugin ................................ 3.1.0 -> 3.2.1 [INFO] maven-surefire-plugin .......................... 2.22.0 -> 3.0.0-M5 [INFO] maven-surefire-report-plugin ................... 2.22.2 -> 3.0.0-M5 [INFO] maven-war-plugin ................................... 3.2.3 -> 3.3.1 [INFO] org.codehaus.mojo:properties-maven-plugin .......... 1.0.0 -> 1.1.0 [INFO] org.codehaus.mojo:versions-maven-plugin ........... 2.8.1 -> 2.10.0 [INFO] [INFO] Require Maven 3.1.0 to use the following plugin updates: [INFO] maven-jar-plugin ................................... 3.1.1 -> 3.2.2 [INFO] maven-resources-plugin ............................. 3.1.0 -> 3.2.0 [INFO] maven-war-plugin ................................... 3.2.3 -> 3.3.2 [INFO] org.owasp:dependency-check-maven ................... 6.5.3 -> 7.4.1 [INFO] [INFO] Require Maven 3.1.1 to use the following plugin updates: [INFO] maven-dependency-plugin .............................. 2.8 -> 3.3.0 [INFO] maven-ear-plugin ................................... 3.0.1 -> 3.2.0 [INFO] maven-ejb-plugin ................................... 3.0.1 -> 3.1.0 [INFO] [INFO] Require Maven 3.2.5 to use the following plugin updates: [INFO] maven-clean-plugin .......................................... 3.2.0 [INFO] maven-compiler-plugin ............................. 3.8.1 -> 3.10.1 [INFO] maven-dependency-plugin .............................. 2.8 -> 3.4.0 [INFO] maven-deploy-plugin ................................ 2.8.2 -> 3.0.0 [INFO] maven-ear-plugin ................................... 3.0.1 -> 3.3.0 [INFO] maven-ejb-plugin ................................... 3.0.1 -> 3.2.1 [INFO] maven-failsafe-plugin .......................... 2.19.1 -> 3.0.0-M7 [INFO] maven-install-plugin ........................................ 3.1.0 [INFO] maven-jar-plugin ................................... 3.1.1 -> 3.3.0 [INFO] maven-javadoc-plugin ............................... 3.2.0 -> 3.4.1 [INFO] maven-project-info-reports-plugin .................. 3.1.1 -> 3.4.1 [INFO] maven-resources-plugin ............................. 3.1.0 -> 3.3.0 [INFO] maven-site-plugin ............................... 3.9.1 -> 4.0.0-M4 [INFO] maven-surefire-plugin .......................... 2.22.0 -> 3.0.0-M7 [INFO] maven-surefire-report-plugin ................... 2.22.2 -> 3.0.0-M7 [INFO] org.codehaus.mojo:versions-maven-plugin ........... 2.8.1 -> 2.14.2 ```Android Dependencies: https://github.com/hzi-braunschweig/SORMAS-Project/issues/11032#issuecomment-1514861092
Additional Information
Checked version dependencies in CI pipeline:
android-app
:sormas-Build
,sormas-app
,sormas-Release
. To avoid future problems, change alsosormas-Reports
.