search

mc1arke / sonarqube-community-branch-plugin

A plugin that allows branch analysis and pull request decoration in the Community version of Sonarqube
GNU Lesser General Public License v3.0
2.26k stars 526 forks source link

SonarQube 10.4 compatibility fixes #873

Closed GreyTeardrop closed 7 months ago

GreyTeardrop commented 9 months ago

When installed into SonarQube 10.4, community-branch-plugin fails with

Caused by: java.lang.NoSuchMethodError: 'io.jsonwebtoken.JwtBuilder io.jsonwebtoken.JwtBuilder.setExpiration(java.util.Date)'
    at com.github.mc1arke.sonarqube.plugin.almclient.github.v3.RestApplicationAuthenticationProvider.getInstallationToken(RestApplicationAuthenticationProvider.java:81)
    at com.github.mc1arke.sonarqube.plugin.almclient.github.DefaultGithubClientFactory.createClient(DefaultGithubClientFactory.java:56)
    at com.github.mc1arke.sonarqube.plugin.server.pullrequest.validator.GithubValidator.validate(GithubValidator.java:43)
    at com.github.mc1arke.sonarqube.plugin.server.pullrequest.ws.binding.action.ValidateBindingAction.validateProject(ValidateBindingAction.java:73)
    at com.github.mc1arke.sonarqube.plugin.server.pullrequest.ws.binding.action.ValidateBindingAction.lambda$handleProjectRequest$0(ValidateBindingAction.java:58)
    at java.base/java.util.Optional.ifPresent(Unknown Source)
    at com.github.mc1arke.sonarqube.plugin.server.pullrequest.ws.binding.action.ValidateBindingAction.handleProjectRequest(ValidateBindingAction.java:58)
    at com.github.mc1arke.sonarqube.plugin.server.pullrequest.ws.binding.action.ProjectWsAction.handle(ProjectWsAction.java:73)
    at org.sonar.server.ws.WebServiceEngine.execute(WebServiceEngine.java:114)
    at org.sonar.server.platform.web.WebServiceFilter.doFilter(WebServiceFilter.java:84)
    at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:227)
    at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:198)
    at org.sonar.server.platform.web.MasterServletFilter$HttpFilterChainAdapter.doFilter(MasterServletFilter.java:241)
    at org.sonar.server.platform.web.SonarLintConnectionFilter.doFilter(SonarLintConnectionFilter.java:66)
    at org.sonar.server.platform.web.MasterServletFilter$JavaxFilterAdapter.doFilter(MasterServletFilter.java:227)
    at org.sonar.server.platform.web.MasterServletFilter$GodFilterChain.doFilter(MasterServletFilter.java:198)
    at org.sonar.server.platform.web.MasterServletFilter.doFilter(MasterServletFilter.java:146)
    at jdk.internal.reflect.GeneratedMethodAccessor25.invoke(Unknown Source)
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
    at java.base/java.lang.reflect.Method.invoke(Unknown Source)
    at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222)
    at java.base/java.security.AccessController.doPrivileged(Unknown Source)
    at java.base/javax.security.auth.Subject.doAsPrivileged(Unknown Source)
    at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250)
    ... 141 common frames omitted

That seems to be a binary compatibility issue - the method io.jsonwebtoken.JwtBuilder.setExpiration is still available to the code (inherited from the io.jsonwebtoken.ClaimsMutator), however, it used to be explicitly overridden in the io.jsonwebtoken.JwtBuilder and now it's not.

Simply rebuilding the project against SonarQube 10.4 was enough to make it work - I'm able to get PR annotations with the rebuilt plugin.

This PR also tackles a few deprecations caused by JJwt 0.11.x -> 0.12.x upgrade in SonarQube 10.4. There are, however, more deprecations in the SonarQube API that are not required yet for the plugin to work.

Fixes https://github.com/mc1arke/sonarqube-community-branch-plugin/issues/870

man-andy commented 9 months ago

Any updates on this?

GreyTeardrop commented 9 months ago

@mc1arke would you be able to take a look at this PR?

PaulBol commented 8 months ago

@mc1arke would you be able to take a look at this PR?

Please do if possible at all. 🙏

nklarman commented 8 months ago

@mc1arke Please 🙏

mericozkayagan commented 8 months ago

@mc1arke waiting for this 🙏

markoftw commented 8 months ago

The new version is now 10.4.1.88267

Survival1sm commented 8 months ago

Myself and my team are looking forward to this PR as well!

wang-xiaowu commented 8 months ago

:-) is there any progressions here

gjabouley-invn commented 8 months ago

The new version is now 10.4.1.88267

Looks like the release note contains only a fix about database connections issues (https://community.sonarsource.com/t/sonarqube-10-4-1-released/109966)

Plugin built for 10.4.0 should be compatible with 10.4.1

Generally speaking, SQ patch releases only contains fixes, ie. does not introduce any breaking changes. So this plugin could be released with x.y.0 dependency.

gjabouley-invn commented 8 months ago

:-) is there any progressions here

For the impatients (so you can test out your upgrade for example), you can download the SNAPSHOT version directly from this PR: https://github.com/mc1arke/sonarqube-community-branch-plugin/actions/runs/7917642518/artifacts/1273134084

mc1arke commented 7 months ago

Merged, thanks for the contribution!