Update main (#45)

* configure dependabot, hook up bom, and third party license generation (#32) * migrate lgtm (#31) (#35) * Bump actions/checkout from 2 to 3 (#34) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/setup-python from 2 to 4 (#33) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 4. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2...v4) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * java 17, take out commons-config1 * [maven-release-plugin] prepare release 2.0.4.8 * [maven-release-plugin] prepare for next development iteration * Feature/seab 6017/update avro (#42) * Bump avro to 1.11.3 * Update to python3.10 * Try installing setuptool * Update cwltool and schema-salad versions to match webservice * Update avro version in build to match pom version * Update setuptools version * Try python3.10 to match CL * Call schema-salad-tool using its command * Download 1.11.3 avro jar * Replace the namespace generated by schema-salad-tool * Rename Any.java instead of removing it * [maven-release-plugin] prepare release 2.0.4.9 * [maven-release-plugin] prepare for next development iteration --------- Co-authored-by: Kathy Tran <[email protected]> * Bump github/codeql-action from 2 to 3 (#41) * Bump github/codeql-action from 2 to 3 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * dependabot doesn't have write access, don't do CodeQL on dependabot branch --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kathy Tran <[email protected]> * Bump actions/checkout from 3 to 4 (#37) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/setup-java from 3 to 4 (#39) Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4. - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@v3...v4) --- updated-dependencies: - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/setup-python from 4 to 5 (#40) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Denis Yuen <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kathy Tran <[email protected]>
dockstore · Nov 5, 2024 · ee38dfa · ee38dfa
1 parent 18b01ea
commit ee38dfa
Show file tree

Hide file tree

Showing 75 changed files with 12,520 additions and 4,582 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions, path is indeed "/" https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot#enabling-dependabot-version-updates-for-actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    reviewers:
+      - "dockstore/dockstore"        
+
+  # Maintain dependencies for Maven
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    # start with security updates only https://stackoverflow.com/a/68254421
+    open-pull-requests-limit: 0  
+    reviewers:
+      - "dockstore/dockstore"        
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -5,49 +5,77 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository code
-        uses: actions/checkout@v2
-      - name: Set up Python 2.x
-        uses: actions/setup-python@v2
+        uses: actions/checkout@v4
+      - name: Set up Python 3.x
+        uses: actions/setup-python@v5
         with:
-          python-version: '2.7'
+          python-version: '3.10'
           architecture: 'x64'
    # upgrade pip?
       - run: sudo pip install --upgrade pip
    # install a specific version of the cwl dependencies to test with
-      - run: pip2.7 install --user setuptools==24.0.3
-      - run: pip2.7 install --user cwl-runner cwltool==1.0.20170217172322 schema-salad==2.2.20170222151604 avro==1.8.1
+      - run: pip3.10 install --user importlib-resources==6.1.1
+      - run: pip3.10 install --user setuptools==69.0.2
+      - run: pip3.10 install --user cwl-runner cwltool==3.1.20230201224320 schema-salad==8.4.20230201194352
       - run: git clone https://github.com/common-workflow-language/common-workflow-language
    # convert CWL schema salad CWL to standard Avro json
-      - run: python -mschema_salad --print-avro common-workflow-language/v1.0/CommonWorkflowLanguage.yml  > cwl.avsc
+      - run: schema-salad-tool --print-avro common-workflow-language/v1.0/CommonWorkflowLanguage.yml  > cwl.avsc
    # get rid of invalid avro symbols
       - run: sed '/draft-3/d' cwl.avsc > cwl.edited.avsc
       - run: sed -i '/draft-2/d' cwl.edited.avsc
       - run: sed -i '/draft-4/d' cwl.edited.avsc
       - run: sed -i '/dev4/d' cwl.edited.avsc
       - run: sed -i '/v1.0/d' cwl.edited.avsc
+      # Replace the namespace generated by schema-salad-tool with our namespace, "io.cwl.avro" so
+      # that the generated Java models will have this package name.
+      - run: sed -i 's/org.w3id.cwl.cwl/io.cwl.avro/g' cwl.edited.avsc
+      - run: sed -i 's/org.w3id.cwl.salad/io.cwl.avro/g' cwl.edited.avsc
    # get rid of symbols that screw up javadoc (not sure if invalid avro schema)
       - run: sed -i 's/<A>/A/g' cwl.edited.avsc
       - run: sed -i 's/<B>/B/g' cwl.edited.avsc
       - run: sed -i 's/<C>/C/g' cwl.edited.avsc
-      - run: wget https://repo1.maven.org/maven2/org/apache/avro/avro-tools/1.8.1/avro-tools-1.8.1.jar
-   # generate Java model classes
-      - run: java -jar avro-tools-1.8.1.jar compile schema cwl.edited.avsc cwl-temp
-   # create packages for the classes
-      - run: sed -i '1i package io.cwl.avro;' cwl-temp/*
-      - run: sed -i 's/Any/Object/g' cwl-temp/*
-      - run: rm  cwl-temp/Any.java
+      - run: wget https://repo1.maven.org/maven2/org/apache/avro/avro-tools/1.11.3/avro-tools-1.11.3.jar
+   # generate Java model classes.
+      - run: java -jar avro-tools-1.11.3.jar compile schema -fieldVisibility public cwl.edited.avsc cwl-temp
+      - run: find cwl-temp/ -type f -exec sed -i 's/io.cwl.avro.Any/Object/g' {} \;
+      - run: rm cwl-temp/io/cwl/avro/Any.java
+    # There are 5 subdirectories in cwl-temp/io/cwl/avro that have the same name as a file
+    # Fix ArraySchema conflict
+      - run: mv cwl-temp/io/cwl/avro/ArraySchema cwl-temp/io/cwl/avro/ArraySchemaPackage
+      - run: find cwl-temp/ -type f -exec sed -i 's/io.cwl.avro.ArraySchema.type/io.cwl.avro.ArraySchemaPackage.type/g' {} \;
+    # Fix Directory conflict
+      - run: mv cwl-temp/io/cwl/avro/Directory cwl-temp/io/cwl/avro/DirectoryPackage
+      - run: find cwl-temp/ -type f -exec sed -i 's/io.cwl.avro.Directory.class\$/io.cwl.avro.DirectoryPackage.class$/g' {} \;
+    # Fix EnumSchema conflict
+      - run: mv cwl-temp/io/cwl/avro/EnumSchema cwl-temp/io/cwl/avro/EnumSchemaPackage
+      - run: find cwl-temp/ -type f -exec sed -i 's/io.cwl.avro.EnumSchema.type/io.cwl.avro.EnumSchemaPackage.type/g' {} \;
+    # Fix File conflict
+      - run: mv cwl-temp/io/cwl/avro/File cwl-temp/io/cwl/avro/FilePackage
+      - run: find cwl-temp/ -type f -exec sed -i 's/io.cwl.avro.File.class\$/io.cwl.avro.FilePackage.class$/g' {} \;
+    # Fix RecordSchema conflict
+      - run: mv cwl-temp/io/cwl/avro/RecordSchema cwl-temp/io/cwl/avro/RecordSchemaPackage
+      - run: find cwl-temp/ -type f -exec sed -i 's/io.cwl.avro.RecordSchema.type/io.cwl.avro.RecordSchemaPackage.type/g' {} \;
+    # Copy generated java classes
       - run: rm -Rf cwlavro-generated/src/main/java/io/cwl/avro
-      - run: cp -R cwl-temp cwlavro-generated/src/main/java/io/cwl/avro
+      - run: cp -R cwl-temp/io/cwl/avro cwlavro-generated/src/main/java/io/cwl/avro
       - run: echo "the output below should show that the generated API more-or-less matches the checked-in API for convenience"
       - run: git diff
 
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17.0.4+8'
+          distribution: 'adopt'
+
+      - if: "!contains(github.ref, 'dependabot')"
+        name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
         with:
           languages: java   
 
       - run: mvn -B clean install
 
 
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+      - if: "!contains(github.ref, 'dependabot')"
+        name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
diff --git a/README.md b/README.md
@@ -1,5 +1,3 @@
-[![Build Status](https://travis-ci.org/common-workflow-language/cwlavro.svg)](https://travis-ci.org/common-workflow-language/cwlavro)
-
 CWL Avro Project 
 ================
 

diff --git a/THIRD-PARTY-LICENSES.txt b/THIRD-PARTY-LICENSES.txt
@@ -0,0 +1,28 @@
+
+Lists of 26 third-party dependencies.
+     (Apache-2.0) Apache Avro (org.apache.avro:avro:1.11.3 - https://avro.apache.org)
+     (Apache License, Version 2.0) Apache Commons BeanUtils (commons-beanutils:commons-beanutils:1.9.4 - https://commons.apache.org/proper/commons-beanutils/)
+     (Apache License, Version 2.0) Apache Commons Collections (commons-collections:commons-collections:3.2.2 - http://commons.apache.org/collections/)
+     (Apache License, Version 2.0) Apache Commons Compress (org.apache.commons:commons-compress:1.21 - https://commons.apache.org/proper/commons-compress/)
+     (Apache License, Version 2.0) Apache Commons Configuration (org.apache.commons:commons-configuration2:2.8.0 - https://commons.apache.org/proper/commons-configuration/)
+     (Apache License, Version 2.0) Apache Commons Exec (org.apache.commons:commons-exec:1.3 - http://commons.apache.org/proper/commons-exec/)
+     (Apache License, Version 2.0) Apache Commons IO (commons-io:commons-io:2.11.0 - https://commons.apache.org/proper/commons-io/)
+     (Apache License, Version 2.0) Apache Commons Lang (org.apache.commons:commons-lang3:3.12.0 - https://commons.apache.org/proper/commons-lang/)
+     (The Apache Software License, Version 2.0) Apache Commons Logging (commons-logging:commons-logging:1.2 - http://commons.apache.org/proper/commons-logging/)
+     (Apache License, Version 2.0) Apache Commons Text (org.apache.commons:commons-text:1.10.0 - https://commons.apache.org/proper/commons-text)
+     (The MIT License) Checker Qual (org.checkerframework:checker-qual:3.38.0 - https://checkerframework.org/)
+     (Apache License, Version 2.0) cwlavro-generated (io.cwl:cwlavro-generated:2.0.4.9-SNAPSHOT - no url defined)
+     (Apache 2.0) error-prone annotations (com.google.errorprone:error_prone_annotations:2.22.0 - https://errorprone.info/error_prone_annotations)
+     (The Apache Software License, Version 2.0) FindBugs-jsr305 (com.google.code.findbugs:jsr305:3.0.2 - http://findbugs.sourceforge.net/)
+     (Apache-2.0) Gson (com.google.code.gson:gson:2.9.0 - https://github.com/google/gson/gson)
+     (The Apache Software License, Version 2.0) Guava InternalFutureFailureAccess and InternalFutures (com.google.guava:failureaccess:1.0.1 - https://github.com/google/guava/failureaccess)
+     (The Apache Software License, Version 2.0) Guava ListenableFuture only (com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava - https://github.com/google/guava/listenablefuture)
+     (Apache License, Version 2.0) Guava: Google Core Libraries for Java (com.google.guava:guava:32.1.2-jre - https://github.com/google/guava)
+     (New BSD License) Hamcrest Core (org.hamcrest:hamcrest-core:1.3 - https://github.com/hamcrest/JavaHamcrest/hamcrest-core)
+     (Apache License, Version 2.0) J2ObjC Annotations (com.google.j2objc:j2objc-annotations:2.8 - https://github.com/google/j2objc/)
+     (The Apache Software License, Version 2.0) Jackson-annotations (com.fasterxml.jackson.core:jackson-annotations:2.15.2 - https://github.com/FasterXML/jackson)
+     (The Apache Software License, Version 2.0) Jackson-core (com.fasterxml.jackson.core:jackson-core:2.15.2 - https://github.com/FasterXML/jackson-core)
+     (The Apache Software License, Version 2.0) jackson-databind (com.fasterxml.jackson.core:jackson-databind:2.15.2 - https://github.com/FasterXML/jackson)
+     (Eclipse Public License 1.0) JUnit (junit:junit:4.13.2 - http://junit.org)
+     (MIT License) SLF4J API Module (org.slf4j:slf4j-api:2.0.9 - http://www.slf4j.org)
+     (Common Public License Version 1.0) System Rules (com.github.stefanbirkner:system-rules:1.19.0 - http://stefanbirkner.github.io/system-rules/)
diff --git a/cwlavro-generated/pom.xml b/cwlavro-generated/pom.xml
@@ -16,43 +16,32 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>24.1.1-jre</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.13.1</version>
         </dependency>
         <dependency>
             <groupId>org.apache.avro</groupId>
             <artifactId>avro</artifactId>
-            <version>1.9.1</version>
+            <version>1.11.3</version>
         </dependency>
         <dependency>
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
-            <version>2.8.9</version>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.4</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-configuration</groupId>
-            <artifactId>commons-configuration</artifactId>
-            <version>1.10</version>
         </dependency>
         <dependency>
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
-            <version>2.5</version>
             <type>jar</type>
         </dependency>
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-exec</artifactId>
-            <version>1.3</version>
         </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>