#33: Upgrade dependencies (#34)

* Upgrade to project-keeper 2

* Upgrade dependencies

* Fix vulnerabilitiy in jackson library

Author: kaklakariada

.github/workflows/broken_links_checker.yml

@@ -2,7 +2,7 @@ name: Broken Links Checker
 
 on:
   schedule:
-    - cron: "0 5 * * *"
+    - cron: "0 5 * * 0"
   push:
     branches:
       - main
@@ -11,12 +11,15 @@ on:
 jobs:
   linkChecker:
     runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Configure broken links checker
         run: |
           mkdir -p ./target
-          echo '{ "aliveStatusCodes": [429, 200] }' > ./target/broken_links_checker.json
+          echo '{ "aliveStatusCodes": [429, 200], "ignorePatterns": [{"pattern": "^https?://(www.)?opensource.org"}] }' > ./target/broken_links_checker.json
       - uses: gaurav-nelson/github-action-markdown-link-check@v1
         with:
           use-quiet-mode: 'yes'

.github/workflows/ci-build-next-java.yml

@@ -9,29 +9,28 @@ on:
 jobs:
   java-17-compatibility:
     runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up JDK 17
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
           java-version: 17
-      - name: Cache local Maven repository
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          cache: 'maven'
       - name: Run tests and build with Maven
         run: |
           mvn --batch-mode --update-snapshots clean package -DtrimStackTrace=false \
-              -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
+              -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
+              -Pscala2.13
       - name: Publish Test Report
         uses: scacap/action-surefire-report@v1
         if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' }}
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
+          fail_if_no_tests: false

.github/workflows/ci-build.yml

@@ -16,25 +16,22 @@ jobs:
         include:
           - { scala-version: 'scala2.12', project-keeper-skip: true }
           - { scala-version: 'scala2.13', project-keeper-skip: false }
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
           java-version: 11
-      - name: Cache local Maven repository
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          cache: 'maven'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
@@ -60,9 +57,10 @@ jobs:
       - name: Sonar analysis
         if: ${{ env.SONAR_TOKEN != null && startsWith(matrix.scala-version, 'scala2.13') }}
         run: |
-          mvn --batch-mode scoverage:report sonar:sonar \
+          mvn --batch-mode scoverage:report org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
               -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
               -DtrimStackTrace=false \
+              -P${{ matrix.scala-version }} \
               -Dsonar.organization=exasol \
               -Dsonar.host.url=https://sonarcloud.io \
               -Dsonar.login=$SONAR_TOKEN

.github/workflows/dependencies_check.yml

@@ -9,18 +9,12 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up JDK 11
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
           java-version: 11
-      - name: Cache local Maven repository
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          cache: 'maven'
       - name: Checking dependencies for vulnerabilities
-        run: mvn org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml
+        run: mvn --batch-mode org.sonatype.ossindex.maven:ossindex-maven-plugin:audit -f pom.xml

.github/workflows/release_droid_prepare_original_checksum.yml

@@ -15,21 +15,15 @@ jobs:
           - { scala-version: 'scala2.13', project-keeper-skip: false }
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
           java-version: 11
-      - name: Cache local Maven repository
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          cache: 'maven'
       - name: Run tests and build with Maven for ${{ matrix.scala-version }}
         run: |
           mvn --batch-mode clean verify --file pom.xml \
@@ -38,7 +32,7 @@ jobs:
       - name: Prepare checksum
         run: find target -maxdepth 1 -name *.jar -exec sha256sum "{}" + > original_checksum
       - name: Upload checksum to the artifactory
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: original_checksum
           retention-days: 5

.github/workflows/release_droid_print_quick_checksum.yml

@@ -15,21 +15,15 @@ jobs:
           - { scala-version: 'scala2.13', project-keeper-skip: false }
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
           java-version: 11
-      - name: Cache local Maven repository
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          cache: 'maven'
       - name: Build with Maven skipping tests for ${{ matrix.scala-version }}
         run: |
           mvn --batch-mode clean verify \

.github/workflows/release_droid_release_on_maven_central.yml

@@ -15,26 +15,20 @@ jobs:
           - { scala-version: 'scala2.13', project-keeper-skip: false }
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up Maven Central Repository
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
           java-version: 11
+          cache: 'maven'
           server-id: ossrh
           server-username: MAVEN_USERNAME
           server-password: MAVEN_PASSWORD
-      - name: Import GPG Key
-        run: gpg --import --batch <(echo "${{ secrets.OSSRH_GPG_SECRET_KEY }}")
-      - name: Cache local Maven repository
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          gpg-private-key: ${{ secrets.OSSRH_GPG_SECRET_KEY }}
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE
       - name: Publish to Central Repository for ${{ matrix.scala-version }}
         run: |
           mvn clean deploy \
@@ -45,4 +39,4 @@ jobs:
               -Dproject-keeper.skip=${{ matrix.project-keeper-skip }}
         env:
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
-          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}

.github/workflows/release_droid_upload_github_release_assets.yml

@@ -19,31 +19,23 @@ jobs:
           - { scala-version: 'scala2.13', project-keeper-skip: false }
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: 'temurin'
           java-version: 11
-      - name: Cache local Maven repository
-        uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          cache: 'maven'
       - name: Build with Maven skipping tests for ${{ matrix.scala-version }}
         run: |
           mvn --batch-mode clean verify \
               -P${{ matrix.scala-version }} \
               -DskipTests \
               -Dproject-keeper.skip=${{ matrix.project-keeper-skip }}
       - name: Generate sha256sum files
-        run: |
-          cd target/
-          find -name *.jar -exec bash -c 'sha256sum {} > {}.sha256' \;
+        run: find target -maxdepth 1 -name *.jar -exec bash -c 'sha256sum {} > {}.sha256' \;
       - name: Upload assets to the GitHub release draft
         uses: shogo82148/actions-upload-release-asset@v1
         with:

.gitignore

@@ -70,3 +70,5 @@ tmp
 # Windows
 Desktop.ini
 Thumbs.db
+
+*.flattened-pom.xml

.project-keeper.yml

@@ -0,0 +1,19 @@
+sources:
+  - type: maven
+    path: pom.xml
+    modules:
+      - maven_central
+linkReplacements:
+  - "LICENSE-exasol-script-api.txt|https://mit-license.org/"
+  - "https://github.com/google/guava/guava|https://github.com/google/guava"
+  - "http://wiki.fasterxml.com/JacksonModuleScala|https://github.com/FasterXML/jackson-module-scala"
+  - "http://nexus.sonatype.org/oss-repository-hosting.html|https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin"
+  - "http://nexus.sonatype.org/oss-repository-hosting.html/scalatest-maven-plugin|https://www.scalatest.org/user_guide/using_the_scalatest_maven_plugin"
+excludes:
+  - "E-PK-CORE-18: Outdated content: '.github/workflows/ci-build.yml'"
+  - "E-PK-CORE-18: Outdated content: '.github/workflows/ci-build-next-java.yml'"
+  - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_prepare_original_checksum.yml'"
+  - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_print_quick_checksum.yml'"
+  - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_upload_github_release_assets.yml'"
+  - "E-PK-CORE-18: Outdated content: '.github/workflows/release_droid_release_on_maven_central.yml'"
+  - regex: "(?s)E-PK-CORE-62: The project's README.md does not contain a valid badges block. Please add or replace the following badges:.*"