diff --git a/.classpath b/.classpath
index 65f47be6..5bd65dd8 100644
--- a/.classpath
+++ b/.classpath
@@ -1,7 +1,11 @@
-
+
+
+
+
+
@@ -43,13 +47,7 @@
-
-
-
-
-
-
@@ -59,5 +57,11 @@
+
+
+
+
+
+
diff --git a/.codecov.yml b/.codecov.yml
deleted file mode 100644
index 42c0d62b..00000000
--- a/.codecov.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-codecov:
- notify:
- require_ci_to_pass: yes
-
-coverage:
- precision: 2
- round: down
- range: "70...100"
-
- status:
- project: no
- patch: yes
- changes: no
-
-parsers:
- gcov:
- branch_detection:
- conditional: yes
- loop: yes
- method: no
- macro: no
-
-comment:
- layout: "header, diff"
- behavior: default
- require_changes: no
-
-ignore:
- - "build"
- - "deployment"
diff --git a/.github/codeql.yml b/.github/codeql.yml
new file mode 100644
index 00000000..9771ca0f
--- /dev/null
+++ b/.github/codeql.yml
@@ -0,0 +1,52 @@
+name: "Code scanning - action"
+
+on:
+ push:
+ pull_request:
+ schedule:
+ - cron: '0 19 * * 0'
+
+jobs:
+ CodeQL-Build:
+
+ # CodeQL runs on ubuntu-latest and windows-latest
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v2
+ with:
+ # We must fetch at least the immediate parents so that if this is
+ # a pull request then we can checkout the head.
+ fetch-depth: 2
+
+ # If this run was triggered by a pull request event, then checkout
+ # the head of the pull request instead of the merge commit.
+ - run: git checkout HEAD^2
+ if: ${{ github.event_name == 'pull_request' }}
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v1
+ # Override language selection by uncommenting this and choosing your languages
+ # with:
+ # languages: go, javascript, csharp, python, cpp, java
+
+ # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+ # If this step fails, then you should remove it and run the build manually (see below)
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v1
+
+ # âšī¸ Command-line programs to run using the OS shell.
+ # đ https://git.io/JvXDl
+
+ # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines
+ # and modify them (or add more) to build your code if your project
+ # uses a compiled language
+
+ #- run: |
+ # make bootstrap
+ # make release
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v1
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..2659fed2
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+version: 2
+updates:
+- package-ecosystem: docker
+ directory: "/"
+ schedule:
+ interval: weekly
+ time: '11:00'
+ open-pull-requests-limit: 10
+- package-ecosystem: pip
+ directory: "/"
+ schedule:
+ interval: daily
+ time: '11:00'
+ open-pull-requests-limit: 10
diff --git a/.github/workflows/manual-build.yml b/.github/workflows/manual-build.yml
new file mode 100644
index 00000000..944f9035
--- /dev/null
+++ b/.github/workflows/manual-build.yml
@@ -0,0 +1,11 @@
+---
+name: Manual Build & Push
+on:
+ workflow_dispatch:
+jobs:
+ build-push:
+ uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
+ with:
+ name: '${{ github.event.repository.name }}-develop'
+ tags: br-${{ github.ref_name }}
+ secrets: inherit
diff --git a/.github/workflows/pr_build.yml b/.github/workflows/pr_build.yml
new file mode 100644
index 00000000..0fa1c464
--- /dev/null
+++ b/.github/workflows/pr_build.yml
@@ -0,0 +1,43 @@
+---
+name: Pull Request Build, Tag, & Push
+on:
+ pull_request:
+ branches:
+ - develop
+ - main
+ - master
+ types:
+ - opened
+ - reopened
+ - synchronize
+ - closed
+jobs:
+ build-develop-open:
+ if: github.base_ref == 'develop' && github.event.pull_request.merged == false
+ uses: kbase/.github/.github/workflows/reusable_build.yml@main
+ secrets: inherit
+ build-develop-merge:
+ if: github.base_ref == 'develop' && github.event.pull_request.merged == true
+ uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
+ with:
+ name: '${{ github.event.repository.name }}-develop'
+ tags: pr-${{ github.event.number }},latest
+ secrets: inherit
+ build-main-open:
+ if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == false
+ uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
+ with:
+ name: '${{ github.event.repository.name }}'
+ tags: pr-${{ github.event.number }}
+ secrets: inherit
+ build-main-merge:
+ if: (github.base_ref == 'main' || github.base_ref == 'master') && github.event.pull_request.merged == true
+ uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
+ with:
+ name: '${{ github.event.repository.name }}'
+ tags: pr-${{ github.event.number }},latest-rc
+ secrets: inherit
+ trivy-scans:
+ if: (github.base_ref == 'develop' || github.base_ref == 'main' || github.base_ref == 'master' ) && github.event.pull_request.merged == false
+ uses: kbase/.github/.github/workflows/reusable_trivy-scans.yml@main
+ secrets: inherit
diff --git a/.github/workflows/release-main.yml b/.github/workflows/release-main.yml
new file mode 100644
index 00000000..a2546781
--- /dev/null
+++ b/.github/workflows/release-main.yml
@@ -0,0 +1,25 @@
+---
+name: Release - Build & Push Image
+on:
+ release:
+ branches:
+ - main
+ - master
+ types: [ published ]
+jobs:
+ check-source-branch:
+ uses: kbase/.github/.github/workflows/reusable_validate-branch.yml@main
+ with:
+ build_branch: '${{ github.event.release.target_commitish }}'
+ validate-release-tag:
+ needs: check-source-branch
+ uses: kbase/.github/.github/workflows/reusable_validate-release-tag.yml@main
+ with:
+ release_tag: '${{ github.event.release.tag_name }}'
+ build-push:
+ needs: validate-release-tag
+ uses: kbase/.github/.github/workflows/reusable_build-push.yml@main
+ with:
+ name: '${{ github.event.repository.name }}'
+ tags: '${{ github.event.release.tag_name }},latest'
+ secrets: inherit
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
new file mode 100644
index 00000000..e74cb73e
--- /dev/null
+++ b/.github/workflows/test.yml
@@ -0,0 +1,87 @@
+name: KBase Groups tests
+
+on:
+ pull_request:
+ types:
+ - opened
+ - reopened
+ - synchronize
+ - ready_for_review
+ push:
+ # run workflow when merging to main or develop
+ branches:
+ - main
+ - master
+ - develop
+
+jobs:
+
+ groups_tests:
+ runs-on: ubuntu-latest
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ # the current production setup
+ - java: '8'
+ codecov: true
+ mongo: 'mongodb-linux-x86_64-3.6.13'
+ wired_tiger: 'false'
+ ant_test: 'test'
+ # test all code w/ java 11
+ - java: '11'
+ codecov: true
+ mongo: 'mongodb-linux-x86_64-3.6.13'
+ wired_tiger: 'false'
+ ant_test: 'test'
+ # test the latest 3X version of mongo against just the mongo storage code
+ - java: '11'
+ mongo: 'mongodb-linux-x86_64-3.6.23'
+ wired_tiger: 'true'
+ ant_test: 'test_mongo_storage'
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Set up java
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'temurin'
+ java-version: ${{matrix.java}}
+
+ - name: Install dependencies and set up test config
+ shell: bash
+ run: |
+ export HOMEDIR=`pwd`
+
+ # move to parent dir of homedir to install binaries etc
+ cd ..
+
+ # set up jars
+ git clone https://github.com/kbase/jars
+ export JARSDIR=$(pwd)/jars/lib/jars/
+
+ # set up mongo
+ wget -q http://fastdl.mongodb.org/linux/${{matrix.mongo}}.tgz
+ tar xfz ${{matrix.mongo}}.tgz
+ export MONGOD=`pwd`/${{matrix.mongo}}/bin/mongod
+
+ # set up test config
+ cd $HOMEDIR
+ cp -n test.cfg.example test.cfg
+ sed -i "s#^test.jars.dir.*#test.jars.dir=$JARSDIR#" test.cfg
+ sed -i "s#^test.temp.dir =.*#test.temp.dir=temp_test_dir#" test.cfg
+ sed -i "s#^test.mongo.exe.*#test.mongo.exe=$MONGOD#" test.cfg
+ sed -i "s#^test.mongo.useWiredTiger.*#test.mongo.useWiredTiger=${{matrix.wired_tiger}}#" test.cfg
+ cat test.cfg
+
+ - name: Run tests
+ shell: bash
+ run: |
+ ant ${{matrix.ant_test}}
+
+ - name: Upload coverage to Codecov
+ if: matrix.include.codecov
+ uses: codecov/codecov-action@v3
+ with:
+ token: ${{ secrets.CODECOV_TOKEN }}
+ fail_ci_if_error: true
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 46211e94..00000000
--- a/.travis.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-dist: trusty
-sudo: required
-language: java
-jdk:
- - openjdk8
- - oraclejdk8
-env:
- - MONGODB_VER=mongodb-linux-x86_64-2.6.12 ANT_TEST=test WIRED_TIGER=false
- - MONGODB_VER=mongodb-linux-x86_64-3.4.18 ANT_TEST=test_mongo_storage WIRED_TIGER=false
- - MONGODB_VER=mongodb-linux-x86_64-3.4.18 ANT_TEST=test_mongo_storage WIRED_TIGER=true
- - MONGODB_VER=mongodb-linux-x86_64-3.6.8 ANT_TEST=test_mongo_storage WIRED_TIGER=false
- - MONGODB_VER=mongodb-linux-x86_64-3.6.8 ANT_TEST=test_mongo_storage WIRED_TIGER=true
-
-before_install:
- - sudo apt-get -qq update
- - sudo apt-get install -y ant-optional
-
-install:
- - cd ..
- - git clone https://github.com/kbase/jars
- - export JARSDIR=`pwd`/jars/lib/jars/
- - cd -
-
-script:
- - cd ..
- - wget http://fastdl.mongodb.org/linux/$MONGODB_VER.tgz
- - tar xfz $MONGODB_VER.tgz
- - export MONGOD=`pwd`/$MONGODB_VER/bin/mongod
- - cd -
- - cp -n test.cfg.example test.cfg
- - sed -i "s#^test.temp.dir=.*#test.temp.dir=temp_test_dir#" test.cfg
- - sed -i "s#^test.mongo.exe.*#test.mongo.exe=$MONGOD#" test.cfg
- - sed -i "s#^test.mongo.wired_tiger.*#test.mongo.wired_tiger=$WIRED_TIGER#" test.cfg
- - sed -i "s#^test.jars.dir=.*#test.jars.dir=$JARSDIR#" test.cfg
- - cat test.cfg
- - ant $ANT_TEST
-
-jobs:
- include:
- - stage: deploy
- env: # The following are secure declarations for DOCKER_USER, DOCKER_PASS
- - secure: "FOUsz7GwzqjxmoaB2kAQ7T+5twy4F844ApklMSgRynemayqsEWhuEzygXQ+QwLO426s39QtqNgkwYkhTvfInzf+wpUMmTr4tXu0ljYueiEWDOE8CA5FjkPe10e6UWlTqfKPj9jZv2JMc0N3S8evRVTO4UeGjg70gk00QrPsxU7c5gxt7zrabQ0aBXFFswfbnrVcEZXwyqKYOszUxeI7n2bRkLtUSgpKgluPYOcRu8YN51G5yUakC/eHqXM7MtivzTA/fQNbQSB3Ga8O7EmT7zZrpVHPpjEQBkRAhiQLgxNJaoQsRTh31qmj4S0r2/i6fSb2CJftVu2OmlbuQHHyJJvliR6rFTdPKDMXYWTJ7zGjgT5K5DUb96Yix+vEi1lq48mKfjqy+akeqC6z9mXHXZc4aCaLVCOHKCsttH0tUZ+Mb4akfjFFZeVsQ0NTMskfDSisyMniZffAA3A0qRPhgQVFw1F4CeiOabjXBn1K4pLLtbx4lYFrmRPV89umYKOJXV9yt5pPA69dTgJqaUTAdvA1MoKgZ5OzEUzxcVLQlQi+nxUKcBOac705s2rfYuo5yEbrbHrIshBq6cMTgoEzgOfja9Mm6pdL8pmcxp1MyiVcOtvQjHgJ2RWb1TbdKar4ZHVs1U1DsEeB4u/C+o02yVfJBqufFPUxEc74cn7pMMuE="
- - secure: "XOdfRLxVxIwJxiwC0aiSGfzgNZVKXajqqil6mINuwuCTZAsGTvEyGsU9uy0QTsgjwIrg4USV3TQ0mEo74yQuUPBNKRUImn8ChKIsWkqY+8qbzm40WXQNZ/0DAM+NZ7vtrSXtNfP6Kvy8ffkntYt2zbUCAZDl5hyYzXL0WuAUWnINmwJ3SBTPPYbyvezSW9R1dTsL1xmY63exwqD8ebUslRRcRp3ssSnyLZ24kdqkWiCfbTvELqZkK4xhJ3WhNU0uTe7NHXZD0RDpNUOkHpFOuDJQvcYbp39ua3BpA6Atqtdhnz7n/kDj3osiKnAnDMtVdWodWePE2fOkXGlYobR0kGf2YXPIM4eH+3XstMb8XewmbqQeYPHs/y2Fn8bi7VlCjcvKNGUrEutit0nVINb1le86az08/Sf2wvpyOawTuGugJOdw1rRrEV6Eo1dM4DotIcYaywSP8R+GVh9fNb4rHIWaVq5jJT3rs55xe73417dVUDNcGg6qJ/sHvgxGorulVmKWzZrv6tTLpdq4+YNVzdQ71iD9rJqPbEWChVDDdtURjoW18jNynz4AVSDmzBFeWJobNnAxVpqn/2MlLEvCzar1X9w7dyp4KBTbLCb+1s5ZfJzO29tiaXSMrKLLbYsB5BTfHeMhQMy6m+jl26Z791zdatPZG7mL3ir9sdUAhXo="
- script: # Only push to dockerhub if this isn't a PR and we're updating master or develop
- - docker pull kbase/kb_jre
- - ant docker_image
- - IMAGE_NAME=kbase/groups build/push2dockerhub.sh
-after_success:
- - ls test-reports
- - bash <(curl -s https://codecov.io/bash) -f test-reports/coverage-report.xml
-
diff --git a/LICENSE.md b/LICENSE.md
index a1fa12dc..deafd790 100644
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,4 +1,4 @@
-Copyright (c) 2018 The KBase Project and its Contributors
+Copyright (c) 2018-present The KBase Project and its Contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
diff --git a/README.md b/README.md
index 6f080d65..215d9ff7 100644
--- a/README.md
+++ b/README.md
@@ -943,7 +943,8 @@ field--param-image-exists=<'true' or any other value for false>
```
`strict-length` will cause the validator to throw an error if the field is not exactly 32
-characters, and is false by default. Gravatar allows for extra characters at the end of the hash.
+characters, and is false by default. In some cases (such as adding a `.jpg` extension)
+Gravatar allows for extra characters at the end of the hash.
`image-exists` will cause the validator to throw an error if there is no [image associated with
the hash (see Default Image)](https://en.gravatar.com/site/implement/images/), and is false
diff --git a/build.xml b/build.xml
index a97e42f7..39084fd0 100644
--- a/build.xml
+++ b/build.xml
@@ -91,19 +91,18 @@
-
+
-
-
+
-
-
-
-
+
+
+
+
@@ -219,7 +218,14 @@
-
+
+
+
+
+
+
+
+
diff --git a/build/build_docker_image.sh b/build/build_docker_image.sh
deleted file mode 100755
index 1a43bcf5..00000000
--- a/build/build_docker_image.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash -x
-
-export BRANCH=${TRAVIS_BRANCH:-`git symbolic-ref --short HEAD`}
-export DATE=`date -u +"%Y-%m-%dT%H:%M:%SZ"`
-export COMMIT=${TRAVIS_COMMIT:-`git rev-parse --short HEAD`}
-docker build --build-arg BUILD_DATE=$DATE \
- --build-arg VCS_REF=$COMMIT \
- --build-arg BRANCH=$BRANCH \
- -t kbase/groups:$COMMIT .
diff --git a/build/push2dockerhub.sh b/build/push2dockerhub.sh
deleted file mode 100755
index 1b37e11c..00000000
--- a/build/push2dockerhub.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash
-#
-# This script is intended to be run in the deploy stage of a travis build
-# It checks to make sure that this is a not a PR, and that we have the secure
-# environment variables available and then checks if this is either the master
-# or develop branch, otherwise we don't push anything
-#
-# NOTE: IMAGE_NAME is expected to be passed in via the environment so that this
-# script can be more general
-#
-# sychan@lbl.gov
-# 8/31/2017
-
-TAG=`if [ "$TRAVIS_BRANCH" == "master" ]; then echo "latest"; else echo $TRAVIS_BRANCH ; fi`
-COMMIT=${TRAVIS_COMMIT:-`git rev-parse --short HEAD`}
-
-if ( [ "$TRAVIS_SECURE_ENV_VARS" == "true" ] && [ "$TRAVIS_PULL_REQUEST" == "false" ] ); then
- # $TAG was set from TRAVIS_BRANCH, which is a little wonky on pull requests,
- # but it should be okay since we should never get here on a PR
- if ( [ "$TAG" == "latest" ] || [ "$TAG" == "develop" ] ) ; then
- echo "Logging into Dockerhub as $DOCKER_USER"
- docker login -u $DOCKER_USER -p $DOCKER_PASS && \
- docker tag $IMAGE_NAME:$COMMIT $IMAGE_NAME:$TAG && \
- echo "Pushing $IMAGE_NAME:$TAG" && \
- docker push $IMAGE_NAME:$TAG || \
- ( echo "Failed to login and push tagged image" && exit 1 )
- else
- echo "Not pushing image for branch $TAG"
- fi
-else
- echo "Not building image for pull requests or if secure variables unavailable"
-fi
diff --git a/src/us/kbase/groups/fieldvalidators/GravatarFieldValidatorFactory.java b/src/us/kbase/groups/fieldvalidators/GravatarFieldValidatorFactory.java
index 42753665..718deb02 100644
--- a/src/us/kbase/groups/fieldvalidators/GravatarFieldValidatorFactory.java
+++ b/src/us/kbase/groups/fieldvalidators/GravatarFieldValidatorFactory.java
@@ -22,7 +22,8 @@
/** Validates that a gravatar hash is a valid MD5.
* Include "strict-length": "true" in the configuration to enforce an exact 32 character MD5.
- * If omitted, any extra characters are ignored (which is what Gravatar does).
+ * If omitted, any extra characters are ignored. This may will likely cause the validation to fail
+ * if "image-exists" is true and Gravatar doesn't know how to process the extra characters.
* Include "image-exists": "true" in the configuration to enforce that an image is associated
* with the hash (see Default Image section at https://en.gravatar.com/site/implement/images/).
diff --git a/src/us/kbase/test/groups/fieldvalidators/GravatarFieldValidatorFactoryTest.java b/src/us/kbase/test/groups/fieldvalidators/GravatarFieldValidatorFactoryTest.java
index da5d19c5..04c756b9 100644
--- a/src/us/kbase/test/groups/fieldvalidators/GravatarFieldValidatorFactoryTest.java
+++ b/src/us/kbase/test/groups/fieldvalidators/GravatarFieldValidatorFactoryTest.java
@@ -53,7 +53,7 @@ public void validateWithAccount() throws Exception {
// if there's no error, the test passes
v.validate(KNOWN_GOOD);
// check that extra characters pass
- v.validate(KNOWN_GOOD + "Z");
+ v.validate(KNOWN_GOOD + ".jpg");
}
@Test
diff --git a/src/us/kbase/test/groups/integration/ServiceIntegrationTest.java b/src/us/kbase/test/groups/integration/ServiceIntegrationTest.java
index 3837f0d6..4c8fbd5e 100644
--- a/src/us/kbase/test/groups/integration/ServiceIntegrationTest.java
+++ b/src/us/kbase/test/groups/integration/ServiceIntegrationTest.java
@@ -110,7 +110,6 @@ public static void beforeClass() throws Exception {
// set up auth
AUTH = new AuthController(
- TestCommon.getJarsDir(),
"localhost:" + MANAGER.mongo.getServerPort(),
"GroupsServiceIntgrationTestAuth",
TEMP_DIR);
diff --git a/src/us/kbase/test/groups/util/UtilTest.java b/src/us/kbase/test/groups/util/UtilTest.java
index be39ca18..f7d69178 100644
--- a/src/us/kbase/test/groups/util/UtilTest.java
+++ b/src/us/kbase/test/groups/util/UtilTest.java
@@ -1,6 +1,8 @@
package us.kbase.test.groups.util;
import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.CoreMatchers.startsWith;
+import static org.hamcrest.CoreMatchers.endsWith;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
@@ -229,13 +231,23 @@ FieldValidatorFactory.class, new GroupsConfigurationException(
@Test
public void loadClassWithInterfaceFailPrivateConstructor() throws Exception {
- failLoadClassWithInterface(FailOnInstantiationPrivateConstructor.class.getName(),
- FieldValidatorFactory.class, new GroupsConfigurationException(
- "Module us.kbase.test.groups.util.FailOnInstantiation" +
- "PrivateConstructor could not be instantiated: Class us.kbase.groups." +
- "util.Util can not access a member of class us." +
- "kbase.test.groups.util.FailOnInstantiationPrivateConstructor " +
- "with modifiers \"private\""));
+ try {
+ Util.loadClassWithInterface(
+ FailOnInstantiationPrivateConstructor.class.getName(),
+ FieldValidatorFactory.class);
+ fail("expected exception");
+ } catch (GroupsConfigurationException got) {
+ assertThat("incorrect exception message", got.getMessage(), startsWith(
+ "Module us.kbase.test.groups.util.FailOnInstantiation" +
+ "PrivateConstructor could not be instantiated: "
+ ));
+ // trivial text changes from java 8 -> 11
+ assertThat("incorrect exception message", got.getMessage(), endsWith(
+ "not access a member of class us." +
+ "kbase.test.groups.util.FailOnInstantiationPrivateConstructor " +
+ "with modifiers \"private\""
+ ));
+ }
}
private void failLoadClassWithInterface(