Merge branch 'main' into 0-go-cg-docs

Author: nagarjunsanji

.dockerignore

@@ -1 +1,54 @@
-/build/docker
+/build/docker
+/assets/
+
+# From gitignore:
+.vscode
+.idea
+coverage.out
+coverage.html
+node_modules
+debricked
+debricked.exe
+dist/
+/debricked-go-dependencies.txt
+/gomod.debricked.lock
+/.env
+test/resolve/testdata/pip/requirements.txt.venv/
+test/resolve/testdata/pip/requirements.txt.pip.debricked.lock
+internal/cmd/scan/testdata/npm/yarn.lock
+internal/file/embedded/supported_formats.json
+internal/resolution/pm/gradle/.gradle-init-script.debricked.groovy
+internal/resolution/pm/nuget/testdata/invalid_dependency/obj
+internal/resolution/pm/nuget/testdata/valid/obj
+internal/resolution/pm/nuget/testdata/valid/packages.config.nuget.debricked.lock
+internal/callgraph/language/java11/testdata/mvnproj/target
+test/resolve/testdata/composer/composer.lock
+test/resolve/testdata/npm/yarn.lock
+test/resolve/testdata/npm/package-lock.json
+test/resolve/testdata/bower/bower.debricked.lock
+test/resolve/testdata/bower/bower_components/
+test/resolve/testdata/nuget/packages.lock.json
+test/resolve/testdata/nuget/csproj/packages.lock.json
+test/resolve/testdata/nuget/packagesconfig/packages.config.nuget.debricked.lock
+test/resolve/testdata/nuget/obj
+test/resolve/testdata/nuget/**/obj
+debricked.fingerprints.txt
+test/resolve/testdata/gomod/gomod.debricked.lock
+test/resolve/testdata/maven/maven.debricked.lock
+test/callgraph/**/maven.debricked.lock
+internal/file/testdata/**/go.sum
+internal/file/testdata/**/gomod.debricked.lock
+internal/file/testdata/**/yarn-error.log
+internal/scan/composer/**/yarn.lock
+internal/scan/testdata/**/yarn.lock
+internal/scan/testdata/**/package-lock.json
+internal/scan/testdata/**/debricked.fingerprints.wfp
+test/resolve/testdata/gradle/*/**
+**.gradle-init-script.debricked.groovy
+test/resolve/testdata/gradle/gradle.debricked.lock
+/mvnproj/target
+debricked-call-graph.*
+internal/scan/testdata/npm/result.json
+/internal/file/testdata/misc/yarn.lock
+/internal/callgraph/finder/javafinder/testdata/guava/maven.debricked.lock
+/internal/resolution/pm/maven/testdata/guava/maven.debricked.lock

.github/workflows/codescene.yml

@@ -14,10 +14,13 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.23.0'
       - name: Pull Supported Formats
         run: |
           cd cmd/debricked
           go generate -v -x
-      - run: |
-          go run cmd/debricked/main.go scan -t ${{ secrets.DEBRICKED_TOKEN }} -e "pkg/**" -e "test/**" -e "**/testdata/**"
+      - uses: GuillaumeFalourd/[email protected]
+        with:
+          command_line: go run cmd/debricked/main.go scan -t ${{ secrets.DEBRICKED_TOKEN }} -e "pkg/**" -e "test/**" -e "**/testdata/**"
+          contains: AUTOMATION RULE
+          expected_result: PASSED

.github/workflows/debricked.yml

@@ -22,6 +22,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: '50'
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3

.github/workflows/docker.yml

@@ -9,69 +9,91 @@ permissions:
   contents: write
 
 jobs:
-  soot-wrapper:
+  calculate-checksum:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        java-version: [ 11, 17, 21 ]
+    outputs:
+      next_latest_tag: ${{ steps.next-latest-tag.outputs.next_latest_tag }}
+      prev_hash: ${{ steps.calc-checksum.outputs.prev_hash }}
+      hash: ${{ steps.calc-checksum.outputs.hash }}
     steps:
       - uses: actions/checkout@v4
         with:
-          repository: 'debricked/soot-wrapper'
+          fetch-depth: 30
+          fetch-tags: true
+          ref: ${{ github.event.repository.default_branch }}
+          sparse-checkout: .
 
+      - name: Get next latest tag
+        id: next-latest-tag
+        run: |
+          CURRENT_TAG=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name')
+          PREVIOUS_TAG=$(git describe --tags --abbrev=0 $CURRENT_TAG^ --exclude release*)
+          echo "next_latest_tag=$PREVIOUS_TAG" >> $GITHUB_OUTPUT
+
+      - uses: actions/checkout@v4
+        with:
+          repository: 'debricked/soot-wrapper'
+          
       - name: Calculate checksum
         id: calc-checksum
         run: |
-          TAG=$(curl -s https://api.github.com/repos/${{ github.repository }}/releases/latest | jq -r '.tag_name')
-          curl -LJO https://github.com/${{ github.repository }}/releases/download/${TAG}/soot-wrapper-rev-hash.txt
+          curl -LJO https://github.com/${{ github.repository }}/releases/download/${{ steps.next-latest-tag.outputs.next_latest_tag }}/soot-wrapper-rev-hash.txt
 
-          echo "release_tag=$TAG" >> $GITHUB_OUTPUT
           echo "hash=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
           if [ ! -f soot-wrapper-rev-hash.txt ]; then
             touch soot-wrapper-rev-hash.txt
           fi
           echo "prev_hash=$(cat soot-wrapper-rev-hash.txt)" >> $GITHUB_OUTPUT
 
+      - name: Store soot-wrapper revision hash
+        run: |
+          echo ${{ steps.calc-checksum.outputs.hash }} > soot-wrapper-rev-hash.txt
+
+      - name: Upload file containing soot-wrapper revision hash
+        uses: actions/upload-artifact@v4
+        with:
+          name: soot-wrapper-rev-hash.txt
+          path: soot-wrapper-rev-hash.txt
+          overwrite: 'true'
+
+  soot-wrapper:
+    needs: calculate-checksum
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java-version: [ 11, 17, 21 ]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          repository: 'debricked/soot-wrapper'
+
       - name: Pull JAR from previous release if already built
-        if: steps.calc-checksum.outputs.hash == steps.calc-checksum.outputs.prev_hash
+        if: needs.calculate-checksum.outputs.hash == needs.calculate-checksum.outputs.prev_hash
         run: |
-          curl -LJO https://github.com/${{ github.repository }}/releases/download/${{ steps.calc-checksum.outputs.release_tag }}/soot-wrapper-${{ matrix.java-version }}.zip
+          curl -LJO https://github.com/${{ github.repository }}/releases/download/${{ needs.calculate-checksum.outputs.next_latest_tag }}/soot-wrapper-${{ matrix.java-version }}.zip
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up JDK ${{ matrix.java-version }}
-        if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
+        if: needs.calculate-checksum.outputs.hash != needs.calculate-checksum.outputs.prev_hash
         uses: actions/setup-java@v4
         with:
           java-version: ${{ matrix.java-version }}
           distribution: 'adopt'
 
       - name: Build with Maven
-        if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
+        if: needs.calculate-checksum.outputs.hash != needs.calculate-checksum.outputs.prev_hash
         run: |
           cd java/common/
-          mvn clean package -X -DskipTests
+          mvn clean package -X -DskipTests -Pjava${{ matrix.java-version }}
 
       - name: Create archive with generated JARs
-        if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
+        if: needs.calculate-checksum.outputs.hash != needs.calculate-checksum.outputs.prev_hash
         run: |
           cd java/common/target/
-          zip -r soot-wrapper-${{ matrix.java-version }}.zip *.jar
+          zip soot-wrapper-${{ matrix.java-version }}.zip SootWrapper.jar # Use only the jar which includes dependencies
           mv soot-wrapper-${{ matrix.java-version }}.zip ../../../soot-wrapper-${{ matrix.java-version }}.zip
 
-      - name: Store soot-wrapper revision hash
-        if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
-        run: |
-          echo ${{ steps.calc-checksum.outputs.hash }} > soot-wrapper-rev-hash.txt
-
-      - name: Upload file containing soot-wrapper revision hash
-        if: steps.calc-checksum.outputs.hash != steps.calc-checksum.outputs.prev_hash
-        uses: actions/upload-artifact@v4
-        with:
-          name: soot-wrapper-rev-hash.txt
-          path: soot-wrapper-rev-hash.txt
-          overwrite: 'true'
-
       - name: Upload the archive
         uses: actions/upload-artifact@v4
         with:
@@ -89,9 +111,14 @@ jobs:
 
       - run: git fetch --force --tags
 
+      - name: Install UPX
+        uses: crazy-max/ghaction-upx@v3
+        with:
+          install-only: true
+
       - uses: actions/setup-go@v5
         with:
-          go-version: '>=1.20'
+          go-version: '1.23.0'
           cache: true
 
       - name: Import GPG signing key
@@ -106,7 +133,7 @@ jobs:
           cd cmd/debricked
           go generate -v -x
 
-      - uses: goreleaser/goreleaser-action@v5
+      - uses: goreleaser/goreleaser-action@v6
         with:
           distribution: goreleaser
           version: latest
@@ -175,7 +202,7 @@ jobs:
           useradd -m aur
 
       # Setup SSH access to aur.archlinux.org
-      - uses: webfactory/ssh-agent@v0.8.0
+      - uses: webfactory/ssh-agent@v0.9.0
         with:
           ssh-private-key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
 

.github/workflows/release.yml

@@ -11,7 +11,7 @@ jobs:
     name: CLI
     strategy:
       matrix:
-        os: [ 'ubuntu-latest', 'windows-latest', 'macos-12' ]
+        os: [ 'ubuntu-latest', 'windows-latest', 'macos-13' ]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Set git to use LF
@@ -24,7 +24,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.23.0'
 
       - name: Install Bower
         run: |
@@ -75,7 +75,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.23.0'
 
       - name: Pull Supported Formats
         run: |
@@ -92,7 +92,8 @@ jobs:
           distribution: 'temurin'
 
       - name: Install Debricked CLI
-        run: go install -ldflags "-X main.version=${GITHUB_REF#refs/heads/}" ./cmd/debricked
+        run: |
+          go install -ldflags "-X main.version=${{ secrets.DEBRICKED_VERSION }}" ./cmd/debricked
 
       - name: Callgraph E2E
         run: ./scripts/test_e2e_callgraph_java_version.sh ${{matrix.java}}
@@ -136,12 +137,12 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.20'
+          go-version: '1.23.0'
       - name: Pull Supported Formats
         run: |
           cd cmd/debricked
           go generate -v -x
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v4
         with:
-          version: v1.52
+          version: v1.62

.github/workflows/test.yml

@@ -45,3 +45,6 @@ test/resolve/testdata/gradle/gradle.debricked.lock
 /mvnproj/target
 debricked-call-graph.*
 internal/scan/testdata/npm/result.json
+/internal/file/testdata/misc/yarn.lock
+/internal/callgraph/finder/javafinder/testdata/guava/maven.debricked.lock
+/internal/resolution/pm/maven/testdata/guava/maven.debricked.lock