Merge branch 'main' into HHH-19558

Author: Stefan-Tri

.github/dependabot.yml

@@ -6,14 +6,6 @@ registries:
     username: dummy # Required by dependabot
     password: dummy # Required by dependabot
 updates:
-  - package-ecosystem: "gradle"
-    directory: "/"
-    allow:
-      - dependency-name: "com.gradle*"
-    registries:
-      - gradle-plugin-portal
-    schedule:
-      interval: "weekly"
   - package-ecosystem: github-actions
     directory: "/"
     schedule:
@@ -25,3 +17,128 @@ updates:
     allow:
       - dependency-name: "actions/*"
       - dependency-name: "redhat-actions/*"
+  - package-ecosystem: "gradle"
+    directory: "/"
+    registries:
+      - gradle-plugin-portal
+    schedule:
+      interval: "weekly"
+      day: "wednesday"
+    open-pull-requests-limit: 20
+    groups:
+      # These are used in tooling we publish (Gradle, Ant, Maven plugins)
+      # and thus must be treated as runtime dependencies,
+      # which cannot be included in the build-dependencies group below.
+      tooling-dependencies:
+        patterns:
+          # Note: Gradle tooling dependencies seem to be tied to the version of Gradle we use for building.
+          - "org.apache.ant*"
+          - "org.apache.maven:maven-plugin-api"
+          - "org.apache.maven:maven-project"
+          - "org.apache.maven.shared:file-management"
+          - "org.apache.maven.plugin-tools:maven-plugin-annotations"
+      # This group combines all build-only dependencies. Published artifacts do not depend on them.
+      # Grouping such dependencies will make Dependabot create PRs with a branch name
+      # following the pattern (`dependabot/maven/build-dependencies-.*`)
+      # and with a title like `Bump the build-dependencies group with 8 updates` that we can easily
+      # use for Hibernate Bot rules.
+      build-dependencies:
+        patterns:
+          # Gradle plugins:
+          - "com.gradle*"
+          - "org.moditect*"
+          - "de.thetaphi*"
+          - "org.gradlex*"
+          - "org.hibernate.build*"
+          - "org.hibernate.orm.build*"
+          - "org.hibernate.orm.database-service*"
+          - "org.hibernate.orm.antlr*"
+          - "io.github.gradle-nexus*"
+          - "biz.aQute.bnd*"
+          - "org.checkerframework*"
+          - "org.jetbrains.gradle*"
+          - "com.dorongold*"
+          - "org.asciidoctor*"
+          - "com.diffplug.spotless*"
+          # Local build plugin dependencies:
+          - "org.apache.maven*"
+          - "org.apache.httpcomponents*"
+          # DB drivers:
+          - "com.h2database:h2"
+          - "org.orbisgis:h2gis"
+          - "org.hsqldb:hsqldb"
+          - "org.apache.derby*"
+          - "org.postgresql:*"
+          - "com.mysql:mysql-connector-j"
+          - "org.mariadb.jdbc:mariadb-java-client"
+          - "com.oracle.database.*"
+          - "com.microsoft.sqlserver:mssql-jdbc"
+          - "com.ibm.db2:jcc"
+          - "com.sap.cloud.db.jdbc:ngdbc"
+          - "net.sourceforge.jtds:jtds"
+          - "com.ibm.informix:jdbc"
+          - "org.firebirdsql.jdbc:jaybird"
+          - "com.altibase:altibase-jdbc"
+          # Other test dependencies
+          - "org.apache.groovy:groovy-jsr223" # used for scripting maven plugin
+          - "org.apache.commons:commons-lang3" # used in hibernate-search-util-common tests
+          - "org.apache.commons:commons-math3" # used to solve dependency convergence for Wiremock
+          - "org.openjdk.jmh:*" # performance testing dependency
+          - "com.google.guava:guava" # Guava is used in our test utils
+          - "org.asciidoctor:*" # Asciidoctor is used for rendering the documentation
+          - "org.jboss.marshalling:jboss-marshalling" # JBeret IT dependency
+          - "org.wildfly.security:wildfly-security-manager" # JBeret IT dependency
+          - "org.springframework.boot:*" # Spring is only for ITs
+          - "io.agroal:agroal-spring-boot-starter" # part of Spring dependencies, is only for ITs
+          - "dev.snowdrop:narayana-spring-boot-starter" # part of Spring dependencies, is only for ITs
+          - "org.mockito:*"
+          - "org.hamcrest:*"
+          - "org.apache.logging.log4j:*"
+          - "org.assertj:*"
+          - "org.jsoup:*"
+          - "org.junit*"
+          - "org.jboss.weld.se:*"
+          - "org.jboss.narayana.*:*"
+          - "org.wildfly.transaction:*"
+          - "org.jboss:jboss-transaction-spi"
+          - "org.jboss.shrinkwrap*"
+          - "org.jboss.byteman*"
+      hibernate:
+        patterns:
+          - "org.hibernate*"
+      jakarta:
+        patterns:
+          - "jakarta.*"
+          - "org.glassfish*"
+          - "org.eclipse:yasson"
+    ignore:
+      # Avoid non-patch updates for complex dependencies and their implementation, even if we only use them for tests.
+      - dependency-name: "org.hibernate*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "jakarta.*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.jboss.narayana*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.jboss.weld*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.wildfly*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.glassfish*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.eclipse:yasson"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.apache.maven*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      - dependency-name: "org.apache.ant*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Avoid non-patch updates for JUnit, because it is exposed in hibernate-testing,
+      # which contains @BytecodeEnhanced, which is very sensitive to internal changes in JUnit.
+      - dependency-name: "org.junit*"
+        update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      # Sticking to SLF4J 1.x for now since later versions require upgrading providers
+      # (Log4j, ... see https://www.slf4j.org/faq.html#changesInVersion200),
+      # and also because we only need this dependency for Maven,
+      # which is currently still on SLF4J 1.x
+      # (see https://central.sonatype.com/artifact/org.apache.maven/maven-embedder/3.9.9/dependencies)
+      - dependency-name: "org.slf4j:*"
+        update-types: ["version-update:semver-major"]

.github/hibernate-github-bot.yml

@@ -2,6 +2,10 @@
 jira:
   projectKey: "HHH"
   insertLinksInPullRequests: true
+  ignore:
+    # See the `build-dependencies` group in Dependabot's configuration file
+    - user: dependabot[bot]
+      titlePattern: "Bump.*the (build-dependencies|workflow-actions) group.*+"
   ignoreFiles:
     # Git
     - ".git*"
@@ -63,3 +67,7 @@ develocity:
         replacement: "" # Just remove these tags
 licenseAgreement:
   enabled: true
+  ignore:
+    # See the `build-dependencies` group in the Dependabot's configuration file
+    - user: dependabot[bot]
+      titlePattern: "Bump.*"

.github/workflows/ci.yml

@@ -3,10 +3,18 @@ name: GH Actions CI
 on:
   push:
     branches:
+      # Pattern order matters: the last matching inclusion/exclusion wins
       - 'main'
+      # We don't want to run CI on branches for dependabot, just on the PR.
+      - '!dependabot/**'
   pull_request:
     branches:
       - 'main'
+      # Ignore dependabot PRs that are not just about build dependencies or workflows;
+      # we'll reject such PRs and send one ourselves.
+      - '!dependabot/**'
+      - 'dependabot/maven/build-dependencies-**'
+      - 'dependabot/github_actions/workflow-actions-**'
 
 permissions: { } # none
 

Jenkinsfile

@@ -40,18 +40,20 @@ stage('Configure') {
 // Don't build with HANA by default, but only do it nightly until we receive a 3rd instance
 // 		new BuildEnvironment( dbName: 'hana_cloud', dbLockableResource: 'hana-cloud', dbLockResourceAsHost: true ),
 		new BuildEnvironment( node: 's390x' ),
-		// We build with JDK 21, but produce Java 17 bytecode, so we test with JDK 17, to be sure everything works.
-		new BuildEnvironment( testJdkVersion: '17' ),
+		// We generally build with JDK 21, but our baseline is Java 17, so we test with JDK 17, to be sure everything works.
+		// Here we even compile the main code with JDK 17, to be sure no JDK 18+ classes are depended on.
+		new BuildEnvironment( mainJdkVersion: '17', testJdkVersion: '17' ),
 		// We want to enable preview features when testing newer builds of OpenJDK:
 		// even if we don't use these features, just enabling them can cause side effects
 		// and it's useful to test that.
-		new BuildEnvironment( testJdkVersion: '23', testJdkLauncherArgs: '--enable-preview', skipJacoco: true ),
-		new BuildEnvironment( testJdkVersion: '24', testJdkLauncherArgs: '--enable-preview', skipJacoco: true ),
+		new BuildEnvironment( testJdkVersion: '23', testJdkLauncherArgs: '--enable-preview', additionalOptions: '-PskipJacoco=true' ),
+		new BuildEnvironment( testJdkVersion: '24', testJdkLauncherArgs: '--enable-preview', additionalOptions: '-PskipJacoco=true' ),
+		new BuildEnvironment( testJdkVersion: '25', testJdkLauncherArgs: '--enable-preview', additionalOptions: '-PskipJacoco=true' ),
 		// The following JDKs aren't supported by Hibernate ORM out-of-the box yet:
 		// they require the use of -Dnet.bytebuddy.experimental=true.
 		// Make sure to remove that argument as soon as possible
 		// -- generally that requires upgrading bytebuddy after the JDK goes GA.
-		new BuildEnvironment( testJdkVersion: '25', testJdkLauncherArgs: '--enable-preview -Dnet.bytebuddy.experimental=true', skipJacoco: true ),
+		new BuildEnvironment( testJdkVersion: '26', testJdkLauncherArgs: '--enable-preview -Dnet.bytebuddy.experimental=true', additionalOptions: '-PskipJacoco=true' )
 	];
 
 	if ( env.CHANGE_ID ) {
@@ -102,13 +104,18 @@ stage('Build') {
 	Map<String, Map<String, String>> state = [:]
 	environments.each { BuildEnvironment buildEnv ->
 		// Don't build environments for newer JDKs when this is a PR, unless the PR is labelled with 'jdk' or 'jdk-<version>'
-		if ( helper.scmSource.pullRequest && buildEnv.testJdkVersion &&
+		if ( helper.scmSource.pullRequest &&
+				buildEnv.testJdkVersion && buildEnv.testJdkVersion.toInteger() > DEFAULT_JDK_VERSION.toInteger() &&
 				!pullRequest.labels.contains( 'jdk' ) && !pullRequest.labels.contains( "jdk-${buildEnv.testJdkVersion}" ) ) {
 			return
 		}
 		state[buildEnv.tag] = [:]
 		executions.put(buildEnv.tag, {
 			runBuildOnNode(buildEnv.node ?: NODE_PATTERN_BASE) {
+				def mainJavaHome
+				if ( buildEnv.mainJdkVersion ) {
+					mainJavaHome = tool(name: "OpenJDK ${buildEnv.mainJdkVersion} Latest", type: 'jdk')
+				}
 				def testJavaHome
 				if ( buildEnv.testJdkVersion ) {
 					testJavaHome = tool(name: "OpenJDK ${buildEnv.testJdkVersion} Latest", type: 'jdk')
@@ -118,9 +125,17 @@ stage('Build') {
 				// See https://github.com/jenkinsci/pipeline-plugin/blob/master/TUTORIAL.md
 				withEnv(["JAVA_HOME=${javaHome}", "PATH+JAVA=${javaHome}/bin"]) {
 					state[buildEnv.tag]['additionalOptions'] = '-PmavenMirror=nexus-load-balancer-c4cf05fd92f43ef8.elb.us-east-1.amazonaws.com'
-					if ( testJavaHome ) {
+					if ( buildEnv.mainJdkVersion ) {
+						state[buildEnv.tag]['additionalOptions'] = state[buildEnv.tag]['additionalOptions'] +
+								" -Pmain.jdk.version=${buildEnv.mainJdkVersion}"
+					}
+					if ( buildEnv.testJdkVersion ) {
 						state[buildEnv.tag]['additionalOptions'] = state[buildEnv.tag]['additionalOptions'] +
-								" -Ptest.jdk.version=${buildEnv.testJdkVersion} -Porg.gradle.java.installations.paths=${javaHome},${testJavaHome}"
+								" -Ptest.jdk.version=${buildEnv.testJdkVersion}"
+					}
+					if ( buildEnv.mainJdkVersion || buildEnv.testJdkVersion ) {
+						state[buildEnv.tag]['additionalOptions'] = state[buildEnv.tag]['additionalOptions'] +
+								" -Porg.gradle.java.installations.paths=${[javaHome, mainJavaHome, testJavaHome].findAll { it != null }.join(',')}"
 					}
 					if ( buildEnv.testJdkLauncherArgs ) {
 						state[buildEnv.tag]['additionalOptions'] = state[buildEnv.tag]['additionalOptions'] +
@@ -130,10 +145,6 @@ stage('Build') {
 						state[buildEnv.tag]['additionalOptions'] = state[buildEnv.tag]['additionalOptions'] +
 								" -Pci.node=${buildEnv.node}"
 					}
-					if ( buildEnv.skipJacoco ) {
-						state[buildEnv.tag]['additionalOptions'] = state[buildEnv.tag]['additionalOptions'] +
-								" -PskipJacoco=true"
-					}
 					state[buildEnv.tag]['containerName'] = null;
 					stage('Checkout') {
 						checkout scm
@@ -210,6 +221,7 @@ stage('Build') {
 // Job-specific helpers
 
 class BuildEnvironment {
+	String mainJdkVersion
 	String testJdkVersion
 	String testJdkLauncherArgs
 	String dbName = 'h2'
@@ -219,7 +231,6 @@ class BuildEnvironment {
 	String additionalOptions
 	String notificationRecipients
 	boolean longRunning
-	boolean skipJacoco
 
 	String toString() { getTag() }
 	String getTag() { "${node ? node + "_" : ''}${testJdkVersion ? 'jdk_' + testJdkVersion + '_' : '' }${dbName}" }

ci/build.sh

@@ -1,7 +1,7 @@
 #! /bin/bash
 
 goal=
-if [ "$RDBMS" == "h2" ]; then
+if [ "$RDBMS" == "h2" ] || [ "$RDBMS" == "" ]; then
   # This is the default.
   goal="preVerifyRelease"
   # Settings needed for `preVerifyRelease` execution - for asciidoctor doc rendering
@@ -10,7 +10,7 @@ elif [ "$RDBMS" == "hsqldb" ] || [ "$RDBMS" == "hsqldb_2_6" ]; then
   goal="-Pdb=hsqldb"
 elif [ "$RDBMS" == "mysql" ] || [ "$RDBMS" == "mysql_8_0" ]; then
   goal="-Pdb=mysql_ci"
-elif [ "$RDBMS" == "mariadb" ] || [ "$RDBMS" == "mariadb_10_4" ]; then
+elif [ "$RDBMS" == "mariadb" ] || [ "$RDBMS" == "mariadb_10_6" ]; then
   goal="-Pdb=mariadb_ci"
 elif [ "$RDBMS" == "postgresql" ] || [ "$RDBMS" == "postgresql_13" ]; then
   goal="-Pdb=pgsql_ci"
@@ -77,6 +77,9 @@ elif [ "$RDBMS" == "altibase" ]; then
   goal="-Pdb=altibase"
 elif [ "$RDBMS" == "informix" ]; then
   goal="-Pdb=informix"
+else
+  echo "Invalid value for RDBMS: $RDBMS"
+  exit 1
 fi
 
 function logAndExec() {

docker_db.sh

@@ -138,9 +138,9 @@ mariadb_wait_until_start()
     fi
 }
 
-mariadb_10_5() {
+mariadb_10_6() {
     $CONTAINER_CLI rm -f mariadb || true
-    $CONTAINER_CLI run --name mariadb -e MARIADB_USER=hibernate_orm_test -e MARIADB_PASSWORD=hibernate_orm_test -e MARIADB_DATABASE=hibernate_orm_test -e MARIADB_ROOT_PASSWORD=hibernate_orm_test -p3306:3306 -d ${DB_IMAGE_MARIADB_10_5:-docker.io/mariadb:10.5.25} --character-set-server=utf8mb4 --collation-server=utf8mb4_bin --skip-character-set-client-handshake --lower_case_table_names=2
+    $CONTAINER_CLI run --name mariadb -e MARIADB_USER=hibernate_orm_test -e MARIADB_PASSWORD=hibernate_orm_test -e MARIADB_DATABASE=hibernate_orm_test -e MARIADB_ROOT_PASSWORD=hibernate_orm_test -p3306:3306 -d ${DB_IMAGE_MARIADB_10_6:-docker.io/mariadb:10.6.20} --character-set-server=utf8mb4 --collation-server=utf8mb4_bin --skip-character-set-client-handshake --lower_case_table_names=2
     mariadb_wait_until_start
 }
 
@@ -1077,7 +1077,7 @@ if [ -z ${1} ]; then
     echo -e "\tmariadb_11_4"
     echo -e "\tmariadb_11_1"
     echo -e "\tmariadb_10_11"
-    echo -e "\tmariadb_10_5"
+    echo -e "\tmariadb_10_6"
     echo -e "\tmssql"
     echo -e "\tmssql_2022"
     echo -e "\tmssql_2017"