Merge pull request #65 from xdev-software/develop

Release

Author: AB-xdev

.config/checkstyle/checkstyle.xml

@@ -52,6 +52,7 @@
 	<module name="TreeWalker">
 		<!-- Checks - sorted alphabetically -->
 		<module name="ArrayTypeStyle"/>
+		<module name="AvoidDoubleBraceInitialization"/>
 		<module name="AvoidStarImport"/>
 		<module name="ConstantName"/>
 		<module name="DefaultComesLast"/>
@@ -68,6 +69,11 @@
 		<module name="FinalParameters"/>
 		<module name="GenericWhitespace"/>
 		<module name="HideUtilityClassConstructor"/>
+		<module name="IllegalCatch">
+			<!-- https://docs.pmd-code.org/pmd-doc-7.11.0/pmd_rules_java_errorprone.html#avoidcatchingnpe -->
+			<!-- https://docs.pmd-code.org/pmd-doc-7.11.0/pmd_rules_java_errorprone.html#avoidcatchingthrowable -->
+			<property name="illegalClassNames" value="Error,Throwable,NullPointerException,java.lang.Error,java.lang.Throwable,java.lang.NullPointerException"/>
+		</module>
 		<module name="IllegalImport"/>
 		<module name="InterfaceIsType"/>
 		<module name="JavadocStyle">
@@ -93,7 +99,6 @@
 		<module name="MethodParamPad"/>
 		<module name="MissingDeprecated"/>
 		<module name="MissingOverride"/>
-		<module name="MissingSwitchDefault"/>
 		<module name="ModifierOrder"/>
 		<module name="NeedBraces"/>
 		<module name="NoClone"/>
@@ -122,7 +127,13 @@
 		</module>
 		<module name="TypecastParenPad"/>
 		<module name="TypeName"/>
+		<module name="UnnecessaryParentheses"/>
+		<module name="UnnecessarySemicolonAfterOuterTypeDeclaration"/>
+		<module name="UnnecessarySemicolonAfterTypeMemberDeclaration"/>
+		<module name="UnnecessarySemicolonInEnumeration"/>
+		<module name="UnnecessarySemicolonInTryWithResources"/>
 		<module name="UnusedImports"/>
+		<module name="UnusedLocalVariable"/>
 		<module name="UpperEll"/>
 		<module name="VisibilityModifier">
 			<property name="packageAllowed" value="true"/>

.config/pmd/ruleset.xml

@@ -10,16 +10,38 @@
 
 	<!-- Only rules that don't overlap with CheckStyle! -->
 
+	<rule ref="category/java/bestpractices.xml/AvoidPrintStackTrace"/>
+	<rule ref="category/java/bestpractices.xml/AvoidStringBufferField"/>
 	<rule ref="category/java/bestpractices.xml/AvoidUsingHardCodedIP"/>
+	<rule ref="category/java/bestpractices.xml/ConstantsInInterface"/>
+	<rule ref="category/java/bestpractices.xml/ExhaustiveSwitchHasDefault"/>
+	<rule ref="category/java/bestpractices.xml/LiteralsFirstInComparisons"/>
+	<!-- CheckStyle can't handle this switch behavior -> delegated to PMD -->
+	<rule ref="category/java/bestpractices.xml/NonExhaustiveSwitch"/>
+	<rule ref="category/java/bestpractices.xml/OneDeclarationPerLine">
+		<properties>
+			<property name="strictMode" value="true"/>
+		</properties>
+	</rule>
 	<rule ref="category/java/bestpractices.xml/PreserveStackTrace"/>
+	<rule ref="category/java/bestpractices.xml/SimplifiableTestAssertion"/>
+	<rule ref="category/java/bestpractices.xml/SystemPrintln"/>
+	<rule ref="category/java/bestpractices.xml/UnusedAssignment"/>
+	<rule ref="category/java/bestpractices.xml/UnusedFormalParameter"/>
+	<rule ref="category/java/bestpractices.xml/UnusedPrivateField"/>
+	<rule ref="category/java/bestpractices.xml/UnusedPrivateMethod"/>
 	<rule ref="category/java/bestpractices.xml/UseCollectionIsEmpty"/>
+	<rule ref="category/java/bestpractices.xml/UseEnumCollections"/>
 	<rule ref="category/java/bestpractices.xml/UseStandardCharsets"/>
+	<rule ref="category/java/bestpractices.xml/UseTryWithResources"/>
 
 	<!-- Native code is platform dependent; Loading external native libs might pose a security threat -->
 	<rule ref="category/java/codestyle.xml/AvoidUsingNativeCode"/>
 	<rule ref="category/java/codestyle.xml/IdenticalCatchBranches"/>
+	<rule ref="category/java/codestyle.xml/LambdaCanBeMethodReference"/>
 	<rule ref="category/java/codestyle.xml/NoPackage"/>
 	<rule ref="category/java/codestyle.xml/PrematureDeclaration"/>
+	<rule ref="category/java/codestyle.xml/UnnecessarySemicolon"/>
 
 	<rule ref="category/java/design.xml">
 		<!-- Sometimes abstract classes have just fields -->
@@ -76,9 +98,6 @@
 
 		<!-- Limit too low -->
 		<exclude name="UseObjectForClearerAPI"/>
-
-		<!-- Handled by checkstyle -->
-		<exclude name="UseUtilityClass"/>
 	</rule>
 
 	<rule ref="category/java/design.xml/AvoidDeeplyNestedIfStmts">
@@ -114,17 +133,33 @@
 		</properties>
 	</rule>
 
+	<rule ref="category/java/errorprone.xml/AssignmentToNonFinalStatic"/>
+	<rule ref="category/java/errorprone.xml/AvoidDecimalLiteralsInBigDecimalConstructor"/>
+	<rule ref="category/java/errorprone.xml/AvoidMultipleUnaryOperators"/>
 	<rule ref="category/java/errorprone.xml/AvoidUsingOctalValues"/>
 	<rule ref="category/java/errorprone.xml/BrokenNullCheck"/>
 	<rule ref="category/java/errorprone.xml/ComparisonWithNaN"/>
 	<rule ref="category/java/errorprone.xml/DoNotCallGarbageCollectionExplicitly"/>
 	<rule ref="category/java/errorprone.xml/DontImportSun"/>
+	<rule ref="category/java/errorprone.xml/DontUseFloatTypeForLoopIndices"/>
+	<rule ref="category/java/errorprone.xml/EqualsNull"/>
+	<rule ref="category/java/errorprone.xml/IdempotentOperations"/>
+	<rule ref="category/java/errorprone.xml/ImplicitSwitchFallThrough"/>
+	<rule ref="category/java/errorprone.xml/InstantiationToGetClass"/>
+	<rule ref="category/java/errorprone.xml/InvalidLogMessageFormat"/>
+	<rule ref="category/java/errorprone.xml/JumbledIncrementer"/>
 	<rule ref="category/java/errorprone.xml/MisplacedNullCheck"/>
+	<rule ref="category/java/errorprone.xml/MoreThanOneLogger"/>
+	<rule ref="category/java/errorprone.xml/NonStaticInitializer"/>
+	<rule ref="category/java/errorprone.xml/ReturnFromFinallyBlock"/>
+	<rule ref="category/java/errorprone.xml/SingletonClassReturningNewInstance"/>
+	<rule ref="category/java/errorprone.xml/UnconditionalIfStatement"/>
 	<rule ref="category/java/errorprone.xml/UnnecessaryCaseChange"/>
+	<rule ref="category/java/errorprone.xml/UselessOperationOnImmutable"/>
 
 
 	<rule ref="category/java/multithreading.xml">
-		<!-- Just bloats code -->
+		<!-- Just bloats code; improved in JEP-491/Java 24+ -->
 		<exclude name="AvoidSynchronizedAtMethodLevel"/>
 
 		<!-- NOPE -->
@@ -159,4 +194,25 @@
 	</rule>
 
 	<rule ref="category/java/security.xml"/>
+
+	<rule name="VaadinNativeHTMLUnsafe"
+		language="java"
+		message="Unescaped native HTML is unsafe and will result in XSS vulnerabilities"
+		class="net.sourceforge.pmd.lang.rule.xpath.XPathRule" >
+		<description>
+			Do not used native HTML! Use Vaadin layouts and components to create required structure.
+			If you are 100% sure that you escaped the value properly and you have no better options you can suppress this.
+		</description>
+		<priority>2</priority>
+		<properties>
+			<property name="xpath">
+				<value>
+<![CDATA[
+//ConstructorCall[pmd-java:typeIs('com.vaadin.flow.component.Html')] |
+//MethodCall[@MethodName='setAttribute' and //ImportDeclaration[starts-with(@PackageName,'com.vaadin')]]/ArgumentList/StringLiteral[1][contains(lower-case(@Image),'html')]
+]]>
+				</value>
+			</property>
+		</properties>
+	</rule>
 </ruleset>

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,6 +1,7 @@
 name: 🐞 Bug
 description: Create a bug report for something that is broken
 labels: [bug]
+type: bug
 body:
   - type: markdown
     attributes:

.github/ISSUE_TEMPLATE/enhancement.yml

@@ -1,6 +1,7 @@
 name: ✨ Feature/Enhancement
 description: Suggest a new feature or enhancement
 labels: [enhancement]
+type: feature
 body:
   - type: markdown
     attributes:

.github/workflows/broken-links.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@v2
+        uses: lycheeverse/lychee-action@82202e5e9c2f4ef1a55a3d02563e1cb6041e5332 # v2
         with:
           fail: false # Don't fail on broken links, create an issue instead
 
@@ -38,7 +38,7 @@ jobs:
 
       - name: Create Issue From File
         if: env.lychee_exit_code != 0
-        uses: peter-evans/create-issue-from-file@v5
+        uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # v5
         with:
           issue-number: ${{ steps.find-issue.outputs.number }}
           title: Link Checker Report

.github/workflows/check-build.yml

@@ -127,7 +127,4 @@ jobs:
         name: pmd-report
         if-no-files-found: ignore
         path: |
-          target/site/*.html
-          target/site/css/**
-          target/site/images/logos/maven-feather.png
-          target/site/images/external.png
+          target/reports/**

.github/workflows/release.yml

@@ -26,7 +26,7 @@ jobs:
         cache: 'maven'
 
     - name: Build with Maven
-      run: ./mvnw -B clean package -Pproduction
+      run: ./mvnw -B clean package -Pproduction -T2C
 
     - name: Check for uncommited changes
       run: |
@@ -64,7 +64,7 @@ jobs:
       run: |
         mvnwPath=$(readlink -f ./mvnw)
         modules=("") # root
-        modules+=($(grep -ozP '(?<=module>)[^<]+' 'pom.xml' | tr -d '\0'))
+        modules+=($(grep -oP '(?<=<module>)[^<]+' 'pom.xml'))
         for i in "${modules[@]}"
         do
             echo "Processing $i/pom.xml"
@@ -89,7 +89,7 @@ jobs:
     
     - name: Create Release
       id: create_release
-      uses: shogo82148/actions-create-release@v1
+      uses: shogo82148/actions-create-release@e5f206451d4ace2da9916d01f1aef279997f8659 # v1
       with:
         tag_name: v${{ steps.version.outputs.release }}
         release_name: v${{ steps.version.outputs.release }}
@@ -124,22 +124,22 @@ jobs:
         git config --global user.name "GitHub Actions"
         git pull
     
-    - name: Set up JDK Apache Maven Central
+    - name: Set up JDK
       uses: actions/setup-java@v4
       with: # running setup-java again overwrites the settings.xml
         java-version: '17'
         distribution: 'temurin'
-        server-id: ossrh
+        server-id: sonatype-central-portal
         server-username: MAVEN_CENTRAL_USERNAME
         server-password: MAVEN_CENTRAL_TOKEN
         gpg-passphrase: MAVEN_GPG_PASSPHRASE
         gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
 
-    - name: Publish to Apache Maven Central
-      run: ../mvnw -B deploy -Possrh -DskipTests
+    - name: Publish to Central Portal
+      run: ../mvnw -B deploy -P publish-sonatype-central-portal -DskipTests
       env:
-        MAVEN_CENTRAL_USERNAME: ${{ secrets.S01_OSS_SONATYPE_MAVEN_USERNAME }}
-        MAVEN_CENTRAL_TOKEN: ${{ secrets.S01_OSS_SONATYPE_MAVEN_TOKEN }}
+        MAVEN_CENTRAL_USERNAME: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_USERNAME }}
+        MAVEN_CENTRAL_TOKEN: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_TOKEN }}
         MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
       working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
 
@@ -168,10 +168,11 @@ jobs:
       working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
 
     - name: Deploy to Github pages
-      uses: peaceiris/actions-gh-pages@v4
+      uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         publish_dir: ./${{ env.PRIMARY_MAVEN_MODULE }}/target/site
+        force_orphan: true
 
   after-release:
     runs-on: ubuntu-latest
@@ -190,7 +191,7 @@ jobs:
       run: |
         mvnwPath=$(readlink -f ./mvnw)
         modules=("") # root
-        modules+=($(grep -ozP '(?<=module>)[^<]+' 'pom.xml' | tr -d '\0'))
+        modules+=($(grep -oP '(?<=<module>)[^<]+' 'pom.xml'))
         for i in "${modules[@]}"
         do
             echo "Processing $i/pom.xml"

.github/workflows/sync-labels.yml

@@ -20,6 +20,6 @@ jobs:
         with:
           sparse-checkout: .github/labels.yml
 
-      - uses: EndBug/label-sync@v2
+      - uses: EndBug/label-sync@52074158190acb45f3077f9099fea818aa43f97a # v2
         with:
           config-file: .github/labels.yml

.github/workflows/test-deploy.yml

@@ -13,21 +13,21 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
-    - name: Set up JDK OSSRH
+    - name: Set up JDK
       uses: actions/setup-java@v4
       with: # running setup-java again overwrites the settings.xml
         distribution: 'temurin'
         java-version: '17'
-        server-id: ossrh
+        server-id: sonatype-central-portal
         server-username: MAVEN_CENTRAL_USERNAME
         server-password: MAVEN_CENTRAL_TOKEN
         gpg-passphrase: MAVEN_GPG_PASSPHRASE
         gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }}
 
-    - name: Publish to OSSRH
-      run: ../mvnw -B deploy -Possrh -DskipTests
+    - name: Publish to Central Portal
+      run: ../mvnw -B deploy -P publish-sonatype-central-portal -DskipTests
       working-directory: ${{ env.PRIMARY_MAVEN_MODULE }}
       env:
-        MAVEN_CENTRAL_USERNAME: ${{ secrets.S01_OSS_SONATYPE_MAVEN_USERNAME }}
-        MAVEN_CENTRAL_TOKEN: ${{ secrets.S01_OSS_SONATYPE_MAVEN_TOKEN }}
+        MAVEN_CENTRAL_USERNAME: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_USERNAME }}
+        MAVEN_CENTRAL_TOKEN: ${{ secrets.SONATYPE_MAVEN_CENTRAL_PORTAL_TOKEN }}
         MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}

.github/workflows/update-from-template.yml

@@ -202,7 +202,7 @@ jobs:
           GH_TOKEN: ${{ secrets.UPDATE_FROM_TEMPLATE_PAT }}
         run: |
           not_failed_conclusion="skipped|neutral|success"
-          not_relevant_app_slug="dependabot|github-pages|sonarcloud"
+          not_relevant_app_slug="dependabot|github-pages|sonarqubecloud"
 
           echo "Waiting for checks to start..."
           sleep 40s
@@ -212,7 +212,7 @@ jobs:
 
             echo "Checking if update-branch-merged exists"
             git fetch
-            if [[ $(git rev-parse origin/${{ env.UPDATE_BRANCH_MERGED }}) ]]; then
+            if [[ $(git ls-remote --heads origin refs/heads/${{ env.UPDATE_BRANCH_MERGED }}) ]]; then
               echo "Branch still exists; Continuing..."
             else
               echo "Branch origin/${{ env.UPDATE_BRANCH_MERGED }} is missing"