diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml new file mode 100644 index 000000000000..21bce48887da --- /dev/null +++ b/.github/workflows/dependency-check.yml @@ -0,0 +1,59 @@ +# This workflow will check if dependencies have changed (adding new dependencies or removing existing ones) + +name: Dependency Check + +on: + push: + branches: + - master + - 'rel/*' + - "rc/*" + paths-ignore: + - 'docs/**' + - 'site/**' + pull_request: + branches: + - master + - 'rel/*' + - "rc/*" + paths-ignore: + - 'docs/**' + - 'site/**' + # allow manually run the action: + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +env: + MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 + MAVEN_ARGS: --batch-mode --no-transfer-progress + DEVELOCITY_ACCESS_KEY: ${{ secrets.GE_ACCESS_TOKEN }} + +jobs: + dependency-check: + strategy: + fail-fast: false + max-parallel: 15 + matrix: + java: [ 17 ] + os: [ ubuntu-latest ] + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v4 + - name: Set up JDK ${{ matrix.java }} + uses: actions/setup-java@v4 + with: + distribution: corretto + java-version: ${{ matrix.java }} + - name: Cache Maven packages + uses: actions/cache@v4 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2- + - name: Do the dependency check + shell: bash + run: mvn verify -Dmaven.test.skip=true -DdependencyCheck.skip=false -Dmdep.analyze.skip=true diff --git a/dependencies.json b/dependencies.json new file mode 100644 index 000000000000..0c8ff00acdd6 --- /dev/null +++ b/dependencies.json @@ -0,0 +1,167 @@ +{ + "dependencies": [ + "cglib:cglib", + "ch.qos.logback:logback-classic", + "ch.qos.logback:logback-core", + "ch.qos.reload4j:reload4j", + "com.bugsnag:bugsnag", + "com.digitalpetri.fsm:strict-machine", + "com.digitalpetri.netty:netty-channel-fsm", + "com.fasterxml.jackson.core:jackson-annotations", + "com.fasterxml.jackson.core:jackson-core", + "com.fasterxml.jackson.core:jackson-databind", + "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml", + "com.fasterxml.jackson.datatype:jackson-datatype-jsr310", + "com.fasterxml.jackson.jaxrs:jackson-jaxrs-base", + "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider", + "com.fasterxml.jackson.module:jackson-module-jaxb-annotations", + "com.github.ben-manes.caffeine:caffeine", + "com.github.luben:zstd-jni", + "com.github.stephenc.jcip:jcip-annotations", + "com.github.wendykierp:JTransforms", + "com.google.code.findbugs:jsr305", + "com.google.code.gson:gson", + "com.google.errorprone:error_prone_annotations", + "com.google.guava:failureaccess", + "com.google.guava:guava", + "com.google.guava:listenablefuture", + "com.google.j2objc:j2objc-annotations", + "com.h2database:h2-mvstore", + "com.librato.metrics:librato-java", + "com.librato.metrics:metrics-librato", + "com.lmax:disruptor", + "com.nimbusds:content-type", + "com.nimbusds:lang-tag", + "com.nimbusds:nimbus-jose-jwt", + "com.nimbusds:oauth2-oidc-sdk", + "com.sun.istack:istack-commons-runtime", + "com.zaxxer:HikariCP", + "commons-cli:commons-cli", + "commons-codec:commons-codec", + "commons-io:commons-io", + "commons-logging:commons-logging", + "io.airlift:airline", + "io.airlift:concurrent", + "io.airlift:log", + "io.airlift:units", + "io.dropwizard.metrics:metrics-core", + "io.dropwizard.metrics:metrics-jvm", + "io.jsonwebtoken:jjwt-api", + "io.micrometer:micrometer-commons", + "io.micrometer:micrometer-core", + "io.micrometer:micrometer-observation", + "io.moquette:moquette-broker", + "io.netty:netty-buffer", + "io.netty:netty-codec", + "io.netty:netty-codec-dns", + "io.netty:netty-codec-http", + "io.netty:netty-codec-http2", + "io.netty:netty-codec-mqtt", + "io.netty:netty-codec-socks", + "io.netty:netty-common", + "io.netty:netty-handler", + "io.netty:netty-handler-proxy", + "io.netty:netty-resolver", + "io.netty:netty-resolver-dns", + "io.netty:netty-resolver-dns-classes-macos", + "io.netty:netty-resolver-dns-native-macos", + "io.netty:netty-transport", + "io.netty:netty-transport-classes-epoll", + "io.netty:netty-transport-native-epoll", + "io.netty:netty-transport-native-unix-common", + "io.projectreactor:reactor-core", + "io.projectreactor.netty:reactor-netty-core", + "io.projectreactor.netty:reactor-netty-http", + "io.swagger:swagger-annotations", + "io.swagger:swagger-core", + "io.swagger:swagger-jaxrs", + "io.swagger:swagger-models", + "jakarta.activation:jakarta.activation-api", + "jakarta.annotation:jakarta.annotation-api", + "jakarta.servlet:jakarta.servlet-api", + "jakarta.validation:jakarta.validation-api", + "jakarta.ws.rs:jakarta.ws.rs-api", + "jakarta.xml.bind:jakarta.xml.bind-api", + "net.java.dev.jna:jna", + "net.minidev:accessors-smart", + "net.minidev:json-smart", + "org.antlr:antlr4-runtime", + "org.apache.commons:commons-collections4", + "org.apache.commons:commons-csv", + "org.apache.commons:commons-jexl3", + "org.apache.commons:commons-lang3", + "org.apache.commons:commons-math3", + "org.apache.commons:commons-pool2", + "org.apache.httpcomponents:httpclient", + "org.apache.httpcomponents:httpcore", + "org.apache.ratis:ratis-client", + "org.apache.ratis:ratis-common", + "org.apache.ratis:ratis-grpc", + "org.apache.ratis:ratis-metrics-api", + "org.apache.ratis:ratis-proto", + "org.apache.ratis:ratis-server", + "org.apache.ratis:ratis-server-api", + "org.apache.ratis:ratis-thirdparty-misc", + "org.apache.thrift:libthrift", + "org.apache.tsfile:common", + "org.apache.tsfile:tsfile", + "org.bouncycastle:bcpkix-jdk18on", + "org.bouncycastle:bcprov-jdk18on", + "org.bouncycastle:bcutil-jdk18on", + "org.checkerframework:checker-qual", + "org.eclipse.collections:eclipse-collections", + "org.eclipse.collections:eclipse-collections-api", + "org.eclipse.jetty:jetty-http", + "org.eclipse.jetty:jetty-io", + "org.eclipse.jetty:jetty-security", + "org.eclipse.jetty:jetty-server", + "org.eclipse.jetty:jetty-servlet", + "org.eclipse.jetty:jetty-util", + "org.eclipse.jetty:jetty-util-ajax", + "org.eclipse.milo:bsd-core", + "org.eclipse.milo:bsd-generator", + "org.eclipse.milo:sdk-client", + "org.eclipse.milo:sdk-core", + "org.eclipse.milo:sdk-server", + "org.eclipse.milo:stack-client", + "org.eclipse.milo:stack-core", + "org.eclipse.milo:stack-server", + "org.fusesource.hawtbuf:hawtbuf", + "org.fusesource.hawtdispatch:hawtdispatch", + "org.fusesource.hawtdispatch:hawtdispatch-transport", + "org.fusesource.mqtt-client:mqtt-client", + "org.glassfish.hk2:hk2-api", + "org.glassfish.hk2:hk2-locator", + "org.glassfish.hk2:hk2-utils", + "org.glassfish.hk2:osgi-resource-locator", + "org.glassfish.hk2.external:aopalliance-repackaged", + "org.glassfish.hk2.external:jakarta.inject", + "org.glassfish.jaxb:jaxb-runtime", + "org.glassfish.jaxb:txw2", + "org.glassfish.jersey.containers:jersey-container-servlet-core", + "org.glassfish.jersey.core:jersey-client", + "org.glassfish.jersey.core:jersey-common", + "org.glassfish.jersey.core:jersey-server", + "org.glassfish.jersey.inject:jersey-hk2", + "org.glassfish.jersey.media:jersey-media-multipart", + "org.hdrhistogram:HdrHistogram", + "org.java-websocket:Java-WebSocket", + "org.javassist:javassist", + "org.jline:jline", + "org.jvnet.mimepull:mimepull", + "org.latencyutils:LatencyUtils", + "org.lz4:lz4-java", + "org.ops4j.pax.jdbc:pax-jdbc-common", + "org.osgi:osgi.cmpn", + "org.osgi:osgi.core", + "org.ow2.asm:asm", + "org.reactivestreams:reactive-streams", + "org.reflections:reflections", + "org.slf4j:slf4j-api", + "org.slf4j:slf4j-reload4j", + "org.tukaani:xz", + "org.xerial.snappy:snappy-java", + "org.yaml:snakeyaml", + "pl.edu.icm:JLargeArrays" + ] +} diff --git a/iotdb-core/ainode/pyproject.toml b/iotdb-core/ainode/pyproject.toml index 6211d2301365..c7f773b05908 100644 --- a/iotdb-core/ainode/pyproject.toml +++ b/iotdb-core/ainode/pyproject.toml @@ -21,7 +21,7 @@ build-backend = "poetry.core.masonry.api" [tool.poetry] name = "apache-iotdb-ainode" -version = "1.4.0.dev" +version = "2.0.0.dev" description = "Apache IoTDB AINode" readme = "README.md" authors = ["Apache Software Foundation "] diff --git a/pom.xml b/pom.xml index cf45ff69e1a1..6ef32d6c1096 100644 --- a/pom.xml +++ b/pom.xml @@ -68,6 +68,7 @@ 2.11.1 4.4 false + true 3.4.4 1.21.1 4.2.19 @@ -1360,6 +1361,90 @@ + + + org.cyclonedx + cyclonedx-maven-plugin + + false + + apache-${project.artifactId}-${project.version}-sbom + + + + package + + makeAggregateBom + + + + + + org.codehaus.mojo + xml-maven-plugin + 1.1.0 + + false + + + package + + transform + + + + + ${project.basedir}/target/ + apache-${project.artifactId}-${project.version}-sbom.xml + src/main/xslt/sbom-filter.xsl + ${project.basedir}/target/ + + + transformed.json + + + + + + + + + + net.sf.saxon + Saxon-HE + 12.5 + + + + + org.codehaus.gmaven + groovy-maven-plugin + 2.1.1 + + false + + + compare-with-reference-list + verify + + execute + + + + ${dependencyCheck.skip} + + src/main/groovy/checkDependencies.groovy + + + + + + org.apache.groovy + groovy + 4.0.22 + + + diff --git a/src/main/groovy/checkDependencies.groovy b/src/main/groovy/checkDependencies.groovy new file mode 100644 index 000000000000..8df42473d349 --- /dev/null +++ b/src/main/groovy/checkDependencies.groovy @@ -0,0 +1,60 @@ +package src.main.groovy +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import groovy.json.JsonSlurper + +if(Boolean.parseBoolean(properties['skipDependencyCheck']).booleanValue()) { + println "Skipping dependency check" + return +} + +def jsonSlurper = new JsonSlurper() + +var referenceFile = new File(basedir, "dependencies.json") +if(!referenceFile.exists()) { + throw new RuntimeException("Missing Reference: dependencies.json") +} +def referenceJson = jsonSlurper.parse(referenceFile) + +var curBuildFile = new File(project.build.directory, "apache-${project.artifactId}-${project.version}-sbom.transformed.json") +if(!curBuildFile.exists()) { + throw new RuntimeException("Missing Build: apache-${project.artifactId}-${project.version}-sbom.transformed.json") +} +def curBuildJson = jsonSlurper.parse(curBuildFile) + +def differencesFound = false +referenceJson.dependencies.each { + if(!curBuildJson.dependencies.contains(it)) { + println "current build has removed a dependency: " + it + differencesFound = true + } +} +curBuildJson.dependencies.each { + if(!referenceJson.dependencies.contains(it)) { + println "current build has added a dependency: " + it + differencesFound = true + } +} + +if(differencesFound) { + println "Differences were found between the information in ${referenceFile.getPath()} and ${curBuildFile.toPath()}" + println "The simplest fix for this, is to replace the content of ${referenceFile.getPath()} with that of ${curBuildFile.toPath()} and to inspect the diff of the resulting file in your IDE of choice." + throw new RuntimeException("Differences found.") +} \ No newline at end of file diff --git a/src/main/xslt/sbom-filter.xsl b/src/main/xslt/sbom-filter.xsl new file mode 100644 index 000000000000..3450837c23a9 --- /dev/null +++ b/src/main/xslt/sbom-filter.xsl @@ -0,0 +1,41 @@ + + + + + + + { + "dependencies": [ + + + ":", + + ] +} + + \ No newline at end of file