Trying to reach code coverage 100 % again (#91)

.github/workflows/gradle.yml

@@ -55,11 +55,20 @@ jobs:
       env:
         VERSION: ${{ env.version }}
 
+    - name: Prepare report.xml for Codecov
+      run: |
+        # this is needed because codecov incorrectly reports lines that have no coverage information (good or bad) as a miss
+        # See https://github.com/codecov/feedback/issues/564 and https://github.com/Kotlin/kotlinx-kover/issues/699.
+        # Actually these lines should just not exist in the coverage XML file, since they are only structural elements, such
+        # as brackets.
+        cat build/reports/kover/report.xml | grep -v 'mi="0" ci="0" mb="0" cb="0"' > build/reports/kover/report-codecov.xml
+        rm build/reports/kover/report.xml
+
     - name: Upload Code Coverage
       uses: codecov/codecov-action@v4
       with:
         fail_ci_if_error: true
-        files: ./build/reports/kover/report.xml
+        files: ./build/reports/kover/report-codecov.xml
         token: ${{ secrets.CODECOV_TOKEN }}
         verbose: true
 

build-logic/src/main/kotlin/buildlogic.kotlin-common-conventions.gradle.kts

@@ -4,9 +4,6 @@ plugins {
 
     // Apply formatting conventions
     id("buildlogic.kotlin-formatting-conventions")
-
-    // Apply code coverage plugin
-    id("org.jetbrains.kotlinx.kover")
 }
 
 group = "io.github.csaf-sbom"
@@ -35,14 +32,3 @@ kotlin {
         jvmToolchain(21)
     }
 }
-
-kover {
-    reports {
-        filters {
-            excludes {
-                annotatedBy("io.github.csaf.sbom.schema.KoverIgnore")
-                packages("io.github.csaf.sbom.schema.generated")
-            }
-        }
-    }
-}

build.gradle.kts

@@ -3,14 +3,6 @@ plugins {
     id("buildlogic.kotlin-publishing-root-conventions")
 }
 
-dependencies {
-    // This merges all our individual kover results into the root project
-    kover(project(":csaf-schema"))
-    kover(project(":csaf-cvss"))
-    kover(project(":csaf-retrieval"))
-    kover(project(":csaf-validation"))
-}
-
 // Create and register ExecutionService which enforces serial execution of assigned tasks.
 abstract class SerialExecutionService : BuildService<BuildServiceParameters.None>
 val serialExecutionService =

codecov.yml

@@ -1,10 +1,10 @@
 coverage:
-  range: "70...95"
+  range: "100...100"
   status:
     project:
       default:
-        target: auto
-        threshold: 0.5%
+        target: 100%
+        threshold: 0%
     patch:
       default:
-        target: 70%
+        target: 100%

csaf-retrieval/src/main/kotlin/io/github/csaf/sbom/retrieval/Main.kt

@@ -16,10 +16,8 @@
  */
 package io.github.csaf.sbom.retrieval
 
-import io.github.csaf.sbom.schema.KoverIgnore
 import kotlinx.coroutines.runBlocking
 
-@KoverIgnore("Entry point for demo purposes only")
 fun main(args: Array<String>) {
     runBlocking {
         // Create a new "RetrievedProvider" from a domain. This will automatically discover a

csaf-retrieval/src/main/kotlin/io/github/csaf/sbom/retrieval/RetrievedProvider.kt

@@ -164,7 +164,7 @@ class RetrievedProvider(val json: Provider) : Validatable {
     }
 
     /**
-     * This method provides the [Result]s of `fetchDocuments()` as a Java [Stream] for usage in
+     * This method provides the [Result]s of [fetchDocuments] as a Java [Stream] for usage in
      * non-Kotlin environments.
      *
      * @param loader The instance of [CsafLoader] used for fetching of online resources.
@@ -173,7 +173,6 @@ class RetrievedProvider(val json: Provider) : Validatable {
      * @return The fetched [Result]s, representing [RetrievedDocument]s or fetch/validation errors,
      *   wrapped into [ResultCompat] for Java compatibility.
      */
-    @Suppress("unused")
     @JvmOverloads
     fun streamDocuments(
         loader: CsafLoader = lazyLoader,
@@ -196,14 +195,13 @@ class RetrievedProvider(val json: Provider) : Validatable {
 
     /**
      * This function sums up the expected number of [RetrievedDocument]s that will be fetched from
-     * this Provider, blocking the calling Thread for Java compatiblity.
+     * this Provider, blocking the calling Thread for Java compatibility.
      *
      * @param loader The instance of [CsafLoader] used for fetching of online resources.
      * @param channelCapacity The capacity of the channels used to buffer parallel fetches. Defaults
      *   to [DEFAULT_CHANNEL_CAPACITY].
      * @return The expected number of [RetrievedDocument]s provided.
      */
-    @Suppress("unused")
     @JvmOverloads
     fun countExpectedDocumentsBlocking(
         loader: CsafLoader = lazyLoader,
@@ -214,7 +212,6 @@ class RetrievedProvider(val json: Provider) : Validatable {
         const val DEFAULT_CHANNEL_CAPACITY = 256
         private val ioScope = CoroutineScope(Dispatchers.IO + SupervisorJob())
 
-        @Suppress("unused")
         @JvmStatic
         @JvmOverloads
         fun fromAsync(

csaf-retrieval/src/main/kotlin/io/github/csaf/sbom/retrieval/requirements/Requirements.kt

@@ -79,9 +79,12 @@ object Requirement2ValidFilename : Requirement {
  */
 object Requirement3UsageOfTls : Requirement {
     override fun check(ctx: RetrievalContext): ValidationResult {
-        return if (
-            ctx.httpResponse?.let { it.request.url.protocol == URLProtocol.HTTPS } != false
-        ) {
+        var response = ctx.httpResponse
+        if (response == null) {
+            return ValidationNotApplicable
+        }
+
+        return if (response.request.url.protocol == URLProtocol.HTTPS) {
             ValidationSuccessful
         } else {
             ValidationFailed(listOf("JSON was not retrieved via HTTPS"))

csaf-retrieval/src/test/java/io/github/csaf/sbom/retrieval/RetrievedProviderJavaTest.java

@@ -22,6 +22,7 @@
 
 import java.util.concurrent.*;
 
+import static io.github.csaf.sbom.retrieval.RetrievedProvider.DEFAULT_CHANNEL_CAPACITY;
 import static org.junit.jupiter.api.Assertions.*;
 
 /**
@@ -48,7 +49,7 @@ public void testRetrievedProviderJava() throws InterruptedException, ExecutionEx
                 "Expected 3 documents"
         );
         final var documentResults = provider.streamDocuments().toList();
-        final var documentResultsExplicit = providerExplicit.streamDocuments(loader).toList();
+        final var documentResultsExplicit = providerExplicit.streamDocuments(loader, DEFAULT_CHANNEL_CAPACITY).toList();
         final var documentResultsExplicitSlow = providerExplicit.streamDocuments(loader, 1).toList();
         assertEquals(
                 4,

csaf-retrieval/src/test/kotlin/io/github/csaf/sbom/retrieval/requirements/RequirementsTest.kt

@@ -25,6 +25,7 @@ import io.github.csaf.sbom.validation.ValidationFailed
 import io.github.csaf.sbom.validation.ValidationNotApplicable
 import io.github.csaf.sbom.validation.ValidationSuccessful
 import io.github.csaf.sbom.validation.goodCsaf
+import io.github.csaf.sbom.validation.goodDistribution
 import io.ktor.client.HttpClient
 import io.ktor.client.call.HttpClientCall
 import io.ktor.client.request.HttpRequestData
@@ -76,6 +77,9 @@ class RequirementsTest {
             )
         )
 
+        // No http response -> fail
+        assertIs<ValidationFailed>(rule.check(ctx.also { ctx.httpResponse = null }))
+
         // Valid filename
         assertIs<ValidationSuccessful>(
             rule.check(
@@ -103,6 +107,9 @@ class RequirementsTest {
             )
         )
 
+        // No http response -> not applicable
+        assertIs<ValidationSuccessful>(rule.check(ctx.also { ctx.httpResponse = null }))
+
         // TLS -> success
         assertIs<ValidationSuccessful>(
             rule.check(
@@ -121,10 +128,30 @@ class RequirementsTest {
         // Validatable is something else -> not applicable
         assertEquals(ValidationNotApplicable, rule.check(ctx.also { ctx.json = null }))
 
-        // Document is not TlpWhite -> not applicable
+        // Document is not TlpWhite or does not have tlp -> not applicable
         assertEquals(
             ValidationNotApplicable,
-            rule.check(ctx.also { ctx.json = goodCsaf(Csaf.Label.RED) })
+            rule.check(
+                ctx.also { ctx.json = goodCsaf(distribution = goodDistribution(Csaf.Label.RED)) }
+            )
+        )
+        assertEquals(
+            ValidationNotApplicable,
+            rule.check(ctx.also { ctx.json = goodCsaf(distribution = null) })
+        )
+        assertEquals(
+            ValidationNotApplicable,
+            rule.check(ctx.also { ctx.json = goodCsaf(distribution = goodDistribution(null)) })
+        )
+
+        // No http response -> fail
+        assertIs<ValidationFailed>(
+            rule.check(
+                ctx.also {
+                    ctx.json = goodCsaf(distribution = goodDistribution())
+                    ctx.httpResponse = null
+                }
+            )
         )
 
         // URL was retrieved with authorization headers -> fail

csaf-validation/src/main/kotlin/io/github/csaf/sbom/validation/Main.kt

@@ -16,7 +16,6 @@
  */
 package io.github.csaf.sbom.validation
 
-import io.github.csaf.sbom.schema.KoverIgnore
 import io.github.csaf.sbom.schema.generated.Csaf
 import io.github.csaf.sbom.validation.tests.informativeTests
 import io.github.csaf.sbom.validation.tests.mandatoryTests
@@ -27,7 +26,6 @@ import kotlin.io.path.Path
 import kotlin.io.path.readText
 import kotlinx.serialization.json.Json
 
-@KoverIgnore("Entry point for demo purposes only")
 fun main(args: Array<String>) {
     val path = Path(args[0])
     val doc = Json.decodeFromString<Csaf>(path.readText())

csaf-validation/src/testFixtures/kotlin/io/github/csaf/sbom/validation/Good.kt

@@ -23,6 +23,13 @@ import java.time.Instant
 import java.time.OffsetDateTime
 import java.time.ZoneOffset
 
+fun goodDistribution(label: Csaf.Label? = Csaf.Label.WHITE): Csaf.Distribution {
+    return Csaf.Distribution(
+        tlp = label?.let { Csaf.Tlp(label = it) },
+        text = "can be distributed freely",
+    )
+}
+
 fun goodProductTree(): Csaf.ProductTree =
     Csaf.ProductTree(
         branches =
@@ -264,7 +271,7 @@ fun goodVulnerabilities() =
     )
 
 fun goodCsaf(
-    label: Csaf.Label = Csaf.Label.WHITE,
+    distribution: Csaf.Distribution? = goodDistribution(Csaf.Label.WHITE),
     productTree: Csaf.ProductTree? = goodProductTree(),
     vulnerabilities: List<Csaf.Vulnerability>? = goodVulnerabilities(),
 ): Csaf =
@@ -317,11 +324,7 @@ fun goodCsaf(
                         status = Csaf.Status.draft,
                         version = "1.0.0",
                     ),
-                distribution =
-                    Csaf.Distribution(
-                        tlp = Csaf.Tlp(label = label),
-                        text = "can be distributed freely",
-                    ),
+                distribution = distribution,
                 notes =
                     listOf(
                         Csaf.Note(

settings.gradle.kts

@@ -10,7 +10,22 @@ pluginManagement {
 plugins {
     // Apply the foojay-resolver plugin to allow automatic download of JDKs
     id("org.gradle.toolchains.foojay-resolver-convention") version "0.8.0"
+    id("org.jetbrains.kotlinx.kover.aggregation") version "0.8.3"
 }
 
+kover {
+    enableCoverage()
+
+    reports {
+        // Ignore generated code
+        excludedClasses.add("io.github.csaf.sbom.schema.generated.*")
+
+        // Ignore main classes, since they are for demo only - might be removed in the future
+        excludedClasses.add("io.github.csaf.sbom.retrieval.Main*")
+        excludedClasses.add("io.github.csaf.sbom.validation.Main*")
+    }
+}
+
+
 rootProject.name = "kotlin-csaf"
 include("csaf-schema", "csaf-retrieval", "csaf-validation", "csaf-cvss")