Merge branch 'main' into update/zio-test-magnolia-2.1.7

finos · Aug 28, 2024 · 4a18aa5 · 4a18aa5
2 parents 47ad350 + 0da10cd
commit 4a18aa5
Show file tree

Hide file tree

Showing 3 changed files with 129 additions and 8 deletions.
diff --git a/.github/workflows/scan-external-contributions.yml b/.github/workflows/scan-external-contributions.yml
@@ -0,0 +1,121 @@
+name: Scan External Contributions
+
+env:
+  JDK_JAVA_OPTIONS: -XX:+PrintCommandLineFlags -Xss10M # JDK_JAVA_OPTIONS is _the_ env. variable to use for modern Java
+  JVM_OPTS: -XX:+PrintCommandLineFlags -Xss10M # for Java 8 only (sadly, it is not modern enough for JDK_JAVA_OPTIONS)
+  SonatypeUrl: "https://finos.sonatype.app/platform/"
+  SonatypeAppId: morphir-scala
+  SonatypeStage: "build"
+  SonatypeScanTarget: "." # depCache/coursier/v1/https/repo1.maven.org/maven2/
+  ExcludeDirectory: " -D fileExcludes='*.class, **/website/, **/docs/, **/.*' "
+
+on:
+  workflow_dispatch:
+  # pull_request_target:
+  #   branches: ["main", "release/**", "0.4.x"]
+
+
+# cancel older runs of a pull request;
+# this will not cancel anything for normal git pushes
+concurrency:
+    group: cancel-old-pr-runs-${{ github.workflow }}-${{ github.head_ref || github.run_id }}
+    cancel-in-progress: true
+
+jobs:
+  lint-and-prepare-artifacts:
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout source branch
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0
+      - name: Setup Scala and Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: "temurin"
+          java-version: "17"
+      - name: Cache scala dependencies
+        uses: coursier/cache-action@v6
+      - name: Setup proto and moon toolchains
+        uses: moonrepo/[email protected]
+        with:
+          auto-install: true
+
+      - name: Install tooling
+        run: |
+          ./build.sh install
+      - name: Lint code
+        run: ./build.sh lint        
+      - name: Prepare Publish Artifacts
+        run: ./mill -i morphir.__.jvm.__.publishArtifacts + morphir.main.__.publishArtifacts
+
+      - name: Cache JVM build output
+        # when in master repo: all commits to main branch and all additional tags
+        uses: actions/cache/save@v4
+        with:
+          path: |
+            out/morphir/**/jvm/
+            out/morphir/build/
+          key: ${{ runner.os }}-mill-jvm-${{ github.sha }}-${{ hashFiles('out') }}
+
+  ############### SONATYPE SCAN ###############
+  sonatype-scan:
+    needs: ["lint-and-prepare-artifacts"]
+    runs-on: ubuntu-latest
+    environment: "Scanning and Checks"
+    steps:
+      - name: Cache scala dependencies
+        uses: coursier/cache-action@v6
+
+      - name: Get OUT cache
+        uses: actions/cache/restore@v4
+        with:
+          path: out/
+          key: ${{ runner.os }}-*
+
+      - name: Copy Cache for SCA Scan
+        run: |
+          mkdir depCache/ #Create local copy of cache for Sonatype Scanner
+          cp -r /home/runner/.cache/coursier/ depCache/
+      # - name: Save resolvedIvyDeps.json
+      #   run: ./mill show __.resolvedIvyDeps > depCache/resolvedIvyDeps.json
+
+      # - name: Upload Dependency Cache (optional)
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: Dependency Cache
+      #     path: depCache/
+
+      - name: Sonatype Lifecycle SCA Scan
+        uses: sonatype-nexus-community/iq-github-action@main        
+        with:
+          username: ${{ secrets.SONATYPE_USER }}
+          password: ${{ secrets.SONATYPE_PASSWORD }}
+          serverUrl: ${{ env.SonatypeUrl }}
+          applicationId: ${{ env.SonatypeAppId }}
+          stage: ${{ env.SonatypeStage }}
+          target: ${{ env.SonatypeScanTarget }} ${{ env.ExcludeDirectory }}
+
+      - name: Retrieve Sonatype SBOM (SPDX)
+        if: always()
+        run: |
+          mkdir reports/
+          iqCredentials="${{ secrets.SONATYPE_USER }}:${{ secrets.SONATYPE_PASSWORD }}"
+          echo 'Get internal app ID for public ID: '$SonatypeAppId
+          res=$(curl -u $iqCredentials --location $SonatypeUrl'api/v2/applications?publicId='$SonatypeAppId)
+          IFS='"' read -a array <<< "$res"
+          echo 'Internal app ID: '${array[5]}
+          internalID=${array[5]}
+          curl -u $iqCredentials --location $SonatypeUrl'api/v2/spdx/'$internalID'/stages/'$SonatypeStage -H 'Accept: application/xml' > reports/$SonatypeAppId.spdx.json
+          echo 'Sonatype SBOM (SPDX): '
+          cat reports/$SonatypeAppId.spdx.json
+
+      - name: Upload Sonatype SBOM (SPDX)
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ env.SonatypeAppId }} Sonatype SBOM (SPDX)
+          path: reports/
+  #############################################            
diff --git a/mill-build/src/millbuild/settings/MillSettings.scala b/mill-build/src/millbuild/settings/MillSettings.scala
@@ -13,6 +13,6 @@ case class MillSettings(
 object MillSettings {
   val config: Config[MillSettings]                          = deriveConfig[MillSettings]
   lazy val default: MillSettings                            = MillSettings()
-  lazy val defaultScalaVersion                              = "2.13.13"
+  lazy val defaultScalaVersion                              = "2.13.14"
   implicit val rw: upickle.default.ReadWriter[MillSettings] = upickle.default.macroRW
 }
diff --git a/project/deps.sc b/project/deps.sc
@@ -60,7 +60,7 @@ object Deps {
       val geny           = ivy"com.lihaoyi::geny::${Versions.geny}"
       val mainargs       = ivy"com.lihaoyi::mainargs::${Versions.`mainargs`}"
       val `os-lib`       = ivy"com.lihaoyi::os-lib::${Versions.`os-lib`}"
-      val sourcecode     = ivy"com.lihaoyi::sourcecode::0.3.1"
+      val sourcecode     = ivy"com.lihaoyi::sourcecode::0.4.2"
       val pprint         = ivy"com.lihaoyi::pprint::0.9.0"
       val ujson          = ivy"com.lihaoyi::ujson::${Versions.upickle}"
       val upickle        = ivy"com.lihaoyi::upickle::${Versions.upickle}"
@@ -185,7 +185,7 @@ object Deps {
 
 object Versions {
   val castor = "0.2.1"
-  val cats   = "2.10.0"
+  val cats   = "2.12.0"
 
   val enumeratum = "1.7.4"
 
@@ -210,13 +210,13 @@ object Versions {
   val coursier                   = "2.1.4"
   val expecty                    = "0.16.0"
   val fansi                      = "0.5.0"
-  val fs2                        = "3.10.2"
-  val geny                       = "1.0.0"
+  val fs2                        = "3.11.0"
+  val geny                       = "1.1.1"
   val `izumi-reflect`            = "2.3.10"
   val metaconfig                 = "0.11.1"
   val mainargs                   = "0.5.0"
   val `os-lib`                   = "0.10.4"
-  val paiges                     = "0.4.3"
+  val paiges                     = "0.4.4"
   val `scala-java-time`          = "2.6.0"
   val `scala-native-crypto`      = "0.0.4"
   val `scalac-compat-annotation` = "0.1.4"
@@ -225,14 +225,14 @@ object Versions {
   val spire                      = "0.18.0"
   val `tasty-query`              = "0.5.6"
   val upickle                    = "3.0.0-M1"
-  val zio                        = "2.1.7"
+  val zio                        = "2.1.8"
   val `zio-cli`                  = "0.5.0"
   val `zio-config`               = "4.0.2"
   val `zio-interop-cats`         = "23.1.0.3"
   val `zio-json`                 = "0.7.2"
   val `zio-nio`                  = "2.0.2"
   val `zio-parser`               = "0.1.9"
-  val `zio-prelude`              = "1.0.0-RC27"
+  val `zio-prelude`              = "1.0.0-RC29"
   val `zio-process`              = "0.7.2"
   val `zio-schema`               = "0.4.12"
 }