Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump org.hamcrest:hamcrest-core from 1.3 to 3.0 in /deploy/aws/java11Exec #657

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 17, 2024

Bumps org.hamcrest:hamcrest-core from 1.3 to 3.0.

Release notes

Sourced from org.hamcrest:hamcrest-core's releases.

Hamcrest v3.0

Breaking Changes

  • From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. See [Issue #331](hamcrest/JavaHamcrest#331) and [PR #411](hamcrest/JavaHamcrest#411) for details. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar.

Improvements

Hamcrest v3.0-rc1

Breaking Changes

  • From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. See [Issue #331](hamcrest/JavaHamcrest#331) and [PR #411](hamcrest/JavaHamcrest#411) for details. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar.

Improvements

Hamcrest v2.2

Improvements

Bugfixes

Hamcrest v2.2-rc1

Improvements

Bugfixes

... (truncated)

Changelog

Sourced from org.hamcrest:hamcrest-core's changelog.

Version 3.0 (1st August 2024)

Breaking Changes

  • From version 3.0, the jar distributed to Maven Central is now compiled to Java 1.8 bytecode, and is not compatible with previous versions of Java. See [Issue #331](hamcrest/JavaHamcrest#331) and [PR #411](hamcrest/JavaHamcrest#411) for details. Developers who use Java 1.7 earlier can still depend upon hamcrest-2.2.jar.

Improvements

Version 2.2 (17th October 2019)

Improvements

Bugfixes

Commits
  • 68984b8 Version 3.0
  • 1adc351 Fix javadoc title
  • 4e2b71c Add instructions for releasing to Maven Central
  • 3fa841d Revert version to 3.0-SNAPSHOT
  • 750dc36 Prepare for version 3.0-rc1
  • 1703e95 Fix broken tutorial link in README
  • c4578ef Upgrade Gradle 8.8 -> 8.9
  • a9923af Remove old, unused build definitions
  • cf25e14 Cleanup README, fix broken links
  • bc4769e Upgrade to GitHub-native Dependabot (#342)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Aug 17, 2024
@dependabot dependabot bot force-pushed the dependabot/maven/deploy/aws/java11Exec/org.hamcrest-hamcrest-core-3.0 branch from 65bca50 to b993705 Compare August 17, 2024 11:47
Copy link
Member

@MrSerth MrSerth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am fine with updating Hamcrest, and we should probably allow the upgrade. For the production environment, I prepared it with openHPI/dockerfiles#36, too.

However, there is one "issue" I see here, namely our AWS execution environment.

.map(s -> s.replaceAll("/usr/java/lib/hamcrest-core-1\\.3\\.jar", "/var/task/lib/org.hamcrest.hamcrest-core-1.3.jar"))
.map(s -> s.replaceAll("/usr/java/lib/junit-4\\.13\\.jar", "/var/task/lib/junit.junit-4.13.2.jar"))

There, we are relying on the fixed paths. First, I made the following replacements in the existing Makefiles:

  • /usr/java/lib/hamcrest-core-1.3.jar -> ${HAMCREST}
  • /usr/java/lib/junit-4.13.jar -> ${JUNIT}

I then continued and removed the manual specification of the class path:

Previously:

test:
	javac -encoding utf8 -cp .:${HAMCREST}:${JUNIT} ${FILENAME}
	java -Dfile.encoding=UTF8 -cp .:${HAMCREST}:${JUNIT} org.junit.runner.JUnitCore ${CLASS_NAME}

Now:

test:
	javac -encoding utf8 ${FILENAME}
	java -Dfile.encoding=UTF8 org.junit.runner.JUnitCore ${CLASS_NAME}

To ease the transition, it might be enough to set the CLASSPATH environment variable (that should work, I assume?). Here's some more background on the environment variables for Java. The following AWS docs might be useful, which could result in something like:

ProcessBuilder pb = new ProcessBuilder(cmd);
pb.directory(workingDirectory);
Map<String, String> env = pb.environment();
env.put("CLASSPATH", ".:/var/task/lib/org.hamcrest.hamcrest-core-3.0.jar:/var/task/lib/junit.junit-4.13.2.jar:" + env.get("CLASSPATH"));
Process p = pb.start();

for the current implementation

ProcessBuilder pb = new ProcessBuilder(cmd);
pb.directory(workingDirectory);
Process p = pb.start();

deploy/aws/java11Exec/pom.xml Outdated Show resolved Hide resolved
@dependabot dependabot bot force-pushed the dependabot/maven/deploy/aws/java11Exec/org.hamcrest-hamcrest-core-3.0 branch from b993705 to 035e91a Compare September 2, 2024 21:14
@mpass99
Copy link
Contributor

mpass99 commented Sep 12, 2024

Thank you for already suggesting the changes! Additionally, I just had to adjust a test case.

Deploying this state allows execute commands in the AWS functions even with file system manipulation. No errors could be identified.

@mpass99 mpass99 force-pushed the dependabot/maven/deploy/aws/java11Exec/org.hamcrest-hamcrest-core-3.0 branch from 97b2e20 to 731aae3 Compare September 12, 2024 16:13
Copy link

codecov bot commented Sep 12, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 76.39%. Comparing base (45e8c44) to head (c939c35).
Report is 2 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #657      +/-   ##
==========================================
+ Coverage   76.36%   76.39%   +0.02%     
==========================================
  Files          43       43              
  Lines        3660     3660              
==========================================
+ Hits         2795     2796       +1     
+ Misses        630      629       -1     
  Partials      235      235              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Member

@MrSerth MrSerth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deploying this state allows execute commands in the AWS functions even with file system manipulation.

That's a positive thing, I hope? It's not about a malicious change, but the regular changes to the file system I assume?

deploy/aws/java11Exec/pom.xml Outdated Show resolved Hide resolved
deploy/aws/java11Exec/src/main/java/poseidon/App.java Outdated Show resolved Hide resolved
@mpass99
Copy link
Contributor

mpass99 commented Sep 22, 2024

That's a positive thing, I hope? It's not about a malicious change, but the regular changes to the file system I assume?

Yes 😅

@mpass99 mpass99 force-pushed the dependabot/maven/deploy/aws/java11Exec/org.hamcrest-hamcrest-core-3.0 branch 2 times, most recently from 3cb99ab to 49d54dc Compare September 22, 2024 07:48
dependabot bot and others added 2 commits September 22, 2024 10:09
Bumps [org.hamcrest:hamcrest-core](https://github.com/hamcrest/JavaHamcrest) from 1.3 to 3.0.
- [Release notes](https://github.com/hamcrest/JavaHamcrest/releases)
- [Changelog](https://github.com/hamcrest/JavaHamcrest/blob/master/CHANGES.md)
- [Commits](hamcrest/JavaHamcrest@hamcrest-java-1.3...v3.0)

---
updated-dependencies:
- dependency-name: org.hamcrest:hamcrest-core
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Sebastian Serth <[email protected]>
@mpass99 mpass99 force-pushed the dependabot/maven/deploy/aws/java11Exec/org.hamcrest-hamcrest-core-3.0 branch from 49d54dc to c939c35 Compare September 22, 2024 08:09
@mpass99
Copy link
Contributor

mpass99 commented Sep 22, 2024

Thanks, I updated the remaining lines and redeployed them. It still works fine!

env

{"type":"start"}
{"type":"stdout","data":"LAMBDA_TASK_ROOT=/var/task\n"}
{"type":"stdout","data":"LD_LIBRARY_PATH=/var/lang/lib:/lib64:/usr/lib64:/var/runtime:/var/runtime/lib:/var/task:/var/task/lib:/opt/lib\n"}
{"type":"stdout","data":"PATH=/var/lang/bin:/usr/local/bin:/usr/bin/:/bin:/opt/bin\n"}
{"type":"stdout","data":"PWD=/tmp/workspace17733073913942607087\n"}
{"type":"stdout","data":"LANG=en_US.UTF-8\n"}
{"type":"stdout","data":"LAMBDA_RUNTIME_DIR=/var/runtime\n"}
{"type":"stdout","data":"TZ=:UTC\n"}
{"type":"stdout","data":"SHLVL=2\n"}
{"type":"stdout","data":"_AWS_XRAY_DAEMON_ADDRESS=169.254.100.1\n"}
{"type":"stdout","data":"_AWS_XRAY_DAEMON_PORT=2000\n"}
{"type":"stdout","data":"_X_AMZN_TRACE_ID=Root=1-66efd022-5e710330243e8f927c4c97c6;Parent=127302cdf800bbcd;Sampled=0;Lineage=1:3e7bbfb1:0\n"}
{"type":"stdout","data":"CLASSPATH=.:/var/task/lib/org.hamcrest.hamcrest-3.0.jar:/var/task/lib/junit.junit-4.13.2.jar:null\n"}
{"type":"stdout","data":"_HANDLER=poseidon.App::handleRequest\n"}
{"type":"stdout","data":"CODEOCEAN=true\n"}
{"type":"stdout","data":"_=/usr/bin/env\n"}
{"type":"exit","data":0}

ls -lah /var/task/lib/

{"type":"start"}
{"type":"stdout","data":"total 6.8M\n"}
{"type":"stdout","data":"drwxr-xr-x 2 root root 1009 Sep 22 07:47 .\n"}
{"type":"stdout","data":"drwxr-xr-x 4 root root   42 Sep 22 07:47 ..\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root  53K Jan  1  1980 com.amazonaws.aws-java-sdk-apigatewaymanagementapi-1.12.770.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 1.1M Jan  1  1980 com.amazonaws.aws-java-sdk-core-1.12.770.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root  11K Jan  1  1980 com.amazonaws.aws-lambda-java-core-1.2.3.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 489K Jan  1  1980 com.amazonaws.aws-lambda-java-events-3.13.0.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root  27K Jan  1  1980 com.amazonaws.jmespath-java-1.12.770.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root  77K Jan  1  1980 com.fasterxml.jackson.core.jackson-annotations-2.17.2.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 569K Jan  1  1980 com.fasterxml.jackson.core.jackson-core-2.17.2.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 1.6M Jan  1  1980 com.fasterxml.jackson.core.jackson-databind-2.17.2.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root  69K Jan  1  1980 com.fasterxml.jackson.dataformat.jackson-dataformat-cbor-2.17.2.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 292K Jan  1  1980 com.google.code.gson.gson-2.11.0.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root  19K Jan  1  1980 com.google.errorprone.error_prone_annotations-2.27.0.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 346K Jan  1  1980 commons-codec.commons-codec-1.15.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root  61K Jan  1  1980 commons-logging.commons-logging-1.1.3.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 629K Jan  1  1980 joda-time.joda-time-2.10.8.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 376K Jan  1  1980 junit.junit-4.13.2.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 763K Jan  1  1980 org.apache.httpcomponents.httpclient-4.5.13.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 321K Jan  1  1980 org.apache.httpcomponents.httpcore-4.4.13.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root 124K Jan  1  1980 org.hamcrest.hamcrest-3.0.jar\n"}
{"type":"stdout","data":"-rwxr-xr-x 1 root root  44K Jan  1  1980 org.hamcrest.hamcrest-core-1.3.jar\n"}
{"type":"exit","data":0}

@mpass99 mpass99 enabled auto-merge (rebase) September 22, 2024 08:14
@MrSerth
Copy link
Member

MrSerth commented Sep 22, 2024

Awesome, thanks! Checking with the output from ls, the previous file name hamcrest-core-3.0.jar also seemed invalid.

Just one remaining question though: Why do we still see hamcrest-core-1.3.jar?

@mpass99 mpass99 disabled auto-merge September 22, 2024 08:17
@MrSerth
Copy link
Member

MrSerth commented Sep 22, 2024

Just one remaining question though: Why do we still see hamcrest-core-1.3.jar?

Maybe because junit-4.13.2 has a compile time dependency on it? See https://mvnrepository.com/artifact/junit/junit/4.13.2.
Fine for me to keep both.

@mpass99
Copy link
Contributor

mpass99 commented Sep 22, 2024

Yeah, I agree 👍

mvn dependency:tree
[INFO] Scanning for projects...
[INFO] 
[INFO] ------------------------< poseidon:java11Exec >-------------------------
[INFO] Building A Java executor created for openHPI/Poseidon. 1.0
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] 
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ java11Exec ---
[INFO] poseidon:java11Exec:jar:1.0
[INFO] +- com.amazonaws:aws-lambda-java-core:jar:1.2.3:compile
[INFO] +- com.amazonaws:aws-java-sdk-apigatewaymanagementapi:jar:1.12.770:compile
[INFO] |  +- com.amazonaws:aws-java-sdk-core:jar:1.12.770:compile
[INFO] |  |  +- commons-logging:commons-logging:jar:1.1.3:compile
[INFO] |  |  +- commons-codec:commons-codec:jar:1.15:compile
[INFO] |  |  +- org.apache.httpcomponents:httpclient:jar:4.5.13:compile
[INFO] |  |  |  \- org.apache.httpcomponents:httpcore:jar:4.4.13:compile
[INFO] |  |  +- com.fasterxml.jackson.core:jackson-databind:jar:2.17.2:compile
[INFO] |  |  |  +- com.fasterxml.jackson.core:jackson-annotations:jar:2.17.2:compile
[INFO] |  |  |  \- com.fasterxml.jackson.core:jackson-core:jar:2.17.2:compile
[INFO] |  |  \- com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:jar:2.17.2:compile
[INFO] |  \- com.amazonaws:jmespath-java:jar:1.12.770:compile
[INFO] +- com.amazonaws:aws-lambda-java-events:jar:3.13.0:compile
[INFO] |  \- joda-time:joda-time:jar:2.10.8:compile
[INFO] +- com.google.code.gson:gson:jar:2.11.0:compile
[INFO] |  \- com.google.errorprone:error_prone_annotations:jar:2.27.0:compile
[INFO] +- junit:junit:jar:4.13.2:compile
[INFO] |  \- org.hamcrest:hamcrest-core:jar:1.3:compile
[INFO] \- org.hamcrest:hamcrest:jar:3.0:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.523 s
[INFO] Finished at: 2024-09-22T10:23:15+02:00
[INFO] ------------------------------------------------------------------------

@mpass99 mpass99 enabled auto-merge (rebase) September 22, 2024 08:25
@mpass99 mpass99 merged commit b966aac into main Sep 22, 2024
12 checks passed
@mpass99 mpass99 deleted the dependabot/maven/deploy/aws/java11Exec/org.hamcrest-hamcrest-core-3.0 branch September 22, 2024 08:26
@MrSerth
Copy link
Member

MrSerth commented Sep 22, 2024

Awesome, than we have this resolved and are up-to-date with our usage!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants