-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to spring boot 3.4.1 #1590
base: main
Are you sure you want to change the base?
Conversation
WalkthroughThis pull request focuses on updating the Changes
Sequence DiagramsequenceDiagram
participant App as Application
participant Config as RestTemplateConfiguration
participant Env as Environment
participant SSL as SSLContext
participant ConnManager as ConnectionManager
App->>Config: Create with Environment
Config->>Env: Check active profile
Config->>SSL: Create SSLContext based on environment
Config->>ConnManager: Configure with SSL and connection settings
Note over Config: Apply different SSL strategies for prod/non-prod
Possibly related PRs
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
Quality Gate passedIssues Measures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Nitpick comments (5)
httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/RestTemplateConfiguration.java (4)
54-59
: Use @nonnull annotation for environment injection
It's helpful to validate that the environment is not null, ensuring safety in production. You can annotate the constructor parameter or field with @nonnull to enforce this contract.
62-73
: Ensure permissive SSL usage is tightly controlled
The use of a permissive TrustStrategy is fine for non-production, but be mindful that it should never leak into production. The conditional checks are a good safeguard, but consider adding further assertion or fallback logic to confirm that the production environment never uses bypassed certificate validation.
102-104
: Consider using Spring’s built-in profile checks
Using List.of(environment.getActiveProfiles()).contains("prod") is valid. However, you might simplify this check by using environment.acceptsProfiles(Profiles.of("prod")), which can be more idiomatic for Spring-based configurations.
147-147
: Unify connection timeout with existing constants
Currently, you use a hard-coded 60s timeout. To maintain consistency and possible future customizations, consider leveraging the existing constants (e.g., REQUEST_TIMEOUT) or retrieving the timeout from properties:Example diff:
- .connectTimeout(Duration.ofSeconds(60)) + .connectTimeout(Duration.ofSeconds(REQUEST_TIMEOUT))httpClients/boot-rest-template/pom.xml (1)
Line range hint
293-307
: Consider timeline for moving to GA releasesThe project is configured to use Spring Milestones repository for both dependencies and plugins. While this is necessary for Spring Boot 3.4.1, consider:
- Documenting the timeline for moving to GA releases
- Adding a comment in the repository configuration explaining the temporary nature of using milestone releases
Also applies to: 308-321
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
httpClients/boot-rest-template/pom.xml
(2 hunks)httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/RestTemplateConfiguration.java
(4 hunks)httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/WebMvcConfig.java
(2 hunks)
🔇 Additional comments (4)
httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/WebMvcConfig.java (1)
5-5
: LGTM! Good addition of Spring's null safety annotations.
The addition of Spring's @nonnull import aligns well with Spring Boot's emphasis on null safety.
httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/RestTemplateConfiguration.java (1)
75-94
: Pooling manager configuration looks solid
Your builder-based approach for pooling connections and establishing timeouts is cleanly structured. This is an effective way to manage HTTP connections while keeping the code organized and readable.
httpClients/boot-rest-template/pom.xml (2)
22-22
: Verify springdoc-openapi compatibility
The springdoc-openapi upgrade to 2.7.0 should be verified for compatibility with Spring Boot 3.4.1.
✅ Verification successful
The previous output shows that springdoc-openapi 2.7.0 was specifically tested with Spring Boot 3.4.0, but we need to verify our project's Spring Boot version and any specific springdoc configurations that might need updates. Let's gather this additional context to make a proper assessment.
Let's check the specific module's pom.xml to verify the Spring Boot version and springdoc configuration, as the previous search was too broad.
springdoc-openapi 2.7.0 is compatible with Spring Boot 3.4.1
The release notes show that springdoc-openapi 2.7.0 was tested with Spring Boot 3.4.0, and our project uses Spring Boot 3.4.1. This is a compatible combination as they are in the same minor version series (3.4.x). The upgrade includes important fixes and improvements that are relevant for Spring Boot 3.4.x.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check springdoc-openapi 2.7.0 release notes for compatibility
gh api \
-H "Accept: application/vnd.github+json" \
repos/springdoc/springdoc-openapi/releases | \
jq '.[] | select(.tag_name | contains("v2.7.0")) | .body'
# Look for any springdoc-specific configurations that might need updates
rg -A 5 "springdoc" --type yaml --type properties
Length of output: 12242
Script:
#!/bin/bash
# Check Spring Boot version in pom.xml
rg -A 2 "<parent>" pom.xml
# Check for springdoc configuration files
fd -e yml -e yaml -e properties | xargs rg "springdoc"
# Check for any springdoc dependencies in pom.xml
rg -A 3 "springdoc" pom.xml
Length of output: 311
Script:
#!/bin/bash
# Check Spring Boot version in the specific pom.xml file
cat httpClients/boot-rest-template/pom.xml | grep -A 5 "<parent>"
# Check for any springdoc dependencies and configurations in this specific module
cat httpClients/boot-rest-template/pom.xml | grep -A 10 "<properties>"
Length of output: 983
8-8
: Verify Spring Boot 3.4.1 milestone release compatibility
The upgrade to Spring Boot 3.4.1 requires careful consideration:
- This is a milestone release (not GA) as indicated by the milestone repository configuration
- Ensure all dependencies are compatible with this version
@@ -11,7 +12,7 @@ public class WebMvcConfig implements WebMvcConfigurer { | |||
private final ApplicationProperties properties; | |||
|
|||
@Override | |||
public void addCorsMappings(CorsRegistry registry) { | |||
public void addCorsMappings(@NonNull CorsRegistry registry) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
💡 Codebase verification
Null safety annotations are inconsistently applied across configuration classes
Based on the search results, while some configuration classes use null safety annotations, the usage is not consistent across the codebase:
- Several
WebMvcConfig
classes have@NonNull
only onaddCorsMappings
method but not on other methods - Some packages have
@NonNullApi
at package level (e.g., ingraphql
,multitenancy
modules) - Bean post processors consistently use
@NonNull
on their parameters - Only a few classes properly annotate nullable parameters with
@Nullable
🔗 Analysis chain
Consider extending null safety annotations across the configuration.
The addition of @nonnull to the registry parameter is a good practice. Consider applying similar null safety annotations (@nonnull, @nullable) consistently across other methods and fields in your configuration classes for better null safety coverage.
Let's check if similar annotations are used consistently in other configuration classes:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for consistent usage of null safety annotations in config classes
# Look for configuration classes that might benefit from similar null safety annotations
# Find all configuration classes
echo "Searching for Spring configuration classes..."
rg -l "class.*implements.*Configurer" --type java
# Check current usage of Spring's null safety annotations
echo "Checking current usage of null safety annotations..."
rg "@(NonNull|Nullable)" --type java
Length of output: 7418
Qodana Community for JVM107 new problems were found
☁️ View the detailed Qodana report Contact Qodana teamContact us at [email protected]
|
Summary by CodeRabbit
New Features
Bug Fixes
Refactor