Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to spring boot 3.4.1 #1590

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Upgrade to spring boot 3.4.1 #1590

wants to merge 8 commits into from

Conversation

rajadilipkolli
Copy link
Owner

@rajadilipkolli rajadilipkolli commented Dec 20, 2024

Summary by CodeRabbit

  • New Features

    • Enhanced SSL configuration and connection management for improved security and performance.
    • Updated CORS configuration to enforce non-null parameters.
  • Bug Fixes

    • Upgraded Spring Boot and OpenAPI documentation dependencies for better stability and functionality.
  • Refactor

    • Streamlined connection manager settings and updated method implementations for clarity and maintainability.

Copy link
Contributor

coderabbitai bot commented Dec 20, 2024

Walkthrough

This pull request focuses on updating the boot-rest-template project with version upgrades and configuration improvements. The changes include upgrading the Spring Boot parent version from 3.3.7 to 3.4.1 and updating the springdoc-openapi dependency to version 2.7.0. The RestTemplateConfiguration class has been enhanced with improved SSL configuration and connection management, including a new constructor and environment-based SSL handling. Additionally, the WebMvcConfig class has been updated with a @NonNull annotation for the CORS configuration method.

Changes

File Change Summary
httpClients/boot-rest-template/pom.xml - Updated Spring Boot parent version from 3.3.7 to 3.4.1
- Updated springdoc-openapi dependency version from 2.6.0 to 2.7.0
httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/RestTemplateConfiguration.java - Added new constructor with Environment parameter
- Introduced isProdEnvironment() method
- Refactored poolingConnectionManager with improved SSL configuration
- Updated connection management using builder pattern
httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/WebMvcConfig.java - Added @NonNull annotation to addCorsMappings method parameter

Sequence Diagram

sequenceDiagram
    participant App as Application
    participant Config as RestTemplateConfiguration
    participant Env as Environment
    participant SSL as SSLContext
    participant ConnManager as ConnectionManager

    App->>Config: Create with Environment
    Config->>Env: Check active profile
    Config->>SSL: Create SSLContext based on environment
    Config->>ConnManager: Configure with SSL and connection settings
    Note over Config: Apply different SSL strategies for prod/non-prod
Loading

Possibly related PRs

Poem

🐰 Hop, hop, through code's domain,
Versions dance, no need to explain!
SSL tweaked with rabbit's might,
Spring Boot leaps to a new height!
Configuration's magic spell ✨


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@github-actions github-actions bot added type: dependency-upgrade Pull requests that update a dependency file component: httpclients labels Dec 20, 2024
Copy link

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (5)
httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/RestTemplateConfiguration.java (4)

54-59: Use @nonnull annotation for environment injection
It's helpful to validate that the environment is not null, ensuring safety in production. You can annotate the constructor parameter or field with @nonnull to enforce this contract.


62-73: Ensure permissive SSL usage is tightly controlled
The use of a permissive TrustStrategy is fine for non-production, but be mindful that it should never leak into production. The conditional checks are a good safeguard, but consider adding further assertion or fallback logic to confirm that the production environment never uses bypassed certificate validation.


102-104: Consider using Spring’s built-in profile checks
Using List.of(environment.getActiveProfiles()).contains("prod") is valid. However, you might simplify this check by using environment.acceptsProfiles(Profiles.of("prod")), which can be more idiomatic for Spring-based configurations.


147-147: Unify connection timeout with existing constants
Currently, you use a hard-coded 60s timeout. To maintain consistency and possible future customizations, consider leveraging the existing constants (e.g., REQUEST_TIMEOUT) or retrieving the timeout from properties:

Example diff:

- .connectTimeout(Duration.ofSeconds(60))
+ .connectTimeout(Duration.ofSeconds(REQUEST_TIMEOUT))
httpClients/boot-rest-template/pom.xml (1)

Line range hint 293-307: Consider timeline for moving to GA releases

The project is configured to use Spring Milestones repository for both dependencies and plugins. While this is necessary for Spring Boot 3.4.1, consider:

  1. Documenting the timeline for moving to GA releases
  2. Adding a comment in the repository configuration explaining the temporary nature of using milestone releases

Also applies to: 308-321

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7c9df56 and f966f87.

📒 Files selected for processing (3)
  • httpClients/boot-rest-template/pom.xml (2 hunks)
  • httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/RestTemplateConfiguration.java (4 hunks)
  • httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/WebMvcConfig.java (2 hunks)
🔇 Additional comments (4)
httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/WebMvcConfig.java (1)

5-5: LGTM! Good addition of Spring's null safety annotations.

The addition of Spring's @nonnull import aligns well with Spring Boot's emphasis on null safety.

httpClients/boot-rest-template/src/main/java/com/example/rest/template/config/RestTemplateConfiguration.java (1)

75-94: Pooling manager configuration looks solid
Your builder-based approach for pooling connections and establishing timeouts is cleanly structured. This is an effective way to manage HTTP connections while keeping the code organized and readable.

httpClients/boot-rest-template/pom.xml (2)

22-22: Verify springdoc-openapi compatibility

The springdoc-openapi upgrade to 2.7.0 should be verified for compatibility with Spring Boot 3.4.1.

✅ Verification successful

The previous output shows that springdoc-openapi 2.7.0 was specifically tested with Spring Boot 3.4.0, but we need to verify our project's Spring Boot version and any specific springdoc configurations that might need updates. Let's gather this additional context to make a proper assessment.


Let's check the specific module's pom.xml to verify the Spring Boot version and springdoc configuration, as the previous search was too broad.


springdoc-openapi 2.7.0 is compatible with Spring Boot 3.4.1

The release notes show that springdoc-openapi 2.7.0 was tested with Spring Boot 3.4.0, and our project uses Spring Boot 3.4.1. This is a compatible combination as they are in the same minor version series (3.4.x). The upgrade includes important fixes and improvements that are relevant for Spring Boot 3.4.x.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check springdoc-openapi 2.7.0 release notes for compatibility
gh api \
  -H "Accept: application/vnd.github+json" \
  repos/springdoc/springdoc-openapi/releases | \
  jq '.[] | select(.tag_name | contains("v2.7.0")) | .body'

# Look for any springdoc-specific configurations that might need updates
rg -A 5 "springdoc" --type yaml --type properties

Length of output: 12242


Script:

#!/bin/bash
# Check Spring Boot version in pom.xml
rg -A 2 "<parent>" pom.xml

# Check for springdoc configuration files
fd -e yml -e yaml -e properties | xargs rg "springdoc"

# Check for any springdoc dependencies in pom.xml
rg -A 3 "springdoc" pom.xml

Length of output: 311


Script:

#!/bin/bash
# Check Spring Boot version in the specific pom.xml file
cat httpClients/boot-rest-template/pom.xml | grep -A 5 "<parent>"

# Check for any springdoc dependencies and configurations in this specific module
cat httpClients/boot-rest-template/pom.xml | grep -A 10 "<properties>"

Length of output: 983


8-8: Verify Spring Boot 3.4.1 milestone release compatibility

The upgrade to Spring Boot 3.4.1 requires careful consideration:

  1. This is a milestone release (not GA) as indicated by the milestone repository configuration
  2. Ensure all dependencies are compatible with this version

@@ -11,7 +12,7 @@ public class WebMvcConfig implements WebMvcConfigurer {
private final ApplicationProperties properties;

@Override
public void addCorsMappings(CorsRegistry registry) {
public void addCorsMappings(@NonNull CorsRegistry registry) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Null safety annotations are inconsistently applied across configuration classes

Based on the search results, while some configuration classes use null safety annotations, the usage is not consistent across the codebase:

  • Several WebMvcConfig classes have @NonNull only on addCorsMappings method but not on other methods
  • Some packages have @NonNullApi at package level (e.g., in graphql, multitenancy modules)
  • Bean post processors consistently use @NonNull on their parameters
  • Only a few classes properly annotate nullable parameters with @Nullable
🔗 Analysis chain

Consider extending null safety annotations across the configuration.

The addition of @nonnull to the registry parameter is a good practice. Consider applying similar null safety annotations (@nonnull, @nullable) consistently across other methods and fields in your configuration classes for better null safety coverage.

Let's check if similar annotations are used consistently in other configuration classes:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for consistent usage of null safety annotations in config classes
# Look for configuration classes that might benefit from similar null safety annotations

# Find all configuration classes
echo "Searching for Spring configuration classes..."
rg -l "class.*implements.*Configurer" --type java

# Check current usage of Spring's null safety annotations
echo "Checking current usage of null safety annotations..."
rg "@(NonNull|Nullable)" --type java

Length of output: 7418

Copy link

github-actions bot commented Dec 20, 2024

Qodana Community for JVM

107 new problems were found

Inspection name Severity Problems
Usage of API marked for removal 🔴 Failure 2
@NotNull/@Nullable problems 🔶 Warning 38
Unchecked warning 🔶 Warning 32
'equals()' method which does not check class of parameter 🔶 Warning 21
Nullability and data flow problems 🔶 Warning 3
Field can be local 🔶 Warning 2
Declaration has problems in Javadoc references 🔶 Warning 2
AutoCloseable used without 'try'-with-resources 🔶 Warning 1
Class is exposed outside of its visibility scope 🔶 Warning 1
Deprecated API usage 🔶 Warning 1
Javadoc declaration problems 🔶 Warning 1
Mismatched query and update of collection 🔶 Warning 1
Optional.get() is called without isPresent() check 🔶 Warning 1
Commented out code ◽️ Notice 1

☁️ View the detailed Qodana report

Contact Qodana team

Contact us at [email protected]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component: httpclients type: dependency-upgrade Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant