Merge branch 'master' into add-e2e-tests

seqeralabs · Nov 19, 2024 · 9ae7f98 · 9ae7f98
2 parents 2141ea2 + 080d5cc
commit 9ae7f98
Show file tree

Hide file tree

Showing 92 changed files with 872 additions and 896 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -30,7 +30,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        java_version: [19]
+        java_version: [21]
 
     steps:
       - name: Environment
@@ -66,7 +66,7 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{secrets.TOWER_CI_AWS_SECRET}}
           DOCKER_USER: ${{ secrets.DOCKER_USER }}
           DOCKER_PAT: ${{ secrets.DOCKER_PAT }}
-          QUAY_USER: ${{ secrets.QUAY_USER }}
+          QUAY_USER: "pditommaso+wave_ci_tests"
           QUAY_PAT: ${{ secrets.QUAY_PAT }}
           AZURECR_USER: ${{ secrets.AZURECR_USER }}
           AZURECR_PAT: ${{ secrets.AZURECR_PAT }}

diff --git a/.github/workflows/security-submit-dependecy-graph.yml b/.github/workflows/security-submit-dependecy-graph.yml
@@ -0,0 +1,24 @@
+name: Generate and submit dependency graph for wave
+on:
+    push:
+      branches: ['master']
+
+permissions:
+  contents: write
+
+jobs:
+  dependency-submission:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-java@v4
+      with:
+        distribution: temurin
+        java-version: 17
+
+    - name: Generate and submit dependency graph for wave
+      uses: gradle/actions/dependency-submission@v4
+      with:
+        dependency-resolution-task: "dependencies"
+        additional-arguments: "--configuration runtimeClasspath"
+        dependency-graph: generate-and-submit
diff --git a/Makefile b/Makefile
@@ -1,4 +1,4 @@
-config ?= compileClasspath
+config ?= runtimeClasspath
 
 ifdef module
 mm = :${module}:

diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ images.
 * Push and cache built containers to a user-provided container repository;
 * Build Singularity native containers both using a Singularity spec file, Conda package(s);
 * Push Singularity native container images to OCI-compliant registries;
-
+* Scan container images for security vulnerabilities
 
 ### How it works
 
@@ -34,7 +34,7 @@ container registry where the image is stored, while the instrumented layers are
 
 ### Requirements
 
-* Java 19 or later
+* Java 21 or later
 * Linux or macOS
 * Redis 6.2 (or later)
 * Docker engine (for development)

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.13.4
+1.15.0
diff --git a/build.gradle b/build.gradle
@@ -2,10 +2,10 @@ import java.time.OffsetDateTime
 import java.time.format.DateTimeFormatter
 
 plugins {
-    id 'java-library'
+    id 'io.seqera.wave.java-library-conventions'
     id 'io.seqera.wave.groovy-application-conventions'
-    id "com.github.johnrengelman.shadow" version "7.1.1"
-    id "io.micronaut.minimal.application" version "3.7.0"
+    id "com.github.johnrengelman.shadow" version "8.1.1"
+    id "io.micronaut.minimal.application" version "4.1.1"
     id "com.google.cloud.tools.jib" version "3.4.2"
     id 'org.asciidoctor.jvm.convert' version '3.3.2'
     id 'jacoco'
@@ -29,73 +29,81 @@ repositories {
 }
 
 dependencies {
-    annotationProcessor("io.micronaut:micronaut-http-validation")
-    compileOnly("io.micronaut.data:micronaut-data-processor")
-    compileOnly("io.micronaut:micronaut-inject-groovy")
-    compileOnly("io.micronaut:micronaut-http-validation")
-    implementation("jakarta.persistence:jakarta.persistence-api:3.0.0")
-    api 'io.seqera:lib-mail:1.0.0'
-    api 'io.seqera:wave-api:0.13.3'
-    api 'io.seqera:wave-utils:0.14.1'
-    implementation("io.micronaut:micronaut-http-client")
-    implementation("io.micronaut:micronaut-jackson-databind")
-    implementation("io.micronaut.groovy:micronaut-runtime-groovy")
-    implementation("io.micronaut.reactor:micronaut-reactor")
-    implementation("io.micronaut.reactor:micronaut-reactor-http-client")
-    implementation("jakarta.annotation:jakarta.annotation-api")
-    implementation("io.micronaut:micronaut-validation")
+    annotationProcessor 'io.micronaut.validation:micronaut-validation-processor'
+    annotationProcessor 'io.micronaut:micronaut-http-validation'
+    compileOnly 'io.micronaut.data:micronaut-data-processor'
+    compileOnly 'io.micronaut:micronaut-inject-groovy'
+    compileOnly 'io.micronaut:micronaut-http-validation'
+    implementation 'jakarta.persistence:jakarta.persistence-api:3.0.0'
+    api 'io.seqera:lib-mail:1.2.0'
+    api 'io.seqera:wave-api:0.14.0'
+    api 'io.seqera:wave-utils:0.15.0'
+    implementation 'io.micronaut:micronaut-http-client'
+    implementation 'io.micronaut:micronaut-jackson-databind'
+    implementation 'io.micronaut.groovy:micronaut-runtime-groovy'
+    implementation 'io.micronaut.reactor:micronaut-reactor'
+    implementation 'io.micronaut.reactor:micronaut-reactor-http-client'
+    implementation 'jakarta.annotation:jakarta.annotation-api'
+    implementation 'io.micronaut.validation:micronaut-validation'
     implementation 'io.micronaut.security:micronaut-security'
-    implementation "org.codehaus.groovy:groovy-json"
-    implementation "org.codehaus.groovy:groovy-nio"
-    implementation 'com.google.guava:guava:32.1.2-jre'
+    implementation 'io.micronaut:micronaut-websocket'
+    implementation 'org.apache.groovy:groovy-json'
+    implementation 'org.apache.groovy:groovy-nio'
+    implementation 'com.google.guava:guava:33.3.1-jre'
     implementation 'dev.failsafe:failsafe:3.1.0'
-    implementation('io.projectreactor:reactor-core')
-    implementation("io.seqera:tower-crypto:22.4.0-watson") { transitive = false }  // to be replaced with 22.4.0 once released
-    implementation 'org.apache.commons:commons-compress:1.24.0'
-    implementation 'org.apache.commons:commons-lang3:3.12.0'
+    implementation 'io.micronaut.reactor:micronaut-reactor'
+    implementation 'io.micronaut.reactor:micronaut-reactor-http-client'
+    implementation('io.seqera:tower-crypto:22.4.0-watson') { transitive = false }  // to be replaced with 22.4.0 once released
+    implementation 'org.apache.commons:commons-compress:1.27.1'
+    implementation 'org.apache.commons:commons-lang3:3.17.0'
     implementation 'io.kubernetes:client-java:19.0.0'
     implementation 'io.kubernetes:client-java-api-fluent:18.0.1'
     implementation 'com.google.code.gson:gson:2.9.0'
-    implementation "com.fasterxml.jackson.datatype:jackson-datatype-jsr310"
+    implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310'
     implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml'
-    implementation 'com.squareup.moshi:moshi:1.14.0'
-    implementation 'com.squareup.moshi:moshi-adapters:1.14.0'
-    implementation 'redis.clients:jedis:5.0.2'
-    implementation "io.github.resilience4j:resilience4j-ratelimiter:0.17.0"
+    implementation 'com.squareup.moshi:moshi:1.15.1'
+    implementation 'com.squareup.moshi:moshi-adapters:1.15.1'
+    implementation 'redis.clients:jedis:5.1.3'
+    implementation 'io.github.resilience4j:resilience4j-ratelimiter:0.17.0'
+    implementation 'io.micronaut:micronaut-retry'
     // caching deps
-    implementation("io.micronaut.cache:micronaut-cache-core")
-    implementation("io.micronaut.cache:micronaut-cache-caffeine")
-    implementation("io.micronaut.aws:micronaut-aws-parameter-store")
-    implementation "software.amazon.awssdk:ecr"
-    implementation "software.amazon.awssdk:ecrpublic"
+    implementation 'io.micronaut.cache:micronaut-cache-core'
+    implementation 'io.micronaut.cache:micronaut-cache-caffeine'
+    implementation 'io.micronaut.aws:micronaut-aws-parameter-store'
+    implementation 'software.amazon.awssdk:ecr'
+    implementation 'software.amazon.awssdk:ecrpublic'
     implementation 'software.amazon.awssdk:ses'
-    implementation 'org.yaml:snakeyaml:2.0'
+    implementation 'org.yaml:snakeyaml:2.2'
     implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
     implementation 'org.luaj:luaj-jse:3.0.1'
     //object storage dependency
-    implementation("io.micronaut.objectstorage:micronaut-object-storage-aws")
+    implementation 'io.micronaut.objectstorage:micronaut-object-storage-aws'
     // include sts to allow the use of service account role - https://stackoverflow.com/a/73306570
     // this sts dependency is require by micronaut-aws-parameter-store,
     // not directly used by the app, for this reason keeping `runtimeOnly`
-    runtimeOnly "software.amazon.awssdk:sts"
-
-    runtimeOnly("io.netty:netty-tcnative-boringssl-static:2.0.0.Final")
-    runtimeOnly("javax.xml.bind:jaxb-api:2.3.1")
-    testImplementation("org.testcontainers:testcontainers")
-    testImplementation("org.testcontainers:mysql:1.17.3")
+    runtimeOnly 'software.amazon.awssdk:sts'
+    runtimeOnly 'io.netty:netty-tcnative-boringssl-static:2.0.0.Final'
+    runtimeOnly 'javax.xml.bind:jaxb-api:2.3.1'
+    testImplementation 'org.testcontainers:testcontainers'
+    testImplementation 'org.testcontainers:mysql:1.17.3'
 
     // --
-    implementation("ch.qos.logback:logback-classic:1.4.8")
+    implementation 'ch.qos.logback:logback-classic:1.5.12'
 
     // rate limit
-    implementation 'com.github.seqeralabs:spillway:7b72700293'
+    implementation 'com.coveo:spillway:3.0.0'
 
     // monitoring
-    implementation "io.micronaut.micrometer:micronaut-micrometer-registry-prometheus"
+    implementation 'io.micronaut.micrometer:micronaut-micrometer-registry-prometheus'
     // Also required to enable endpoint
-    implementation "io.micronaut:micronaut-management"
+    implementation 'io.micronaut:micronaut-management'
     //views
-    implementation("io.micronaut.views:micronaut-views-handlebars")
+    implementation 'io.micronaut.views:micronaut-views-handlebars'
+
+    // upgrade indirect dependencies 
+    runtimeOnly 'org.bouncycastle:bcpkix-jdk18on:1.78'
+    runtimeOnly 'org.bitbucket.b_c:jose4j:0.9.4'
+    runtimeOnly 'io.netty:netty-bom:4.1.115.Final'
 }
 
 application {
@@ -148,8 +156,7 @@ jib {
 
 run{
     def envs = findProperty('micronautEnvs')
-    // note: "--enable-preview" is required to use virtual threads on Java 19 and 20
-    def args = ["-Dmicronaut.environments=$envs","--enable-preview"]
+    def args = ["-Dmicronaut.environments=$envs","-Djdk.tracePinnedThreads=short"]
     if( environment['JVM_OPTS'] ) args.add(environment['JVM_OPTS'])
     jvmArgs args
     systemProperties 'DOCKER_USER': project.findProperty('DOCKER_USER') ?: environment['DOCKER_USER'],

diff --git a/buildSrc/src/main/groovy/io.seqera.wave.groovy-application-conventions.gradle b/buildSrc/src/main/groovy/io.seqera.wave.groovy-application-conventions.gradle
@@ -11,8 +11,3 @@ plugins {
 }
 
 group = 'io.seqera'
-
-tasks.withType(Test) {
-    // note: "--enable-preview" is required to use virtual thread on Java 19 and 20
-    jvmArgs (["--enable-preview"])
-}
diff --git a/buildSrc/src/main/groovy/io.seqera.wave.groovy-common-conventions.gradle b/buildSrc/src/main/groovy/io.seqera.wave.groovy-common-conventions.gradle
@@ -14,17 +14,17 @@ repositories {
 
 java {
     toolchain {
-        languageVersion = JavaLanguageVersion.of(19)
+        languageVersion = JavaLanguageVersion.of(21)
     }
 }
 
 compileJava {
-    options.release.set(11)
+    options.release.set(17)
 }
 
-tasks.withType(GroovyCompile) {
-    sourceCompatibility = '11'
-    targetCompatibility = '11'
+tasks.withType(GroovyCompile).configureEach {
+    sourceCompatibility = '17'
+    targetCompatibility = '17'
 }
 
 group = 'io.seqera'
diff --git a/buildSrc/src/main/groovy/io.seqera.wave.java-library-conventions.gradle b/buildSrc/src/main/groovy/io.seqera.wave.java-library-conventions.gradle
@@ -16,17 +16,17 @@ repositories {
 
 java {
     toolchain {
-        languageVersion = JavaLanguageVersion.of(19)
+        languageVersion = JavaLanguageVersion.of(21)
     }
 }
 
 compileJava {
-    options.release.set(11)
+    options.release.set(17)
 }
 
-tasks.withType(GroovyCompile) {
-    sourceCompatibility = '11'
-    targetCompatibility = '11'
+tasks.withType(GroovyCompile).configureEach {
+    sourceCompatibility = '17'
+    targetCompatibility = '17'
 }
 
 test {
@@ -40,22 +40,21 @@ java {
 }
 
 dependencies {
-    implementation 'org.slf4j:slf4j-api:1.7.36'
+    implementation 'org.slf4j:slf4j-api:2.0.16'
 
-    testImplementation 'ch.qos.logback:logback-core:1.2.11'
-    testImplementation 'ch.qos.logback:logback-classic:1.2.11'
-    testImplementation "org.codehaus.groovy:groovy:3.0.15"
-    testImplementation "org.codehaus.groovy:groovy-nio:3.0.15"
-    testImplementation ("org.codehaus.groovy:groovy-test:3.0.17")
-    testImplementation ("cglib:cglib-nodep:3.3.0")
-    testImplementation ("org.objenesis:objenesis:3.2")
-    testImplementation ("org.spockframework:spock-core:2.3-groovy-3.0") { exclude group: 'org.codehaus.groovy'; exclude group: 'net.bytebuddy' }
-    testImplementation ('org.spockframework:spock-junit4:2.3-groovy-3.0') { exclude group: 'org.codehaus.groovy'; exclude group: 'net.bytebuddy' }
+    testImplementation 'ch.qos.logback:logback-core:1.5.12'
+    testImplementation 'ch.qos.logback:logback-classic:1.5.12'
+    testImplementation 'org.apache.groovy:groovy:4.0.15'
+    testImplementation 'org.apache.groovy:groovy-nio:4.0.15'
+    testImplementation 'org.apache.groovy:groovy-test:4.0.15'
+    testImplementation 'org.objenesis:objenesis:3.4'
+    testImplementation 'net.bytebuddy:byte-buddy:1.14.17'
+    testImplementation 'org.spockframework:spock-core:2.3-groovy-4.0'
+    testImplementation 'org.spockframework:spock-junit4:2.3-groovy-4.0'
 }
 
-tasks.withType(Test) {
-    jvmArgs ([
-            '--enable-preview',
+tasks.withType(Test).configureEach {
+    jvmArgs([
             '--add-opens=java.base/java.lang=ALL-UNNAMED',
             '--add-opens=java.base/java.io=ALL-UNNAMED',
             '--add-opens=java.base/java.nio=ALL-UNNAMED',

diff --git a/changelog.txt b/changelog.txt
@@ -1,4 +1,64 @@
 # Wave changelog
+1.15.0 - 18 Nov 2024
+- Migration to virtual threads - phase 1 (#746) [aaf0420c]
+- Use runAsync instead supplyAsync [ffd0dacd]
+- Remove deprecated ThreadPoolBuilder [7af3046f]
+- Replace Guava cache with Caffeine (#745) [cf813e0a]
+- Update project deps [f24b684d]
+- Bump  guava to version 33.3.1-jre [328e9ea3]
+- Bump Netty version 4.1.115.Final [9ba433ce]
+- Bump gradle 8.10.2 [52272fe1]
+
+1.14.1 - 14 Nov 2024
+- Fix creds validation endpoint (#740) [8c0f3a4c]
+
+1.14.0 - 10 Nov 2024
+- Fix K8s env propagation [76f0a456]
+- Remove deprecated K8s methods (#734) [481298bf]
+- Bump to Micronaut 4.6 (#318) [f67e8556]
+- Bump Java 21 as build requirement (#519) [132f9491]
+- Bump bitbucket.b_c:jose4j:0.9.4 [2e10416a]
+- Bump bouncycastle:bcpkix-jdk18on:1.78 [ede22ce5]
+- Bump jedis 5.1.3 (#732) [2ee0854e]
+- Bump logback 1.5.12 [f5fe3fa4]
+- Bump make deps runtimeclasspath [2a342b18]
+- Bump snakeyaml 2.2 [6aeb3c33]
+- Bump spillway 3.0.0 (#731) [1502696d]
+- Bump explicit dep to websocket module [2e413ac2]
+- Enables EKS Pod identity via AWS SDK 2.27.8 
+
+1.13.11 - 2 Nov 2024
+- Rename async methods for semantic consistency [38114d75]
+- Save scan record async (#730) [3ad82a3a]
+- Cap number of vulnerabilities reported in scan report to 100 (#728) [2f0d8f9f]
+- Bump org.apache.commons:commons-compress:1.27.1 (#722) [adb75007]
+
+1.13.10 - 29 Oct 2024 
+- Log slow processing stream messages [e8a6b7ee]
+- Prevent scan when mode is not defined [d42bcae1]
+
+1.13.9 - 29 Oct 2024
+- Fix inspect view (#725) [dcf41dea] [e38e2c44]
+
+1.13.8 - 26 Oct 2024
+- Fix update scan status synchronously [e767c367]
+- Bump scan warn colour [705141f0]
+- Improve scan logging [f01e4dba]
+
+1.13.7 - 25 Oct 2024 
+- Add ability to configure trivy environment & DBs (#720) [0f600306]
+
+1.13.6 - 25 Oct 2024 
+- Add scan color for different vuls (#719) [ab81b6dc]
+
+1.13.5 - 23 Oct 2024
+- Fix Do not render inspect url on fail [d96275a1]
+- Fix inspect view empty nodes (#706) [b3473b7e]
+- Fix prevent scan on cached failed builds [4473fe8c]
+- Use JedisPool in place of generic connection pool (#711) [cd16cfd1]
+- Minor page title change [c3be9304]
+- GHA to submit dependency graph to Github (#715) [09c86627]
+
 1.13.4 - 20 Oct 2024
 - Add scan failure duration setting (#705) [372d6dec]
 - Change scan config log to info [f382c51a]

diff --git a/docs/cli/index.mdx b/docs/cli/index.mdx
@@ -27,8 +27,8 @@ The following CLI arguments are available for Seqera Platform integration:
 
 The following environment variables are available for Seqera Platform integration:
 
-- `TOWER_API_ENDPOINT`: A Seqera Platform auth token so that Wave can access your private registry credentials.
-- `TOWER_ACCESS_TOKEN`: For Enterprise customers, the URL endpoint for your instance, such as `https://api.cloud.seqera.io`.
+- `TOWER_ACCESS_TOKEN`: A Seqera Platform auth token so that Wave can access your private registry credentials.
+- `TOWER_API_ENDPOINT`: For Enterprise customers, the URL endpoint for your instance, such as `https://api.cloud.seqera.io`.
 - `TOWER_WORKSPACE_ID`: A Seqera Platform workspace ID, such as `1234567890`, where credentials may be stored.
 
 ## Usage limits

diff --git a/gradle.properties b/gradle.properties
@@ -16,5 +16,5 @@
 #  along with this program.  If not, see <https://www.gnu.org/licenses/>.
 #
 
-micronautVersion=3.10.3
+micronautVersion=4.6.3
 micronautEnvs=dev,h2,mail,aws-ses