From 3186c58184de932bdeb5aa43dc0de7695bb3ffd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Basl=C3=A9?= Date: Wed, 12 Oct 2022 16:02:37 +0200 Subject: [PATCH 1/5] Add configured dependabot.yml --- .github/dependabot.yml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..a962f6317e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,42 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: ".github/workflows" + schedule: + interval: "weekly" + labels: + - "type/chores" + reviewers: + - "reactor/core-team" + # updates in oldest maintenance branch, we'll forward-merge up to main + target-branch: "3.4.x" + - package-ecosystem: "gradle" + directory: "/" + schedule: + interval: "daily" + labels: + - "type/dependency-upgrade" + reviewers: + - "reactor/core-team" + # updates in oldest maintenance branch, we'll forward-merge up to main + target-branch: "3.4.x" + ignore: + # JSR166 backport is fixed + - dependency-name: "io.projectreactor:jsr166" + # JSR305 backport is fixed to last version with annotations (3.0.1) + - dependency-name: "com.google.code.findbugs:jsr305" + # don't update Micrometer + - dependency-name: "io.micrometer:*" + # Kotlin: stay on 1.5 + - dependency-name: "org.jetbrains.kotlin*" + versions: ["1.6.x"] + # SLF4J: don't upgrade to v2 + - dependency-name: "org.slf4j:slf4j-api" + versions: ["2.x"] + # logback: don't upgrade to v1.3 or v1.4 (require slf4j v2, 1.4.x also requires JDK11+) + - dependency-name: "ch.qos.logback:logback-classic" + versions: ["1.3.x", "1.4.x"] + # TestNG: 7.6+ doesn't support JDK8 anymore + - dependency-name: "org.testng:testng" + versions: ["7.6.x"] + From a4aba82a6c2bced402253a9e9d8ee0f2474460b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Basl=C3=A9?= Date: Wed, 12 Oct 2022 16:19:51 +0200 Subject: [PATCH 2/5] move some dependencies from version catalog to gradle/dependencies.gradle Actually replace all relevant libs.versions with string + version imported from dependencies.gradle --- benchmarks/build.gradle | 4 ++-- build.gradle | 1 + buildSrc/build.gradle | 6 ++++-- gradle/dependencies.gradle | 18 ++++++++++++++++++ gradle/libs.versions.toml | 26 +++++++------------------- reactor-core/build.gradle | 28 ++++++++++++++-------------- reactor-test/build.gradle | 8 ++++---- reactor-tools/build.gradle | 18 +++++++++--------- 8 files changed, 59 insertions(+), 50 deletions(-) create mode 100644 gradle/dependencies.gradle diff --git a/benchmarks/build.gradle b/benchmarks/build.gradle index 14b5c55cb3..3307226a59 100644 --- a/benchmarks/build.gradle +++ b/benchmarks/build.gradle @@ -15,11 +15,11 @@ dependencies { compileOnly libs.reactor.perfBaseline.core compileOnly libs.jsr305 - implementation libs.jmh.core + implementation "org.openjdk.jmh:jmh-core:$jmhVersion" implementation libs.reactor.perfBaseline.extra, { exclude group: 'io.projectreactor', module: 'reactor-core' } - annotationProcessor libs.jmh.annotations.processor + annotationProcessor "org.openjdk.jmh:jmh-generator-annprocess:$jmhVersion" current project(':reactor-core') baseline libs.reactor.perfBaseline.core, { diff --git a/build.gradle b/build.gradle index 2130489396..f8fee8b510 100644 --- a/build.gradle +++ b/build.gradle @@ -136,6 +136,7 @@ configure(subprojects) { p -> apply plugin: 'java' apply plugin: 'jacoco' apply from: "${rootDir}/gradle/setup.gradle" + apply from: "${rootDir}/gradle/dependencies.gradle" description = 'Non-Blocking Reactive Foundation for the JVM' group = 'io.projectreactor' diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle index 0548f67f2f..e4bd8a2eca 100644 --- a/buildSrc/build.gradle +++ b/buildSrc/build.gradle @@ -23,9 +23,11 @@ repositories { gradlePluginPortal() } +apply from: "../gradle/dependencies.gradle" + dependencies { - testImplementation libs.assertj - testImplementation platform(libs.junit.bom) + testImplementation "org.assertj:assertj-core:$assertjVersion" + testImplementation platform("org.junit:junit-bom:$junitVersion") testImplementation "org.junit.jupiter:junit-jupiter-api" testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine" } diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle new file mode 100644 index 0000000000..1d1f1691b1 --- /dev/null +++ b/gradle/dependencies.gradle @@ -0,0 +1,18 @@ +ext { + // Library versions that Dependabot will monitor (in alphabetical order) + // See also gradle/libs.versions.toml for manually maitained dependencies and Gradle plugins + archUnitVersion = "0.23.1" + assertjVersion = "3.23.1" + awaitilityVersion = "4.2.0" + blockhoundVersion = "1.0.7.RELEASE" + byteBuddyVersion = "1.12.23" + cglibVersion = "3.3.0" + javaObjectLayoutVersion = "0.16" + jmhVersion = "1.35" + junitVersion = "5.9.2" + logbackVersion = "1.2.11" + mockitoVersion = "4.11.0" + slf4jVersion = "1.7.36" + testngVersion = "7.5" // since 7.6 JDK8 is unsupported, don't bump + throwingFunctionVersion = "1.5.1" +} \ No newline at end of file diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index ac3dd98837..40cd9c09c8 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -1,3 +1,10 @@ +# Versions and dependencies declared here are NOT covered by Dependabot. +# Therefore it focuses on versions that should be updated by hand: +# - Reactor ecosystem +# - Fixed versions (JSR166, JSR305...) +# - Libraries that we want to more closely monitor / have an associated plugin (RS, Micrometer, Kotlin) +# - Plugins (including Kotlin) + [versions] # Baselines, should be updated on every release baseline-core-api = "3.4.27" @@ -6,37 +13,18 @@ baselinePerfExtra = "3.4.9" # Other shared versions asciidoctor = "3.3.2" -bytebuddy = "1.12.23" -jmh = "1.35" -junit = "5.9.2" kotlin = "1.5.32" reactiveStreams = "1.0.4" [libraries] -archUnit = "com.tngtech.archunit:archunit:0.23.1" -assertj = "org.assertj:assertj-core:3.23.1" -awaitility = "org.awaitility:awaitility:4.2.0" -blockhound = "io.projectreactor.tools:blockhound:1.0.7.RELEASE" -byteBuddy-agent = { module = "net.bytebuddy:byte-buddy-agent", version.ref = "bytebuddy" } -byteBuddy-api = { module = "net.bytebuddy:byte-buddy", version.ref = "bytebuddy" } -cglib = "cglib:cglib:3.3.0" -javaObjectLayout = "org.openjdk.jol:jol-core:0.16" -jmh-annotations-processor = { module = "org.openjdk.jmh:jmh-generator-annprocess", version.ref = "jmh" } -jmh-core = { module = "org.openjdk.jmh:jmh-core", version.ref = "jmh" } jsr166backport = "io.projectreactor:jsr166:1.0.0.RELEASE" jsr305 = "com.google.code.findbugs:jsr305:3.0.1" -junit-bom = { module = "org.junit:junit-bom", version.ref = "junit" } kotlin-stdlib = { module = "org.jetbrains.kotlin:kotlin-stdlib", version.ref = "kotlin" } -logback = "ch.qos.logback:logback-classic:1.2.11" micrometer = "io.micrometer:micrometer-core:1.3.0" -mockito = "org.mockito:mockito-core:4.11.0" reactiveStreams = { module = "org.reactivestreams:reactive-streams", version.ref = "reactiveStreams" } reactiveStreams-tck = { module = "org.reactivestreams:reactive-streams-tck", version.ref = "reactiveStreams" } reactor-perfBaseline-core = { module = "io.projectreactor:reactor-core", version.ref = "baselinePerfCore" } reactor-perfBaseline-extra = { module = "io.projectreactor.addons:reactor-extra", version.ref = "baselinePerfExtra" } -slf4j = "org.slf4j:slf4j-api:1.7.36" -testNg = "org.testng:testng:7.5" # since 7.6 JDK8 is unsupported, don't bump -throwingFunction = "com.pivovarit:throwing-function:1.5.1" [plugins] artifactory = { id = "com.jfrog.artifactory", version = "4.31.0" } diff --git a/reactor-core/build.gradle b/reactor-core/build.gradle index 2533be2bb1..6e25f73695 100644 --- a/reactor-core/build.gradle +++ b/reactor-core/build.gradle @@ -73,15 +73,15 @@ dependencies { */ exclude group: 'junit', module: 'junit' } - tckTestImplementation libs.testNg + tckTestImplementation "org.testng:testng:$testngVersion" // JSR-305 annotations compileOnly libs.jsr305 testCompileOnly libs.jsr305 // Optional Logging Operator - compileOnly libs.slf4j - testCompileOnly libs.slf4j + compileOnly "org.slf4j:slf4j-api:$slf4jVersion" + testCompileOnly "org.slf4j:slf4j-api:$slf4jVersion" // Optional Metrics compileOnly libs.micrometer @@ -91,15 +91,15 @@ dependencies { testImplementation libs.kotlin.stdlib // Optional BlockHound support - compileOnly libs.blockhound + compileOnly "io.projectreactor.tools:blockhound:$blockhoundVersion" // Also make BlockHound visible in the CP of dedicated testset - blockHoundTestImplementation libs.blockhound + blockHoundTestImplementation "io.projectreactor.tools:blockhound:$blockhoundVersion" // Optional JDK 9 Converter jsr166backport libs.jsr166backport // Testing - testImplementation platform(libs.junit.bom) + testImplementation platform("org.junit:junit-bom:$junitVersion") testImplementation "org.junit.jupiter:junit-jupiter-api" testImplementation "org.junit.platform:junit-platform-launcher" testImplementation "org.junit.jupiter:junit-jupiter-params" @@ -107,13 +107,13 @@ dependencies { testImplementation(project(":reactor-test")) { exclude module: 'reactor-core' } - testImplementation libs.logback //need to access API to decrease some tests verbosity - testImplementation libs.assertj - testImplementation libs.mockito - testImplementation libs.javaObjectLayout - testImplementation libs.awaitility - testImplementation libs.throwingFunction - testImplementation libs.archUnit + testImplementation "ch.qos.logback:logback-classic:$logbackVersion" //need to access API to decrease some tests verbosity + testImplementation "org.assertj:assertj-core:$assertjVersion" + testImplementation "org.mockito:mockito-core:$mockitoVersion" + testImplementation "org.openjdk.jol:jol-core:$javaObjectLayoutVersion" + testImplementation "org.awaitility:awaitility:$awaitilityVersion" + testImplementation "com.pivovarit:throwing-function:$throwingFunctionVersion" + testImplementation "com.tngtech.archunit:archunit:$archUnitVersion" // withMicrometerTest is a test-set that validates what happens when micrometer *IS* // on the classpath. Needs sourceSets.test.output because tests there use helpers like AutoDisposingRule etc. @@ -123,7 +123,7 @@ dependencies { jcstressImplementation(project(":reactor-test")) { exclude module: 'reactor-core' } - jcstressImplementation libs.logback + jcstressImplementation "ch.qos.logback:logback-classic:$logbackVersion" } diff --git a/reactor-test/build.gradle b/reactor-test/build.gradle index a84f624ee4..1a64310e6f 100644 --- a/reactor-test/build.gradle +++ b/reactor-test/build.gradle @@ -44,14 +44,14 @@ dependencies { compileOnly libs.kotlin.stdlib testImplementation libs.kotlin.stdlib - testImplementation platform(libs.junit.bom) + testImplementation platform("org.junit:junit-bom:$junitVersion") testImplementation "org.junit.jupiter:junit-jupiter-api" testImplementation "org.junit.jupiter:junit-jupiter-params" testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine" - testRuntimeOnly libs.logback - testImplementation libs.assertj - testImplementation libs.mockito + testRuntimeOnly "ch.qos.logback:logback-classic:$logbackVersion" + testImplementation "org.assertj:assertj-core:$assertjVersion" + testImplementation "org.mockito:mockito-core:$mockitoVersion" } task downloadBaseline(type: Download) { diff --git a/reactor-tools/build.gradle b/reactor-tools/build.gradle index bf762ef615..4c2e16f6bd 100644 --- a/reactor-tools/build.gradle +++ b/reactor-tools/build.gradle @@ -38,25 +38,25 @@ dependencies { compileOnly libs.jsr305 compileOnly libs.jsr305 - shaded libs.byteBuddy.api - shaded libs.byteBuddy.agent + shaded "net.bytebuddy:byte-buddy:$byteBuddyVersion" + shaded "net.bytebuddy:byte-buddy-agent:$byteBuddyVersion" for (dependency in project.configurations.shaded.dependencies) { compileOnly(dependency) testRuntimeOnly(dependency) javaAgentTestRuntimeOnly(dependency) } - testImplementation platform(libs.junit.bom) + testImplementation platform("org.junit:junit-bom:$junitVersion") testImplementation "org.junit.jupiter:junit-jupiter-api" testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine" - testImplementation libs.assertj - testImplementation libs.cglib + testImplementation "org.assertj:assertj-core:$assertjVersion" + testImplementation "cglib:cglib:$cglibVersion" - jarFileTestImplementation libs.assertj + jarFileTestImplementation "org.assertj:assertj-core:$assertjVersion" buildPluginTestImplementation gradleTestKit() - buildPluginTestImplementation platform(libs.junit.bom) + buildPluginTestImplementation platform("org.junit:junit-bom:$junitVersion") buildPluginTestImplementation "org.junit.jupiter:junit-jupiter-api" buildPluginTestRuntimeOnly "org.junit.jupiter:junit-jupiter-engine" } @@ -177,8 +177,8 @@ task generateMockGradle(type: Copy) { CORE: coreJar, AGENT: agentJar, REACTIVE_STREAMS_VERSION: libs.versions.reactiveStreams.get(), - JUNIT_BOM_VERSION: libs.versions.junit.get(), - BYTE_BUDDY_VERSION: libs.versions.bytebuddy.get() + JUNIT_BOM_VERSION: "$junitVersion", + BYTE_BUDDY_VERSION: "$byteBuddyVersion" ]) } From 26aba638a15c7f88495c70adb28b28471e8679b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20Basl=C3=A9?= Date: Wed, 12 Oct 2022 16:20:10 +0200 Subject: [PATCH 3/5] remove Renovate --- .github/renovate.json | 71 ------------------------------------------- 1 file changed, 71 deletions(-) delete mode 100644 .github/renovate.json diff --git a/.github/renovate.json b/.github/renovate.json deleted file mode 100644 index f01e7bca21..0000000000 --- a/.github/renovate.json +++ /dev/null @@ -1,71 +0,0 @@ -{ - "extends": [ - "config:base", - ":semanticPrefixChore", - ":prHourlyLimit4", - ":automergeDisabled", - ":label(type/dependency-upgrade)", - ":reviewer(reactor/core-team)", - ":timezone(Europe/Paris)", - "schedule:nonOfficeHours" - ], - "prBodyNotes": [ - "Renovate has been configured to skip the CLA:", - "@pivotal-cla This is an Obvious Fix" - ], - "packageRules": [ - { - "matchDatasources": ["maven"], - "registryUrls": [ - "https://repo.maven.apache.org/maven2", - "https://oss.sonatype.org/content/repositories/releases/", - "https://plugins.gradle.org/m2/" - ] - }, - { - "matchUpdateTypes": [ "patch" ], - "groupName": "library dependencies with new patch", - "groupSlug": "libs-patch" - }, - { - "matchDepTypes": [ "plugin" ], - "groupName": null - }, - { - "matchPackagePatterns": [ ".*jfrog.*" ], - "groupName": "jfrog plugins" - }, - { - "matchManagers": ["gradle-wrapper"], - "groupName": "Gradle", - "schedule": ["before 3am on Monday"] - }, - { - "matchDepTypes": ["action"], - "groupName": "Github Workflows", - "pinDigests": true, - "schedule": ["before 3am on Monday"] - }, - { - "matchPackageNames": [ "io.projectreactor:jsr166" ], - "enabled": "false" - }, - { - "matchPackageNames": ["com.google.code.findbugs:jsr305"], - "groupName": "JSR305 with annotations jar", - "groupSlug": "jsr305", - "allowedVersions": "=3.0.1" - }, - { - "matchPackageNames": ["io.micrometer:micrometer-core"], - "groupName": "Micrometer 1.3.0", - "groupSlug": "micrometer", - "allowedVersions": "=1.3.0" - }, - { - "matchPackagePrefixes": ["org.jetbrains.kotlin"], - "groupName": "Kotlin", - "allowedVersions": "<1.6.0" - } - ] -} From bfc4c95dffc67b26d108a48e255154071bd5daa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dariusz=20J=C4=99drzejczyk?= Date: Tue, 7 Mar 2023 16:10:37 +0100 Subject: [PATCH 4/5] Fixed gradle strings cast issue in reactor-tools build file and reordered dependabot configuration --- .github/dependabot.yml | 21 ++++++++++----------- reactor-tools/build.gradle | 4 ++-- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a962f6317e..399a3ede3d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,15 +1,5 @@ version: 2 updates: - - package-ecosystem: "github-actions" - directory: ".github/workflows" - schedule: - interval: "weekly" - labels: - - "type/chores" - reviewers: - - "reactor/core-team" - # updates in oldest maintenance branch, we'll forward-merge up to main - target-branch: "3.4.x" - package-ecosystem: "gradle" directory: "/" schedule: @@ -39,4 +29,13 @@ updates: # TestNG: 7.6+ doesn't support JDK8 anymore - dependency-name: "org.testng:testng" versions: ["7.6.x"] - + - package-ecosystem: "github-actions" + directory: ".github/workflows" + schedule: + interval: "weekly" + labels: + - "type/chores" + reviewers: + - "reactor/core-team" + # updates in oldest maintenance branch, we'll forward-merge up to main + target-branch: "3.4.x" \ No newline at end of file diff --git a/reactor-tools/build.gradle b/reactor-tools/build.gradle index 4c2e16f6bd..a20a126a65 100644 --- a/reactor-tools/build.gradle +++ b/reactor-tools/build.gradle @@ -177,8 +177,8 @@ task generateMockGradle(type: Copy) { CORE: coreJar, AGENT: agentJar, REACTIVE_STREAMS_VERSION: libs.versions.reactiveStreams.get(), - JUNIT_BOM_VERSION: "$junitVersion", - BYTE_BUDDY_VERSION: "$byteBuddyVersion" + JUNIT_BOM_VERSION: "$junitVersion".toString(), + BYTE_BUDDY_VERSION: "$byteBuddyVersion".toString() ]) } From 76b4d43e6a169f1057fb8fcf66795771b89c7932 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dariusz=20J=C4=99drzejczyk?= Date: Wed, 8 Mar 2023 11:52:30 +0100 Subject: [PATCH 5/5] typo --- gradle/dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle index 1d1f1691b1..59851e91fe 100644 --- a/gradle/dependencies.gradle +++ b/gradle/dependencies.gradle @@ -1,6 +1,6 @@ ext { // Library versions that Dependabot will monitor (in alphabetical order) - // See also gradle/libs.versions.toml for manually maitained dependencies and Gradle plugins + // See also gradle/libs.versions.toml for manually maintained dependencies and Gradle plugins archUnitVersion = "0.23.1" assertjVersion = "3.23.1" awaitilityVersion = "4.2.0"