Merge branch 'develop' into feature/integrated-code-lifecycle/custom-…

…checkout-path-and-timeout
ls1intum · Sep 20, 2024 · 4fee385 · 4fee385
2 parents 06d0586 + 79e25b5
commit 4fee385
Show file tree

Hide file tree

Showing 139 changed files with 9,783 additions and 674 deletions.
diff --git a/.whitesource b/.whitesource
@@ -0,0 +1,14 @@
+{
+  "scanSettings": {
+    "baseBranches": []
+  },
+  "checkRunSettings": {
+    "vulnerableCheckRunConclusionLevel": "failure",
+    "displayMode": "diff",
+    "useMendCheckNames": true
+  },
+  "issueSettings": {
+    "minSeverityLevel": "LOW",
+    "issueType": "DEPENDENCY"
+  }
+}
diff --git a/README.md b/README.md
diff --git a/build.gradle b/build.gradle
@@ -25,7 +25,7 @@ plugins {
 }
 
 group = "de.tum.cit.aet.artemis"
-version = "7.5.3"
+version = "7.5.4"
 description = "Interactive Learning with Individual Feedback"
 
 java {
@@ -71,7 +71,8 @@ spotless {
                         "**/src/main/resources/templates/**",
                         "/docker/**",
                         "checked-out-repos/**",
-                        "**/src/main/java/org/eclipse/**"
+                        "**/src/main/java/org/eclipse/**",
+                        "supporting_scripts/**"
                 )
             }
         }
@@ -151,11 +152,8 @@ private excludedClassFilesForReport(classDirectories) {
     classDirectories.setFrom(files(classDirectories.files.collect {
         fileTree(dir: it,
             exclude: [
-                "**/de/tum/in/www1/artemis/domain/**/*_*",
-                "**/de/tum/in/www1/artemis/config/migration/entries/**",
-                "**/de/tum/in/www1/artemis/service/connectors/pyris/dto/**",
-                "**/de/tum/in/www1/artemis/web/rest/iris/dto/**",
-                "**/org/eclipse/jgit/**",
+                "**/de/tum/cit/aet/artemis/**/domain/**/*_*",
+                "**/de/tum/cit/aet/artemis/core/config/migration/entries/**",
                 "**/gradle-wrapper.jar/**"
             ]
         )
@@ -179,13 +177,13 @@ jacocoTestCoverageVerification {
                 counter = "INSTRUCTION"
                 value = "COVEREDRATIO"
                 // TODO: in the future the following value should become higher than 0.92
-                minimum = 0.895
+                minimum = 0.894
             }
             limit {
                 counter = "CLASS"
                 value = "MISSEDCOUNT"
                 // TODO: in the future the following value should become less than 10
-                maximum = 40
+                maximum = 60
             }
         }
     }
@@ -230,7 +228,8 @@ dependencies {
     //    implementation "com.offbytwo.jenkins:jenkins-client:0.3.8"
     implementation files("libs/jenkins-client-0.4.1.jar")
     // The following 4 dependencies are explicitly integrated as transitive dependencies of jenkins-client-0.4.0.jar
-    implementation "org.apache.httpcomponents.client5:httpclient5:5.3.1"
+    // NOTE: we cannot upgrade to the latest version for org.apache.httpcomponents because of exceptions in Docker Java
+    implementation "org.apache.httpcomponents.client5:httpclient5:5.3.1"    // also used by Docker Java
     implementation "org.apache.httpcomponents.core5:httpcore5:5.2.5"
     implementation "org.apache.httpcomponents:httpmime:4.5.14"
     implementation("org.dom4j:dom4j:2.1.4") {
@@ -255,6 +254,13 @@ dependencies {
     implementation "de.jplag:python-3:${jplag_version}"
     implementation "de.jplag:text:${jplag_version}"
 
+    // those are transitive dependencies of JPlag Text --> Stanford NLP
+    // Note: ideally we would exclude them, but for some reason this does not work
+    implementation "org.apache.lucene:lucene-queryparser:${lucene_version}"
+    implementation "org.apache.lucene:lucene-core:${lucene_version}"
+    implementation "org.apache.lucene:lucene-analyzers-common:${lucene_version}"
+
+
     // we have to override those values to use the latest version
     implementation "org.slf4j:jcl-over-slf4j:${slf4j_version}"
     implementation "org.slf4j:jul-to-slf4j:${slf4j_version}"
@@ -315,7 +321,13 @@ dependencies {
     implementation "org.jsoup:jsoup:1.18.1"
     implementation "commons-codec:commons-codec:1.17.1"   // needed for spring security saml2
 
-    implementation "org.springdoc:springdoc-openapi-ui:1.8.0"
+    // TODO: decide if we want to use OpenAPI and Swagger v3
+//    implementation 'io.swagger.core.v3:swagger-annotations:2.2.23'
+//    implementation "org.springdoc:springdoc-openapi-ui:1.8.0"
+
+    // use the latest version to avoid security vulnerabilities
+    implementation "org.springframework:spring-webmvc:6.1.13"
+
     implementation "com.vdurmont:semver4j:3.1.0"
 
     implementation "com.github.docker-java:docker-java-core:${docker_java_version}"
@@ -345,6 +357,9 @@ dependencies {
     implementation "com.fasterxml.jackson.datatype:jackson-datatype-hibernate6:${fasterxml_version}"
     // Support XML serialization and deserialization
     implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:${fasterxml_version}"
+    // Support YML serialization and deserialization
+    implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:${fasterxml_version}"
+
 
     implementation "com.hazelcast:hazelcast:${hazelcast_version}"
     implementation "com.hazelcast:hazelcast-spring:${hazelcast_version}"
@@ -380,7 +395,7 @@ dependencies {
     implementation "org.springframework.boot:spring-boot-starter-oauth2-client:${spring_boot_version}"
 
     implementation "org.springframework.ldap:spring-ldap-core:3.2.6"
-    implementation "org.springframework.data:spring-data-ldap:3.3.3"
+    implementation "org.springframework.data:spring-data-ldap:3.3.4"
 
     implementation("org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:4.1.3") {
         // NOTE: these modules contain security vulnerabilities and are not needed
@@ -392,16 +407,16 @@ dependencies {
 
     implementation "io.netty:netty-all:4.1.113.Final"
     implementation "io.projectreactor.netty:reactor-netty:1.1.22"
-    implementation "org.springframework:spring-messaging:6.1.12"
-    implementation "org.springframework.retry:spring-retry:2.0.8"
+    implementation "org.springframework:spring-messaging:6.1.13"
+    implementation "org.springframework.retry:spring-retry:2.0.9"
 
     implementation "org.springframework.security:spring-security-config:${spring_security_version}"
     implementation "org.springframework.security:spring-security-data:${spring_security_version}"
     implementation "org.springframework.security:spring-security-core:${spring_security_version}"
     implementation "org.springframework.security:spring-security-oauth2-core:${spring_security_version}"
     implementation "org.springframework.security:spring-security-oauth2-client:${spring_security_version}"
     // use newest version of nimbus-jose-jwt to avoid security issues through outdated dependencies
-    implementation "com.nimbusds:nimbus-jose-jwt:9.40"
+    implementation "com.nimbusds:nimbus-jose-jwt:9.41.1"
 
     implementation "org.springframework.security:spring-security-oauth2-jose:${spring_security_version}"
     implementation "org.springframework.security:spring-security-crypto:${spring_security_version}"
@@ -422,10 +437,6 @@ dependencies {
     implementation "org.bouncycastle:bcpkix-jdk18on:1.78.1"
     implementation "org.bouncycastle:bcprov-jdk18on:1.78.1"
 
-    implementation("io.springfox:springfox-swagger2:3.0.0") {
-        exclude module: "mapstruct"
-    }
-    implementation "io.springfox:springfox-bean-validators:3.0.0"
     implementation "com.mysql:mysql-connector-j:9.0.0"
     implementation "org.postgresql:postgresql:42.7.4"
 
@@ -437,10 +448,14 @@ dependencies {
     // NOTE: 3.0.2 is broken for splitting lecture specific PDFs
     implementation "org.apache.pdfbox:pdfbox:3.0.1"
     implementation "org.apache.commons:commons-csv:1.11.0"
-    implementation "org.commonmark:commonmark:0.22.0"
+    implementation "org.commonmark:commonmark:0.23.0"
     implementation "commons-fileupload:commons-fileupload:1.5"
     implementation "net.lingala.zip4j:zip4j:2.11.5"
+
     implementation "org.jgrapht:jgrapht-core:1.5.2"
+    // use the latest version explicitly to avoid security vulnerabilities (currently Artemis and JPlag rely on jgrapht 1.5.2 which relies on apfloat)
+    implementation "org.apfloat:apfloat:1.14.0"
+
     // use newest version of guava to avoid security issues through outdated dependencies
     implementation "com.google.guava:guava:33.3.0-jre"
     implementation "com.sun.activation:jakarta.activation:2.0.1"
@@ -449,7 +464,7 @@ dependencies {
     implementation "com.google.code.gson:gson:2.11.0"
 
 
-    implementation "com.google.errorprone:error_prone_annotations:2.31.0"
+    implementation "com.google.errorprone:error_prone_annotations:2.32.0"
 
     // NOTE: we want to keep the same unique version for all configurations, implementation and annotationProcessor
     implementation("net.bytebuddy:byte-buddy") {
@@ -505,13 +520,15 @@ dependencies {
     testImplementation("org.springframework.boot:spring-boot-starter-test:${spring_boot_version}") {
         exclude group: "org.junit.vintage", module: "junit-vintage-engine"
         exclude group: "com.vaadin.external.google", module: "android-json"
+        exclude group: "org.xmlunit", module: "xmlunit-core"
     }
     testImplementation "org.springframework.security:spring-security-test:${spring_security_version}"
     testImplementation "org.springframework.boot:spring-boot-test:${spring_boot_version}"
     testImplementation "org.assertj:assertj-core:3.26.3"
     testImplementation "org.mockito:mockito-core:${mockito_version}"
     testImplementation "org.mockito:mockito-junit-jupiter:${mockito_version}"
-    testImplementation "io.github.classgraph:classgraph:4.8.175"
+
+    testImplementation "io.github.classgraph:classgraph:4.8.176"
     testImplementation "org.awaitility:awaitility:4.2.2"
     testImplementation "org.apache.maven.shared:maven-invoker:3.3.0"
     testImplementation "org.gradle:gradle-tooling-api:8.10.1"

diff --git a/docker/gitlab/gitlab-local-setup.sh b/docker/gitlab/gitlab-local-setup.sh
@@ -47,7 +47,7 @@ artemis:
 "
 
 echo
-echo 'The access Jenkins token has been created and can be copied into your jenkins-casc-config.yml file:'
+echo 'The access Jenkins token has been created and can be copied into your jenkins-casc-config-gitlab.yml file:'
 echo "
 credentials:
   system:

diff --git a/docker/jenkins.yml b/docker/jenkins.yml
@@ -13,7 +13,7 @@ services:
             - artemis-jenkins-data:/var/jenkins_home
             - ./jenkins/jenkins-disable-csrf.groovy:/var/jenkins_home/init.groovy # Disable CSRF token
             - ./jenkins/master-key-only-for-testing.key:/var/jenkins_home/master.key # Preset master key to use pre-generated secrets
-            - ./jenkins/jenkins-casc-config.yml:/usr/share/jenkins/ref/jenkins-casc-config.yml:ro
+            - ./jenkins/jenkins-casc-config-gitlab.yml:/usr/share/jenkins/ref/jenkins-casc-config.yml:ro
             - /var/run/docker.sock:/var/run/docker.sock
         ports:
             - "8082:8080"

diff --git a/docker/jenkins/jenkins-casc-config.yml → ...er/jenkins/jenkins-casc-config-gitlab.yml b/docker/jenkins/jenkins-casc-config.yml → ...er/jenkins/jenkins-casc-config-gitlab.yml
diff --git a/docker/jenkins/jenkins-casc-config-localvc.yml b/docker/jenkins/jenkins-casc-config-localvc.yml
@@ -0,0 +1,33 @@
+jenkins:
+  systemMessage: "Jenkins has been configured to run with Artemis\n\n"
+  securityRealm:
+    local:
+      allowsSignup: false
+      users:
+        - id: "artemis_admin" # Artemis admin username
+          password: "artemis_admin" # Artemis admin password
+  labelString: "docker"
+  authorizationStrategy:
+    projectMatrix:
+        permissions:
+            - "Overall/Administer:artemis_admin"  # Make sure that the username matches the Artemis admin username
+            - "Overall/Read:authenticated"
+credentials:
+  system:
+    domainCredentials:
+      - credentials:
+          - string:
+              id: artemis_notification_plugin_token # Value of the "artemis-authentication-token-key" defined key in application-artemis.yml
+              description: 'Access token for Artemis Test Notification Plugin'
+              scope: GLOBAL
+              secret: artemis_admin  # Value of the "artemis-authentication-token-value" key defined in application-artemis.yml
+          - usernamePassword:
+              id: artemis_localvc_credentials
+              scope: GLOBAL
+              username: "jenkins" # artemis.version-control.build-agent-git-username
+              password: "artemis_admin" # artemis.version-control.build-agent-git-password
+              description: "LocalVC credentials for Artemis"
+unclassified:
+  timestamper:
+    elapsedTimeFormat: "'<b>'yyyy-MM-dd'T'HH:mm:ssX'</b> '"
+    systemTimeFormat: "'<b>'yyyy-MM-dd'T'HH:mm:ssX'</b> '"
diff --git a/docker/jenkins/plugins.yml b/docker/jenkins/plugins.yml
@@ -2,7 +2,6 @@
 plugins:
   - artifactId: matrix-auth
   - artifactId: docker-workflow
-  - artifactId: gitlab-plugin
   - artifactId: pipeline-maven
   - artifactId: timestamper
   - artifactId: configuration-as-code

diff --git a/docs/dev/setup.rst b/docs/dev/setup.rst
@@ -46,7 +46,8 @@ following dependencies/tools on your machine:
    There are multiple stacks available for the integration with Artemis:
 
    * :ref:`Integrated Code Lifecycle Setup <Integrated Code Lifecycle Setup>`
-   * :ref:`GitLab and Jenkins <Jenkins and GitLab Setup>`
+   * :ref:`LocalVC and Jenkins <Jenkins and LocalVC Setup>`
+   * :ref:`GitLab and Jenkins <Jenkins and GitLab Setup>` (deprecated)
    * :ref:`GitLab and GitLab CI <GitLab CI and GitLab Setup>` (experimental, not yet production ready)
 
 ------------------------------------------------------------------------------------------------------------------------
@@ -74,6 +75,7 @@ following dependencies/tools on your machine:
    setup/server
    setup/client
    setup/integrated-code-lifecycle
+   setup/jenkins-localvc
    setup/jenkins-gitlab
    setup/gitlabci-gitlab
    setup/aeolus