8000 Verify Java imports are sorted by coverbeck · Pull Request #5853 · dockstore/dockstore · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Verify Java imports are sorted #5853

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Mar 28, 2024
Merged

Verify Java imports are sorted #5853

merged 9 commits into from
Mar 28, 2024

Conversation

coverbeck
Copy link
Collaborator
@coverbeck coverbeck commented Mar 26, 2024
edited
Loading

Description

Background

The Maven impsort plugin sorts Java imports as part of the build. If you commit a Java file without having done a build, imports may be out of order.

Fix
After a Maven build on CircleCI, check that there are no modified Java files in the Git tree. A modified Java file indicates that the impsort plugin only ran on CircleCI, and wasn't run before the file was committed.

For a CircleCI example of a failing build because imports weren't sorted, see here.

Review Instructions

  1. Create a branch
  2. Change the order of imports in any Java file
  3. Do not do a Maven build
  4. Commit & push
  5. Look for an error in CircleCI.
  6. Delete the branch

Issue
SEAB-3217

Security and Privacy

If there are any concerns that require extra attention from the security team, highlight them here and check the box when complete.

  • Security and Privacy assessed

e.g. Does this change...

  • Any user data we collect, or data location?
  • Access control, authentication or authorization?
  • Encryption features?

Please make sure that you've checked the following before submitting your pull request. Thanks!

  • Check that you pass the basic style checks and unit tests by running mvn clean install
  • Ensure that the PR targets the correct branch. Check the milestone or fix version of the ticket.
  • Follow the existing JPA patterns for queries, using named parameters, to avoid SQL injection
  • If you are changing dependencies, check the Snyk status check or the dashboard to ensure you are not introducing new high/critical vulnerabilities
  • Assume that inputs to the API can be malicious, and sanitize and/or check for Denial of Service type values, e.g., massive sizes
  • Do not serve user-uploaded binary images through the Dockstore API
  • Ensure that endpoints that only allow privileged access enforce that with the @RolesAllowed annotation
  • Do not create cookies, although this may change in the future
  • If this PR is for a user-facing feature, create and link a documentation ticket for this feature (usually in the same milestone as the linked issue). Style points if you create a documentation PR directly and link that instead.

@coverbeck coverbeck self-assigned this Mar 26, 2024
@codecov Codecov
Copy link
codecov bot commented Mar 26, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.45%. Comparing base (eed5840) to head (4e80df5).
Report is 2 commits behind head on develop.

Additional details and impacted files 
@@              Coverage Diff              @@
##             develop    #5853      +/-   ##
=============================================
- Coverage      74.48%   74.45%   -0.03%     
  Complexity      5247     5247              
=============================================
  Files            366      366              
  Lines          18974    18974              
  Branches        2020     2020              
=============================================
- Hits           14132    14127       -5     
- Misses          3886     3890       +4     
- Partials         956      957       +1
Flag Coverage Δ
bitbuckettests 27.11% <ø> (+0.01%) ⬆️
integrationtests 58.41% <ø> (ø)
languageparsingtests 10.97% <ø> (ø)
localstacktests 21.57% <ø> (ø)
toolintegrationtests 30.48% <ø> (ø)
unit-tests_and_non-confidential-tests 28.93% <ø> (ø)
workflowintegrationtests 38.74% <ø> (-0.03%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

coverbeck
coverbeck commented Mar 26, 2024
View reviewed changes
.circleci/config.yml
name: Check Java imports sorted
# A dirty Java file after a build probably means it was committed without building, and its imports are out of order
command: |
if [[ $(git diff --name-only | grep "\.java$") != '' ]]; then
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To my surprise, although it makes sense when you think about it, there were other files showing up as modified -- the decrypted migrations files. So, look for modified Java files only.

Copy link
Member
@denis-yuen denis-yuen Mar 27, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I forget, do we have a separate check for the openapi.yaml?
Does it make sense to put these two together? (I don't see it in a superficial scan, was it unstable?)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, I added the check for openapi.yaml.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be clear, I don't remember the story behind this (i.e. I would have though we would have had it somewhere else before, but maybe we removed it), but worth a try

denis-yuen
denis-yuen reviewed Mar 27, 2024
View reviewed changes
Copy link
Member
@denis-yuen denis-yuen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious about story

@coverbeck
Copy link
Collaborator Author

Curious about story

Can you please elaborate?

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@coverbeck coverbeck requested a review from denis-yuen March 27, 2024 21:45
denis-yuen
denis-yuen approved these changes Mar 28, 2024
View reviewed changes
.circleci/config.yml
name: Check Java imports sorted
# A dirty Java file after a build probably means it was committed without building, and its imports are out of order
command: |
if [[ $(git diff --name-only | grep "\.java$") != '' ]]; then
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be clear, I don't remember the story behind this (i.e. I would have though we would have had it somewhere else before, but maybe we removed it), but worth a try

@coverbeck coverbeck merged commit 9eef703 into develop Mar 28, 2024
@coverbeck coverbeck deleted the feature/seab-3217/checkimports branch March 28, 2024 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@denis-yuen denis-yuen denis-yuen approved these changes

@kathy-t kathy-t kathy-t approved these changes

@svonworl svonworl svonworl approved these changes

Assignees

@coverbeck coverbeck

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@coverbeck @denis-yuen @kathy-t @svonworl
0