Merge pull request #23 from DeepSourceCorp/merge-upstream-master

chore: merge with upstream Spoon v11
DeepSourceCorp · May 6, 2024 · 2626658 · 2626658
2 parents a017537 + e302c34
commit 2626658
Show file tree

Hide file tree

Showing 1,126 changed files with 17,322 additions and 2,889 deletions.
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml
@@ -0,0 +1,4 @@
+# file such that Spoon is considered as sponsorable by Github
+
+# https://opencollective.com/spoon-java
+open_collective: spoon-java
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -59,20 +59,12 @@ body:
       placeholder: X.Y.Z
     validations:
       required: true
-  - type: dropdown
+  - type: input
     id: jvm-version
     attributes:
       label: JVM Version
       description: Which JVM version are you running Spoon with? Note that Spoon is built for Java 11+, and we cannot maintain support for older versions.
-      options:
-        - "11"
-        - "12"
-        - "13"
-        - "14"
-        - "15"
-        - "16"
-        - "17"
-        - "18"
+      placeholder: You can run 'java -version' to get this information.
     validations:
       required: true
   - type: textarea

diff --git a/.github/actions/setup-tests/action.yml b/.github/actions/setup-tests/action.yml
@@ -0,0 +1,29 @@
+name: Setup test environment
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set git user
+      shell: bash
+      run: |
+        git config --global user.name "GitHub Actions Bot"
+        git config --global user.email "<>"
+    - name: Install Nix
+      uses: DeterminateSystems/nix-installer-action@de22e16c4711fca50c816cc9081563429d1cf563 # v10
+    - uses: DeterminateSystems/magic-nix-cache-action@fc6aaceb40b9845a02b91e059ec147e78d1b4e41 # v4
+    - name: Check Nixpkgs inputs
+      uses: DeterminateSystems/flake-checker-action@4b90f9fc724969ff153fe1803460917c84fe00a3 # v5
+      with:
+        fail-mode: true
+    - name: Use Maven dependency cache
+      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      with:
+        path: ~/.m2/repository
+        # We use a unique key and restore from the base one, to ensure that
+        # the cache is updated every time, even if a cache hit was observed.
+        # See
+        # https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
+        # for more information.
+        key: ${{ runner.os }}-maven-${{ github.run_id }}
+        restore-keys: |
+          ${{ runner.os }}-maven
diff --git a/.github/workflows/jreleaser.yml b/.github/workflows/jreleaser.yml
@@ -0,0 +1,40 @@
+name: Release
+
+on:
+  workflow_call:
+    inputs:
+      release-script-to-run:
+        required: true
+        type: string
+
+jobs:
+  jreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.JRELEASER_GITHUB_TOKEN }}
+      - name: Setup env
+        uses: ./.github/actions/setup-tests
+
+      - name: Do release
+        run: nix develop .#jReleaser --command ${{ inputs.release-script-to-run }}
+        env:
+          JRELEASER_GITHUB_TOKEN: ${{ secrets.JRELEASER_GITHUB_TOKEN }}
+          JRELEASER_GPG_PASSPHRASE: ${{ secrets.JRELEASER_GPG_PASSPHRASE }}
+          JRELEASER_GPG_PUBLIC_KEY: ${{ secrets.JRELEASER_GPG_PUBLIC_KEY }}
+          JRELEASER_GPG_SECRET_KEY: ${{ secrets.JRELEASER_GPG_SECRET_KEY }}
+          JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME: ${{ secrets.JRELEASER_NEXUS2_MAVEN_CENTRAL_USERNAME }}
+          JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD: ${{ secrets.JRELEASER_NEXUS2_MAVEN_CENTRAL_PASSWORD }}
+
+        # Log failures
+      - name: JReleaser release output
+        if: always()
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4
+        with:
+          name: jreleaser-release
+          path: |
+            out/jreleaser/trace.log
+            out/jreleaser/output.properties
diff --git a/.github/workflows/qodana.yml b/.github/workflows/qodana.yml
@@ -14,13 +14,29 @@ jobs:
       runs-on: ubuntu-latest
       name: code-quality qodana
       steps:
-        - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+        - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
           with:
             fetch-depth: 0
         - name: 'Qodana Scan'
-          uses: JetBrains/qodana-action@7afb26c0c2f325c0d5c21ea1f617c79c7f899337 # v2022.3.4
+          uses: JetBrains/qodana-action@a040a784cc28cb9cabdf884c4e8c32d0aa3fcdb3 # v2023.3.2
           with:
             args: --source-directory,./src/main/java , --fail-threshold, 0
-        - uses: github/codeql-action/upload-sarif@168b99b3c22180941ae7dbdd5f5c9678ede476ba # v2
+            post-pr-comment: "false"
+        - uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3
+          with:
+            sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
+    code-quality-spoon-javadoc:
+      runs-on: ubuntu-latest
+      name: code-quality spoon-javadoc qodana
+      steps:
+        - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+          with:
+            fetch-depth: 0
+        - name: 'Qodana Scan (spoon-javadoc)'
+          uses: JetBrains/qodana-action@a040a784cc28cb9cabdf884c4e8c32d0aa3fcdb3 # v2023.3.2
+          with:
+            args: --source-directory,./spoon-javadoc/src/main/java , --fail-threshold, 0
+            post-pr-comment: "false"
+        - uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3
           with:
             sarif_file: ${{ runner.temp }}/qodana/results/qodana.sarif.json
diff --git a/.github/workflows/release-beta.yml b/.github/workflows/release-beta.yml
@@ -0,0 +1,12 @@
+name: Release beta version
+
+on:
+    schedule:
+      - cron: '0 0 * * 0' # Sundays at 00:00 (https://crontab.guru/#0_0_*_*_0)
+
+jobs:
+  snapshot:
+    uses: ./.github/workflows/jreleaser.yml
+    with:
+      release-script-to-run: chore/release-beta.sh
+    secrets: inherit
diff --git a/.github/workflows/release-manual.yml b/.github/workflows/release-manual.yml
@@ -0,0 +1,21 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Next release version'
+        required: true
+        default: 'patch'
+        type: choice
+        options:
+          - major
+          - minor
+          - patch
+
+jobs:
+  release:
+    uses: ./.github/workflows/jreleaser.yml
+    with:
+      release-script-to-run: chore/release.sh ${{ github.event.inputs.version }}
+    secrets: inherit
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
@@ -0,0 +1,12 @@
+name: Release nightly version
+
+on:
+    schedule:
+      - cron: '0 0 * * *' # Every day at 00:00 UTC (https://crontab.guru/#0_0_*_*_*)
+
+jobs:
+  nightly:
+    uses: ./.github/workflows/jreleaser.yml
+    with:
+      release-script-to-run: chore/release-nightly.sh
+    secrets: inherit
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
@@ -22,10 +22,10 @@ jobs:
       SSH_AUTH_SOCK: /tmp/ssh_agent.sock
     name: Generate and store SBOM
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           fetch-depth: 0
-      - uses: actions/setup-java@3f07048e3d294f56e9b90ac5ea2c6f74e9ad0f98 # v3.10.0
+      - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
         with:
           java-version: 17
           distribution: ${{ env.JAVA_DISTRIBUTION }}
@@ -34,7 +34,7 @@ jobs:
         run: echo "date=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
         shell: bash
       - name: Use Maven dependency cache
-        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-${{ steps.get-date.outputs.date }}-${{ hashFiles('**/pom.xml') }}

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
@@ -0,0 +1,76 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '20 7 * * 2'
+  push:
+    branches: ["master"]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      contents: read
+      actions: read
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
+        with:
+          egress-policy: audit
+
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecards on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+        with:
+          sarif_file: results.sarif