Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.8.x' into 6.0.x

Browse Source
This commit is contained in:
Marcus Da Coregio 2023-10-27 09:47:18 -03:00
commit 094e3b8a1d
1 changed files with 35 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
buildSrc/src/main/java/org/springframework/security/convention/versions/VerifyDependenciesVersionsPlugin.java
View File

@ -21,50 +21,30 @@ import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import org.gradle.api.DefaultTask;
import org.gradle.api.Plugin; import org.gradle.api.Plugin;
import org.gradle.api.Project; import org.gradle.api.Project;
import org.gradle.api.Task;
import org.gradle.api.artifacts.Configuration; import org.gradle.api.artifacts.Configuration;
import org.gradle.api.artifacts.ModuleVersionIdentifier; import org.gradle.api.artifacts.ModuleVersionIdentifier;
import org.gradle.api.plugins.JavaBasePlugin;
import org.gradle.api.tasks.TaskAction;
import org.gradle.api.tasks.TaskProvider; import org.gradle.api.tasks.TaskProvider;
public class VerifyDependenciesVersionsPlugin implements Plugin<Project> { public class VerifyDependenciesVersionsPlugin implements Plugin<Project> {
@Override @Override
public void apply(Project project) { public void apply(Project project) {
TaskProvider<Task> provider = project.getTasks().register("verifyDependenciesVersions", (verifyDependenciesVersionsTask) -> { TaskProvider<VerifyDependenciesVersionsTask> verifyDependenciesVersionsTaskProvider = project.getTasks().register("verifyDependenciesVersions", VerifyDependenciesVersionsTask.class, (task) -> {
verifyDependenciesVersionsTask.setGroup("Verification"); task.setGroup("Verification");
verifyDependenciesVersionsTask.setDescription("Verify that specific dependencies are using the same version"); task.setDescription("Verify that specific dependencies are using the same version");
List<Configuration> allConfigurations = new ArrayList<>(); List<Configuration> allConfigurations = new ArrayList<>();
allConfigurations.addAll(getConfigurations(project)); allConfigurations.addAll(getConfigurations(project));
allConfigurations.addAll(getSubprojectsConfigurations(project.getSubprojects())); allConfigurations.addAll(getSubprojectsConfigurations(project.getSubprojects()));
verifyDependenciesVersionsTask.getInputs().property("dependenciesVersions", new DependencySupplier(allConfigurations)); task.setConfigurations(allConfigurations);
verifyDependenciesVersionsTask.doLast((task) -> {
DependencySupplier dependencies = (DependencySupplier) task.getInputs().getProperties().get("dependenciesVersions");
Map<String, List<Artifact>> artifacts = dependencies.get();
List<Artifact> oauth2OidcSdk = artifacts.get("oauth2-oidc-sdk");
List<Artifact> nimbusJoseJwt = artifacts.get("nimbus-jose-jwt");
if (oauth2OidcSdk.size() > 1) {
throw new IllegalStateException("Found multiple versions of oauth2-oidc-sdk: " + oauth2OidcSdk);
}
Artifact oauth2OidcSdkArtifact = oauth2OidcSdk.get(0);
String nimbusJoseJwtVersion = TransitiveDependencyLookupUtils.lookupJwtVersion(oauth2OidcSdkArtifact.version());
List<Artifact> differentVersions = nimbusJoseJwt.stream()
.filter((artifact) -> !artifact.version().equals(nimbusJoseJwtVersion))
.filter((artifact -> !artifact.configurationName().contains("spring-security-cas"))) // CAS uses a different version
.toList();
if (!differentVersions.isEmpty()) {
String message = "Found transitive nimbus-jose-jwt version [" + nimbusJoseJwtVersion + "] in oauth2-oidc-sdk " + oauth2OidcSdkArtifact
+ ", but the project contains a different version of nimbus-jose-jwt " + differentVersions
+ ". Please align the versions of nimbus-jose-jwt.";
throw new IllegalStateException(message);
}
});
}); });
project.getTasks().getByName("build").dependsOn(provider); project.getTasks().named(JavaBasePlugin.CHECK_TASK_NAME, checkTask -> checkTask.dependsOn(verifyDependenciesVersionsTaskProvider));
} }
private List<Configuration> getConfigurations(Project project) { private List<Configuration> getConfigurations(Project project) {
@ -86,20 +66,34 @@ public class VerifyDependenciesVersionsPlugin implements Plugin<Project> {
return subprojectConfigurations; return subprojectConfigurations;
} }
private record Artifact(String name, String version, String configurationName) { public static class VerifyDependenciesVersionsTask extends DefaultTask {
}
private static final class DependencySupplier implements Supplier<Map<String, List<Artifact>>> { private List<Configuration> configurations;
private final List<Configuration> configurations; public void setConfigurations(List<Configuration> configurations) {
private DependencySupplier(List<Configuration> configurations) {
this.configurations = configurations; this.configurations = configurations;
} }
@Override @TaskAction
public Map<String, List<Artifact>> get() { public void verify() {
return getDependencies(this.configurations); Map<String, List<Artifact>> artifacts = getDependencies(this.configurations);
List<Artifact> oauth2OidcSdk = artifacts.get("oauth2-oidc-sdk");
List<Artifact> nimbusJoseJwt = artifacts.get("nimbus-jose-jwt");
if (oauth2OidcSdk.size() > 1) {
throw new IllegalStateException("Found multiple versions of oauth2-oidc-sdk: " + oauth2OidcSdk);
}
Artifact oauth2OidcSdkArtifact = oauth2OidcSdk.get(0);
String nimbusJoseJwtVersion = TransitiveDependencyLookupUtils.lookupJwtVersion(oauth2OidcSdkArtifact.version());
List<Artifact> differentVersions = nimbusJoseJwt.stream()
.filter((artifact) -> !artifact.version().equals(nimbusJoseJwtVersion))
.filter((artifact -> !artifact.configurationName().contains("spring-security-cas"))) // CAS uses a different version
.toList();
if (!differentVersions.isEmpty()) {
String message = "Found transitive nimbus-jose-jwt version [" + nimbusJoseJwtVersion + "] in oauth2-oidc-sdk " + oauth2OidcSdkArtifact
+ ", but the project contains a different version of nimbus-jose-jwt " + differentVersions
+ ". Please align the versions of nimbus-jose-jwt.";
throw new IllegalStateException(message);
}
} }
private Map<String, List<Artifact>> getDependencies(List<Configuration> configurations) { private Map<String, List<Artifact>> getDependencies(List<Configuration> configurations) {
@ -113,6 +107,10 @@ public class VerifyDependenciesVersionsPlugin implements Plugin<Project> {
.distinct() .distinct()
.collect(Collectors.groupingBy(Artifact::name)); .collect(Collectors.groupingBy(Artifact::name));
} }
}
private record Artifact(String name, String version, String configurationName) {
} }
} }