Update Dependency Scanning fixtures and test projects to use Java 17
Proposal
After merging Use Java 17 by default (gitlab-org/security-products/analyzers/gemnasium-maven!193 - merged), we started to see failures with our test projects due to the fact that the fixture files in these test projects are incompatible with Java 17
. In order to work around this, we configured an environment variable at the test project level to set DS_JAVA_VERSION: 11
. This resulted in the Dependency Scanning jobs in the pipeline to pass successfully.
Likewise, many of the qa/fixture
files used in gemnasium-maven
are not compatible with Java 17
, so we had to set DS_JAVA_VERSION: 11 in order to fix them.
The purpose of this issue is to update the test projects and fixture files in gemnasium-maven/qa/fixtures
so they're compatible with Java 17
Implementation Plan
-
Update the fixture files for the following test projects and branches so they're compatible with
Java 17
(21 projects total)-
java-gradle -
master -
Note: once we update the
build.gradle
to be compatible withgradle 7
and remove thegradlew
files, the license scanning job will fail because license scanning isn't compatible withJava 17
. We should probably create another branch, for examplelicense-scanning-java-11
to be used withlicense scanning
.Update: Created a java-11-FREEZE branch in the
java-gradle
test project which has been automatically picked up by the Secure Test Orchestrator project, and the pipeline passes.
-
-
gradle-cli-opts-FREEZE -
offline-FREEZE
-
-
java-gradle-kotlin-dsl -
master -
offline-FREEZE
-
-
java-gradle-multimodules -
master -
no-root-dependencies-FREEZE -
offline-FREEZE -
subprojects-buildfilename-FREEZE
-
-
java-maven -
master -
offline-FREEZE -
maven-cli-opts-skip-tests-FREEZE -
custom-ca-cert-java-8-FREEZE -
update-expectation-maven-cli-opts-skip-tests-FREEZE
-
-
java-maven-multimodules -
master -
semgrep-migration-FREEZE -
offline-FREEZE
-
-
scala-sbt -
master -
offline-FREEZE -
sbt-cli-opts-FREEZE
-
-
scala-sbt-multiproject -
main
-
-
-
Update the files in the
gemnasium-maven/qa/fixtures
directory for thev3
branch so they're compatible withJava 17
. The fixture files that need to be updated are the ones that haveDS_JAVA_VERSION: 11
configured, as shown in the image_spec.rb file: -
Remove the environment variable
DS_JAVA_VERSION: 11
from theSettings -> CI/CD -> Variables
of the following test projects-
https://gitlab.com/gitlab-org/security-products/tests/java-maven-multimodules/-/settings/ci_cd -
https://gitlab.com/gitlab-org/security-products/tests/java-gradle/-/settings/ci_cd -
https://gitlab.com/gitlab-org/security-products/tests/java-gradle-multimodules/-/settings/ci_cd -
https://gitlab.com/gitlab-org/security-products/tests/java-gradle-kotlin-dsl/-/settings/ci_cd -
https://gitlab.com/gitlab-org/security-products/tests/scala-sbt/-/settings/ci_cd -
https://gitlab.com/gitlab-org/security-products/tests/scala-sbt-multiproject/-/settings/ci_cd
-
-
Run the Nightly Secure Test execution in the
secure-test-project-orchestrator
project and ensure that all tests pass