Update maven/gradle offline tests

* Let maven figure out the version of the license plugin that it is compatible with * Print the error when the setup fails * Add tests for multiple versions of maven and java * Install packages into a project specific directory to prevent cross test pollution * Specify the list of supported Maven versions * Update CHANGELOG and bump the version
author: mo khan <mo.khan@gmail.com> 2020-07-20 15:55:59 -0600
committer: mo khan <mo.khan@gmail.com> 2020-07-21 16:46:02 -0600
commit: b3faccb3e3007ddfd41ef251ad8a925542fe2500 (patch)
tree: c2389439b9d41193079daf29a7bb82b6127e1e88 /spec/integration/java
parent: e1bb260b43763a36536b7d3fa4d73108ffb604d4 (diff)
2 files changed, 91 insertions, 37 deletions
diff --git a/spec/integration/java/gradle_spec.rb b/spec/integration/java/gradle_spec.rb
index 0e71038..c2137b3 100644
--- a/spec/integration/java/gradle_spec.rb
+++ b/spec/integration/java/gradle_spec.rb
@@ -49,16 +49,20 @@ plugins {
     end
   end
 
-  context 'when scanning a project that needs to connect to multiple TLS endpoints with different custom certificate chains', environment: 'offline' do
+  context 'when scanning a project that needs to connect to multiple TLS endpoints with different custom certificate chains' do
     subject do
       runner.scan(env: {
-        'ADDITIONAL_CA_CERT_BUNDLE' => fixture_file_content('java/gradle/offline-environment/bundle.crt'),
+        'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read,
         'PRIVATE_MAVEN_HOST' => private_maven_host
       })
     end
 
+    let(:private_maven_host) { 'maven.test' }
+
     before do
-      runner.mount(dir: fixture_file('java/gradle/offline-environment/'))
+      add_host('maven.test', '127.0.0.1')
+      start_proxy_server
+      runner.mount(dir: fixture_file('java/gradle/offline-environment'))
     end
 
     specify { expect(subject).to match_schema }
@@ -96,22 +100,22 @@ plugins {
   end
 
   context "when scanning a gradle project with a custom option to generate a profiler report" do
-    let(:report) { runner.scan(env: { 'GRADLE_CLI_OPTS' => '--profile' }) }
+    subject { runner.scan(env: { 'GRADLE_CLI_OPTS' => '--profile' }) }
 
     before do
-      runner.add_file('build.gradle', fixture_file_content("java/11/build.gradle"))
+      runner.mount(dir: fixture_file("java/gradle/java-11"))
     end
 
-    specify { expect(report).to match_schema }
-    specify { expect { report }.to change { Dir.glob("#{runner.project_path}/build/reports/profile/profile-*.html").count }.from(0).to(1) }
-    specify { expect(report.dependency_names).to match_array(['postgresql']) }
-    specify { expect(report.licenses_for('postgresql')).to match_array(['BSD-2-Clause']) }
+    specify { expect(subject).to match_schema }
+    specify { expect { subject }.to change { Dir.glob("#{runner.project_path}/build/reports/profile/profile-*.html").count }.from(0).to(1) }
+    specify { expect(subject.dependency_names).to match_array(['postgresql']) }
+    specify { expect(subject.licenses_for('postgresql')).to match_array(['BSD-2-Clause']) }
   end
 
   context 'when using Java 8 with version 1.* of gradle' do
     before do
+      runner.mount(dir: fixture_file("java/gradle/java-8"))
       runner.add_file('.tool-versions', "gradle 1.9")
-      runner.add_file('build.gradle', fixture_file_content("java/8/build.gradle"))
     end
 
     it 'returns an empty report because the plugin we use does not work in this version of the gradle API' do
@@ -129,7 +133,7 @@ plugins {
 
       before do
         runner.add_file('.tool-versions', "gradle #{gradle_version}")
-        runner.add_file('build.gradle.kts', fixture_file_content("java/build.gradle.kts"))
+        runner.add_file('build.gradle.kts', fixture_file_content("java/gradle/build.gradle.kts"))
         runner.add_file('settings.gradle.kts', 'rootProject.name = "example"')
       end
 
@@ -149,7 +153,7 @@ plugins {
 
         before do
           runner.add_file('.tool-versions', "gradle #{gradle_version}")
-          runner.add_file('build.gradle', fixture_file_content("java/#{item[:java]}/build.gradle"))
+          runner.add_file('build.gradle', fixture_file_content("java/gradle/java-#{item[:java]}/build.gradle"))
           runner.add_file('settings.gradle', 'rootProject.name = "example"')
         end
 
diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb
index 49ee82c..faa5fc1 100644
--- a/spec/integration/java/maven_spec.rb
+++ b/spec/integration/java/maven_spec.rb
@@ -4,32 +4,38 @@ RSpec.describe "maven" do
   include_examples "each report version", "java", "maven"
   include_examples "each report version", "java", "maven-multimodules"
 
-  describe "When the maven dependencies come from a custom public maven repository" do
-    it 'is able to detect some of the licenses' do
-      runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml'))
-
-      report = runner.scan(env: {
-        'CI_PROJECT_ID' => '6130122'
-      })
+  context "when the maven dependencies come from the same projects public maven repository" do
+    subject { runner.scan(env: { 'CI_PROJECT_ID' => '6130122' }) }
 
-      expect(report).to match_schema
-      expect(report.dependency_names).to match_array(%w[example jaxb-api])
-      expect(report.licenses_for('example')).to match_array(['MIT'])
-      expect(report.licenses_for('jaxb-api')).to match_array(['GPL-2.0-only', 'cddl 1.1'])
+    before do
+      runner.mount(dir: fixture_file('java/maven/gitlab-repo'))
     end
 
-    it 'downloads packages from by using a custom `settings.xml`' do
-      runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml'))
-      runner.add_file('my_settings.xml', fixture_file_content('java/custom-maven-settings.xml'))
+    it 'is able to detect some of the licenses' do
+      expect(subject).to match_schema
+      expect(subject.dependency_names).to match_array(%w[example jaxb-api])
+      expect(subject.licenses_for('example')).to match_array(['MIT'])
+      expect(subject.licenses_for('jaxb-api')).to match_array(['GPL-2.0-only', 'CDDL-1.1'])
+    end
+  end
 
-      report = runner.scan(env: {
+  context "when packages are sourced from an external package registry" do
+    subject do
+      runner.scan(env: {
         'CI_PROJECT_ID' => 'invalid',
-        'MAVEN_CLI_OPTS' => "--settings my_settings.xml"
+        'MAVEN_CLI_OPTS' => "--settings settings.xml"
       })
+    end
 
-      expect(report).to match_schema
-      expect(report[:dependencies]).to match_array([{ name: 'example', url: '', description: '', paths: ['.'], licenses: ['MIT'] },
-                                                    { description: '', licenses: ['GPL-2.0-only', 'cddl 1.1'], name: 'jaxb-api', paths: ['.'], url: '' }])
+    before do
+      runner.mount(dir: fixture_file('java/maven/external-gitlab-repo'))
+    end
+
+    it 'downloads packages from by using a custom `settings.xml`' do
+      expect(subject).to match_schema
+      expect(subject.dependency_names).to match_array(%w[example jaxb-api])
+      expect(subject.licenses_for('example')).to match_array(['MIT'])
+      expect(subject.licenses_for('jaxb-api')).to match_array(['GPL-2.0-only', 'CDDL-1.1'])
     end
   end
 
@@ -53,7 +59,7 @@ RSpec.describe "maven" do
 
   describe "When scanning a project with multiple modules" do
     before do
-      runner.mount(dir: fixture_file('java/maven-multimodule'))
+      runner.mount(dir: fixture_file('java/maven/multimodule'))
     end
 
     it 'detects dependences from each module' do
@@ -82,18 +88,21 @@ RSpec.describe "maven" do
     end
   end
 
-  context "when connecting to a custom package registry with a self signed certificate", environment: 'offline' do
-    let(:bundle) { fixture_file_content('java/maven.crt') }
-    let(:report) { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => bundle, 'LOG_LEVEL' => 'debug' }) }
+  context "when connecting to a custom package registry with a self signed certificate" do
+    let(:report) { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read }) }
+    let(:private_maven_host) { 'maven.test' }
 
     before do
+      add_host('maven.test', '127.0.0.1')
+      start_proxy_server
+
       runner.add_file('pom.xml') do
-        fixture_file_content('java/pom-single.xml.erb', {
+        fixture_file_content('java/maven/pom-single.xml.erb', {
           group_id: 'com.fasterxml.jackson.core',
           artifact_id: 'jackson-core',
           version: '2.10.0',
           repository_id: 'custom',
-          repository_url: "https://#{private_maven_host}/artifactory/mvn-cache"
+          repository_url: "https://#{private_maven_host}/maven2"
         })
       end
     end
@@ -144,4 +153,45 @@ RSpec.describe "maven" do
       expect(output_file.read).to include('openjdk version "1.8.0_252"')
     end
   end
+
+  context "when scanning a project that depends on an older version of maven" do
+    subject { runner.scan }
+
+    before do
+      runner.mount(dir: fixture_file('java/maven/my-spring-app2'))
+    end
+
+    specify { expect(subject).to match_schema }
+    specify { expect(subject.dependency_names).to match_array(["asm", "asm-commons", "asm-tree", "barcodes", "classmate", "commons-fileupload", "commons-io", "commons-lang", "font-asian", "forms", "freemarker", "hibernate-validator", "hyph", "io", "jackson-annotations", "jackson-core", "jackson-databind", "jackson-datatype-jdk8", "jackson-datatype-jsr310", "jackson-module-parameter-names", "javassist", "javax.annotation-api", "jboss-logging", "jul-to-slf4j", "kernel", "layout", "log4j-api", "log4j-to-slf4j", "logback-classic", "logback-core", "ognl", "pdfa", "sign", "slf4j-api", "snakeyaml", "spring-aop", "spring-beans", "spring-boot", "spring-boot-autoconfigure", "spring-boot-starter", "spring-boot-starter-json", "spring-boot-starter-logging", "spring-boot-starter-tomcat", "spring-boot-starter-web", "spring-context", "spring-core", "spring-expression", "spring-jcl", "spring-web", "spring-webmvc", "struts2-core", "tomcat-embed-core", "tomcat-embed-el", "tomcat-embed-websocket", "validation-api", "xwork-core"]) }
+  end
+
+  [
+    { java: '8', maven: ['3.6.3', '3.5.4', '3.3.9', '3.2.5'] },
+    { java: '11', maven: ['3.6.3', '3.5.4', '3.3.9', '3.2.5'] }
+  ].each do |item|
+    item[:maven].each do |maven_version|
+      context "when using Java v#{item[:java]} with maven v#{maven_version}" do
+        let(:report) { runner.scan(env: env) }
+        let(:env) do
+          {
+            'LM_JAVA_VERSION' => item[:java],
+            'MAVEN_CLI_OPTS' => "--settings settings.xml"
+          }
+        end
+
+        before do
+          runner.mount(dir: fixture_file('java/maven/simple'))
+          runner.add_file('.mvn/wrapper/maven-wrapper.properties') do
+            "distributionUrl=https://repo1.maven.org/maven2/org/apache/maven/apache-maven/#{maven_version}/apache-maven-#{maven_version}-bin.zip"
+          end
+        end
+
+        specify do
+          expect(report).to match_schema
+          expect(report.dependency_names).to match_array(['netty-all'])
+          expect(report.licenses_for('netty-all')).to match_array(['Apache-2.0'])
+        end
+      end
+    end
+  end
 end
author	mo khan <mo.khan@gmail.com>	2020-07-20 15:55:59 -0600
committer	mo khan <mo.khan@gmail.com>	2020-07-21 16:46:02 -0600
commit	b3faccb3e3007ddfd41ef251ad8a925542fe2500 (patch)
tree	c2389439b9d41193079daf29a7bb82b6127e1e88 /spec/integration/java
parent	e1bb260b43763a36536b7d3fa4d73108ffb604d4 (diff)