Merge branch 'master' into feature/RAT-293_sonarCloud

.asf.yaml

@@ -0,0 +1,11 @@
+github:
+  description: "Apache Creadur RAT - Release Audit Tool"
+  homepage: https://creadur.apache.org/
+  labels:
+    - maven
+    - java
+    - cli
+    - licensechecker 
+    - apache
+    - creadur
+    - rat

.buildtools/formatPom

@@ -0,0 +1,20 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+for pom in `find . -name \pom.xml` 
+do
+	xmllint --format $pom > /tmp/w 
+  	mv /tmp/w $pom 
+done

.buildtools/generateStagingSiteInWebpageRepo

@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+mvn clean site:site site:stage
+cp -rvf target/staging/* ../creadur-site/rat0161/

.github/workflows/maven.yml

@@ -33,24 +33,38 @@ jobs:
 # Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 #
 # Java 17 disabled, because we are running into https://bugs.openjdk.java.net/browse/JDK-8270866
-        java: [8, 11, 12, 13, 14, 15, 16]
+        java: [8, 11, 12, 13, 14, 15, 16, 21]
       fail-fast: false
 
     runs-on: ${{ matrix.os }}
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Configura artifact caching
+        uses: actions/[email protected]
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
 
       - name: Set up JDK
-        uses: actions/setup-java@v3.4.1
+        uses: actions/setup-java@v4.0.0
         with:
           distribution: adopt
           java-version: ${{ matrix.java }}
           cache: 'maven'
 
       - name: Build with Maven
-        run: mvn -e -B -V clean package site
+        run: ./mvnw -e -B -V -ntp clean install
+
+      - name: Build site
+        run: ./mvnw -e -B -V -ntp site:site
+
+      - name: Generate javadoc
+        run: ./mvnw -e -B -V -ntp javadoc:javadoc 
 
 # as of 20220505:  Invalid workflow file
 # The workflow is not valid. .github/workflows/maven.yml (Line: 55, Col: 1): Unexpected value 'notifications'

.gitignore

@@ -18,3 +18,4 @@
 */.idea
 /target/
 **/.gitignore
+**/lib/

.mvn/maven.config

@@ -0,0 +1 @@
+-V

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,18 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar

BUILD.txt

@@ -5,14 +5,17 @@ There is a maven default goal configured that builds and installs a fresh artifa
 or
 Normal development:
 
-    mvn install
+    mvn install OR 
+    ./mvnw install 
 
 Normal development without running tests:
 
-    mvn -Dmaven.test.skip=true install
+    mvn -Dmaven.test.skip=true install OR
+    ./mvnw -Dmaven.test.skip=true install
 
 Build apache release
 
-    mvn clean install -Papache-release
+    mvn clean install -Papache-release OR
+    ./mvnw clean install -Papache-release
 
 RAT uses the previos release version during the build to verify it complies its own rules.

Jenkinsfile

@@ -19,8 +19,8 @@
  */
 pipeline {
 
-//    agent { label 'ubuntu' } 
-    agent any
+    agent { label 'ubuntu' } 
+// arm does not have JDK8 anymore: agent any
 
     environment {
         // It seems the login the jenkins slave uses, doesn't pick up the environment changes,
@@ -78,22 +78,22 @@ pipeline {
         stage('Build Parent-pom') {
             steps {
                 echo 'Building parent pom only'
-                sh 'mvn clean install -N -e -B'
+                sh './mvnw clean install -N -e -B'
             }
         }
 
         stage('Print available updates') {
             steps {
                 echo 'Show available plugin and dependency updates'
-                sh 'mvn clean versions:display-dependency-updates versions:display-plugin-updates enforcer:display-info -U -B'
+                sh './mvnw clean versions:display-dependency-updates versions:display-plugin-updates -U -B'
             }
         }
 
         stage('Build') {
             steps {
                 echo 'Building the whole project'
                 // clean package -B -U -e -fae -V for making sure it just builds
-                sh 'mvn -B -U -V clean deploy'
+                sh './mvnw -B -U -V clean deploy'
             }
             post {
                 always {
@@ -106,7 +106,7 @@ pipeline {
         stage('Ensure site build works') {
             steps {
                 echo 'Verify site build is okay ....'
-                sh 'mvn site:site'
+                sh './mvnw site:site'
             }
         }
     }

NOTICE

@@ -1,5 +1,6 @@
 Apache Creadur Rat
-Copyright 2006-2021 The Apache Software Foundation
+Copyright 2006-2024 The Apache Software Foundation
+https://creadur.apache.org
 
 This product includes software developed at
 The Apache Software Foundation (https://www.apache.org/).

README.md

@@ -2,12 +2,8 @@
 
 ASF Jenkins: [![ASF Jenkins Build Status](https://ci-builds.apache.org/buildStatus/icon?job=Creadur%2FCreadur-Rat)](https://ci-builds.apache.org/job/Creadur/job/Creadur-Rat/)
 
-Travis: [![Build Status](https://app.travis-ci.com/apache/creadur-rat.svg?branch=master)](https://app.travis-ci.com/apache/creadur-rat)
-
 GA: [![Github Action master branch status](https://github.com/apache/creadur-rat/actions/workflows/maven.yml/badge.svg?branch=master)](https://github.com/apache/creadur-rat/actions)
 
-Due to a bug in the Travis build infrastructure the builds fail regularly because Travis selects a JDK that fails animal-sniffer-plugin runs as it is not the one specified in the build.
-
 ## What is RAT?
 
 Apache Rat is developed by the Apache Creadur project of the Apache Software

RELEASE-NOTES.txt

@@ -1,7 +1,7 @@
-              Apache Creadur Rat 0.15
+              Apache Creadur Rat 0.16
                   RELEASE NOTES
 
-The Apache Creadur Rat team is pleased to announce the release of Apache Creadur Rat 0.15
+The Apache Creadur Rat team is pleased to announce the release of Apache Creadur Rat 0.16
 
 Apache Rat is a release audit tool. It improves accuracy and efficiency when checking
 releases. It is heuristic in nature: making guesses about possible problems. It
@@ -15,30 +15,59 @@ Note that binary compatibility is not guaranteed between 0.x releases.
 Apache Rat is developed by the Apache Creadur project, a language and build
 agnostic home for software distribution comprehension and audit tools.
 
-This release fixes a warning during site builds and updates various dependencies.
+Apart from dependency updates and multiple bugfixes, this release brings the ability to use SPDX license identifiers and enhances the .gitignore-exclusion filterung during RAT runs.
+Furthermore new CLI options were added and new file types can be used by default. This release makes RAT a fully Maven3-compatible plugin and removes deprecated Maven2 completely.
+Thanks to all new contributors for improving RAT!
 
 Changes in this version include:
 
+New features:
+o RAT-338:  Update minimal build Maven version to 3.2.5 and maven dependencies to 3.9.6. Remove pre-JDK8 code constructs and minor refactorings. Thanks to Tamás Cservenák.
+o RAT-335:  Enhance .gitignore handling; support multiple .gitignore files and allow a more complete parsing of Git's ignore files. Thanks to Niels Basjes.
+o RAT-322:  Add configuration option to scan hidden directories: --scan-hidden-directories on the command line and scanHiddenDirectories as a Maven plugin parameter. Thanks to Jean-Baptiste Onofré.
+o RAT-320:  Add new command line option -o/--output to write RAT's output to a file. Thanks to Jean-Baptiste Onofré.
+o RAT-329:  Add markdown (MD) and yaml (YML/YAML) as a recognized extension for file and license processing. Thanks to Claude Warren.
+o RAT-316:  Add default exclusion of MANIFEST.MF as it must not contain comment lines to include a license.
+o RAT-321:  Allow text-based XML configuration of RAT. Thanks to Claude Warren.
+
 Fixed Bugs:
-o RAT-309:  Site builds could not be generated properly due to API changes: solution was to upgrade Maven Reporting API to 3.1.1 and use details of Maven Reporting Implementation 3.2.0 in RAT's Mojo hierarchy. Thanks to Michael Osipov, Gary Gregory.
-o RAT-309:  Updated internal data structures from deprecated ArrayStack to JDK's ArrayDeque.
-o RAT-306:  Add note about hierarchy of changelogs in RAT project structure when publishing the project webpage.
-o RAT-307:  Update to focal (Ubuntu 20.04) on Travis to circumvent build errors and be able to use more modern JDK versions. Deprecate openJDK8 build with focal as it is not supported on Travis.
+o RAT-326:  Fix existing javadoc build errors and add javadoc generation to existing GithubActions to not introduce build errors via merge requests.
+o RAT-328:  Ensure that System.out does not get closed during report generation and updated javadocs. Thanks to Claude Warren.
+o RAT-311:  Update commons-compress to 1.24.0 in order to circumvent CVE-2023-42503.
+o RAT-251:  Added SPDX processing for default licenses. Thanks to Claude Warren.
+o RAT-315:  Fix warnings when using RAT with newer Maven versions as methods from Maven v2 are deprecated. Minimum version of required Maven changed to 3.2.5. Thanks to Guillaume Nodet.
+o RAT-317:  Change log output level of SCM ignore parser from info to debug in order to produce less log output in RAT runs. Thanks to Gary Gregory.
+o RAT-314:  Add default recursive exclusion for maven-induced build artifacts in folder .mvn. Thanks to François Guillot.
+o RAT-312:  Remove Travis build as it is unreliable. Builds with ASF Jenkins and Github Actions remain as before.
 
 Changes:
-o RAT-305:  Update maven-project-info-reports-plugin from 3.3.0 to 3.4.1. Thanks to dependabot.
-o RAT-305:  Update maven-javadoc-plugin from 3.4.0 to 3.4.1. Thanks to dependabot.
-o RAT-305:  Update maven-jxr-plugin from 3.2.0 to 3.3.0. Thanks to dependabot.
-o RAT-305:  Update animal-sniffer-maven-plugin from 1.21 to 1.22. Thanks to dependabot.
-o RAT-305:  Update maven-site-plugin from 3.12.0 to 3.12.1. Thanks to dependabot.
-o RAT-305:  Update maven-pmd-plugin from 3.16.0 to 3.18.0. Thanks to dependabot.
-o RAT-305:  Update mockito-core from 4.6.0 to 4.7.0. Thanks to dependabot.
-o RAT-305:  Update extra-enforcer-rules from 1.5.1 to 1.6.1. Thanks to dependabot.
-o RAT-305:  Update Apache parent pom from 26 to 27. Thanks to dependabot.
-o RAT-305:  Update wagon-ssh from 3.5.1 to 3.5.2. Thanks to dependabot.
-o RAT-305:  Update maven-enforcer-plugin from 3.0.0 to 3.1.0. Thanks to dependabot.
-o RAT-305:  Update actions/setup-java from 3.3.0 to 3.4.1. Thanks to dependabot.
-o RAT-310:  Fix deprecation warnings in tests. Use hamcrest's annotations instead of ones from JUnit.
+o RAT-311:  Update actions/setup-java from 3.4.1 to 4.0.0. Thanks to dependabot.
+o RAT-311:  Update actions/cache from 3.0.11 to 3.3.2 Thanks to dependabot.
+o RAT-311:  Update actions/checkout from 3 to 4. Thanks to dependabot.
+o RAT-311:  Update mockito-core from 4.7.0 to 4.11.0, newer versions 5.x cannot be applied due to our JDK8-compatibility restriction. Thanks to dependabot.
+o RAT-311:  Update plexus-utils from 3.4.2 to 3.5.1, versions 4.x are for upcoming Maven4 and must not be applied here. Thanks to dependabot.
+o RAT-311:  Update maven-plugin-version from 3.6.4 to 3.8.2. Thanks to dependabot.
+o RAT-311:  Update wagon-ssh from 3.5.2 to 3.5.3. Thanks to dependabot.
+o RAT-311:  Update Ant from 1.10.12 to 1.10.14. Thanks to dependabot.
+o RAT-311:  Update ASF parent pom from 27 to 31 and update multiple maven plugin versions implicitly (surefire, release, project-info, enforcer, jxr). Thanks to dependabot.
+o RAT-311:  Update doxiaVersion from 1.11.1 to 1.12.0. Thanks to dependabot.
+o RAT-311:  Update maven-shared-utils from 3.3.4 to 3.4.2. Thanks to dependabot.
+o RAT-311:  Update org.slf4j:slf4j-simple from 1.7.36 to 2.0.9. Thanks to dependabot.
+o RAT-311:  Update commons-lang3 from 3.5 to 3.14.0. Thanks to dependabot.
+o RAT-311:  Update commons-compress from 1.21 to 1.25. Thanks to dependabot.
+o RAT-311:  Update commons-io from 2.11.0 to 2.15.1. Thanks to dependabot.
+o RAT-311:  Update commons-cli from 1.5.0 to 1.6.0. Thanks to dependabot.
+o RAT-311:  Update maven-pmd-plugin from 3.18.0 to 3.21.2. Thanks to dependabot.
+o RAT-311:  Update maven-dependency-plugin from 3.3.0 to 3.6.1. Thanks to dependabot.
+o RAT-311:  Update maven-compiler-plugin from 3.10.1 to 3.12.1. Thanks to dependabot.
+o RAT-311:  Update maven-javadoc-plugin from 3.4.1 to 3.6.3. Thanks to dependabot.
+o RAT-311:  Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot.
+o RAT-311:  Update maven-enforcer-plugin from 3.1.0 to 3.4.1. Thanks to dependabot.
+o RAT-311:  Update extra-enforcer-rules from 1.6.1 to 1.7.0 Thanks to dependabot.
+o RAT-311:  Update maven-release-plugin from 2.5.3 to 3.0.1. Thanks to dependabot.
+o RAT-311:  Update animal-sniffer-maven-plugin from 1.22 to 1.23. Thanks to dependabot.
+o RAT-311:  Update maven-project-info-reports-plugin from 3.4.1 to 3.5.0. Thanks to dependabot.
+o RAT-311:  Update maven-surefire-plugin from 3.2.2 to 3.2.3. Thanks to dependabot.
 
 
 Historical list of changes: https://creadur.apache.org/rat/changes-report.html