Skip to content

Bump org.eclipse.jdt:org.eclipse.jdt.ui from 3.37.0 to 3.38.0 (#1135) #4750

Bump org.eclipse.jdt:org.eclipse.jdt.ui from 3.37.0 to 3.38.0 (#1135)

Bump org.eclipse.jdt:org.eclipse.jdt.ui from 3.37.0 to 3.38.0 (#1135) #4750

Workflow file for this run

name: Codacy Security Scan
on:
push:
branches: [ main, 2022-12, 2022-09, 2022-06 ]
pull_request:
branches: [ main, 2022-12, 2022-09, 2022-06 ]
paths:
- '**.java'
- '**/pom.xml'
- '.codacy.yml'
- 'ruleset.xml'
- '.github/workflows/codacy.yml'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
codacy-java-tools:
name: Codacy Java Tools
runs-on: ubuntu-latest
timeout-minutes: 55
continue-on-error: true
permissions:
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
# TODO: Re-enable pmd once the MalformedInputException in Codacy PMD/SARIF is fixed
# Temporarily disable pmd due to MalformedInputException in Codacy SARIF generation
tool: [ spotbugs, checkstyle ]
env:
LC_ALL: C.UTF-8
LANG: C.UTF-8
JAVA_TOOL_OPTIONS: -Dfile.encoding=UTF-8
steps:
- name: Set up Maven
uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
with:
maven-version: 3.9.9
- name: Checkout code
uses: actions/checkout@v6
- name: Set up JDK 21
uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'temurin'
cache: maven
- name: Cache Maven dependencies
uses: actions/cache@v5
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-maven-
- name: Build (no tests)
run: mvn -B -DskipTests package
# Normalize all source files to UTF-8 to prevent encoding issues in SARIF generation
# Explicitly exclude binary JAR files and testresources directory to prevent MalformedInputException
- name: Normalize source files to UTF-8 (in-place)
run: |
set -euo pipefail
sudo apt-get update -y
sudo apt-get install -y uchardet libxml2-utils
changes=0
errors=0
# Helper function to clean invalid UTF-8 sequences
clean_utf8() {
local file=$1
if iconv -f utf-8 -t utf-8 -c "$file" -o "$file.tmp" 2>/dev/null; then
mv "$file.tmp" "$file"
return 0
else
rm -f "$file.tmp"
return 1
fi
}
# Process Java, XML, properties, and other text files
# IMPORTANT: Exclude testresources/ directory which contains binary JAR files
while IFS= read -r -d '' f; do
# Skip if file doesn't exist or is not readable
[ -r "$f" ] || continue
charset=$(uchardet "$f" 2>/dev/null | tr '[:upper:]' '[:lower:]')
if [ -z "$charset" ]; then
echo "Warning: uchardet could not detect encoding for $f, attempting UTF-8 validation"
# Try to clean as UTF-8 anyway for files < 1MB
filesize=$(stat -f%z "$f" 2>/dev/null || stat -c%s "$f" 2>/dev/null || echo 0)
if [ "$filesize" -lt 1048576 ] && ! iconv -f utf-8 -t utf-8 "$f" > /dev/null 2>&1; then
echo "Cleaning invalid UTF-8 sequences in $f (unknown encoding)"
if clean_utf8 "$f"; then
changes=$((changes+1))
else
errors=$((errors+1))
fi
fi
continue
fi
# Only convert if not already UTF-8/ASCII
if [ "$charset" != "utf-8" ] && [ "$charset" != "ascii" ] && [ "$charset" != "binary" ]; then
echo "Converting $f ($charset -> utf-8)"
if iconv -f "$charset" -t utf-8 "$f" -o "$f.tmp" 2>/dev/null; then
mv "$f.tmp" "$f"
changes=$((changes+1))
else
rm -f "$f.tmp" # Clean up partially written file on conversion failure
echo "Warning: Failed to convert $f, trying to clean invalid UTF-8"
if clean_utf8 "$f"; then
changes=$((changes+1))
else
errors=$((errors+1))
fi
fi
elif [ "$charset" = "utf-8" ] || [ "$charset" = "ascii" ]; then
# Even if detected as UTF-8, validate and clean it (skip very large files > 1MB)
filesize=$(stat -c%s "$f" 2>/dev/null || echo 0)
# Check if file contains invalid UTF-8 sequences by comparing with cleaned version
if [ "$filesize" -lt 1048576 ] && ! diff -q "$f" <(iconv -f utf-8 -t utf-8 -c "$f" 2>/dev/null) > /dev/null 2>&1; then
echo "Cleaning invalid UTF-8 sequences in $f"
if clean_utf8 "$f"; then
changes=$((changes+1))
else
errors=$((errors+1))
fi
fi
fi
done < <(git ls-files -z '*.java' '*.xml' '*.properties' '*.txt' '*.md' | grep -zv '/testresources/')
echo "Converted/cleaned $changes files, $errors failures"
if [ "$errors" -gt 0 ]; then
echo "Error: Failed to process $errors files"
exit 1
fi
# Ensure PMD only analyzes Java source files and excludes binary JARs
# This prevents MalformedInputException during SARIF generation when PMD encounters binary files
- name: Verify PMD configuration
run: |
echo "PMD will use ruleset.xml and .codacy.yml for filtering"
echo "IMPORTANT: Binary JARs under sandbox_functional_converter_test/testresources/ must be excluded"
echo ""
if [ -f ruleset.xml ]; then
echo "✓ ruleset.xml found"
# Validate XML is well-formed
xml_check=$(xmllint --noout ruleset.xml 2>&1)
if [ $? -eq 0 ]; then
echo "✓ ruleset.xml is well-formed XML"
else
echo "⚠ ruleset.xml has XML syntax errors"
echo "$xml_check"
fi
echo ""
echo "Binary file exclusions from ruleset.xml:"
grep "exclude-pattern.*\\.jar" ruleset.xml || echo " WARNING: No JAR exclusions found!"
grep "exclude-pattern.*\\.class" ruleset.xml || true
echo ""
echo "Key directory exclusions from ruleset.xml:"
grep "exclude-pattern.*testresources" ruleset.xml || echo " WARNING: No testresources exclusions found!"
grep "exclude-pattern.*/.*/.*" ruleset.xml | head -8 || true
else
echo "⚠ ruleset.xml not found"
fi
echo ""
if [ -f .codacy.yml ]; then
echo "✓ .codacy.yml found"
echo "Included paths:"
grep -A 5 "include_paths:" .codacy.yml || true
echo ""
echo "Excluded paths (should include testresources and *.jar):"
grep -A 20 "exclude_paths:" .codacy.yml || true
echo ""
echo "PMD-specific exclusions:"
grep -A 10 "pmd:" .codacy.yml || true
fi
echo ""
echo "Java source files to be analyzed:"
java_count=$(find . -name "*.java" -path "*/src/*" -not -path "*/target/*" -not -path "*/bin/*" -not -path "*/testresources/*" | wc -l)
echo "Found $java_count Java files in src/ directories (excluding target/, bin/, and testresources/)"
echo ""
echo "JAR files that MUST be excluded from analysis:"
find . -name "*.jar" -path "*/testresources/*" || echo " (none found - good!)"
- name: Run Codacy Analysis CLI (${{ matrix.tool }})
uses: codacy/codacy-analysis-cli-action@v4
with:
project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
tool: ${{ matrix.tool }}
verbose: true
format: sarif
output: ${{ runner.temp }}/results-${{ matrix.tool }}.sarif
gh-code-scanning-compat: true
max-allowed-issues: 2147483647
skip-uncommitted-files-check: true
tool-timeout: 1hour
# GitHub verlangt seit 2025-07 genau 1 run pro Upload/Kategorie
- name: Split SARIF into single-run files (${{ matrix.tool }})
shell: bash
env:
SARIF: ${{ runner.temp }}/results-${{ matrix.tool }}.sarif
OUTDIR: ${{ runner.temp }}/sarif_split_${{ matrix.tool }}
run: |
set -euo pipefail
if [ ! -s "$SARIF" ]; then
echo "No SARIF produced for ${{ matrix.tool }} -> skip."
exit 0
fi
sudo apt-get update -y
sudo apt-get install -y jq
mkdir -p "$OUTDIR"
# safe default: 0 runs if field missing
runs=$(jq '.runs | length // 0' "$SARIF")
echo "Found $runs runs in $SARIF"
for ((i=0; i<runs; i++)); do
# korrektes Zugreifen auf das $schema-Feld und Extrahieren eines einzelnen runs
jq --argjson i "$i" '{ "$schema": .["$schema"], version: .version, runs: [ .runs[$i] ] }' "$SARIF" > "$OUTDIR/run-$i.sarif"
done
- name: Upload SARIF run 0 (${{ matrix.tool }})
if: ${{ hashFiles(format('{0}/sarif_split_{1}/run-0.sarif', runner.temp, matrix.tool)) != '' }}
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ runner.temp }}/sarif_split_${{ matrix.tool }}/run-0.sarif
category: codacy-${{ matrix.tool }}-run-0
wait-for-processing: true
- name: Upload SARIF run 1 (${{ matrix.tool }})
if: ${{ hashFiles(format('{0}/sarif_split_{1}/run-1.sarif', runner.temp, matrix.tool)) != '' }}
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ runner.temp }}/sarif_split_${{ matrix.tool }}/run-1.sarif
category: codacy-${{ matrix.tool }}-run-1
wait-for-processing: true
- name: Upload SARIF run 2 (${{ matrix.tool }})
if: ${{ hashFiles(format('{0}/sarif_split_{1}/run-2.sarif', runner.temp, matrix.tool)) != '' }}
uses: github/codeql-action/upload-sarif@v4
with:
sarif_file: ${{ runner.temp }}/sarif_split_${{ matrix.tool }}/run-2.sarif
category: codacy-${{ matrix.tool }}-run-2
wait-for-processing: true