Build Updates

[phillipross]

• CI updated to zulu v8.0.442/v11.0.26/v17.0.4/v21.0.6
• removed maven install/config from GHA workflow and associated shell script
• switch GHA from maven to openjdk
• updated CI commands to invoke maven w/ mvnw instead of mvn
• added .sdkmanrc with initial settings for java as v8.0.442-zulu
• added maven-wrapper-plugin v3.3.2
• introduced maven wrapper w/ maven version set to v3.3.9
• add blank .mvn/jvm.config as placeholder
• add .mvn/maven.config with checksum/snapshot options and javadoc path to java8 javadoc
• updated minimum maven version from v3.8 to v3.9
• download-maven-plugin updated from v1.9.0 to v1.13.0
• exec-maven-plugin updated from v3.3.0 to v3.5.0
• maven-archetype-plugin updated from v3.2.1 to v3.3.1
• maven-checkstyle-plugin updated from v3.4.0 to v3.6.0
• maven-clean-plugin updated from v3.4.0 to v3.4.1
• maven-compiler-plugin updated from v3.13.0 to v3.14.0
• maven-dependency-plugin updated from v3.7.1 to v3.8.1
• maven-deploy-plugin updated from v3.1.2 to v3.1.4
• maven-failsafe-plugin updated from v3.3.1 to v3.5.2
• maven-gpg-plugin updated from v3.2.4 to v3.2.7
• maven-install-plugin updated from v3.1.2 to v3.1.4
• maven-jarsigner-plugin updated from v3.0.0 to v3.1.0
• maven-javadoc-plugin updated from v3.8.0 to v3.11.2
• maven-jxr-plugin updated from v3.4.0 to v3.6.0
• maven-pmd-plugin updated from v3.24.0 to v3.26.0
• maven-project-info-reports-plugin updated from v3.6.2 to v3.9.0
• maven-site-plugin updated from v3.12.1 to v3.21.0
• maven-surefire-plugin updated from v3.3.1 to v3.5.2
• maven-surefire-report-plugin updated from v3.3.1 to v3.5.2
• spotbugs-maven-plugin updated from v4.8.6.2 to v4.8.6.6
• versions-maven-plugin updated from v2.17.1 to v2.18.0
• jts-version updated from v1.19.0 to v1.20.0
• logback updated from v1.3.14 to v1.3.15
• pmd updated from v7.4.0 to v7.11.0
• postgresql-jdbc updated from v42.7.3 to v42.7.5
• slf4j updated from v2.0.13 to v2.0.17
• testcontainers updated from v1.20.1 to v1.20.5
• maven-version-rules.xml updated to include latest rules for ignore dependency versions requiring later versions of Java than v8

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes update the project's CI/CD, dependency management, and Maven integration. The SDKMAN installation script now installs only Java, having removed the Maven installation. The GitHub Actions workflow has been modified with updated JDK versions, Docker image tags, and switched commands to use the Maven Wrapper. Additionally, new configuration files for Maven settings, the Maven wrapper, and SDKMAN auto-environment have been added. The versioning rules for dependencies in XML and plugin versions in the Maven project file have also been updated.

Changes

File(s)	Change Summary
.github/install-sdkman.sh	Removed MAVEN_VERSION variable and Maven install command; standardized Java installation command with double quotes.
.github/main.yml	Updated JDK versions, removed Maven version from the matrix, changed container image name/tag, and switched commands to use ./mvnw, with added Docker environment setup.
.mvn/maven.config, .mvn/.../maven-wrapper.properties, .sdkmanrc	Added new configuration files: Maven config (strict-checksums, update-snapshots, javadoc path), Maven wrapper properties (wrapper version, distribution settings), and SDKMAN auto-env setup for Java.
maven-version-rules.xml	Updated XML namespace and schema location; revised versioning rules for checkstyle, spotbugs (and spotbugs-annotations), and directory-maven-plugin; replaced logback rule.
mvnw, mvnw.cmd, pom.xml	Introduced new Maven Wrapper scripts (shell and batch) facilitating Maven installation; updated pom.xml with new plugin versions, dependency version updates, and addition of the Maven Wrapper plugin.

Sequence Diagram(s)

sequenceDiagram
  participant User as Developer/User
  participant mvnw as Maven Wrapper Script
  participant OS as Environment
  participant DL as Download Service

  User->>mvnw: Invoke Maven command
  mvnw->>OS: Check JAVA_HOME and read config from .mvn/wrapper/maven-wrapper.properties
  mvnw->>DL: Request Maven distribution (via wget/curl)
  DL-->>mvnw: Return Maven distribution archive
  mvnw->>mvnw: Validate checksum and extract archive
  mvnw->>OS: Set up MAVEN_HOME and environment paths
  mvnw->>User: Execute Maven command with provided arguments

Loading

Possibly related PRs

• Build updates #135: Updates Maven version and modifies the CI/CD pipeline, aligning with the removal of Maven installation from the SDKMAN script and the shift to Maven Wrapper usage.

Poem

I'm a rabbit with a coder's flair,
Hopping through scripts without a care.
Maven's wrapper now leads the dance,
With JDK updates, here's our chance!
Code carrots crunch in every byte,
Celebrating changes from morning 'til night!
🥕🐇 Happy to hop in our new delight!

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 879ea28 and 9587343.

📒 Files selected for processing (9)

• .github/install-sdkman.sh (1 hunks)
• .github/workflows/main.yml (3 hunks)
• .mvn/maven.config (1 hunks)
• .mvn/wrapper/maven-wrapper.properties (1 hunks)
• .sdkmanrc (1 hunks)
• maven-version-rules.xml (1 hunks)
• mvnw (1 hunks)
• mvnw.cmd (1 hunks)
• pom.xml (3 hunks)

✅ Files skipped from review due to trivial changes (3)

• .sdkmanrc
• .mvn/maven.config
• .mvn/wrapper/maven-wrapper.properties

🧰 Additional context used

🪛 actionlint (1.7.4)

.github/workflows/main.yml

94-94: shellcheck reported issue in this script: SC2086:info:1:54: Double quote to prevent globbing and word splitting

(shellcheck)

---

94-94: shellcheck reported issue in this script: SC2086:info:1:85: Double quote to prevent globbing and word splitting

(shellcheck)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Build on OS ubuntu-24.04 using JDK 21.0.5-zulu
• GitHub Check: Build on OS ubuntu-24.04 using JDK 17.0.13-zulu
• GitHub Check: Build on OS ubuntu-24.04 using JDK 11.0.25-zulu
• GitHub Check: Build on OS ubuntu-24.04 using JDK 8.0.442-zulu

🔇 Additional comments (26)

maven-version-rules.xml (7)

2-3: Updated XML namespace looks correct.
The namespace and schema location update to https://www.mojohaus.org/VERSIONS/RULE/2.1.0 is aligned with the latest versions-maven-plugin documentation. No concerns here.

---

17-22: Confirm SpotBugs 4.9+ Java 11 requirement.
While 4.9.0+ does require Java 11, check if the entire 4.9.x line enforces mandatory Java 11 usage or if certain sub-versions remain Java 8-compatible.

---

23-27: SpotBugs Annotations pin also needs verification.
Similar to the main SpotBugs artifact, confirm that ignoring all 4.9.x versions is necessary to maintain Java 8 compatibility.

---

31-34: TestNG pinned to < 7.6 may skip fixes.
TestNG 7.6+ might have Java 11 features, but some patch releases (e.g., 7.6.x) could be partly or fully backward-compatible. Ensure that skipping them won’t omit potential bug or security fixes.

---

36-38: Logback pinned to < 1.4.0.
Logback 1.4.0+ indeed depends on Java 11, but confirm there isn’t a patch on 1.4.x that preserves Java 8 support.

---

41-46: Directory Maven Plugin pinned to < 1.2.
Check whether skipping 1.2.x versions leaves out desirable fixes or improvements that might still build on Java 8. Some patch releases in the 1.2 line may remain compatible.

---

11-15:

✅ Verification successful

Double-check skipped Checkstyle versions.
Excluding all 10.x releases can bypass important bug fixes or minor patches that might remain Java 8-compatible. Verify that there isn’t a 10.x release with Java 8 support.

Would you like to search the web for official release notes to confirm if some 10.x versions remain compatible with Java 8?

---

🌐 Web query:

Are there any Checkstyle 10.x versions that still support Java 8?

💡 Result:

Checkstyle 10.x versions officially require Java 11 or higher and do not support Java 8. This is explicitly stated in Checkstyle's documentation, which specifies that versions 10.x and above require JRE 11+[1][4]. However, an unofficial community backport exists for Checkstyle 10.x to enable compatibility with Java 8. This backport is maintained separately and provides a functional equivalent for users constrained to older Java versions[1].

Key Details:

• Official Checkstyle 10.x:

  • Requires Java 11+[1][4][9].
  • Includes updates like support for Java 22 syntax, new checks, and bug fixes[7].

• Community Backport:

  • Available for Checkstyle 10.0+[1].
  • Allows execution on Java 8[1].
  • Not officially supported by the Checkstyle team and may lag behind the latest releases[1].

Compatibility Notes:

• Projects using Java 8 can either:
  • Use Checkstyle 9.x (last version with official Java 8 support)[8].
  • Opt for the unofficial backport of Checkstyle 10.x[1].
• Tools like Checkstyle Addons and SevNTU Checkstyle also adapt to Checkstyle 10.x but require Java 11[5].

For most users, upgrading to Java 11+ is recommended to leverage official Checkstyle updates. Those unable to upgrade should use the backport cautiously.

Citations:

• 1: https://checkstyle.sourceforge.io
• 2: Compatibility with Checkstyle 10 spring-io/spring-javaformat#395
• 3: https://checkstyle.org/eclipse-cs/
• 4: https://checkstyle-addons.thomasjensen.com/checkstyle-compatibility-matrix.html
• 5: https://checkstyle-addons.thomasjensen.com/whatsnew.html
• 6: https://docs.gradle.org/current/userguide/checkstyle_plugin.html
• 7: https://github.com/checkstyle/checkstyle/releases
• 8: https://maven.apache.org/plugins/maven-checkstyle-plugin/
• 9: Checkstyle 10.0 upgraded on LTS 8.9.x, breaking analysis of Java 8 builds checkstyle/sonar-checkstyle#406
• 10: CheckStyle doesnt work with Mypy extension or on lower versions jdneo/vscode-checkstyle#331

---

Verification Complete – Official Releases Exclude Java 8 Compatibility
The official Checkstyle 10.x releases require Java 11 or higher, meaning there are no official 10.x versions that support Java 8. Although there is an unofficial community backport for Java 8, it is not part of the official releases. Therefore, excluding all 10.x versions via the Maven rule is the correct approach if you are targeting official releases.

• No changes are necessary if you intend to use only official Checkstyle releases.
• If there is any consideration for employing the unofficial backport, please ensure this is documented and revisited as needed.

.github/install-sdkman.sh (1)

14-14: Removal of Maven install is consistent with Maven Wrapper usage.
Switching to only installing Java aligns well with the new punting of Maven installation to the Maven Wrapper.

mvnw.cmd (1)

1-150: Maven Wrapper batch script looks standard.
This is a conventional Maven Wrapper script for Windows. No issues spotted in usage or logic flow.

mvnw (1)

1-260: Shell-based Maven Wrapper script appears correct and comprehensive.
The script correctly handles multiple fallback scenarios for downloading Maven, including Java-based downloads. It should work reliably in various environments.

.github/workflows/main.yml (6)

14-14: Verify JDK Version Consistency:
The matrix now lists updated JDK versions as [8.0.442-zulu, 11.0.25-zulu, 17.0.13-zulu, 21.0.5-zulu]. Please double-check whether these values are intended since the PR objectives mention versions such as 11.0.26, 17.0.4, and 21.0.6.

---

17-18: Confirm Include Block JDK and Zulu Versions:
The inclusion block now explicitly sets jdk_version: 8.0.442-zulu and updates zulu_version to 8.84.0.15. This aligns with the goal of refining the Java environment.

---

22-23: Update Docker Container Image Configuration:
The Docker settings have been updated to use maven_docker_container_image_name: openjdk and a new tag 8u442_zulu-alpine-8.84.0.15. This correctly reflects the transition from Maven to OpenJDK in the workflow.

---

40-40: Refined SDKMAN Installation Step:
The command now invokes .github/install-sdkman.sh ${{ matrix.jdk_version }}, ensuring that only the appropriate Java version is installed (with Maven installation removed).

---

65-80: Maven Wrapper Command Updates:
All Maven-related commands (listing repositories, dependency tree, active profiles, effective POM, clean install, and site staging) now use ./mvnw instead of the standard mvn. This is consistent with the switch to the Maven Wrapper. Please verify that the wrapper is correctly configured and that these commands work as expected in all environments.

---

87-87: Maven Deploy Command Updated:
The deployment step now uses the Maven Wrapper via ./mvnw for the deploy goal. This change should streamline the build process, aligning with the overall CI updates.

pom.xml (10)

98-98: Updated Maven Minimum Version:
The <maven.min.version> property is now set to 3.9, which reflects the project's updated requirements. Ensure that the rest of the build process is compatible with this new minimum version.

---

111-111: Test Container Image Revision:
The <test.container.image> property has been updated to postgis/postgis:17-3.5, which aligns with the updated container image strategy.

---

119-130: Batch Update of Core Maven Plugin Versions:
The versions for several Maven plugins have been updated:

• <download-maven-plugin.version> → 1.13.0
• <exec-maven-plugin.version> → 3.5.0
• <maven-archetype-plugin.version> → 3.3.1
• <maven-checkstyle-plugin.version> → 3.6.0
• <maven-clean-plugin.version> → 3.4.1
• <maven-compiler-plugin.version> → 3.14.0
• <maven-dependency-plugin.version> → 3.8.1
• <maven-deploy-plugin.version> → 3.1.4

This consolidated update should help maintain consistency across the build tools.

---

138-142: Documentation and Analysis Plugin Updates:
Updates in this block include:

• <maven-jarsigner-plugin.version> updated to 3.1.0
• <maven-javadoc-plugin.version> updated to 3.11.2
• <maven-jxr-plugin.version> updated to 3.6.0
• <maven-pmd-plugin.version> updated to 3.26.0
• <maven-project-info-reports-plugin.version> updated to 3.9.0

These changes should improve artifact signing, documentation generation, and code analysis.

---

146-146: Maven Site Plugin Upgrade:
The <maven-site-plugin.version> has been increased to 3.21.0. Please verify that your site generation and reporting tasks function as expected with this new version.

---

148-149: Surefire Plugin Version Enhancements:
Both <maven-surefire-plugin.version> and <maven-surefire-report-plugin.version> are now set to 3.5.2. This update may enhance test execution and reporting.

---

151-151: Maven Wrapper Plugin Addition:
The introduction of <maven-wrapper-plugin.version> set to 3.3.2 supports the new Maven Wrapper approach in the CI process. Make sure the accompanying wrapper files (e.g., mvnw, mvnw.cmd, and the .mvn directory) are kept in sync.

---

152-153: Spotbugs and Versions Maven Plugin Updates:
The updates <spotbugs-maven-plugin.version>4.8.6.6</spotbugs-maven-plugin.version> and <versions-maven-plugin.version>2.18.0</versions-maven-plugin.version> should enhance static analysis and version reporting. Confirm that these newer versions integrate smoothly with your build lifecycle.

---

156-160: Core Dependency Version Updates:
The following dependency versions have been updated:

• <dependency.jts-version.version> to 1.20.0
• <dependency.logback.version> to 1.3.15
• <dependency.pmd.version> to 7.11.0
• <dependency.postgresql-jdbc.version> to 42.7.5
• <dependency.slf4j.version> to 2.0.17

Ensure that these updates are compatible with all modules and that no regressions occur in logging or database interactions.

---

163-163: Testcontainers Dependency Update:
The <dependency.testcontainers.version> has been bumped to 1.20.5. Please run integration tests to confirm that this change does not introduce any compatibility issues in your testing environment.

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Enhance Docker Command Quoting:
The Docker run command installs gnupg before running the Maven Wrapper. However, shellcheck has flagged potential issues (SC2086) regarding missing double quotes around variables. For instance, consider quoting variables like ${HOME}/.gnupg and the volume specification using ${P}-${{ matrix.maven_docker_container_image_tag }}-mvn-repo to prevent unintended word splitting.

Suggested diff:

-run: docker container run --rm -i -v "$(pwd)":"${CBD}" -v ${HOME}/.gnupg:/root/.gnupg -v ${P}-${{ matrix.maven_docker_container_image_tag }}-mvn-repo:/root/.m2 -w "${CBD}" ${{ matrix.maven_docker_container_image_repo }}/${{ matrix.maven_docker_container_image_name }}:${{ matrix.maven_docker_container_image_tag }} sh -l -c "apk update && apk add -u gnupg && ./mvnw ..."
+run: docker container run --rm -i -v "$(pwd)":"${CBD}" -v "${HOME}/.gnupg":/root/.gnupg -v "${P}-${{ matrix.maven_docker_container_image_tag }}-mvn-repo":/root/.m2 -w "${CBD}" ${{ matrix.maven_docker_container_image_repo }}/${{ matrix.maven_docker_container_image_name }}:${{ matrix.maven_docker_container_image_tag }} sh -l -c "apk update && apk add -u gnupg && ./mvnw ..."

---

Enhance Docker Command Quoting in Workflow

The Docker command on line 94 of .github/workflows/main.yml currently does not enclose some variable expansions (e.g. ${HOME}/.gnupg and ${P}-${{ matrix.maven_docker_container_image_tag }}-mvn-repo) in double quotes. This may lead to unintended word splitting and other issues flagged by shellcheck (SC2086). Please update the command to wrap these variable expressions in quotes as shown below.

• File: .github/workflows/main.yml (line 94)
• Issue: Missing quotes around certain variable expressions in volume definitions.
• Suggested diff:

  -      run: docker container run --rm -i -v "$(pwd)":"${CBD}" -v ${HOME}/.gnupg:/root/.gnupg -v ${P}-${{ matrix.maven_docker_container_image_tag }}-mvn-repo:/root/.m2 -w "${CBD}" ${{ matrix.maven_docker_container_image_repo }}/${{ matrix.maven_docker_container_image_name }}:${{ matrix.maven_docker_container_image_tag }} sh -l -c "apk update && apk add -u gnupg && ./mvnw -U -V -s ${{ env.SETTINGS }} -P${{ env.PROFILES }} -Djavadoc.path=/usr/bin/javadoc -Dmaven.integration.test.skip=true dependency:list-repositories dependency:tree help:active-profiles clean install site site:stage"
  +      run: docker container run --rm -i -v "$(pwd)":"${CBD}" -v "${HOME}/.gnupg":/root/.gnupg -v "${P}-${{ matrix.maven_docker_container_image_tag }}-mvn-repo":/root/.m2 -w "${CBD}" ${{ matrix.maven_docker_container_image_repo }}/${{ matrix.maven_docker_container_image_name }}:${{ matrix.maven_docker_container_image_tag }} sh -l -c "apk update && apk add -u gnupg && ./mvnw -U -V -s ${{ env.SETTINGS }} -P${{ env.PROFILES }} -Djavadoc.path=/usr/bin/javadoc -Dmaven.integration.test.skip=true dependency:list-repositories dependency:tree help:active-profiles clean install site site:stage"

Please apply these changes to ensure the Docker command handles variable expansions safely.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

run: docker container run --rm -i -v "$(pwd)":"${CBD}" -v ${HOME}/.gnupg:/root/.gnupg -v ${P}-${{ matrix.maven_docker_container_image_tag }}-mvn-repo:/root/.m2 -w "${CBD}" ${{ matrix.maven_docker_container_image_repo }}/${{ matrix.maven_docker_container_image_name }}:${{ matrix.maven_docker_container_image_tag }} sh -l -c "apk update && apk add -u gnupg && ./mvnw -U -V -s ${{ env.SETTINGS }} -P${{ env.PROFILES }} -Djavadoc.path=/usr/bin/javadoc -Dmaven.integration.test.skip=true dependency:list-repositories dependency:tree help:active-profiles clean install site site:stage"

run: docker container run --rm -i -v "$(pwd)":"${CBD}" -v "${HOME}/.gnupg":/root/.gnupg -v "${P}-${{ matrix.maven_docker_container_image_tag }}-mvn-repo":/root/.m2 -w "${CBD}" ${{ matrix.maven_docker_container_image_repo }}/${{ matrix.maven_docker_container_image_name }}:${{ matrix.maven_docker_container_image_tag }} sh -l -c "apk update && apk add -u gnupg && ./mvnw -U -V -s ${{ env.SETTINGS }} -P${{ env.PROFILES }} -Djavadoc.path=/usr/bin/javadoc -Dmaven.integration.test.skip=true dependency:list-repositories dependency:tree help:active-profiles clean install site site:stage"

🧰 Tools

🪛 actionlint (1.7.4)

94-94: shellcheck reported issue in this script: SC2086:info:1:54: Double quote to prevent globbing and word splitting

(shellcheck)

---

94-94: shellcheck reported issue in this script: SC2086:info:1:85: Double quote to prevent globbing and word splitting

(shellcheck)