Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tech Debt - Update Dependencies #2329

Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

Tech Debt - Update Dependencies #2329

wants to merge 18 commits into from

Conversation

NavaCharlesHorowitz
Copy link
Contributor

@NavaCharlesHorowitz NavaCharlesHorowitz commented Nov 19, 2024
edited
Loading

🎫 Ticket

This is one component of my catchall tech debt/housekeeping ticket:

DPC-4298

🛠 Changes

-Updated POMs with newer dependency versions
-Removed older jersey/guice/dropwizard utilities
-Updated classes for jakarta support and new guice/hk2/jakarta DI
-Removed deprecated code and some warnings
-Improved test isolation
-Performance adjustments

ℹ️ Context

Project dependencies are 4 - 8 years old. Deprecated code, EOL projects, increasingly inactive development community and inability to support eventual transition to JDK 17 are concerns that need to be addressed while preserving the basic integrity of the software design.

🧪 Validation

Local unit, integration, system, and smoke testing combined with trace logging to verify successful and correct implementation of new dependencies.

ceh1 and others added 15 commits November 16, 2024 21:48
Based on the minor security incident linked to DPC-4341, updated .git…
6c686b8 
…ignore to ignore all contents in project tmp/ directory, but to create an empty directory (with .keep placeholder) to support local, cicd, and op tmp work as necessary.
Renamed integration test files as *IT.java to prepare for failsafe pl…
2fea577 
…ugin. Preserving commit history on files by minimizing changes during rename.
Updated classnames to reflect file renames
1a7fa44
Updated POM to configure surefire for renamed IT files when in integr…
9885590 
…ation-tests profile
Added maven clean plugin with config because CICD filelocks are slow …
6f56bd7 
…to release
Added test display names
1e4a2fd
Updated surefire configuration with test tree reporter
3a586be
Knocked out excessive shade warnings
b0b85fa
Updated maven plugin versions
8519115
Updated POM to use maven failsafe plugin for integration test rather …
977c8a3 
…than reusing Surefire (generally used to unit test)
Updated tests run command to set integration test maven goal and add …
2a32c47 
…support for verbose test reporting when desired
Temporary disabling of make smoke at the end of the ci-workflow. dpc-…
dd3d008 
…smoketest is cleaned, compiled, and packaged during dpc-test.sh anyways, and recent updates to CICD/github action runner seem to have introduced new problems with our process
maven-exec script to built jakarta.servlet-api with javax SingleThrea…
f101013 
…dModel interface needed by Dropwizard.

This will allow for cleaner transition to jakarta-only dependencies
Created new module for a go-forward dropwizard-guice support system u…
5ca6b9f 
…nder DPC control and updated for jakarta/hk2 support
Merge origin/main into ceh1/tech-debt-oct24-3
aa17336
@NavaCharlesHorowitz NavaCharlesHorowitz changed the title Tech Debt - Update dependency versions Tech Debt - Update Dependencies Nov 22, 2024
ceh1 added 3 commits November 22, 2024 09:27
Replaced use of deprecated JWT SigningKeyResolverAdapter with Locator…
3912e03 
…Adapter and made changes consistent with security model for JWTs to not rely on claims prior to signature verification.

Updated exception->response mapping
Tests updates and improved test isolation
Added DAO method to fetch key using keyid without org id
Updated POMs for transitive dependencies
Updated dependencies in POMs
85078b7 
Swapped-in dropwizard-guiciest
hk2/jakarta/guice code/annotation adjustment
transition to jakarta from javax
Some performance/singleton adjustments
Test updates and some further test isolation
Exception->response mapping updates
Env variables for updated health check settings when merged with ceh1…
4baee69 
…/tech-debt-oct24-1
@NavaCharlesHorowitz NavaCharlesHorowitz added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Nov 22, 2024
@NavaCharlesHorowitz NavaCharlesHorowitz marked this pull request as ready for review November 22, 2024 21:06
@NavaCharlesHorowitz NavaCharlesHorowitz requested a review from a team November 24, 2024 02:58
ashley-weaver
ashley-weaver reviewed Nov 27, 2024
View reviewed changes
dpc-api/src/main/java/gov/cms/dpc/api/auth/DPCAuthFactory.java
@@ -9,7 +9,7 @@
import io.dropwizard.auth.AuthFilter;
import io.dropwizard.auth.Authenticator;

import javax.inject.Inject;
import com.google.inject.Inject;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does it matter that you're using jakarta.inject in some places and com.google.inject in others?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A good question - the answer appears to be - it can. The code as it is appears to be working (meaning to say that the guice-hk2 bridge is probably keeping it all together), but I'd definitely recommend if this ends up being accepted into main, then we should plan to thoroughly comb through and try to rectify that to eliminate the uncertainty of when which package should be used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashley-weaver ashley-weaver ashley-weaver left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NavaCharlesHorowitz @ashley-weaver