1.40.x fixing guava python library (#3265)

* Fixing guava vulnerability (#3113)

* Fixing guava vulnerability

See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976

* Update kogito-build/kogito-dependencies-bom/pom.xml

Co-authored-by: Ricardo Zanini <[email protected]>

---------

Co-authored-by: Ricardo Zanini <[email protected]>

* [KOGITO-9434] Moving python modules under python profile (#3091)

* [KOGITO-9434] Moving python modules under python profile

* [KOGITO-9434] Renaming to full from python

* [KOGITO-9434] Adding activation properties

* [KOGITO-9434] Installing numpy and jep through maven

* [KOGITO-9434] Update executor tests

---------

Co-authored-by: Ricardo Zanini <[email protected]>

.ci/jenkins/Jenkinsfile.deploy

@@ -109,6 +109,7 @@ pipeline {
                     dir(getRepoName()) {
                         String mvnCmd = getMavenCommand()
                                             .withProperty('maven.test.failure.ignore', true)
+                                            .withProfiles(['full'])
                                             .skipTests(params.SKIP_TESTS)
                                             .getFullRunCommand('clean install')
                         util.runWithPythonVirtualEnv(mvnCmd, 'swf')

.ci/jenkins/Jenkinsfile.sonarcloud

@@ -33,7 +33,7 @@ pipeline {
             steps {
                 script {
                     util.runWithPythonVirtualEnv(getMavenCommand()
-                        .withProfiles(['run-code-coverage'])
+                        .withProfiles(['run-code-coverage', 'full'])
                         .getFullRunCommand('clean install'), 
                         'swf')
                 }

kogito-build/kogito-dependencies-bom/pom.xml

@@ -123,10 +123,17 @@
     <!-- see: https://maven.apache.org/surefire/maven-surefire-plugin/examples/fork-options-and-parallel-execution.html#parallel-test-execution-and-single-thread-execution -->
     <version.com.github.stephenc.jcip>1.0-1</version.com.github.stephenc.jcip>
     <version.black.ninia>4.1.1</version.black.ninia>
+    <version.com.google.guava>32.0.1-jre</version.com.google.guava>
   </properties>
 
   <dependencyManagement>
     <dependencies>
+      <!-- Guava should not be used directly by Kogito, here we are managing it to override dependency added by GRPC to fix this CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2976 -->
+      <dependency>
+        <groupId>com.google.guava</groupId>
+        <artifactId>guava</artifactId>
+        <version>${version.com.google.guava}</version>
+      </dependency>
       <dependency>
         <groupId>org.slf4j</groupId>
         <artifactId>slf4j-api</artifactId>

kogito-serverless-workflow/kogito-serverless-workflow-executor-python/pom.xml

@@ -43,4 +43,30 @@
       <scope>test</scope>
     </dependency>
   </dependencies>
+
+   <build>
+     <plugins>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>exec-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>pip-install</id>
+            <phase>generate-test-resources</phase>
+            <goals>
+                <goal>exec</goal>
+            </goals>
+            <configuration>
+                <executable>pip</executable>
+                <arguments>
+                    <argument>install</argument>
+                    <argument>-r</argument>
+                    <argument>${project.basedir}/requirements.txt</argument>
+                </arguments>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
 </project>

kogito-serverless-workflow/kogito-serverless-workflow-executor-python/requirements.txt

@@ -0,0 +1,2 @@
+numpy>=1.21.0
+jep>=4.1.1

kogito-serverless-workflow/pom.xml

@@ -44,11 +44,21 @@
         </property>
       </activation>
       <modules>
-        <module>kogito-serverless-workflow-python-runtime</module>
         <module>kogito-serverless-workflow-executor</module>
-        <module>kogito-serverless-workflow-executor-python</module>
         <module>kogito-serverless-workflow-executor-tests</module>
       </modules>
     </profile>
+    <profile>
+      <id>full</id>
+      <activation>
+        <property>
+          <name>full</name>
+        </property>
+      </activation>
+      <modules>
+        <module>kogito-serverless-workflow-python-runtime</module>
+        <module>kogito-serverless-workflow-executor-python</module>
+      </modules>
+    </profile>
   </profiles>
 </project>

quarkus/addons/pom.xml

@@ -50,6 +50,17 @@
         <module>python</module>
       </modules>
     </profile>
+    <profile>
+      <id>full</id>
+      <activation>
+        <property>
+          <name>full</name>
+        </property>
+      </activation>
+      <modules>
+        <module>python</module>
+       </modules>
+     </profile>
   </profiles>
 
   <build>

quarkus/addons/python/integration-tests/pom.xml

@@ -76,6 +76,27 @@
             </goals>
           </execution>
         </executions>
+      </plugin> 
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>exec-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>pip-install</id>
+            <phase>generate-resources</phase>
+            <goals>
+                <goal>exec</goal>
+            </goals>
+            <configuration>
+                <executable>pip</executable>
+                <arguments>
+                    <argument>install</argument>
+                    <argument>-r</argument>
+                    <argument>${project.basedir}/requirements.txt</argument>
+                </arguments>
+            </configuration>
+          </execution>
+        </executions>
       </plugin>
     </plugins>
   </build>

quarkus/addons/python/integration-tests/requirements.txt

@@ -0,0 +1,2 @@
+numpy>=1.21.0
+jep>=4.1.1