From 27b2a017128aed05982dfaea9a86abce5b02cae1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20Schmitz=20von=20H=C3=BClst?=
 <moritz.schmitz@oviva.com>
Date: Mon, 5 Feb 2024 22:51:08 +0100
Subject: [PATCH 01/17] Add docker build for java-spiffe-helper container
 (#187)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Add docker build for java-spiffe-helper container

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Adopt JDK has been deprecated in favor of temurin

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Push image after build

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Remove build on pull request and fix image tag

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Set user non-root, add separate stage for gradle dependencies and version to gradle properties

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Fix entrypoint

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Add example config and default container command

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Revert changes to gradle workflow and rename container build workflow

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Pin gradle builder image version

Co-authored-by: Ryan Turner <rturner3@users.noreply.github.com>
Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Add buildx action

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Use github variable in image tag

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Add Qemu

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Login before push

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Adopt JDK has been deprecated in favor of temurin

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Remove build on pull request and fix image tag

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Revert changes to gradle workflow and rename container build workflow

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Use new properties example file

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

* Minor improvements according to PR comments

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>

---------

Signed-off-by: Moritz Schmitz von Hülst <moritz.schmitz@oviva.com>
Co-authored-by: Ryan Turner <rturner3@users.noreply.github.com>
---
 .dockerignore                        | 110 +++++++++++++++++++++++++++
 .github/workflows/docker.yml         |  34 +++++++++
 Dockerfile                           |  15 ++++
 build.gradle                         |   2 +-
 gradle.properties                    |   1 +
 java-spiffe-helper/build.gradle      |   2 +-
 java-spiffe-helper/gradle.properties |   1 +
 7 files changed, 163 insertions(+), 2 deletions(-)
 create mode 100644 .dockerignore
 create mode 100644 .github/workflows/docker.yml
 create mode 100644 Dockerfile
 create mode 100644 gradle.properties
 create mode 100644 java-spiffe-helper/gradle.properties

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..66cd1b52
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,110 @@
+### Java template
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+replay_pid*
+
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
+# GitHub
+.github
+
+# Git
+.git
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
new file mode 100644
index 00000000..059b3501
--- /dev/null
+++ b/.github/workflows/docker.yml
@@ -0,0 +1,34 @@
+name: container build
+
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    env:
+      REGISTRY: ghcr.io
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - run: echo "DOCKER_TAG=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
+      - name: Publish java-spiffe-helper
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}-helper:${{ env.DOCKER_TAG }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..cc378745
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,15 @@
+FROM gradle:8.5.0-jdk17 AS builder
+COPY --chown=gradle:gradle . /builder
+WORKDIR /builder
+RUN gradle dependencies
+RUN gradle java-spiffe-helper:assemble -ParchiveClassifier=docker -Pversion=docker
+
+FROM eclipse-temurin:17-jre AS runner
+COPY --chown=nobody:nobody \
+  conf/java-spiffe-helper.properties /app/java-spiffe-helper.properties
+COPY --from=builder \
+  --chown=nobody:nobody \
+  /builder/java-spiffe-helper/build/libs/java-spiffe-helper-docker-docker.jar /app/java-spiffe-helper.jar
+USER nobody
+ENTRYPOINT ["java", "-jar", "/app/java-spiffe-helper.jar"]
+CMD ["--config", "/app/java-spiffe-helper.properties"]
diff --git a/build.gradle b/build.gradle
index d847f371..aec2f297 100644
--- a/build.gradle
+++ b/build.gradle
@@ -12,7 +12,7 @@ allprojects {
 
 subprojects {
     group = 'io.spiffe'
-    version = '0.8.4'
+    version = project.version
 
     ext {
         grpcVersion = '1.61.1'
diff --git a/gradle.properties b/gradle.properties
new file mode 100644
index 00000000..58b1003e
--- /dev/null
+++ b/gradle.properties
@@ -0,0 +1 @@
+version=0.8.4
diff --git a/java-spiffe-helper/build.gradle b/java-spiffe-helper/build.gradle
index 8eb0c781..a566d530 100644
--- a/java-spiffe-helper/build.gradle
+++ b/java-spiffe-helper/build.gradle
@@ -10,7 +10,7 @@ assemble.dependsOn shadowJar
 
 shadowJar {
     mergeServiceFiles()
-    archiveClassifier = osdetector.classifier
+    archiveClassifier = project.hasProperty('archiveClassifier') && project.archiveClassifier != "" ? project.archiveClassifier : osdetector.classifier
     manifest {
         attributes 'Main-Class': 'io.spiffe.helper.cli.Runner'
     }
diff --git a/java-spiffe-helper/gradle.properties b/java-spiffe-helper/gradle.properties
new file mode 100644
index 00000000..4792364d
--- /dev/null
+++ b/java-spiffe-helper/gradle.properties
@@ -0,0 +1 @@
+archiveClassifier=

From 93da062279492c1e3fdf5e8c941ab13cceea788d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 13 Feb 2024 14:57:01 -0600
Subject: [PATCH 02/17] Bump jupiterVersion from 5.10.1 to 5.10.2 (#203)

Bumps `jupiterVersion` from 5.10.1 to 5.10.2.

Updates `org.junit.jupiter:junit-jupiter-api` from 5.10.1 to 5.10.2
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.1...r5.10.2)

Updates `org.junit.jupiter:junit-jupiter-engine` from 5.10.1 to 5.10.2
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.1...r5.10.2)

Updates `org.junit.jupiter:junit-jupiter-params` from 5.10.1 to 5.10.2
- [Release notes](https://github.com/junit-team/junit5/releases)
- [Commits](https://github.com/junit-team/junit5/compare/r5.10.1...r5.10.2)

---
updated-dependencies:
- dependency-name: org.junit.jupiter:junit-jupiter-api
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.junit.jupiter:junit-jupiter-engine
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: org.junit.jupiter:junit-jupiter-params
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index aec2f297..f1b5bec1 100644
--- a/build.gradle
+++ b/build.gradle
@@ -16,7 +16,7 @@ subprojects {
 
     ext {
         grpcVersion = '1.61.1'
-        jupiterVersion = '5.10.1'
+        jupiterVersion = '5.10.2'
         mockitoVersion = '4.11.0'
         lombokVersion = '1.18.30'
         nimbusVersion = '9.37.3'

From 4d374bf798530460e51b85557859e2407bfac129 Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Thu, 15 Feb 2024 16:20:55 -0300
Subject: [PATCH 03/17] DefineC grpc-inprocess dependency as testImplementation
 (#206)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 java-spiffe-core/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java-spiffe-core/build.gradle b/java-spiffe-core/build.gradle
index b43b7500..780e03b6 100644
--- a/java-spiffe-core/build.gradle
+++ b/java-spiffe-core/build.gradle
@@ -86,7 +86,7 @@ dependencies {
 
     implementation group: 'io.grpc', name: 'grpc-protobuf', version: "${grpcVersion}"
     implementation group: 'io.grpc', name: 'grpc-stub', version: "${grpcVersion}"
-    implementation group: 'io.grpc', name: 'grpc-inprocess', version: "${grpcVersion}"
+    testImplementation group: 'io.grpc', name: 'grpc-inprocess', version: "${grpcVersion}"
     testImplementation group: 'io.grpc', name: 'grpc-testing', version: "${grpcVersion}"
     compileOnly group: 'org.apache.tomcat', name: 'annotations-api', version: '6.0.53' // necessary for Java 9+
 

From 6a8e96ba96178cd2664b2342a0acc93af0b01b39 Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Thu, 15 Feb 2024 16:22:48 -0300
Subject: [PATCH 04/17] Fix CODEOWNERS syntax (#208)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 CODEOWNERS | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CODEOWNERS b/CODEOWNERS
index 9ff5470f..6121b9e7 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1,4 +1,4 @@
-@maxlambrecht @rturner3
+* @maxlambrecht @rturner3
 
 ##########################################
 # Maintainers

From 63a004d9f3df9213b7bc94d8c266f68de3b93fde Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Thu, 15 Feb 2024 17:11:06 -0300
Subject: [PATCH 05/17] Prepare release 0.8.5 (#204)

Co-authored-by: Ryan Turner <turner@uber.com>
Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 CHANGELOG.md                 | 28 ++++++++++++++++++++++++++++
 README.md                    | 34 +++++++++++++++++++---------------
 gradle.properties            |  2 +-
 java-spiffe-helper/README.md |  4 ++--
 4 files changed, 50 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0026aea4..c146b2c1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,33 @@
 # Changelog
 
+## [0.8.5] - 2024-14-02
+
+### Added
+
+- Docker container and CI workflow for `java-spiffe-helper` (#187)
+
+### Changed
+
+- Updated Gradle to version 8.5 (#201)
+- Various enhancements in `java-spiffe-helper` (#199)
+
+### Fixed
+
+- Addressed a Fat Jar Assembly issue. (#198)
+
+### Dependency updates
+
+- Bump `io.grpc:grpc-protobuf` and  `io.grpc:grpc-stub` from 1.54.0 to 1.61.1 (#202)
+- Bump `commons-validator:commons-validator` from 1.7. to 1.8.0 (#197)
+- Bump `commons-cli:commons-cli` from 1.5.0 to 1.6.0 (#196)
+- Bump `com.google.protobuf:protoc` from 3.21.12 to 3.25.2 (#193)
+- Bump `io.netty:netty-transport-native-kqueue` from 4.1.91.Final to 4.1.106.Final (#192)
+- Bump `org.apache.commons:commons-lang3` from 3.12.0 to 3.14.0 (#189)
+- Bump `com.nimbusds:nimbus-jose-jwt` from 9.31 to 9.37.3 (#184)
+- Bump `org.projectlombok:lombok` from 1.18.26 to 1.18.30 (#170)
+- Bump `com.google.protobuf:protobuf-gradle-plugin` from 0.9.2 to 0.9.4 (#153)
+
+
 ## [0.8.4] - 2023-04-14
 
 ### Dependencies updates
diff --git a/README.md b/README.md
index 8fec9121..f978f5be 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ X.509 and JWT SVIDs and bundles.
 Download
 --------
 
-The JARs can be downloaded from [Maven Central](https://search.maven.org/search?q=g:io.spiffe%20AND%20v:0.8.4). 
+The JARs can be downloaded from [Maven Central](https://search.maven.org/search?q=g:io.spiffe%20AND%20v:0.8.5). 
 
 The dependencies can be added to `pom.xml`
 
@@ -35,7 +35,7 @@ To import the `java-spiffe-provider` component:
 <dependency>
   <groupId>io.spiffe</groupId>
   <artifactId>java-spiffe-provider</artifactId>
-  <version>0.8.4</version>
+  <version>0.8.5</version>
 </dependency>
 ```
 The `java-spiffe-provider` component imports the `java-spiffe-core` component.
@@ -45,7 +45,7 @@ To just import the `java-spiffe-core` component:
 <dependency>
   <groupId>io.spiffe</groupId>
   <artifactId>java-spiffe-core</artifactId>
-  <version>0.8.4</version>
+  <version>0.8.5</version>
 </dependency>
 ```
 
@@ -53,12 +53,12 @@ Using Gradle:
 
 Import `java-spiffe-provider`:
 ```gradle
-implementation group: 'io.spiffe', name: 'java-spiffe-provider', version: '0.8.4'
+implementation group: 'io.spiffe', name: 'java-spiffe-provider', version: '0.8.5'
 ```
 
 Import `java-spiffe-core`:
 ```gradle
-implementation group: 'io.spiffe', name: 'java-spiffe-core', version: '0.8.4'
+implementation group: 'io.spiffe', name: 'java-spiffe-core', version: '0.8.5'
 ```
 
 ### MacOS Support
@@ -72,14 +72,14 @@ In case run on a osx-x86 architecture, add to your `pom.xml`:
 <dependency>
   <groupId>io.spiffe</groupId>
   <artifactId>grpc-netty-macos</artifactId>
-  <version>0.8.4</version>
+  <version>0.8.5</version>
   <scope>runtime</scope>
 </dependency>
 ```
 
 Using Gradle:
 ```gradle
-runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos', version: '0.8.4'
+runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos', version: '0.8.5'
 ```
 
 #### Aarch64 (M1) Architecture
@@ -91,7 +91,7 @@ If you are running the aarch64 architecture (M1 CPUs), add to your `pom.xml`:
 <dependency>
   <groupId>io.spiffe</groupId>
   <artifactId>grpc-netty-macos-aarch64</artifactId>
-  <version>0.8.4</version>
+  <version>0.8.5</version>
   <scope>runtime</scope>
 </dependency>
 ```
@@ -99,20 +99,24 @@ If you are running the aarch64 architecture (M1 CPUs), add to your `pom.xml`:
 Using Gradle:
 
 ```gradle
-runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos-aarch64', version: '0.8.4'
+runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos-aarch64', version: '0.8.5'
 ```
 
 *Caveat: not all OpenJDK distributions are aarch64 native, make sure your JDK is also running
 natively*
 
-### Note: `java-spiffe-helper` artifact
 
-As the [java-spiffe-helper](java-spiffe-helper/README.md) artifact is meant to be used as a standalone JAR and not as a Maven dependency, 
-it is not published to Maven Central, but to [Github releases](https://github.com/spiffe/java-spiffe/releases/tag/v0.8.4), for both 
-[Linux](https://github.com/spiffe/java-spiffe/releases/download/v0.8.4/java-spiffe-helper-0.8.4-linux-x86_64.jar) and 
-[MacOS](https://github.com/spiffe/java-spiffe/releases/download/v0.8.4/java-spiffe-helper-0.8.4-osx-x86_64.jar) versions.
+## Java SPIFFE Helper
 
-### Build the JARs
+The `java-spiffe-helper` module manages X.509 SVIDs and Bundles in Java Keystores.
+
+### Docker Image
+
+Pull the `java-spiffe-helper` image from `ghcr.io/java-spiffe-helper:v0.8.5`.
+
+For more details, see [java-spiffe-helper/README.md](java-spiffe-helper/README.md).
+
+## Build the JARs
 
 On Linux or MacOS, run:
 
diff --git a/gradle.properties b/gradle.properties
index 58b1003e..e7e2a475 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1 +1 @@
-version=0.8.4
+version=0.8.5
diff --git a/java-spiffe-helper/README.md b/java-spiffe-helper/README.md
index c0cbebf3..0f237d51 100644
--- a/java-spiffe-helper/README.md
+++ b/java-spiffe-helper/README.md
@@ -10,11 +10,11 @@ The Helper automatically gets the SVID updates and stores them in the KeyStore a
 
 On Linux:
 
-`java -jar java-spiffe-helper-0.8.4-linux-x86_64.jar`
+`java -jar java-spiffe-helper-0.8.5-linux-x86_64.jar`
 
 On Mac OS:
 
-`java -jar java-spiffe-helper-0.8.4-osx-x86_64.jar`
+`java -jar java-spiffe-helper-0.8.5-osx-x86_64.jar`
 
 You can run the utility with the `-c` or `--config` option to specify the path to the configuration file. By default, it
 will look for a configuration file named `conf/java-spiffe-helper.properties` in the current working directory.

From 07285eb5e93da8366a9c915dc3a97d9b5b078c40 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 15 Feb 2024 16:15:01 -0600
Subject: [PATCH 06/17] Bump io.netty:netty-transport-native-kqueue (#205)

Bumps [io.netty:netty-transport-native-kqueue](https://github.com/netty/netty) from 4.1.106.Final to 4.1.107.Final.
- [Commits](https://github.com/netty/netty/compare/netty-4.1.106.Final...netty-4.1.107.Final)

---
updated-dependencies:
- dependency-name: io.netty:netty-transport-native-kqueue
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index f1b5bec1..a2b64e94 100644
--- a/build.gradle
+++ b/build.gradle
@@ -23,7 +23,7 @@ subprojects {
         shadowVersion = '8.1.1'
 
         //IMPORTANT: This must be in sync with the shaded netty version in gRPC
-        nettyVersion = '4.1.106.Final'
+        nettyVersion = '4.1.107.Final'
     }
 
     apply plugin: 'java-library'

From 0ff26093f4d5549ee46891ccc226ef0657cedeab Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Thu, 15 Feb 2024 20:08:58 -0300
Subject: [PATCH 07/17] Include 'v' in the image tag (#210)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 059b3501..c21974dc 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -29,6 +29,6 @@ jobs:
           context: .
           platforms: linux/amd64,linux/arm64
           push: true
-          tags: ${{ env.REGISTRY }}/${{ github.repository }}-helper:${{ env.DOCKER_TAG }}
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}-helper:v${{ env.DOCKER_TAG }}
           cache-from: type=gha
           cache-to: type=gha,mode=max

From 9b8b7dad878aeb5ad88a0af0b3415c9a31e47b67 Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Thu, 15 Feb 2024 20:09:16 -0300
Subject: [PATCH 08/17] Fix image url in the README (#209)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f978f5be..de3332d2 100644
--- a/README.md
+++ b/README.md
@@ -112,7 +112,7 @@ The `java-spiffe-helper` module manages X.509 SVIDs and Bundles in Java Keystore
 
 ### Docker Image
 
-Pull the `java-spiffe-helper` image from `ghcr.io/java-spiffe-helper:v0.8.5`.
+Pull the `java-spiffe-helper` image from `ghcr.io/spiffe/java-spiffe-helper:0.8.5`.
 
 For more details, see [java-spiffe-helper/README.md](java-spiffe-helper/README.md).
 

From bc833fef25b3e2a779a8d1dd8862a851bb0fa92a Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Fri, 16 Feb 2024 17:50:51 -0300
Subject: [PATCH 09/17] Update SPIRE version used in integration tests (#215)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 integration-tests.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/integration-tests.sh b/integration-tests.sh
index 3a7d1feb..e98f3758 100755
--- a/integration-tests.sh
+++ b/integration-tests.sh
@@ -7,7 +7,7 @@ set -euf -o pipefail
 
 export SPIFFE_ENDPOINT_SOCKET="unix:/tmp/spire-agent/public/api.sock"
 
-spire_version="1.5.3"
+spire_version="1.8.7"
 spire_folder="spire-${spire_version}"
 spire_server_log_file="/tmp/spire-server/server.log"
 spire_agent_log_file="/tmp/spire-agent/agent.log"
@@ -24,7 +24,7 @@ function cleanup() {
 trap cleanup EXIT
 
 # Install and run a SPIRE server
-curl -s -N -L https://github.com/spiffe/spire/releases/download/v${spire_version}/spire-${spire_version}-linux-x86_64-glibc.tar.gz | tar xz
+curl -s -N -L https://github.com/spiffe/spire/releases/download/v${spire_version}/spire-${spire_version}-linux-amd64-musl.tar.gz | tar xz
 pushd "${spire_folder}"
 mkdir -p /tmp/spire-server
 bin/spire-server run -config conf/server/server.conf > "${spire_server_log_file}" 2>&1 &

From b19bd407b48903e59b6162ac8bf9b6ffc2c9edc9 Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Fri, 16 Feb 2024 17:56:58 -0300
Subject: [PATCH 10/17] Fix jacoco config (#212)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 .github/workflows/coverage.yml |  2 +-
 build.gradle                   | 14 ++++++++------
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index dcdbdb6e..bd071a55 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -19,7 +19,7 @@ jobs:
       - name: Generate and upload coverage report
         env:
           COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
-        run: ./gradlew build jacocoTestReport coveralls
+        run: ./gradlew jacocoTestReport coveralls
       - name: Cleanup Gradle Cache
         # Remove some files from the Gradle cache, so they aren't cached by GitHub Actions.
         # Restoring these files from a GitHub Actions cache might cause problems for future builds.
diff --git a/build.gradle b/build.gradle
index a2b64e94..0e4e2113 100644
--- a/build.gradle
+++ b/build.gradle
@@ -128,6 +128,8 @@ subprojects {
                 }
             }
         }
+
+        finalizedBy jacocoTestReport
     }
 }
 
@@ -153,6 +155,12 @@ task jacocoTestReport(type: JacocoReport) {
     }
 }
 
+jacocoTestReport.dependsOn {
+    subprojects.collectMany { project ->
+        project.tasks.matching { it.name in ['test'] }
+    }
+}
+
 coveralls {
     jacocoReportPath 'build/reports/jacoco/jacocoTestReport/jacocoTestReport.xml'
     sourceDirs = ['java-spiffe-core/src/main/java',
@@ -160,12 +168,6 @@ coveralls {
                   'java-spiffe-provider/src/main/java']
 }
 
-// always run the tests before generating the report
-jacocoTestReport.dependsOn {
-    subprojects*.test
-    copyJars // workaround to prevent deleting the build folder before generating the reports
-}
-
 // copy submodules jars to a common folder for deploy
 task copyJars(type: Copy) {
     duplicatesStrategy = DuplicatesStrategy.INCLUDE

From 15d2980d74edc79ebdede00bfc397fa15ec69e86 Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Fri, 16 Feb 2024 17:57:35 -0300
Subject: [PATCH 11/17] Upgrade Gradle version to 8.6 (#214)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 gradle/wrapper/gradle-wrapper.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 3499ded5..509c4a29 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.6-bin.zip
 networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists

From 881dbd0bf8eec3f66ec0d1015fff9db3a05fab2d Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Fri, 16 Feb 2024 17:58:09 -0300
Subject: [PATCH 12/17] Use Gradle Wrapper in Dockerfile (#213)

Use Gradle wrapper in Dockerfile

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 Dockerfile | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index cc378745..bf75febe 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,15 @@
-FROM gradle:8.5.0-jdk17 AS builder
-COPY --chown=gradle:gradle . /builder
+FROM eclipse-temurin:17-jdk AS builder
 WORKDIR /builder
-RUN gradle dependencies
-RUN gradle java-spiffe-helper:assemble -ParchiveClassifier=docker -Pversion=docker
+COPY . /builder
+
+RUN ./gradlew dependencies
+RUN ./gradlew java-spiffe-helper:assemble -ParchiveClassifier=docker -Pversion=docker
 
 FROM eclipse-temurin:17-jre AS runner
-COPY --chown=nobody:nobody \
-  conf/java-spiffe-helper.properties /app/java-spiffe-helper.properties
-COPY --from=builder \
-  --chown=nobody:nobody \
-  /builder/java-spiffe-helper/build/libs/java-spiffe-helper-docker-docker.jar /app/java-spiffe-helper.jar
 USER nobody
+
+COPY conf/java-spiffe-helper.properties /app/java-spiffe-helper.properties
+COPY --from=builder /builder/java-spiffe-helper/build/libs/java-spiffe-helper-docker-docker.jar /app/java-spiffe-helper.jar
+
 ENTRYPOINT ["java", "-jar", "/app/java-spiffe-helper.jar"]
 CMD ["--config", "/app/java-spiffe-helper.properties"]

From 9215056b63497723482c76e77ef401f2f1159546 Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Fri, 16 Feb 2024 18:37:23 -0300
Subject: [PATCH 13/17] Fix Gradle Deprecation Warnings (#211)

Fix Gradle warnings

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 build.gradle | 30 ++++++++----------------------
 1 file changed, 8 insertions(+), 22 deletions(-)

diff --git a/build.gradle b/build.gradle
index 0e4e2113..ac228c11 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,6 +1,7 @@
 plugins {
     id 'com.github.kt3k.coveralls' version '2.12.2'
     id 'com.google.osdetector' version '1.7.3'
+    id 'jvm-test-suite'
 }
 
 allprojects {
@@ -30,10 +31,10 @@ subprojects {
     apply plugin: 'maven-publish'
     apply plugin: 'signing'
 
-    sourceCompatibility = JavaVersion.VERSION_1_8
-    targetCompatibility = JavaVersion.VERSION_1_8
-
     java {
+        sourceCompatibility = JavaVersion.VERSION_1_8
+        targetCompatibility = JavaVersion.VERSION_1_8
+
         withJavadocJar()
         withSourcesJar()
     }
@@ -118,18 +119,12 @@ subprojects {
         testAnnotationProcessor group: 'org.projectlombok', name: 'lombok', version: "${lombokVersion}"
     }
 
-    test {
-        useJUnitPlatform()
-
-        testLogging {
-            afterSuite { desc, result ->
-                if (!desc.parent) {
-                    println "Results: ${result.resultType} (${result.testCount} tests, ${result.successfulTestCount} successes, ${result.failedTestCount} failures, ${result.skippedTestCount} skipped)"
-                }
+    testing {
+        suites {
+            test {
+                useJUnitJupiter()
             }
         }
-
-        finalizedBy jacocoTestReport
     }
 }
 
@@ -175,13 +170,4 @@ task copyJars(type: Copy) {
     into "$buildDir/libs"
 }
 
-task assemble {
-    dependsOn subprojects.assemble
-}
-
 assemble.finalizedBy copyJars
-
-task clean {
-    dependsOn subprojects.clean
-    delete "$buildDir"
-}

From 8bc61109dbccb2e3202089e71fa09666b0d749c2 Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Fri, 16 Feb 2024 18:37:41 -0300
Subject: [PATCH 14/17] Revert the addition of 'v' to docker image tags (#216)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 .github/workflows/docker.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index c21974dc..059b3501 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -29,6 +29,6 @@ jobs:
           context: .
           platforms: linux/amd64,linux/arm64
           push: true
-          tags: ${{ env.REGISTRY }}/${{ github.repository }}-helper:v${{ env.DOCKER_TAG }}
+          tags: ${{ env.REGISTRY }}/${{ github.repository }}-helper:${{ env.DOCKER_TAG }}
           cache-from: type=gha
           cache-to: type=gha,mode=max

From 8c9a6d1333a13b4a22260216cda72e2e4a60692f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 16 Feb 2024 16:32:19 -0600
Subject: [PATCH 15/17] Bump com.google.protobuf:protoc from 3.25.2 to 3.25.3
 (#218)

Bumps [com.google.protobuf:protoc](https://github.com/protocolbuffers/protobuf) from 3.25.2 to 3.25.3.
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](https://github.com/protocolbuffers/protobuf/compare/v3.25.2...v3.25.3)

---
updated-dependencies:
- dependency-name: com.google.protobuf:protoc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 java-spiffe-core/build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java-spiffe-core/build.gradle b/java-spiffe-core/build.gradle
index 780e03b6..35acc7aa 100644
--- a/java-spiffe-core/build.gradle
+++ b/java-spiffe-core/build.gradle
@@ -50,7 +50,7 @@ task integrationTest(type: Test) {
 
 protobuf {
     protoc {
-        artifact = 'com.google.protobuf:protoc:3.25.2'
+        artifact = 'com.google.protobuf:protoc:3.25.3'
     }
     plugins {
         grpc {

From 6e993c4350ee8297bbc8963e64b7019283dbd45b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 27 Feb 2024 16:51:23 -0600
Subject: [PATCH 16/17] Bump grpcVersion from 1.61.1 to 1.62.2 (#222)

Bumps `grpcVersion` from 1.61.1 to 1.62.2.

Updates `io.grpc:protoc-gen-grpc-java` from 1.61.1 to 1.62.2
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](https://github.com/grpc/grpc-java/compare/v1.61.1...v1.62.2)

Updates `io.grpc:grpc-protobuf` from 1.61.1 to 1.62.2
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](https://github.com/grpc/grpc-java/compare/v1.61.1...v1.62.2)

Updates `io.grpc:grpc-stub` from 1.61.1 to 1.62.2
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](https://github.com/grpc/grpc-java/compare/v1.61.1...v1.62.2)

Updates `io.grpc:grpc-inprocess` from 1.61.1 to 1.62.2
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](https://github.com/grpc/grpc-java/compare/v1.61.1...v1.62.2)

Updates `io.grpc:grpc-testing` from 1.61.1 to 1.62.2
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](https://github.com/grpc/grpc-java/compare/v1.61.1...v1.62.2)

Updates `io.grpc:grpc-netty-shaded` from 1.61.1 to 1.62.2
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](https://github.com/grpc/grpc-java/compare/v1.61.1...v1.62.2)

Updates `io.grpc:grpc-netty` from 1.61.1 to 1.62.2
- [Release notes](https://github.com/grpc/grpc-java/releases)
- [Commits](https://github.com/grpc/grpc-java/compare/v1.61.1...v1.62.2)

---
updated-dependencies:
- dependency-name: io.grpc:protoc-gen-grpc-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.grpc:grpc-protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.grpc:grpc-stub
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.grpc:grpc-inprocess
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.grpc:grpc-testing
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.grpc:grpc-netty-shaded
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: io.grpc:grpc-netty
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 build.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build.gradle b/build.gradle
index ac228c11..791e84d0 100644
--- a/build.gradle
+++ b/build.gradle
@@ -16,7 +16,7 @@ subprojects {
     version = project.version
 
     ext {
-        grpcVersion = '1.61.1'
+        grpcVersion = '1.62.2'
         jupiterVersion = '5.10.2'
         mockitoVersion = '4.11.0'
         lombokVersion = '1.18.30'

From 4103c932623e92ec1500cc4f2af64c1324d40a5a Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Wed, 28 Feb 2024 12:48:39 -0600
Subject: [PATCH 17/17] Point badge to main branch (#219)

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index de3332d2..a43d5202 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 # Java SPIFFE Library
 
 [![continuous-integration](https://github.com/spiffe/java-spiffe/actions/workflows/gradle.yml/badge.svg)](https://github.com/spiffe/java-spiffe/actions/workflows/gradle.yml)
-[![Coverage Status](https://coveralls.io/repos/github/spiffe/java-spiffe/badge.svg)](https://coveralls.io/github/spiffe/java-spiffe?branch=master)
+[![Coverage Status](https://coveralls.io/repos/github/spiffe/java-spiffe/badge.svg)](https://coveralls.io/github/spiffe/java-spiffe?branch=main)
 
 ## Overview