Merge branch 'main' into feature/security-scan

.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[src/test*/java/**.java]
+indent_size = 4
+ij_continuation_indent_size = 2

.github/workflows/ci.yml

@@ -23,8 +23,6 @@ jobs:
     uses: openrewrite/gh-automation/.github/workflows/ci-gradle.yml@main
     secrets:
       gradle_enterprise_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
-      gradle_enterprise_cache_username: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
-      gradle_enterprise_cache_password: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
       ossrh_username: ${{ secrets.OSSRH_USERNAME }}
       ossrh_token: ${{ secrets.OSSRH_TOKEN }}
       ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }}

.github/workflows/comment-pr.yml

@@ -0,0 +1,15 @@
+name: comment-pr
+
+# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
+on:
+  workflow_run:
+    workflows: ["receive-pr"]
+    types:
+      - completed
+
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code.
+jobs:
+  post-suggestions:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    uses: openrewrite/gh-automation/.github/workflows/comment-pr.yml@main

.github/workflows/receive-pr.yml

@@ -0,0 +1,17 @@
+name: receive-pr
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    branches:
+      - main
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.ref }}'
+  cancel-in-progress: true
+
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment.
+jobs:
+  upload-patch:
+    uses: openrewrite/gh-automation/.github/workflows/receive-pr.yml@main

README.md

@@ -4,7 +4,7 @@
 [![ci](https://github.com/openrewrite/rewrite-jenkins/actions/workflows/ci.yml/badge.svg)](https://github.com/openrewrite/rewrite-jenkins/actions/workflows/ci.yml)
 [![Apache 2.0](https://img.shields.io/github/license/openrewrite/rewrite-jenkins.svg)](https://www.apache.org/licenses/LICENSE-2.0)
 [![Maven Central](https://img.shields.io/maven-central/v/org.openrewrite.recipe/rewrite-jenkins.svg)](https://mvnrepository.com/artifact/org.openrewrite.recipe/rewrite-jenkins)
-[![Revved up by Gradle Enterprise](https://img.shields.io/badge/Revved%20up%20by-Gradle%20Enterprise-06A0CE?logo=Gradle&labelColor=02303A)](https://ge.openrewrite.org/scans)
+[![Revved up by Develocity](https://img.shields.io/badge/Revved%20up%20by-Develocity-06A0CE?logo=Gradle&labelColor=02303A)](https://ge.openrewrite.org/scans)
 [![Contributing Guide](https://img.shields.io/badge/Contributing-Guide-informational)](https://github.com/openrewrite/.github/blob/main/CONTRIBUTING.md)
 
 ## What is this?
@@ -20,6 +20,19 @@ Additionally, depending on newer versions of Jenkins allows our builds to pick u
 These deprecations can often be migrated with new OpenRewrite recipes.
 Proactively handling deprecations in the plugins we depend on allows us to avoid runtime issues if and when the deprecated code is removed.
 
+## Quick start
+
+[Running Rewrite on a Maven project without modifying the build][mvn-cli] is very helpful for getting started.
+To run the `org.openrewrite.jenkins.github.AddTeamToCodeowners` recipe:
+
+```shell
+$ mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
+      -Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-jenkins:RELEASE \
+      -Drewrite.activeRecipes=org.openrewrite.jenkins.github.AddTeamToCodeowners
+```
+
+[mvn-cli]: https://docs.openrewrite.org/running-recipes/running-rewrite-on-a-maven-project-without-modifying-the-build
+
 ## How to use?
 
 See the full documentation at [docs.openrewrite.org](https://docs.openrewrite.org/).

build.gradle.kts

@@ -13,16 +13,20 @@ dependencies {
 
     implementation(platform("org.openrewrite:rewrite-bom:$rewriteVersion"))
 
+    implementation("org.openrewrite:rewrite-groovy")
     implementation("org.openrewrite:rewrite-java")
     implementation("org.openrewrite:rewrite-maven")
     implementation("org.openrewrite:rewrite-yaml")
+    implementation("org.openrewrite.recipe:rewrite-java-dependencies:$rewriteVersion")
     runtimeOnly("org.openrewrite:rewrite-java-11")
 
     testImplementation("org.ow2.asm:asm:latest.release")
 
     testImplementation(platform("org.junit:junit-bom:latest.release"))
     testImplementation("org.junit.jupiter:junit-jupiter-api")
     testImplementation("org.junit.jupiter:junit-jupiter-params")
+    testImplementation(platform("org.mockito:mockito-bom:latest.release"))
+    testImplementation("org.mockito:mockito-junit-jupiter")
     testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
 
     testImplementation("org.openrewrite:rewrite-test")

gradle/licenseHeader.txt

@@ -1,4 +1,4 @@
-Copyright 2023 the original author or authors.
+Copyright ${year} the original author or authors.
 <p>
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.

gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,8 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.2.1-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
+distributionSha256Sum=57dafb5c2622c6cc08b993c85b7c06956a2f53536432a30ead46166dbca0f1e9

gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -83,7 +85,8 @@ done
 # This is normally unused
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
-APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
+# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -144,15 +147,15 @@ if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
     case $MAX_FD in #(
       max*)
         # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         MAX_FD=$( ulimit -H -n ) ||
             warn "Could not query maximum file descriptor limit"
     esac
     case $MAX_FD in  #(
       '' | soft) :;; #(
       *)
         # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
-        # shellcheck disable=SC3045
+        # shellcheck disable=SC2039,SC3045
         ulimit -n "$MAX_FD" ||
             warn "Could not set maximum file descriptor limit to $MAX_FD"
     esac
@@ -201,11 +204,11 @@ fi
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
-# Collect all arguments for the java command;
-#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
-#     shell script including quotes and variable substitutions, so put them in
-#     double quotes to make sure that they get re-expanded; and
-#   * put everything else in single quotes, so that it's not re-expanded.
+# Collect all arguments for the java command:
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#     and any embedded shellness will be escaped.
+#   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
+#     treated as '${Hostname}' itself on the command line.
 
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \

gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 

settings.gradle.kts

@@ -8,38 +8,33 @@ pluginManagement {
 }
 
 plugins {
-    id("com.gradle.enterprise") version "latest.release"
+    id("com.gradle.develocity") version "latest.release"
     id("com.gradle.common-custom-user-data-gradle-plugin") version "latest.release"
 }
 
-gradleEnterprise {
-    val isCiServer = System.getenv("CI")?.equals("true") ?: false
+develocity {
     server = "https://ge.openrewrite.org/"
-    val gradleCacheRemoteUsername: String? = System.getenv("GRADLE_ENTERPRISE_CACHE_USERNAME")
-    val gradleCacheRemotePassword: String? = System.getenv("GRADLE_ENTERPRISE_CACHE_PASSWORD")
-
+    val isCiServer = System.getenv("CI")?.equals("true") ?: false
+    val accessKey = System.getenv("GRADLE_ENTERPRISE_ACCESS_KEY")
+    val authenticated = !accessKey.isNullOrBlank()
     buildCache {
-        remote(HttpBuildCache::class) {
-            url = uri("https://ge.openrewrite.org/cache/")
-            isPush = isCiServer
-            if (!gradleCacheRemoteUsername.isNullOrBlank() && !gradleCacheRemotePassword.isNullOrBlank()) {
-                credentials {
-                    username = gradleCacheRemoteUsername
-                    password = gradleCacheRemotePassword
-                }
-            }
+        remote(develocity.buildCache) {
+            isEnabled = true
+            isPush = isCiServer && authenticated
         }
     }
 
     buildScan {
         capture {
-            isTaskInputFiles = true
+            fileFingerprints = true
         }
 
-        isUploadInBackground = !isCiServer
+        publishing {
+            onlyIf {
+                authenticated
+            }
+        }
 
-        publishAlways()
-        this as com.gradle.enterprise.gradleplugin.internal.extension.BuildScanExtensionWithHiddenFeatures
-        publishIfAuthenticated()
+        uploadInBackground = !isCiServer
     }
 }

src/main/java/org/openrewrite/jenkins/AddJellyXmlDeclaration.java

@@ -0,0 +1,84 @@
+/*
+ * Copyright 2024 the original author or authors.
+ * <p>
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * https://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.openrewrite.jenkins;
+
+import org.openrewrite.ExecutionContext;
+import org.openrewrite.Recipe;
+import org.openrewrite.text.PlainText;
+import org.openrewrite.text.PlainTextVisitor;
+
+/**
+ * Recipe to add an XML declaration to Jelly files.
+ */
+public class AddJellyXmlDeclaration extends Recipe {
+    private static final String JELLY_DECLARATION = "<?jelly escape-by-default='true'?>";
+
+    /**
+     * Returns the display name of the recipe.
+     *
+     * @return the display name of the recipe
+     */
+    @Override
+    public String getDisplayName() {
+        return "Add XML declaration to Jelly files";
+    }
+
+    /**
+     * Returns the description of the recipe.
+     *
+     * @return the description of the recipe
+     */
+    @Override
+    public String getDescription() {
+        return "Ensure the XML declaration `<?jelly escape-by-default='true'?>` is present in all `.jelly` files.";
+    }
+
+    /**
+     * Returns a visitor that adds the XML declaration to Jelly files.
+     *
+     * @return a PlainTextVisitor that adds the XML declaration
+     */
+    @Override
+    public PlainTextVisitor<ExecutionContext> getVisitor() {
+        return new PlainTextVisitor<ExecutionContext>() {
+
+            /**
+             * Visits the text and adds the XML declaration if necessary.
+             *
+             * @param text the PlainText object representing the file content
+             * @param ctx the execution context
+             */
+            @Override
+            public PlainText visitText(PlainText text, ExecutionContext ctx) {
+                if (text.getSourcePath().toString().endsWith(".jelly")) {
+                    String content = text.getText().trim();
+                    if (content.isEmpty()) {
+                        return text.withText(JELLY_DECLARATION);
+                    }
+                    String lineEnding = content.contains("\r\n") ? "\r\n" : "\n";
+                    if (content.toLowerCase().matches("^<\\?jelly\\s+[^>]*>") && !content.startsWith(JELLY_DECLARATION)) {
+                        content = content.substring(content.indexOf(lineEnding) + lineEnding.length());
+                    }
+                    if (!content.startsWith(JELLY_DECLARATION)) {
+                        content = JELLY_DECLARATION + lineEnding + content;
+                        return text.withText(content);
+                    }
+                }
+                return text;
+            }
+        };
+    }
+}