Comments (3)
Some additional notes:
- OpenRewrite has a recipe for the migration to Jakarta EE 9: https://docs.openrewrite.org/recipes/java/migrate/jakarta/javaxmigrationtojakarta. I tested it already and it works great, both for the Alpine and Dependency-Track codebase.
mvn -U org.openrewrite.maven:rewrite-maven-plugin:run \
-Drewrite.recipeArtifactCoordinates=org.openrewrite.recipe:rewrite-migrate-java:LATEST \
-Drewrite.activeRecipes=org.openrewrite.java.migrate.jakarta.JavaxMigrationToJakarta
swagger-core
1.x does not support Jakarta. We have to upgrade to 2.x, which also changes the OpenAPI spec from 2.x to 3.x. This means we have an implicit dependency on #1. Lots of annotations have changed, causing increased manual refactoring effort, especially on the Dependency-Track side.
from alpine.
@stevespringett What is your current opinion on how to deal with Alpine's OpenAPI integration?
- As mentioned above, updating the Swagger library is a precondition for moving forward with the Jakarta migration
- Updating
swagger-core
will cause significant refactoring efforts in DT due to all the annotation changes
- Updating
- DependencyTrack/dependency-track#840 states that auto-generated OpenAPI docs should be removed altogether from Alpine and DT, and switching to manually-maintained OpenAPI docs instead
Should we upgrade swagger-core
, or should we drop it completely from Alpine?
I propose to:
- Remove Swagger / OpenAPI from Alpine entirely (would this require a Alpine v3 release?)
- Export the current auto-generated Swagger doc from DT
- Remove all Swagger annotations from DT
- Serve exported
swagger.json
in DT via static file servlet
In a next step, we can start working on DependencyTrack/dependency-track#840:
- As this will be a larger task, we can ship the new OpenAPI v3 manifest in addition to the legacy Swagger v2 file
- e.g.
/api/swagger.json
and/api/openapi-v3.yaml
- e.g.
- OpenAPI v3 manifest will be worked on iteratively until it covers the entire API surface
- Once coverage reaches 100%, remove legacy
swagger.json
Thoughts?
from alpine.
That sounds like a solid approach. We will eventually need to determine, possibly through a PR check, of modifications made to a resource which do not include modifications to the api docs. Keeping the api docs in sync with the code may be a challenge, but at least we'll have accurate docs at some point.
Alpine v3 sounds good to me.
from alpine.
Related Issues (20)
- Add create and last used timestamps for API Keys
- Incorrect Package for java.naming.ldap.factory.socket, DependencyTrack LDAP Connection failures. HOT 1
- Update to Java 17 HOT 4
- Add an OIDC default group HOT 1
- Add description field to ApiKey
- Save and load `SecretKey` using encoded byte array instead of Java Object Serialization
- Add getTeams() to Principal contract
- Add support for multiple OIDC providers
- Use new class ProxyConfig for proxy selection in OIDC configuration
- Update JUnit 4 to 5 using OpenRewrite
- Log IP / User Agent for invalid ApiKeys and JWTs
- Provide a means to disable or otherwise configure the DataNucleus L2 cache
- Use USERS_SEARCH_FILTER to search for LDAP User
- Add ability to customize the Micrometer `MeterRegistry`
- Add support for logging in JSON format
- Treat API key as secret and store them securely HOT 7
- Add dynamic JWT Token expiry time
- Add 'comment' field for API keys HOT 2
- Upgrade Surefire Plugin from 2.22.2 to Latest 3.x
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from alpine.