Merge remote-tracking branch 'origin/master' into danielthegray-impro…

…ve-missing-class-name-custom-change-error

.github/dependabot.yml

@@ -0,0 +1,16 @@
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "maven"
+    directory: "/"
+    open-pull-requests-limit: 10
+    schedule:
+      interval: "daily"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]

.github/util/workflow-helper.js

@@ -136,6 +136,7 @@ module.exports = ({github, context}) => {
                                     returnData.runStatus = run.status;
                                     returnData.runConclusion = run.conclusion;
                                     returnData.runHtmlUrl = run.html_url;
+                                    returnData.runRerunUrl = run.rerun_url;
                                 }
 
                                 if (run.status === "completed" && run.conclusion === "success") {
@@ -145,6 +146,7 @@ module.exports = ({github, context}) => {
                                     returnData.lastSuccessfulRunStatus = run.status;
                                     returnData.lastSuccessfulRunConclusion = run.conclusion;
                                     returnData.lastSuccessfulRunHtmlUrl = run.html_url;
+                                    returnData.lastSuccessfulRunRerunUrl = run.rerun_url;
 
                                     break;
                                 } else {

.github/workflows/build.yml

@@ -14,6 +14,8 @@ on:
       - master
       - main
       - github-action-*
+    paths-ignore:
+      - '**.md'
 
 jobs:
   setup:
@@ -150,15 +152,63 @@ jobs:
           path: |
             */target/*-0-SNAPSHOT.jar
 
+  sonar:
+    name: Sonar Scan
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+          ref: ${{ github.event.pull_request.head.sha || github.event.after}}
+      - name: Set up JDK
+        uses: actions/setup-java@v2
+        with:
+          java-version: 11
+          distribution: 'adopt'
+          cache: 'maven'
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: mvn clean verify sonar:sonar -P sonar -Dsonar.login=$SONAR_TOKEN
+
   integration-test:
     name: Integration Test
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        testSystem:
+          - h2
+#          - h2:1.4
+          - hsqldb
+          - mariadb
+          - mssql
+          - mysql
+          - oracle
+          - postgresql
+          - sqlite
     needs: build
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@v2
         with:
           ref: ${{ github.event.pull_request.head.sha || github.event.after}}
 
+      - name: Prepare
+        id: prepare
+        uses: actions/github-script@v5
+        with:
+          script: |
+            core.setOutput("testResultsArtifact", "liquibase-test-results-integration-${{ matrix.testSystem }}".replace(/[^a-zA-Z0-9\-_]/g, "_"));
+
       - name: Set up JDK 8
         uses: actions/setup-java@v2
         with:
@@ -177,17 +227,15 @@ jobs:
           registry: docker-dev.artifactory.datical.net
           username: ${{ secrets.ARTIFACTORY_USER }}
           password: ${{ secrets.ARTIFACTORY_TOKEN }}
-      - name: Start Docker Databases
-        run: docker-compose -f ./liquibase-integration-tests/docker/docker-compose.yml up -d
+
       - name: Run Tests
-        run: mvn -B jar:jar jar:test-jar surefire:test -DtrimStackTrace=false
-      - name: Stop Docker Databases
-        run: docker-compose -f ./liquibase-integration-tests/docker/docker-compose.yml down
+        run: mvn -B jar:jar jar:test-jar surefire:test -DtrimStackTrace=false -Dliquibase.sdk.testSystem.test=hub,${{ matrix.testSystem }} -Dliquibase.sdk.testSystem.acceptLicenses=${{ matrix.testSystem }} -Dtest=*IntegrationTest,*ExecutorTest -DfailIfNoTests=false
+
       - name: Archive Test Results
         if: ${{ always() }}
         uses: actions/upload-artifact@v2
         with:
-          name: liquibase-test-results-integration
+          name: ${{ steps.prepare.outputs.testResultsArtifact }}
           path: |
             ./**/target/surefire-reports
 
@@ -244,8 +292,19 @@ jobs:
       - name: Build & Sign Artifacts
         env:
           INSTALL4J_LICENSE: ${{ secrets.INSTALL4J_LICENSE }}
+          INSTALL4J_APPLE_KEY: ${{ secrets.INSTALL4J_APPLE_KEY }}
+          INSTALL4J_APPLE_KEY_PASSWORD: ${{ secrets.INSTALL4J_APPLE_KEY_PASSWORD }}
+          INSTALL4J_WINDOWS_KEY: ${{ secrets.INSTALL4J_WINDOWS_KEY }}
+          INSTALL4J_WINDOWS_KEY_PASSWORD: ${{ secrets.INSTALL4J_WINDOWS_KEY_PASSWORD }}
           GPG_PASSWORD: ${{ secrets.GPG_PASSPHRASE }}
         run: |
+          ## save install4j code signing keys
+          mkdir -p liquibase-dist/target/keys
+          echo "Saving apple key"
+          echo "$INSTALL4J_APPLE_KEY" | base64 -d > liquibase-dist/target/keys/datical_apple.p12
+
+          echo "Saving windows key"
+          echo "$INSTALL4J_WINDOWS_KEY" | base64 -d > liquibase-dist/target/keys/datical_windows.pfx
           mvn -B -pl liquibase-dist -P liquibase-pro source:jar package
 
           ## extract tar content for other artifacts
@@ -284,7 +343,9 @@ jobs:
           cp liquibase-dist/target/liquibase-0-SNAPSHOT.tar.gz artifacts-named/liquibase-${{ needs.setup.outputs.thisBranchFileName }}.tar.gz
           cp liquibase-dist/target/liquibase-0-SNAPSHOT.jar artifacts-named/liquibase-${{ needs.setup.outputs.thisBranchFileName }}.jar
           cp liquibase-maven-plugin/target/liquibase-maven-plugin-0-SNAPSHOT.jar artifacts-named/liquibase-maven-plugin-${{ needs.setup.outputs.thisBranchFileName }}.jar
+          cp liquibase-cdi/target/liquibase-cdi-0-SNAPSHOT.jar artifacts-named/liquibase-cdi-${{ needs.setup.outputs.thisBranchFileName }}.jar
           cp liquibase-extension-testing/target/liquibase-extension-testing-0-SNAPSHOT.jar artifacts-named/liquibase-extension-testing-${{ needs.setup.outputs.thisBranchFileName }}.jar
+          cp liquibase-extension-testing/target/liquibase-extension-testing-0-SNAPSHOT-deps.jar artifacts-named/liquibase-extension-testing-${{ needs.setup.outputs.thisBranchFileName }}-deps.jar
 
       - name: Archive Packages
         uses: actions/upload-artifact@v2
@@ -308,7 +369,7 @@ jobs:
   finish:
     name: Finish Build
     runs-on: ubuntu-latest
-    needs: [ setup, build, integration-test, package ]
+    needs: [ setup, build, integration-test, package, sonar ]
     if: ${{ always() }}
     steps:
       - uses: actions/checkout@v2
@@ -352,22 +413,27 @@ jobs:
                 "ref": currentBranchInfo.sha
               });
 
-              console.log("See statuses");
               let failedCheckingUs = false;
-              for (let status of checks.data) {
-                if (status.context == "Stable Liquibase Core") {
-                  console.log("Stable Liquibase Core is "+ status.state);
-                  failedCheckingUs = (status.state == "failure");
+              if (standalonePR) {
+                for (let status of checks.data) {
+                  if (status.context == "Stable Liquibase Core") {
+                    console.log("Stable Liquibase Core is "+ status.state);
+                    failedCheckingUs = (status.state == "failure");
+                  }
                 }
               }
 
               if (failedCheckingUs) {
                 console.log("Rerun liquibase-pro that was waiting on us");
-                await github.rest.actions.retryWorkflow({
-                    "owner": "liquibase",
-                    "repo": "liquibase-pro",
-                    "run_id": currentBranchInfo.workflowId
-                });
+
+                //octokit removed the retryWorkflow function
+                github.request("POST "+currentBranchInfo.runRerunUrl);
+
+                //await github.rest.actions.retryWorkflow({
+                //    "owner": "liquibase",
+                //    "repo": "liquibase-pro",
+                //    "run_id": currentBranchInfo.workflowId
+                //});
               }
             }
 

.gitignore

@@ -13,6 +13,9 @@ release.properties
 /bin
 **/liquibase.integrationtest.local.properties
 **/liquibase.test.local.properties
+**/liquibase.local.properties
+**/liquibase.sdk.local.yaml
+**/liquibase.sdk.local.yml
 derby.log
 .idea
 *.iml

README.md

@@ -1,4 +1,4 @@
-# Liquibase [![Build and Test](https://github.com/liquibase/liquibase/actions/workflows/build.yml/badge.svg)](https://github.com/liquibase/liquibase/actions/workflows/build.yml)
+# Liquibase [![Build and Test](https://github.com/liquibase/liquibase/actions/workflows/build.yml/badge.svg)](https://github.com/liquibase/liquibase/actions/workflows/build.yml) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=liquibase&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=liquibase)
 <p align="center"><img src="https://github.com/liquibase/liquibase/blob/master/Liquibase.png" width="30%" height="30%"></p>
 
 Liquibase helps millions of teams track, version, and deploy database schema changes. It will help you to:

SECURITY.md

@@ -0,0 +1,36 @@
+
+# Responsible Disclosure Policy
+
+We encourage security researchers and users to share the details of any suspected vulnerabilities with the Liquibase Information Security Team by submitting the relevant information. Liquibase will review the submission to determine if the finding is valid and has not been previously reported. We require submitters to include detailed information with steps for us to reproduce the vulnerability.
+
+
+## Our Commitment:
+If you identify a valid security vulnerability in compliance with this Responsible Disclosure Policy, Liquibase commits to:
+* Working with you to understand and validate the issue
+* Addressing the risk (if deemed appropriate by Liquibase)
+
+## Noncompliance:
+
+Public disclosure of the submission details of any identified or alleged vulnerability without express written consent from Liquibase will deem the submission as noncompliant with this Responsible Disclosure Policy.
+
+In addition, to remain compliant you are prohibited from:
+* Accessing, downloading, or modifying data residing in an account that does not belong to you
+* Executing or attempting to execute any “Denial of Service” attack
+* Posting, transmitting, uploading, linking to, sending, or storing any malicious software
+* Testing in a manner that would result in the sending unsolicited or unauthorized junk mail, spam, pyramid schemes, or other forms of unsolicited messages
+* Testing in a manner that would degrade the operation of any Liquibase systems
+* Testing third-party applications, websites, or services that integrate with or link to Liquibase systems
+
+## How to Submit a Vulnerability
+
+While we are happy to receive vulnerability information in any form, we appreciate discrete submission via email to Liquibase's Information Security Team at infosec@liquibase.com with the following details about the security issue.
+
+### Submission Details:
+
+* Summary title (Help us get an idea of what this vulnerability is about)
+* Vulnerability details
+  * Description (Describe the vulnerability and its impact)
+  * Provide a proof of concept or replication steps
+* Submitter’s email
+
+While we greatly appreciate community reports regarding security issues, at this time Liquibase does not provide compensation for vulnerability reports.

changelog.txt

@@ -1,7 +1,20 @@
 Liquibase Core Changelog
 ===========================================
 
-Changes in version 4.7.0(2022.01.07)
+Changes in version 4.7.1 (2022.01.21)
+
+- Fix bug which makes Liquibase misidentify your database dialect if the string 'edb' is in your connection url. (#2364)
+- Output changeset execution to UI like rollback does (#1932)
+- Support MaxDB for sequences (#932)
+- Include columnDataType in generated setColumnRemarks changesets (#2188)
+- Use database time for changeloglock table (#2217)
+- Mysql: support additional information "double" datatypes (#2293)
+- Correctly handle old "liquibase tagExists myTag" style CLI structure (#2269)
+- Correctly handle cacheSize in mariadb (#2270)
+- Mark liquibase-maven-plugin logging configuration as deprecated (#2261)
+- Added validation errors for SQLite and DB2z databases (#2359)
+
+Changes in version 4.7.0 (2022.01.07)
 
 Liquibase 4.7.0 introduces the init command with the project subcommand, which helps to build the necessary
 configuration files for using Liquibase or, if you already use Liquibase, create new project files with minimal input.[DAT-8640]
@@ -14,7 +27,7 @@ Enhancements
 - [PR#2244] [szandany] Enabled the use of the jdbc:edb URL for Liquibase to recognize EnterpriseDB
 - [PR#2225] [nvoxland] [catholic-indulgence-vaper] Enabled the use of lowercase sys.synonyms objects for the generate-changelog and diff-changelog commands in Liquibase and SQL Server. The PR fixes PR#2044.
 - Added DB2 on z/OS database type and Java classes for Liquibase
-- Upgrade h2 to newer version 2.0.202
+- Upgrade h2 to newer version 2.0.206
 
 Fixes
 - Fixed the generateChangeLog wrong dependency order: the addPrimaryKey Change Type appeared before its base table in PostgreSQL [DAT-8256]