From 734f2a3e47044414b7237a4e271901fc83ec8510 Mon Sep 17 00:00:00 2001 From: Ben Manes Date: Mon, 23 Dec 2024 15:12:38 -0800 Subject: [PATCH] sign maven artifacts with sigstore --- .github/workflows/build.yml | 12 +++++++----- gradle/libs.versions.toml | 2 ++ gradle/plugins/build.gradle.kts | 1 + .../kotlin/lifecycle/publish.caffeine.gradle.kts | 1 + .../cache/simulator/policy/adaptive/CartPolicy.java | 11 ++++++----- .../simulator/policy/two_queue/TwoQueuePolicy.java | 3 ++- 6 files changed, 19 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b2e7325574..4349e31232 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -331,16 +331,18 @@ jobs: name: Publish Snapshot runs-on: ubuntu-latest needs: tests - if: > - github.event_name == 'push' - && github.event.repository.fork == false - && endsWith(github.ref, github.event.repository.default_branch) + # if: > + # github.event_name == 'push' + # && github.event.repository.fork == false + # && endsWith(github.ref, github.event.repository.default_branch) + permissions: + id-token: write steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: disable-sudo: true - egress-policy: block + egress-policy: audit allowed-endpoints: > ${{ env.ALLOWED_ENDPOINTS }} docs.oracle.com:443 diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 788db96365..02137f4e9c 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -84,6 +84,7 @@ protobuf = "4.29.2" slf4j = "2.0.16" slf4j-test = "3.0.1" snakeyaml = "2.3" +sigstore = "1.2.0" sonarqube = "6.0.1.5171" spotbugs = "4.8.6" spotbugs-contrib = "7.6.9" @@ -237,6 +238,7 @@ jmh-report = { id = "io.morethan.jmhreport", version.ref = "jmh-report" } jvm-dependency-conflict-resolution = { id = "org.gradlex.jvm-dependency-conflict-resolution", version.ref = "jvm-dependency-conflict-resolution" } nexus-publish = { id = "io.github.gradle-nexus.publish-plugin", version.ref = "nexus-publish" } nullaway = { id = "net.ltgt.nullaway", version.ref = "nullaway-plugin" } +sigstore = { id = "dev.sigstore.sign", version.ref = "sigstore" } sonarqube = { id = "org.sonarqube", version.ref = "sonarqube" } spotbugs = { id = "com.github.spotbugs", version.ref = "spotbugs-plugin" } versions = { id = "com.github.ben-manes.versions", version.ref = "versions" } diff --git a/gradle/plugins/build.gradle.kts b/gradle/plugins/build.gradle.kts index 83ef0690e1..a9a4a4096d 100644 --- a/gradle/plugins/build.gradle.kts +++ b/gradle/plugins/build.gradle.kts @@ -26,6 +26,7 @@ dependencies { implementation(plugin(libs.plugins.bnd)) implementation(plugin(libs.plugins.idea)) implementation(plugin(libs.plugins.nullaway)) + implementation(plugin(libs.plugins.sigstore)) implementation(plugin(libs.plugins.spotbugs)) implementation(plugin(libs.plugins.versions)) implementation(plugin(libs.plugins.sonarqube)) diff --git a/gradle/plugins/src/main/kotlin/lifecycle/publish.caffeine.gradle.kts b/gradle/plugins/src/main/kotlin/lifecycle/publish.caffeine.gradle.kts index 37e2c9ceac..437960f4b5 100644 --- a/gradle/plugins/src/main/kotlin/lifecycle/publish.caffeine.gradle.kts +++ b/gradle/plugins/src/main/kotlin/lifecycle/publish.caffeine.gradle.kts @@ -1,4 +1,5 @@ plugins { + id("dev.sigstore.sign") `maven-publish` `java-library` signing diff --git a/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/policy/adaptive/CartPolicy.java b/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/policy/adaptive/CartPolicy.java index 537adc1c82..312d154872 100644 --- a/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/policy/adaptive/CartPolicy.java +++ b/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/policy/adaptive/CartPolicy.java @@ -241,10 +241,11 @@ private void demote() { // nL = nL − 1 policyStats.recordEviction(); + requireNonNull(headT2.next); - while (requireNonNull(headT2.next).marked) { + while (headT2.next.marked) { policyStats.recordOperation(); - Node demoted = headT2.next; + Node demoted = requireNonNull(headT2.next); demoted.marked = false; demoted.remove(); sizeT2--; @@ -257,10 +258,10 @@ private void demote() { } } - while ((requireNonNull(headT1.next).filter == FilterType.LONG_TERM) - || requireNonNull(headT1.next).marked) { + requireNonNull(headT1.next); + while ((headT1.next.filter == FilterType.LONG_TERM) || headT1.next.marked) { policyStats.recordOperation(); - Node node = headT1.next; + Node node = requireNonNull(headT1.next); if (node.marked) { node.moveToTail(headT1); node.marked = false; diff --git a/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/policy/two_queue/TwoQueuePolicy.java b/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/policy/two_queue/TwoQueuePolicy.java index 2d71d514b9..d5876355f7 100644 --- a/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/policy/two_queue/TwoQueuePolicy.java +++ b/simulator/src/main/java/com/github/benmanes/caffeine/cache/simulator/policy/two_queue/TwoQueuePolicy.java @@ -94,7 +94,8 @@ public void record(long key) { policyStats.recordOperation(); @Var Node node = data.get(key); if (node != null) { - switch (requireNonNull(node.type)) { + requireNonNull(node.type); + switch (node.type) { case MAIN: node.moveToTail(headMain); policyStats.recordHit();