Backport changes to the release/3.1.x branch (#100)

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Sarah Cecchetti <sarahcec@amazon.com>
Signed-off-by: Shaobo He <shaobohe@amazon.com>
Signed-off-by: David Handermann <exceptionfactory@apache.org>
Signed-off-by: Andrew Wells <anmwells@amazon.com>
Signed-off-by: Kesha Hietala <khieta@amazon.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sarah Cecchetti <sarah@engageidentity.com>
Co-authored-by: shaobo-he-aws <130499339+shaobo-he-aws@users.noreply.github.com>
Co-authored-by: David Handermann <exceptionfactory@apache.org>
Co-authored-by: Andrew Wells <130512013+andrewmwells-amazon@users.noreply.github.com>

Author: 6 people

.github/workflows/ci.yml

@@ -1,48 +1,45 @@
-name: Build & Test (CedarJava & CedarJavaFFI)
+name: Continuous Integration Build
 
 on:
   pull_request:
+  workflow_dispatch:
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
-  build_and_test_cedar_java_ffi:
-    name: Rust project - latest
-    runs-on: ubuntu-latest
+  build:
     strategy:
       matrix:
-        toolchain:
-          - stable
+        os: [ubuntu-latest, macos-14]
+        include:
+          - os: ubuntu-latest
+            name: Build on Linux
+            zigInstall: sudo snap install zig --beta --classic
+          - os: macos-14
+            name: Build on macOS
+            zigInstall: brew install zig
+    runs-on: ${{ matrix.os }}
+    name: ${{ matrix.name }}
     steps:
-      - name: Checkout CedarJava
-        uses: actions/checkout@v3
-      - name: Checkout cedar
-        uses: actions/checkout@v3
-        with:
-          repository: cedar-policy/cedar
-          ref: main
-          path: ./cedar
-      - name: rustup
-        run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }}
-      - name: cargo fmt
-        working-directory: ./CedarJavaFFI
+      - name: Checkout cedar-java
+        uses: actions/checkout@v4
+      - name: Prepare Rust Build
+        run: rustup update stable && rustup default stable
+      - name: Check FFI Formatting
+        working-directory: CedarJavaFFI
         run: cargo fmt --all --check
-      - name: configure
-        working-directory: ./CedarJava
-        shell: bash
-        run: bash config.sh run_int_tests
-      - name: cargo build
-        working-directory: ./CedarJavaFFI
-        run: RUSTFLAGS="-D warnings -F unsafe-code" cargo build --verbose
-      - name: cargo test
-        working-directory: ./CedarJavaFFI
-        run: RUSTFLAGS="-D warnings -F unsafe-code" cargo test --verbose
-      - name: Build and Test CedarJava
-        working-directory: ./CedarJava
-        shell: bash
-        run: export MUST_RUN_CEDAR_INTEGRATION_TESTS=1 && ./gradlew build
-      - name: JavaDoc Cedarjava
-        working-directory: ./CedarJava
-        shell: bash
+      - name: Install Zig
+        run: ${{ matrix.zigInstall }}
+      - name: Setup Java JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+          cache: 'gradle'
+      - name: Build FFI and Java Libraries
+        working-directory: CedarJava
+        run: ./gradlew build
+      - name: Generate Java Documentation
+        working-directory: CedarJava
         run: ./gradlew javadoc

.gitignore

@@ -0,0 +1,19 @@
+.gradle/
+.idea/
+/build
+/buildSrc/build/
+/gradle/
+/gradlew
+/gradlew.bat
+/wrapper/
+.DS_Store
+.jqwik-database
+*.iml
+.classpath
+.factorypath
+.project
+.settings/
+target/
+
+# Ignore changes to gradle.properties because we enter passwords here for releases
+/gradle.properties

CedarJava/README.md

@@ -4,44 +4,25 @@ This package provides the Java interface for the Cedar language. You can use the
 
 For more information about Cedar, please see: https://www.cedarpolicy.com/
 
-## Usage
-This package depends on [Cedar](https://www.cedarpolicy.com/), a library
-that needs to be compiled so that it can be run on the used platform.
-You need JDK 17 or later to run the code.
+## Prerequisites
 
-You need to ensure the `CEDAR_JAVA_FFI_LIB` variable is set correctly. Typically ./config.sh will set this for you.
+- [JDK 17](https://openjdk.org/projects/jdk/17/) or later
+- [Rust](https://rustup.rs/) with `rustup`
+- [Zig](https://ziglang.org/learn/getting-started/) for cross compiling with [cargo-zigbuild](https://github.com/rust-cross/cargo-zigbuild)
 
-### Building
-- Ensure Rust, Gradle and a JDK are installed.
-- then:
-```shell
-cd CedarJavaFFI
-cargo build
-cargo test
-cd ../CedarJava
-bash config.sh
-./gradlew build
-```
-This will run the tests as well (but not the integration tests).
+## Building
 
-If you want to run the integration tests, you'll also need:
-```shell
-export CEDAR_INTEGRATION_TESTS_ROOT=`path_to_cedar/cedar-integration-tests`
-```
+Run the [Gradle Wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper_basics.html)
+with the `build` task to compile both the Cedar Java Foreign Function Interface and the Cedar Java library.
 
-Otherwise you can do (done for you in `config.sh`):
 ```shell
-export CEDAR_INTEGRATION_TESTS_ROOT=`/tmp`
+./gradlew build
 ```
-And the tests won't be found (and hence won't be run).
-
 
 ## Debugging
 
 If you're encountering unexpected errors, a good first step in debugging can be to enable TRACE-level logging for
-`cedarpolicy`, which will then show the exact messages being passed to Cedar. You can do this for
-the unit tests by modifying the `test/resources/log4j2.xml` file; this file also gives an example for what to do in
-other Log4j2-based packages.
+`com.cedarpolicy`, which will then show the exact messages being passed to Cedar.
 
 Debugging calls across the JNI boundary is a bit tricky (as ever a bit more so on a Mac), but can be done by attaching
 both a Java and native debugger (such as GDB/LLDB) to the program.

CedarJava/build.gradle

@@ -5,7 +5,7 @@ buildscript {
     }
   }
   dependencies {
-    classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:5.0.14"
+    classpath "com.github.spotbugs.snom:spotbugs-gradle-plugin:6.0.8"
     classpath "gradle.plugin.com.github.sherter.google-java-format:google-java-format-gradle-plugin:0.9"
   }
 }
@@ -21,6 +21,12 @@ plugins {
     // JaCoCo for coverage metrics and reports of Java source files. Read more at:
     // https://docs.gradle.org/current/userguide/jacoco_plugin.html
     id 'jacoco'
+
+    // Maven Publish for publishing artifacts to an Apache Maven repository
+    id 'maven-publish'
+
+    // Download Task for integration tests
+    id 'de.undercouch.download' version '5.6.0'
 }
 
 /*
@@ -67,22 +73,194 @@ configurations {
 dependencies {
     // Do not upgrade to Jackson 3.x without addressing stack overflow issues in ValueCedarDeserializer
     // The upgrade should be reviewed by AppSec
-    implementation 'com.fasterxml.jackson.core:jackson-databind:2.16.1'
-    implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.16.1'
+    implementation 'com.fasterxml.jackson.core:jackson-databind:2.16.2'
+    implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.16.2'
     implementation 'org.slf4j:slf4j-api:2.0.12'
-    implementation 'com.google.guava:guava:33.0.0-jre'
+    implementation 'com.fizzed:jne:4.1.1'
+    implementation 'com.google.guava:guava:33.1.0-jre'
     compileOnly 'com.github.spotbugs:spotbugs-annotations:4.8.3'
     testImplementation 'org.slf4j:slf4j-simple:2.0.12'
+    testImplementation 'net.jqwik:jqwik:1.8.4'
     testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.2'
-    testImplementation 'net.jqwik:jqwik:1.8.3'
+    testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine:5.10.2'
 }
 
-test {
+def ffiDir = '../CedarJavaFFI'
+def compiledLibDir = 'resources/compiled'
+
+def rustLibraryTargets = [
+        'aarch64-apple-darwin' : 'libcedar_java_ffi.dylib',
+        'aarch64-unknown-linux-gnu' : 'libcedar_java_ffi.so',
+        'x86_64-apple-darwin' : 'libcedar_java_ffi.dylib',
+        'x86_64-pc-windows-gnu' : 'cedar_java_ffi.dll',
+        'x86_64-unknown-linux-gnu' : 'libcedar_java_ffi.so'
+]
+
+def rustJavaTargets = [
+        'aarch64-apple-darwin' : 'macos/aarch64',
+        'aarch64-unknown-linux-gnu' : 'linux/aarch64',
+        'x86_64-apple-darwin' : 'macos/x86_64',
+        'x86_64-pc-windows-gnu' : 'windows/x86_64',
+        'x86_64-unknown-linux-gnu' : 'linux/x86_64'
+]
+
+tasks.register('installCargoZigbuild', Exec) {
+    group 'Build'
+    description 'Installs Cargo Zigbuild for Rust compilation.'
+
+    commandLine 'cargo', 'install', 'cargo-zigbuild'
+}
+
+tasks.register('installRustTargets') {
+    dependsOn('installCargoZigbuild')
+    group 'Build'
+    description 'Installs Rust platform build targets.'
+
+    doLast {
+        rustLibraryTargets.keySet().forEach { rustTarget ->
+            exec {
+                commandLine 'rustup', 'target', 'add', rustTarget
+            }
+        }
+    }
+}
+
+tasks.register('compileFFI') {
+    dependsOn('installRustTargets')
+    group 'Build'
+    description 'Compiles Foreign Function Interface libraries.'
+
+    doLast {
+        rustLibraryTargets.forEach { rustTarget, libraryFile ->
+            exec {
+                workingDir = ffiDir
+                commandLine 'cargo', 'zigbuild', '--features', 'partial-eval', '--release', '--target', rustTarget
+            }
+
+            def sourcePath = "${ffiDir}/target/${rustTarget}/release/${libraryFile}"
+            def javaTargetPath = rustJavaTargets.get(rustTarget)
+
+            copy {
+                from(sourcePath)
+                into layout.buildDirectory.dir("${compiledLibDir}/jne/${javaTargetPath}")
+            }
+        }
+    }
+}
+
+tasks.register('testFFI') {
+    dependsOn('compileFFI')
+    group 'Build'
+    description 'Tests Foreign Function Interface libraries.'
+
+    doLast {
+        exec {
+            workingDir = ffiDir
+            commandLine 'cargo', 'test'
+        }
+    }
+}
+
+tasks.register('cleanFFI', Exec) {
+    group 'Build'
+    description 'Deletes the build directory for Foreign Function Interface libraries.'
+
+    workingDir ffiDir
+    commandLine 'cargo', 'clean'
+}
+
+tasks.register('uberJar', Jar) {
+    dependsOn('compileFFI')
+    group 'Build'
+    description 'Assembles a jar archive containing standard classes and native libraries.'
+
+    archiveClassifier = 'uber'
+    with jar
+
+    from(layout.buildDirectory.dir(compiledLibDir))
+}
+
+tasks.register('downloadIntegrationTests', Download) {
+    group 'Build'
+    description 'Downloads Cedar repository with integration tests.'
+
+    src 'https://codeload.github.com/cedar-policy/cedar/zip/main'
+    dest layout.buildDirectory.file('cedar-main.zip')
+    overwrite false
+}
+
+tasks.register('extractIntegrationTests', Copy) {
+    group 'Build'
+    description 'Extracts Cedar integration tests.'
+
+    dependsOn('downloadIntegrationTests')
+    from zipTree(layout.buildDirectory.file('cedar-main.zip'))
+    into layout.buildDirectory.dir('resources/test')
+}
+
+tasks.named('test') {
     useJUnitPlatform()
+    dependsOn('compileFFI')
+    dependsOn('extractIntegrationTests')
+    classpath += files(layout.buildDirectory.dir(compiledLibDir))
+}
+
+test {
     //environment "CEDAR_INTEGRATION_TESTS_ROOT", ''set to absolute path of `cedar-integration-tests`'
-    //environment 'CEDAR_JAVA_FFI_LIB', 'set to absolute path of cedar_java_ffi native library (including file extension)'
     testLogging {
+        events "skipped", "failed", "standardOut", "standardError"
         showStandardStreams false
         exceptionFormat 'full'
     }
 }
+
+tasks.named('build') {
+    dependsOn('uberJar')
+}
+
+/*
+ Configures Maven publishing
+ */
+publishing {
+    publications {
+        maven(MavenPublication) {
+            groupId = 'com.cedarpolicy'
+            artifactId = 'cedar-java'
+            version = '3.1.0-SNAPSHOT'
+
+            from components.java
+
+            artifacts {
+                jar
+                artifact tasks.named('uberJar')
+            }
+
+            pom {
+                name = 'cedar-java'
+                description = 'Java bindings for Cedar policy language.'
+                url = 'http://www.cedarpolicy.com'
+
+                licenses {
+                    license {
+                        name = 'The Apache License, Version 2.0'
+                        url = 'http://www.apache.org/licenses/LICENSE-2.0.txt'
+                    }
+                }
+
+                developers {
+                    developer {
+                        id = 'cedar'
+                        name = 'Cedar Team'
+                        email = 'cedar-sonatype-team@amazon.com'
+                    }
+                }
+
+                scm {
+                    connection = 'scm:git:https://github.com/cedar-policy/cedar-java.git'
+                    developerConnection = 'scm:git:https://github.com/cedar-policy/cedar-java.git'
+                    url = 'https://github.com/cedar-policy/cedar-java'
+                }
+            }
+        }
+    }
+}