Merge pull request #118 from snowplow/feature/oversize_fields

Event parser should fail on oversized fields (close #115)
Fix scoverage failures in github actions (close #119)
Update github workflows fix snyk vulnerability scanning (close #120)

.github/workflows/snyk_test.yml

@@ -0,0 +1,18 @@
+name: Snyk
+
+on: push
+
+
+jobs:
+  check-vulnerabilities:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Snyk monitor - Check for vulnerabilities
+      uses: snyk/actions/scala@master
+      with:
+        command: test
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.github/workflows/test_and_deploy.yml

@@ -27,31 +27,18 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         run: sbt makeSite
 
-      - name: Publish to Bintray and Maven central
+      - name: Publish to Maven central
         if: startsWith(github.ref, 'refs/tags/')
         env:
-          BINTRAY_USER: ${{ secrets.BINTRAY_SNOWPLOW_MAVEN_USER }}
-          BINTRAY_PASS: ${{ secrets.BINTRAY_SNOWPLOW_MAVEN_API_KEY }}
-          SONA_USER: snowplow
-          SONA_PASS: ${{ secrets.SONA_PASS }}
-        run: |
-          project_version=$(sbt version -Dsbt.log.noformat=true | perl -ne 'print "$1\n" if /info.*(\d+\.\d+\.\d+[^\r\n]*)/' | tail -n 1 | tr -d '\n')
-          if [[ "${{ github.ref }}" = "refs/tags/${project_version}" ]]
-          then
-            echo Publishing to Bintray and Maven Central
-            sbt +publish
-            sbt +bintraySyncMavenCentral
-          else
-            echo "${{ github.ref }} does not match project version $project_version => not publishing"
-            exit 1
-          fi
+          PGP_PASSPHRASE: ${{ secrets.SONA_PGP_PASSPHRASE }}
+          PGP_SECRET: ${{ secrets.SONA_PGP_SECRET }}
+          SONATYPE_USERNAME: ${{ secrets.SONA_USER }}
+          SONATYPE_PASSWORD: ${{ secrets.SONA_PASS }}
+        run: sbt +publish
 
       - name: Publish website
         if: startsWith(github.ref, 'refs/tags/')
         run: |
-          project_version=$(sbt version -Dsbt.log.noformat=true | perl -ne 'print "$1\n" if /info.*(\d+\.\d+\.\d+[^\r\n]*)/' | tail -n 1 | tr -d '\n')
-          if [[ "${{ github.ref }}" = "refs/tags/${project_version}" ]]
-          then
             echo Publishing Scaladoc
             git fetch
             git checkout gh-pages
@@ -60,8 +47,4 @@ jobs:
             git config user.email "<>"
             git add index.html $project_version
             git commit -m "Added Scaladoc for $project_version"
-            git push origin gh-pages
-          else
-            echo "${{ github.ref }} does not match project version $project_version => not publishing"
-            exit 1
-          fi
+            git push origin gh-pages

.snyk

@@ -0,0 +1,5 @@
+ignore:
+  'SNYK-JAVA-ORGTYPELEVEL-2331743':
+    - '*':
+        reason: No fix available
+        expires: 2022-10-01T17:33:45.004Z

CHANGELOG

@@ -1,3 +1,9 @@
+Version 3.0.0 (2022-02-09)
+--------------------------
+Event parser should fail on oversized fields (close #115)
+Fix scoverage failures in github actions (close #119)
+Update github workflows fix snyk vulnerability scanning (close #120)
+
 Version 2.1.0 (2020-11-09)
 --------------------------
 Update README to point to docs (close #110)

build.sbt

@@ -11,26 +11,31 @@
  * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
  */
 
-lazy val root = project.in(file("."))
-  .settings(Seq[Setting[_]](
-    name               := "snowplow-scala-analytics-sdk",
-    organization       := "com.snowplowanalytics",
-    version            := "2.1.0",
-    description        := "Scala analytics SDK for Snowplow",
-    scalaVersion       := "2.13.2",
-    crossScalaVersions := Seq("2.12.11", "2.13.2")
-  ))
+lazy val root = project
+  .in(file("."))
+  .settings(
+    Seq[Setting[_]](
+      name := "snowplow-scala-analytics-sdk",
+      organization := "com.snowplowanalytics",
+      description := "Scala analytics SDK for Snowplow",
+      scalaVersion := "2.13.3",
+      crossScalaVersions := Seq("2.12.11", "2.13.3")
+    )
+  )
   .enablePlugins(SiteScaladocPlugin)
   .enablePlugins(PreprocessPlugin)
+  .settings(BuildSettings.dynVerSettings)
   .settings(BuildSettings.buildSettings)
   .settings(BuildSettings.publishSettings)
   .settings(BuildSettings.mimaSettings)
   .settings(BuildSettings.scoverageSettings)
   .settings(BuildSettings.sbtSiteSettings)
   .settings(BuildSettings.formattingSettings)
-  .settings(Seq(
-    shellPrompt := { _ => name.value + " > " }
-  ))
+  .settings(
+    Seq(
+      shellPrompt := { _ => name.value + " > " }
+    )
+  )
   .settings(
     libraryDependencies ++= Seq(
       // Scala

project/BuildSettings.scala

@@ -15,20 +15,18 @@
 import sbt._
 import Keys._
 
-// Bintray plugin
-import bintray.BintrayPlugin._
-import bintray.BintrayKeys._
 
 // Mima plugin
 import com.typesafe.tools.mima.plugin.MimaKeys._
-import com.typesafe.tools.mima.plugin.MimaPlugin
 
 // Scoverage plugin
 import scoverage.ScoverageKeys._
 
+
+import sbtdynver.DynVerPlugin.autoImport._
+
 import com.typesafe.sbt.site.SitePlugin.autoImport._
 import com.typesafe.sbt.site.SiteScaladocPlugin.autoImport._
-import com.typesafe.sbt.SbtGit.GitKeys.{gitBranch, gitRemoteRepo}
 import com.typesafe.sbt.site.preprocess.PreprocessPlugin.autoImport._
 
 import org.scalafmt.sbt.ScalafmtPlugin.autoImport._
@@ -48,49 +46,47 @@ object BuildSettings {
     )
   )
 
-  // Bintray publishing settings
-  lazy val bintrayPublishSettings = bintraySettings ++ Seq[Setting[_]](
-    licenses += ("Apache-2.0", url("http://www.apache.org/licenses/LICENSE-2.0.html")),
-    bintrayOrganization := Some("snowplow"),
-    bintrayRepository := "snowplow-maven"
+  lazy val dynVerSettings = Seq(
+    ThisBuild / dynverVTagPrefix := false, // Otherwise git tags required to have v-prefix
+    ThisBuild / dynverSeparator := "-" // to be compatible with docker
   )
 
-  // Maven Central publishing settings
-  lazy val mavenCentralExtras = Seq[Setting[_]](
+  lazy val publishSettings = Seq[Setting[_]](
+    publishArtifact := true,
+    Test / publishArtifact := false,
+    licenses += ("Apache-2.0", url("http://www.apache.org/licenses/LICENSE-2.0.html")),
     pomIncludeRepository := { _ => false },
     homepage := Some(url("http://snowplowanalytics.com")),
-    scmInfo := Some(ScmInfo(url("https://github.com/snowplow/scala-scala-analytics-sdk"),
-      "scm:git@github.com:snowplow/snowplow-scala-analytics-sdk.git")),
-    pomExtra := (
-      <developers>
-        <developer>
-          <name>Snowplow Analytics Ltd</name>
-          <email>support@snowplowanalytics.com</email>
-          <organization>Snowplow Analytics Ltd</organization>
-          <organizationUrl>http://snowplowanalytics.com</organizationUrl>
-        </developer>
-      </developers>)
+    developers := List(
+      Developer(
+        "Snowplow Analytics Ltd",
+        "Snowplow Analytics Ltd",
+        "support@snowplowanalytics.com",
+        url("https://snowplowanalytics.com")
+      )
+    )
   )
 
-  lazy val publishSettings = bintrayPublishSettings ++ mavenCentralExtras
-
   // If new version introduces breaking changes,
   // clear-out mimaBinaryIssueFilters and mimaPreviousVersions.
   // Otherwise, add previous version to set without
   // removing other versions.
   val mimaPreviousVersions = Set()
 
-  val mimaSettings = MimaPlugin.mimaDefaultSettings ++ Seq(
+  val mimaSettings = Seq(
     mimaPreviousArtifacts := mimaPreviousVersions.map { organization.value %% name.value % _ },
+    ThisBuild / mimaFailOnNoPrevious := false,
     mimaBinaryIssueFilters ++= Seq(),
-    test in Test := {
+    Test / test := {
       mimaReportBinaryIssues.value
-      (test in Test).value
+      (Test / test).value
     }
   )
 
   val scoverageSettings = Seq(
     coverageMinimum := 50,
+    // Excluded because of shapeless, which would generate 1000x500KB statements driving coverage OOM
+    coverageExcludedFiles := """.*\/Event.*;""",
     coverageFailOnMinimum := true,
     coverageHighlighting := false,
     (test in Test) := {
@@ -105,6 +101,6 @@ object BuildSettings {
 
   lazy val formattingSettings = Seq(
     scalafmtConfig    := file(".scalafmt.conf"),
-    scalafmtOnCompile := false
+    scalafmtOnCompile := true
   )
 }

project/Dependencies.scala

@@ -17,7 +17,7 @@ object Dependencies {
   object V {
     val igluCore       = "1.0.0"
     val cats           = "2.1.1"
-    val circe          = "0.13.0"
+    val circe          = "0.14.1"
     // Scala (test only)
     val specs2         = "4.8.0"
     val scalaCheck     = "1.15.0"

project/build.properties

@@ -1 +1 @@
-sbt.version=1.3.10
+sbt.version=1.4.1

project/plugins.sbt

@@ -1,8 +1,10 @@
-addSbtPlugin("org.foundweekends" % "sbt-bintray" % "0.5.3")
 addSbtPlugin("com.typesafe" % "sbt-mima-plugin" % "0.5.0")
-addSbtPlugin("org.scoverage" % "sbt-scoverage" % "1.6.1")
+addSbtPlugin("org.scoverage" % "sbt-scoverage" % "1.9.3")
 addSbtPlugin("com.typesafe.sbt" % "sbt-site" % "1.4.0")
 addSbtPlugin("com.typesafe.sbt" % "sbt-git" % "1.0.0")
 addSbtPlugin("pl.project13.scala" % "sbt-jmh" % "0.4.0")
-addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.9.2")
-addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.4.0")
+addSbtPlugin("com.geirsson" % "sbt-ci-release" % "1.5.7")
+addSbtPlugin("com.typesafe" % "sbt-mima-plugin" % "0.9.2")
+addSbtPlugin("org.scalameta" % "sbt-scalafmt" % "2.4.3")
+addSbtPlugin("com.dwijnand" % "sbt-dynver" % "4.1.1")
+addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.10.0-RC1")

src/main/scala/com.snowplowanalytics.snowplow.analytics.scalasdk/Event.scala

@@ -242,12 +242,16 @@ case class Event(
 
 object Event {
 
+  object unsafe {
+    implicit def unsafeEventDecoder: Decoder[Event] = deriveDecoder[Event]
+  }
+
   /**
    * Automatically derived Circe encoder
    */
   implicit val jsonEncoder: Encoder.AsObject[Event] = deriveEncoder[Event]
 
-  implicit def eventDecoder: Decoder[Event] = deriveDecoder[Event]
+  implicit def eventDecoder: Decoder[Event] = unsafe.unsafeEventDecoder.ensure(validate.validator)
 
   /**
    * Derived TSV parser for the Event class

src/main/scala/com.snowplowanalytics.snowplow.analytics.scalasdk/ParsingError.scala

@@ -78,7 +78,7 @@ object ParsingError {
         case InvalidValue(key, value, message) =>
           Json.obj(
             "type" := "InvalidValue",
-            "key" := key,
+            "key" := key.name,
             "value" := value,
             "message" := message
           )

src/main/scala/com.snowplowanalytics.snowplow.analytics.scalasdk/decode/RowDecoder.scala

@@ -19,7 +19,7 @@ import cats.syntax.apply._
 import com.snowplowanalytics.snowplow.analytics.scalasdk.ParsingError.RowDecodingErrorInfo.UnhandledRowDecodingError
 
 /**
- * Type class to decode List of keys-value pairs into HList
+ * Type class to decode List of keys-value into HList
  * Keys derived from original class of HList,
  * Values are actual TSV columns
  */