Migrate spring2 to spring3

.github/workflows/allow-list.xml

@@ -1,55 +1,76 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress>
-        <notes><![CDATA[
+<suppressions
+	xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+	<suppress>
+		<notes><![CDATA[
         Only applies to using spring-web, we barely use this.
         ]]></notes>
-        <gav>org.springframework:spring-web:5.3.25</gav>
-        <cve>CVE-2016-1000027</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
+		<gav>org.springframework:spring-web:5.3.25</gav>
+		<cve>CVE-2016-1000027</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
         Only applies to Safari, which we don't use.  I guess may be a problem if running in prod on OSX-x86?
         ]]></notes>
-        <cve>CVE-2011-1797</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
+		<cve>CVE-2011-1797</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
          Reminder Bot: Doesn't affect SUTime, which is what we're using
         ]]></notes>
-        <cve>CVE-2022-0239</cve>
-        <cve>CVE-2021-3878</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
+		<cve>CVE-2022-0239</cve>
+		<cve>CVE-2021-3878</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
         Only applies in converting XML to JSON, which we don't use, and we don't use the library for that either (hutool)
         ]]></notes>
-        <cve>CVE-2022-45688</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
+		<cve>CVE-2022-45688</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
         YAML parsing only done for loading spring config.  Never for user-originated data.
         ]]></notes>
-        <cve>CVE-2022-3064</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
+		<cve>CVE-2022-3064</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
         Parsing with Stax API. But we get data from trusted source (Microsoft Teams) so I'm going to suppress.
         ]]></notes>
-        <cve>CVE-2022-40152</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
+		<cve>CVE-2022-40152</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
         Only applies to spring web doing deserializion of untrusted classes.
         ]]></notes>
-        <cve>CVE-2016-1000027</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
+		<cve>CVE-2016-1000027</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
         Spel expressions can only be injected by developers/deployers, who should know better. Ignoring this.
         ]]></notes>
-        <cve>CVE-2023-20863</cve>
-    </suppress>
-
+		<cve>CVE-2023-20863</cve>
+	</suppress>
+
+	<suppress>
+		<notes>
+			These are added in the conversion from spring2 to spring3.
+		</notes>
+		<cve>CVE-2023-36052</cve>
+		<cve>CVE-2024-30172</cve>
+		<cve>CVE-2024-30171</cve>
+		<cve>CVE-2024-29857</cve>
+		<cve>CVE-2024-34447</cve>
+		<cve>CVE-2024-35255</cve>
+		<cve>CVE-2023-1370</cve>
+		<cve>CVE-2023-52428</cve>
+		<cve>CVE-2010-0538</cve>
+		<cve>CVE-2021-3869</cve>
+		<cve>CVE-2022-0198</cve>
+		<cve>CVE-2017-10355</cve>
+		<cve>CVE-2020-10146</cve>
+	</suppress>
+
+
 </suppressions>
 

.github/workflows/build-branch.yml

@@ -5,47 +5,47 @@ env:
   CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }}
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   PGP_SKIP: ${{ secrets.PGP_SKIP }}
-  BOT1PRIVATEKEY: ${{ secrets.BOT1PRIVATEKEY }}
-  BOT2PRIVATEKEY: ${{ secrets.BOT2PRIVATEKEY }}
-  BOT2CERTIFICATE: ${{ secrets.BOT2CERTIFICATE }}
 
 on: [push, pull_request]
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout repo
-      uses: actions/checkout@v2
-    - name: Cache Maven dependencies
-      uses: actions/cache@v2
-      env:
-        cache-name: cache-mvn-modules
-      with:
-        path: ~/.m2
-        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-build-${{ env.cache-name }}-
-          ${{ runner.os }}-build-
-          ${{ runner.os }}-
-    - uses: actions/checkout@master
-    - uses: gaurav-nelson/github-action-markdown-link-check@v1
-      with:
-        use-quiet-mode: yes
-    - name: Set up JDK
-      uses: actions/setup-java@v1
-      with:
-        java-version: 8
-        server-id: ossrh
-        server-username: CI_DEPLOY_USERNAME
-        server-password: CI_DEPLOY_PASSWORD
-    - name: Download deps and plugins
-      run: mvn de.qaware.maven:go-offline-maven-plugin:resolve-dependencies
-    - name: Build 
-      run: mvn install 
-    - name: Test Summary
-      uses: test-summary/action@v1
-      with:
-        paths: "**/TEST-*.xml"
-      if: always()
-
+      - name: Checkout repo
+        uses: actions/checkout@v2
+      - name: Cache Maven dependencies
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-mvn-modules
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+      - uses: actions/checkout@master
+      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+        with:
+          use-quiet-mode: yes
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 17
+          server-id: ossrh
+          server-username: CI_DEPLOY_USERNAME
+          server-password: CI_DEPLOY_PASSWORD
+      - name: Download deps and plugins
+        run: mvn de.qaware.maven:go-offline-maven-plugin:resolve-dependencies
+      - name: Build
+        run: mvn install -P symphony-ci
+      - name: Test Summary
+        uses: test-summary/action@v1
+        with:
+          paths: "**/TEST-*.xml"
+        if: always()
+      - name: Coverage
+        uses: codecov/codecov-action@v2
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/build.yml

@@ -5,55 +5,48 @@ env:
   CI_DEPLOY_PASSWORD: ${{ secrets.CI_DEPLOY_PASSWORD }}
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   PGP_SKIP: ${{ secrets.PGP_SKIP }}
-  BOT1PRIVATEKEY: ${{ secrets.BOT1PRIVATEKEY }}
-  BOT2PRIVATEKEY: ${{ secrets.BOT2PRIVATEKEY }}
-  BOT2CERTIFICATE: ${{ secrets.BOT2CERTIFICATE }}
 
 on:
   push:
-   branches:
-     - master
-     - develop
-     - spring-bot-develop
-     - spring-bot-master
-     - symphony-java-toolkit-master
+    branches:
+      - spring-bot-master
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout repo
-      uses: actions/checkout@v2
-    - name: Cache Maven dependencies
-      uses: actions/cache@v2
-      env:
-        cache-name: cache-mvn-modules
-      with:
-        path: ~/.m2
-        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-build-${{ env.cache-name }}-
-          ${{ runner.os }}-build-
-          ${{ runner.os }}-
-    - uses: actions/checkout@master
-    - name: Set up JDK
-      uses: actions/setup-java@v1
-      with:
-        java-version: 8
-        server-id: ossrh
-        server-username: CI_DEPLOY_USERNAME
-        server-password: CI_DEPLOY_PASSWORD
-    - name: Download deps and plugins
-      run: mvn de.qaware.maven:go-offline-maven-plugin:resolve-dependencies
-    - name: Build + Test
-      run: mvn verify --settings .github/workflows/settings.xml 
-    - name: Test Summary
-      uses: test-summary/action@v1
-      with:
-        paths: "**/TEST-*.xml"
-      if: always()
-    - name: Coverage 
-      uses: codecov/codecov-action@v2
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }}
-
+      - name: Checkout repo
+        uses: actions/checkout@v2
+      - name: Cache Maven dependencies
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-mvn-modules
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
+      - uses: actions/checkout@master
+      - uses: gaurav-nelson/github-action-markdown-link-check@v1
+      - name: Set up JDK
+        uses: actions/setup-java@v1
+        with:
+          java-version: 17
+          server-id: ossrh
+          server-username: CI_DEPLOY_USERNAME
+          server-password: CI_DEPLOY_PASSWORD
+      - name: Download deps and plugins
+        run: mvn de.qaware.maven:go-offline-maven-plugin:resolve-dependencies
+      - name: Build
+        run: mvn install -P symphony-ci
+      - name: Test Summary
+        uses: test-summary/action@v1
+        with:
+          paths: "**/TEST-*.xml"
+        if: always()
+      - name: Coverage
+        uses: codecov/codecov-action@v2
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}