.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[src/test*/java/**.java]
+indent_size = 4
+ij_continuation_indent_size = 2

.github/workflows/ci.yml

@@ -23,8 +23,6 @@ jobs:
     uses: openrewrite/gh-automation/.github/workflows/ci-gradle.yml@main
     secrets:
       gradle_enterprise_access_key: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }}
-      gradle_enterprise_cache_username: ${{ secrets.GRADLE_ENTERPRISE_CACHE_USERNAME }}
-      gradle_enterprise_cache_password: ${{ secrets.GRADLE_ENTERPRISE_CACHE_PASSWORD }}
       ossrh_username: ${{ secrets.OSSRH_USERNAME }}
       ossrh_token: ${{ secrets.OSSRH_TOKEN }}
       ossrh_signing_key: ${{ secrets.OSSRH_SIGNING_KEY }}

.github/workflows/comment-pr.yml

@@ -0,0 +1,15 @@
+name: comment-pr
+
+# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#using-data-from-the-triggering-workflow
+on:
+  workflow_run:
+    workflows: ["receive-pr"]
+    types:
+      - completed
+
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request has write permissions on the target repo, we should **NOT** execute any untrusted code.
+jobs:
+  post-suggestions:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    uses: openrewrite/gh-automation/.github/workflows/comment-pr.yml@main

.github/workflows/migrations.yml

@@ -4,24 +4,23 @@ name: Update the Old GroupId migrations CSV
 on:
   workflow_dispatch: {}
   schedule:
-    - cron: 0 11 * * WED
+    - cron: 0 10 * * MON
 
 jobs:
   update-migrations:
+    if: github.event_name != 'schedule' || github.repository_owner == 'openrewrite'
     runs-on: ubuntu-latest
     steps:
       # Checkout and build parser
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - uses: actions/setup-java@v4
         with:
           cache: 'gradle'
           distribution: 'temurin'
           java-version: '17'
-      - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2
-      - name: Run build with Gradle Wrapper
-        run: ./gradlew build deps
 
       # Update migrations
       - name: Checkout oga-maven-plugin
@@ -30,24 +29,16 @@ jobs:
           repository: jonathanlermitage/oga-maven-plugin
           path: oga-maven-plugin
       - name: Update migrations
-        run: java -classpath "build/deps/*:build/libs/*" org.openrewrite.java.dependencies.oldgroupids.ParseDefinitionMigrations oga-maven-plugin src/main/resources/migrations.csv
+        run: ./gradlew parseDefinitionMigrations --args="./oga-maven-plugin src/main/resources/migrations.csv"
 
-      # Create pull request
-      - name: Timestamp
+      # Commit and push
+      - name: configure-git-user
+        run: |
+          git config user.email "team@moderne.io"
+          git config user.name "team-moderne[bot]"
+      - name: Create timestamp
         run: echo "NOW=$(date +'%Y-%m-%dT%H%M')" >> $GITHUB_ENV
-      - name: Create Pull Request
-        id: cpr
-        uses: peter-evans/create-pull-request@v5
-        with:
-          base: main
-          branch: migrations/${{ env.NOW }}
-          title: "[Auto] Old GroupId migrations as of ${{ env.NOW }}"
-          body: |
-            [Auto] Old GroupId migrations as of ${{ env.NOW }}.
-          commit-message: "[Auto] Old GroupId migrations as of ${{ env.NOW }}"
-          labels: enhancement
-      - name: Check outputs
-        if: ${{ steps.cpr.outputs.pull-request-number }}
+      - name: Commit and push
         run: |
-          echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
-          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
+          git add src/main/resources/migrations.csv
+          git diff --quiet HEAD || (git commit -m "[Auto] Old GroupId migrations as of ${{ env.NOW }}" && git push origin main)

.github/workflows/receive-pr.yml

@@ -0,0 +1,17 @@
+name: receive-pr
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+    branches:
+      - main
+
+concurrency:
+  group: '${{ github.workflow }} @ ${{ github.ref }}'
+  cancel-in-progress: true
+
+# https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
+# Since this pull request receives untrusted code, we should **NOT** have any secrets in the environment.
+jobs:
+  upload-patch:
+    uses: openrewrite/gh-automation/.github/workflows/receive-pr.yml@main

LICENSE

@@ -1,4 +1,4 @@
-Apache License
+                                 Apache License
                            Version 2.0, January 2004
                         http://www.apache.org/licenses/
 
@@ -178,15 +178,15 @@ Apache License
    APPENDIX: How to apply the Apache License to your work.
 
       To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "{}"
+      boilerplate notice, with the fields enclosed by brackets "[]"
       replaced with your own identifying information. (Don't include
       the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file formatPrefix. We also recommend that a
+      comment syntax for the file format. We also recommend that a
       file or class name and description of purpose be included on the
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright {yyyy} {name of copyright owner}
+   Copyright [yyyy] [name of copyright owner]
 
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.

README.md

@@ -1,10 +1,26 @@
-![Logo](https://github.com/openrewrite/rewrite/raw/main/doc/logo-oss.png)
-### Manage Java dependencies. Automatically.
+<p align="center">
+  <a href="https://docs.openrewrite.org">
+    <picture>
+      <source media="(prefers-color-scheme: dark)" srcset="https://github.com/openrewrite/rewrite/raw/main/doc/logo-oss-dark.svg">
+      <source media="(prefers-color-scheme: light)" srcset="https://github.com/openrewrite/rewrite/raw/main/doc/logo-oss-light.svg">
+      <img alt="OpenRewrite Logo" src="https://github.com/openrewrite/rewrite/raw/main/doc/logo-oss-light.svg" width='600px'>
+    </picture>
+  </a>
+</p>
 
+<div align="center">
+  <h1>rewrite-java-dependencies</h1>
+</div>
+
+<div align="center">
+
+<!-- Keep the gap above this line, otherwise they won't render correctly! -->
 [![ci](https://github.com/openrewrite/rewrite-java-dependencies/actions/workflows/ci.yml/badge.svg)](https://github.com/openrewrite/rewrite-java-dependencies/actions/workflows/ci.yml)
 [![Apache 2.0](https://img.shields.io/github/license/openrewrite/rewrite-java-dependencies.svg)](https://www.apache.org/licenses/LICENSE-2.0)
 [![Maven Central](https://img.shields.io/maven-central/v/org.openrewrite.recipe/rewrite-java-dependencies.svg)](https://mvnrepository.com/artifact/org.openrewrite.recipe/rewrite-java-dependencies)
 [![Revved up by Develocity](https://img.shields.io/badge/Revved%20up%20by-Develocity-06A0CE?logo=Gradle&labelColor=02303A)](https://ge.openrewrite.org/scans)
+[![Contributing Guide](https://img.shields.io/badge/Contributing-Guide-informational)](https://github.com/openrewrite/.github/blob/main/CONTRIBUTING.md)
+</div>
 
 ### What is this?
 

build.gradle.kts

@@ -5,54 +5,33 @@ plugins {
 group = "org.openrewrite.recipe"
 description = "A rewrite module automating Java dependency management."
 
-repositories {
-    maven {
-        url = uri("https://repo.gradle.org/gradle/libs-releases/")
-        content {
-            excludeVersionByRegex(".+", ".+", ".+-rc-?[0-9]*")
-        }
-    }
-    // Needed to pick up snapshot versions of rewrite
-    maven {
-        url = uri("https://oss.sonatype.org/content/repositories/snapshots/")
-    }
-}
-
 val rewriteVersion = rewriteRecipe.rewriteVersion.get()
 dependencies {
     implementation(platform("org.openrewrite:rewrite-bom:$rewriteVersion"))
     implementation("org.openrewrite:rewrite-maven")
-    // temporarily use SNAPSHOT version to release, to be changed back
     implementation("org.openrewrite:rewrite-gradle")
     implementation("org.openrewrite:rewrite-groovy")
-    runtimeOnly("org.openrewrite:rewrite-java-8")
-    runtimeOnly("org.openrewrite:rewrite-java-11")
-    runtimeOnly("org.openrewrite:rewrite-java-17")
 
-    testRuntimeOnly("org.openrewrite:rewrite-java-8")
-    testRuntimeOnly("org.openrewrite:rewrite-java-11")
-    testRuntimeOnly("org.openrewrite:rewrite-java-17")
-    testRuntimeOnly("org.projectlombok:lombok:latest.release")
-
-    implementation("org.openrewrite.gradle.tooling:model:${rewriteVersion}")
-
-    implementation("com.google.guava:guava:latest.release")
+    runtimeOnly("org.openrewrite:rewrite-java-17")
 
     implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-csv")
+    implementation("com.fasterxml.jackson.dataformat:jackson-dataformat-xml")
     implementation("com.fasterxml.jackson.datatype:jackson-datatype-jsr310")
 
-    testRuntimeOnly("org.gradle:gradle-tooling-api:latest.release")
-    compileOnly("org.projectlombok:lombok:latest.release")
-    annotationProcessor("org.projectlombok:lombok:latest.release")
+    testImplementation("org.openrewrite:rewrite-test")
+    testImplementation("org.openrewrite.gradle.tooling:model:${rewriteVersion}")
+    testImplementation(gradleApi())
+    testRuntimeOnly("com.google.guava:guava:latest.release")
     testRuntimeOnly("ch.qos.logback:logback-classic:1.2.+")
-
-    testImplementation("org.assertj:assertj-core:3.24.+")
 }
 
 tasks {
-    val deps by registering(Copy::class) {
-        from(configurations.runtimeClasspath)
-        into("build/deps")
+    // ./gradlew parseDefinitionMigrations --args="./oga-maven-plugin src/main/resources/migrations.csv"
+    val parseDefinitionMigrations by registering(JavaExec::class) {
+        group = "generate"
+        description = "Parse oga-maven-plugin and generate a CSV file."
+        mainClass = "org.openrewrite.java.dependencies.oldgroupids.ParseDefinitionMigrations"
+        classpath = sourceSets.getByName("main").runtimeClasspath
     }
 }
 

gradle/wrapper/gradle-wrapper.properties

@@ -1,7 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
 networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionSha256Sum=9d926787066a081739e8200858338b4a69e837c3a821a33aca9db09dd4a41026
+distributionSha256Sum=20f1b1176237254a6fc204d8434196fa11a4cfb387567519c61556e8710aed78

gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
@@ -203,7 +205,7 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.

gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 

lombok.config

@@ -1,6 +1,3 @@
 # https://projectlombok.org/features/configuration
 config.stopBubbling = true
-lombok.addNullAnnotations = CUSTOM:org.openrewrite.internal.lang.NonNull:org.openrewrite.internal.lang.Nullable
-lombok.copyableAnnotations += org.openrewrite.internal.lang.Nullable
-lombok.copyableAnnotations += org.openrewrite.internal.lang.NonNull
 lombok.anyConstructor.addConstructorProperties=true