Upgrade from Java 17 to Java 25 with all dependencies#26
Open
rjthg wants to merge 2 commits into
Open
Conversation
Upgrade Gradle 7.4.2 to 9.3.1, Shadow plugin to com.gradleup.shadow 9.3.1, AWS SDK to 2.41.34, JUnit to 5.14.2, Mockito to 5.21.0, SLF4J to 2.0.17, and Docker base image to eclipse-temurin:25-jre. Refactor S3Cleaner to accept bucketName via constructor instead of reading System.getenv() at runtime, removing the reflection-based env var hack in tests that Java 25 module encapsulation blocks.
|
New Issues (2)Checkmarx found the following issues in this Pull Request
Fixed Issues (2)Great job! The following issues were fixed in this Pull Request
Communicate with Checkmarx by submitting a PR comment with @Checkmarx followed by one of the supported commands. Learn about the supported commands here. |
Contributor
There was a problem hiding this comment.
Pull request overview
Upgrades the project’s Java/Gradle toolchain and dependency set to support Java 25, and adjusts the S3 cleanup implementation/tests to avoid Java 25’s stronger encapsulation restrictions around reflection.
Changes:
- Upgrade Gradle wrapper/scripts to Gradle 9.3.1 and update CI to build with JDK 25.
- Update application build to Java toolchain 25 and bump key dependencies (AWS SDK, JUnit, Mockito, SLF4J).
- Refactor
S3Cleanerto takebucketNamevia constructor and update tests accordingly (removing env-var reflection hacks).
Reviewed changes
Copilot reviewed 10 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
gradlew.bat |
Updates Windows Gradle wrapper script for the new Gradle version. |
gradlew |
Updates Unix Gradle wrapper script for the new Gradle version. |
gradle/wrapper/gradle-wrapper.properties |
Points wrapper to Gradle 9.3.1 distribution and adds wrapper download hardening settings. |
gradle/wrapper/gradle-wrapper.jar |
Updates wrapper JAR to match the new Gradle version. |
app/src/test/java/com/procure/thg/cockroachdb/S3CleanerTest.java |
Removes reflection-based env var mutation; passes bucket name via constructor. |
app/src/test/java/com/procure/thg/cockroachdb/AppTest.java |
Updates S3Cleaner construction to include bucket name. |
app/src/main/java/com/procure/thg/cockroachdb/S3Cleaner.java |
Refactors cleaner to use constructor-injected bucketName instead of System.getenv() at runtime. |
app/src/main/java/com/procure/thg/cockroachdb/App.java |
Updates runtime wiring to pass BUCKET_NAME into S3Cleaner. |
app/build.gradle |
Updates Shadow plugin, dependencies, and Java toolchain to 25. |
app/Dockerfile |
Updates base image to Temurin 25 JRE. |
.github/workflows/build.yml |
Updates CI to run on JDK 25. |
Comments suppressed due to low confidence (1)
app/src/main/java/com/procure/thg/cockroachdb/S3Cleaner.java:33
bucketNameis accepted without validation, but it’s used to build S3 requests (.bucket(bucketName)). IfbucketNameis null/blank this will fail at runtime (likely NPE or request validation error). Consider validating in the constructor (e.g., require non-null/non-blank) and throwing anIllegalArgumentExceptionwith a clear message to enforce the invariant for all call sites.
public S3Cleaner(final S3Client s3Client, final String bucketName, final long thresholdSeconds, final String folder) {
this.s3Client = s3Client;
this.bucketName = bucketName;
this.thresholdSeconds = thresholdSeconds;
this.folder = folder != null && !folder.isEmpty() ?
folder.endsWith("/") ? folder : folder + "/"
: null;
}
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
volpiny
previously approved these changes
Feb 27, 2026
- Remove unused `bucket` parameter from `S3Cleaner.deleteObject()`; method is private and always operates on `this.bucketName` - Add `getBucketName()` validation in `App` (fails fast with clear error if BUCKET_NAME unset), consistent with `getThresholdSeconds()` and `getEndpointUri()`; applied to both cleaner and copier paths Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
com.gradleup.shadow9.3.1S3Cleanerto acceptbucketNamevia constructor instead of readingSystem.getenv()at runtime, removing the reflection-based env var hack in tests that Java 25 module encapsulation blocksChanges
com.github.johnrengelman.shadow7.1.2com.gradleup.shadow9.3.1eclipse-temurin:17.0.17_10-jreeclipse-temurin:25-jreTest plan
./gradlew buildpasses locally with all 20 tests green