Fix DevCenter validation, add ordinal position to SecurityIssues

Author: jkschneider

src/main/java/io/moderne/devcenter/DevCenter.java

@@ -44,14 +44,16 @@ public void validate() throws DevCenterValidationException {
             validationErrors.add("Only one security recipe can be included.");
         }
         for (UpgradeOrMigration upgradesAndMigration : upgradesAndMigrations) {
-            //noinspection ConstantValue
-            if (upgradesAndMigration.getFixRecipeId() == null) {
-                validationErrors.add("Recipe " + upgradesAndMigration.getRecipeName() +
-                                     " is missing a fix recipe. Please add a tag `DevCenter:fix:<RECIPE_ID>` to the recipe.");
+            if (upgradesAndMigration.getRecipesContributingMeasures().isEmpty()) {
+                validationErrors.add("Recipe `" + upgradesAndMigration.getRecipeId() + "` " +
+                                     "with a `DevCenter:fix:<RECIPE_ID>` tag should either directly or have " +
+                                     "a subrecipe contributing rows to the `UpgradesAndMigrations` data table.");
             }
         }
 
-        throw new DevCenterValidationException(validationErrors);
+        if (!validationErrors.isEmpty()) {
+            throw new DevCenterValidationException(validationErrors);
+        }
     }
 
     public List<UpgradeOrMigration> getUpgradesAndMigrations() {
@@ -67,13 +69,12 @@ public Security getSecurity() {
     private List<UpgradeOrMigration> getUpgradesAndMigrationsRecursive(RecipeDescriptor recipeDescriptor,
                                                                        List<UpgradeOrMigration> upgradesAndMigrations) {
         for (RecipeDescriptor recipe : recipeDescriptor.getRecipeList()) {
-            for (DataTableDescriptor dataTable : recipe.getDataTables()) {
-                if (dataTable.getName().equals(new UpgradesAndMigrations(Recipe.noop()).getDisplayName())) {
-                    //noinspection DataFlowIssue
-                    upgradesAndMigrations.add(new UpgradeOrMigration(
-                            recipe.getInstanceName(), recipe.getName(), fixRecipe(recipeDescriptor)
-                    ));
-                }
+            String fixRecipe = fixRecipe(recipe);
+            if (fixRecipe != null) {
+                upgradesAndMigrations.add(new UpgradeOrMigration(recipe.getDisplayName(),
+                        recipe.getName(),
+                        fixRecipe,
+                        getRecipesContributingMeasures(recipe, new ArrayList<>())));
             }
             for (RecipeDescriptor subRecipe : recipe.getRecipeList()) {
                 getUpgradesAndMigrationsRecursive(subRecipe, upgradesAndMigrations);
@@ -82,6 +83,18 @@ private List<UpgradeOrMigration> getUpgradesAndMigrationsRecursive(RecipeDescrip
         return upgradesAndMigrations;
     }
 
+    private List<RecipeDescriptor> getRecipesContributingMeasures(RecipeDescriptor recipe, List<RecipeDescriptor> contributors) {
+        for (DataTableDescriptor dataTable : recipe.getDataTables()) {
+            if (dataTable.getName().equals(new UpgradesAndMigrations(Recipe.noop()).getName())) {
+                contributors.add(recipe);
+            }
+        }
+        for (RecipeDescriptor subRecipe : recipe.getRecipeList()) {
+            getRecipesContributingMeasures(subRecipe, contributors);
+        }
+        return contributors;
+    }
+
     @Nullable
     private String fixRecipe(RecipeDescriptor recipeDescriptor) {
         for (String tag : recipeDescriptor.getTags()) {
@@ -109,8 +122,10 @@ private List<Security> getSecurityRecursive(RecipeDescriptor recipeDescriptor, L
     @Value
     public static class UpgradeOrMigration {
         String displayName;
-        String recipeName;
+        String recipeId;
         String fixRecipeId;
+
+        List<RecipeDescriptor> recipesContributingMeasures;
     }
 
     @Value

src/main/java/io/moderne/devcenter/ReportAsSecurityIssues.java

@@ -53,10 +53,17 @@ public Tree preVisit(Tree tree, ExecutionContext ctx) {
                 tree.getMarkers().findFirst(RecipesThatMadeChanges.class).ifPresent(changes -> {
                     for (List<Recipe> recipeStack : changes.getRecipes()) {
                         for (int i = 0; i < recipeStack.size(); i++) {
-                            if (recipeStack.get(i).getTags().contains("DevCenter:security")) {
-                                securityIssues.insertRow(ctx, new SecurityIssues.Row(
-                                        recipeStack.get(i + 1).getInstanceName()
-                                ));
+                            Recipe recipe = recipeStack.get(i);
+                            if (recipe.getTags().contains("DevCenter:security")) {
+                                Recipe measure = recipeStack.get(i + 1);
+                                List<Recipe> recipeList = recipe.getRecipeList();
+                                for (int j = 0; j < recipeList.size(); j++) {
+                                    if (recipeList.get(j).getName().equals(measure.getName())) {
+                                        securityIssues.insertRow(ctx, new SecurityIssues.Row(
+                                                j, measure.getInstanceName()));
+                                        break;
+                                    }
+                                }
                             }
                         }
                     }

src/main/java/io/moderne/devcenter/table/SecurityIssues.java

@@ -23,14 +23,17 @@
 public class SecurityIssues extends DataTable<SecurityIssues.Row> {
 
     public SecurityIssues(Recipe recipe) {
-        super(recipe,
-                "Security issues",
-                "Security issues in the repository."
-        );
+        super(recipe, "Security issues", "Security issues in the repository.");
     }
 
     @Value
     public static class Row {
+        @Column(
+                displayName = "Ordinal",
+                description = "The ordinal position of this issue relative to other issues."
+        )
+        int ordinal;
+
         @Column(
                 displayName = "Issue name",
                 description = "The name of the security issue."

src/main/resources/META-INF/rewrite/default.yml

@@ -40,7 +40,7 @@ tags:
   - DevCenter:fix:org.openrewrite.java.migrate.UpgradeToJava21
 recipeList:
   - io.moderne.devcenter.JavaVersionUpgrade:
-      targetVersion: 21
+      majorVersion: 21
 ---
 type: specs.openrewrite.org/v1beta/recipe
 name: io.moderne.devcenter.SpringBootUpgradeStarter

src/main/resources/META-INF/rewrite/devcenter.yml

@@ -0,0 +1,20 @@
+#
+# Copyright 2021 the original author or authors.
+# <p>
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# <p>
+# https://www.apache.org/licenses/LICENSE-2.0
+# <p>
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+type: specs.openrewrite.org/v1beta/category
+name: Moderne DevCenter
+packageName: io.moderne.DevCenter
+

src/test/java/io/moderne/devcenter/DevCenterTest.java

@@ -15,5 +15,38 @@
  */
 package io.moderne.devcenter;
 
+import org.junit.jupiter.api.Test;
+import org.openrewrite.Recipe;
+import org.openrewrite.config.Environment;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
 public class DevCenterTest {
+
+    @SuppressWarnings("DataFlowIssue")
+    @Test
+    void valid() throws DevCenterValidationException {
+        Recipe starterDevCenter = Environment.builder()
+          .scanRuntimeClasspath("org.openrewrite")
+          .scanYamlResources()
+          .build()
+          .activateRecipes("io.moderne.devcenter.DevCenterStarter");
+
+        DevCenter devCenter = new DevCenter(starterDevCenter.getDescriptor());
+        devCenter.validate();
+        assertThat(devCenter.getUpgradesAndMigrations()).hasSize(3);
+        assertThat(devCenter.getSecurity()).isNotNull();
+    }
+
+    @Test
+    void noCards() {
+        DevCenter devCenter = new DevCenter(Recipe.builder("No cards", "A DevCenter with no cards.")
+          .build("io.moderne.devcenter.DevCenterNoCards")
+          .getDescriptor());
+
+        assertThatThrownBy(devCenter::validate)
+          .isInstanceOf(DevCenterValidationException.class)
+          .hasMessageContaining("No recipes included that provide upgrades and migrations or security advice.");
+    }
 }

src/test/java/io/moderne/devcenter/ReportAsSecurityIssuesTest.java

@@ -40,7 +40,7 @@ public void defaults(RecipeSpec spec) {
     void reportSecret() {
         rewriteRun(spec -> spec.dataTable(SecurityIssues.Row.class, rows ->
             assertThat(rows).containsExactly(
-              new SecurityIssues.Row("Find secrets")
+              new SecurityIssues.Row(7, "Find secrets")
             )),
           //language=java
           java(