Move to Egeria 4.1

[mandy-chessell]

No description provided.

[planetf1]

The codeQL tests are currently using 'autobuild' which should build using either maven or gradle as appropriate, though we have had issues in the past both with autobuild, and codeQL more generally.

In this case the checks didn't fail as such, but we saw no results.

This project also currently doesn't have a verification in build -- perhaps in part as it's a series of small projects. I do think it would be worthwhile adding such a build, please let me know if you need some tips, but it's similar to our other gradle based projects.

Given codeQL I will set the codeQL we could set the checks to be optional for now. These can be reenabled in settings if the checks need to be mandatory in future. But first, reopening and closing the PR may kick codeQL into action, so I will try that.

[mandy-chessell]

I do not know why codeQL was enabled - I agree it should not be required - particularly as it is not working :)

[planetf1]

After close/open, the codeQL action was kicked off. However it failed.

  [2023-06-07 08:31:23] [autobuild] Execution failed for task ':asset-deploy:compileJava'.
  [2023-06-07 08:31:23] [autobuild] > error: release version 17 not supported

I tried building the PR locally.

One warning

> Task :buildHealth
There were dependency violations. See report at /Users/jonesn/IdeaProjects/egeria-dev-projects/build/reports/dependency-analysis/build-health-report.txt

cat /Users/jonesn/IdeaProjects/egeria-dev-projects/build/reports/dependency-analysis/build-health-report.txt
Advice for :asset-deploy
Unused dependencies which should be removed:
  implementation 'org.odpi.egeria:ocf-metadata-client:4.1'

Advice for :asset-look-up
Unused dependencies which should be removed:
  implementation 'org.odpi.egeria:ocf-metadata-api:4.1'
  implementation 'org.odpi.egeria:ocf-metadata-client:4.1'

Advice for :asset-set-up
Unused dependencies which should be removed:
  implementation 'org.odpi.egeria:asset-consumer-api:4.1'
  implementation 'org.odpi.egeria:asset-manager-api:4.1'
  implementation 'org.odpi.egeria:asset-owner-api:4.1'
  implementation 'org.odpi.egeria:data-manager-api:4.1'
  implementation 'org.odpi.egeria:digital-architecture-api:4.1'
  implementation 'org.odpi.egeria:it-infrastructure-api:4.1'
  implementation 'org.odpi.egeria:ocf-metadata-api:4.1'
  implementation 'org.odpi.egeria:ocf-metadata-client:4.1'
  implementation 'org.odpi.egeria:open-integration-framework:4.1'
  implementation 'org.odpi.egeria:platform-services-api:4.1'

Advice for :egeria-config-utility
Unused dependencies which should be removed:
  implementation 'org.odpi.egeria:audit-log-framework:4.1'

Advice for :egeria-ops-utility
Unused dependencies which should be removed:
  implementation 'org.odpi.egeria:open-connector-framework:4.1'

In core egeria the top level build.gradle sets us up to fail when a dependency violation occurs

This is done by ensuring this is set

 // Dependency checking - see https://github.com/autonomousapps/dependency-analysis-android-gradle-plugin
 dependencyAnalysis {
     issues {
         all {
             onAny {
                 severity('fail')
             }
         }
     }
 }

I appprove the change, but suggest we do

• Make the codeQL check optional for now (settings/branch protection rules/main -- remove the codeQL variations) - but at this point only DCO is checked
• Make the healthcheck dependency validation mandatory, and correct the reported issues
• Fix the codeQL build to do an explicit compile (validate wrapper, and use official gradle action)
• Consider adding a regular build script which is similar, but does not run codeQL (there is some duplication, but you could then make the codeQL check optional, and core build mandatory)

Let me know if you need any advice/help with the above.