From a6e60e010804b3cd3643a777bac70f2208f7e4eb Mon Sep 17 00:00:00 2001
From: rfast_expedia <rfast@expediagroup.com>
Date: Wed, 12 Nov 2025 15:43:53 -0600
Subject: [PATCH] Fix vulnerabilities and update Travis (lol) to github actions

---
 .github/workflows/ci.yml                      | 211 ++++++++++++++++++
 agent-dispatchers/kinesis/pom.xml             |   2 +-
 .../agent/dispatcher/KinesisDispatcher.java   |   3 +-
 agent-providers/span/pom.xml                  |  10 +
 api/pom.xml                                   |  11 +-
 bundlers/haystack-agent/pom.xml               |  12 +
 pom.xml                                       |  90 +++-----
 7 files changed, 271 insertions(+), 68 deletions(-)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..106ed3c
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,211 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - '*'
+  pull_request:
+    branches:
+      - master
+
+jobs:
+  build:
+    name: Build and Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up JDK 8
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '8'
+          cache: 'maven'
+
+      - name: Build with Maven
+        run: mvn clean install -Dgpg.skip -Dmaven.javadoc.skip=true -B -V
+
+      - name: Upload build artifacts
+        if: success()
+        uses: actions/upload-artifact@v4
+        with:
+          name: haystack-agent-jar
+          path: bundlers/haystack-agent/target/haystack-agent-*.jar
+          retention-days: 7
+
+  deploy:
+    name: Deploy to Maven Central and Docker Hub
+    runs-on: ubuntu-latest
+    needs: build
+    # Only deploy on master branch (non-PR) or on tags
+    if: |
+      (github.ref == 'refs/heads/master' && github.event_name == 'push') ||
+      startsWith(github.ref, 'refs/tags/')
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up JDK 8
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '8'
+          cache: 'maven'
+
+      - name: Import GPG key
+        if: env.GPG_SECRET_KEYS != ''
+        env:
+          GPG_SECRET_KEYS: ${{ secrets.GPG_SECRET_KEYS }}
+          GPG_OWNERTRUST: ${{ secrets.GPG_OWNERTRUST }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          if [ ! -z "$GPG_SECRET_KEYS" ]; then
+            echo "$GPG_SECRET_KEYS" | base64 --decode | gpg --batch --import
+          fi
+          if [ ! -z "$GPG_OWNERTRUST" ]; then
+            echo "$GPG_OWNERTRUST" | base64 --decode | gpg --batch --import-ownertrust
+          fi
+
+      - name: Create Maven settings.xml
+        run: |
+          mkdir -p ~/.m2
+          cat > ~/.m2/settings.xml << 'EOF'
+          <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
+                                http://maven.apache.org/xsd/settings-1.0.0.xsd">
+              <servers>
+                  <server>
+                      <id>ossrh</id>
+                      <username>${env.SONATYPE_USERNAME}</username>
+                      <password>${env.SONATYPE_PASSWORD}</password>
+                  </server>
+              </servers>
+              <profiles>
+                <profile>
+                  <id>ossrh</id>
+                  <activation>
+                    <activeByDefault>true</activeByDefault>
+                  </activation>
+                  <properties>
+                    <gpg.executable>gpg</gpg.executable>
+                    <gpg.passphrase>${env.GPG_PASSPHRASE}</gpg.passphrase>
+                  </properties>
+                </profile>
+              </profiles>
+          </settings>
+          EOF
+
+      - name: Determine version and GPG settings
+        id: version
+        run: |
+          if [ ! -z "${{ github.ref_name }}" ] && [[ "${{ github.ref }}" == refs/tags/* ]]; then
+            # This is a tag release
+            VERSION=${{ github.ref_name }}
+            echo "AGENT_JAR_VERSION=$VERSION" >> $GITHUB_ENV
+            echo "SKIP_GPG_SIGN=false" >> $GITHUB_ENV
+            echo "version=$VERSION" >> $GITHUB_OUTPUT
+            echo "Travis tag is set -> updating pom.xml <version> attribute to $VERSION"
+            mvn org.codehaus.mojo:versions-maven-plugin:2.1:set -DnewVersion=$VERSION -q
+          else
+            # This is a snapshot build
+            VERSION=$(cat pom.xml | sed -n -e 's/.*<version>\(.*\)<\/version>.*/\1/p' | head -1)
+            echo "AGENT_JAR_VERSION=$VERSION" >> $GITHUB_ENV
+            echo "SKIP_GPG_SIGN=true" >> $GITHUB_ENV
+            echo "version=$VERSION" >> $GITHUB_OUTPUT
+            echo "No tag set, hence keeping the snapshot version in pom.xml: $VERSION"
+          fi
+
+      - name: Deploy to Maven Central
+        env:
+          SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }}
+          SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+        run: |
+          if [ -z "$SONATYPE_USERNAME" ]; then
+            echo "ERROR! Please set SONATYPE_USERNAME secret"
+            exit 1
+          fi
+          if [ -z "$SONATYPE_PASSWORD" ]; then
+            echo "ERROR! Please set SONATYPE_PASSWORD secret"
+            exit 1
+          fi
+
+          mvn clean deploy -Dgpg.skip=$SKIP_GPG_SIGN -DskipTests=true -B -U
+          echo "Successfully deployed the jars to Nexus"
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Prepare Docker build
+        run: |
+          cp bundlers/haystack-agent/target/haystack-agent-${AGENT_JAR_VERSION}.jar bundlers/haystack-agent/target/haystack-agent.jar
+
+      - name: Extract Docker metadata
+        id: meta
+        run: |
+          DOCKER_ORG=expediadotcom
+          DOCKER_IMAGE_NAME=haystack-agent
+          VERSION=${{ env.AGENT_JAR_VERSION }}
+
+          echo "DOCKER_ORG=$DOCKER_ORG" >> $GITHUB_ENV
+          echo "DOCKER_IMAGE_NAME=$DOCKER_IMAGE_NAME" >> $GITHUB_ENV
+          echo "QUALIFIED_IMAGE=$DOCKER_ORG/$DOCKER_IMAGE_NAME" >> $GITHUB_ENV
+
+          # Determine tags based on version
+          TAGS=""
+          if [[ $VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
+            # Release version - create multiple tags
+            MAJOR="${BASH_REMATCH[1]}"
+            MINOR="${BASH_REMATCH[2]}"
+            PATCH="${BASH_REMATCH[3]}"
+
+            TAGS="$DOCKER_ORG/$DOCKER_IMAGE_NAME:$MAJOR"
+            TAGS="$TAGS,$DOCKER_ORG/$DOCKER_IMAGE_NAME:$MAJOR.$MINOR"
+            TAGS="$TAGS,$DOCKER_ORG/$DOCKER_IMAGE_NAME:$MAJOR.$MINOR.$PATCH"
+            TAGS="$TAGS,$DOCKER_ORG/$DOCKER_IMAGE_NAME:latest"
+            echo "Pushing released version to Docker Hub with tags: $TAGS"
+          else
+            # Snapshot version
+            TAGS="$DOCKER_ORG/$DOCKER_IMAGE_NAME:$VERSION"
+            echo "Pushing snapshot version to Docker Hub with tag: $TAGS"
+          fi
+
+          echo "tags=$TAGS" >> $GITHUB_OUTPUT
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./docker/Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  notify:
+    name: Send notifications
+    runs-on: ubuntu-latest
+    needs: [build, deploy]
+    if: failure() && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/'))
+
+    steps:
+      - name: Notify on failure
+        run: |
+          echo "Build or deployment failed. In Travis CI, this would send email to haystack-notifications@expedia.com"
+          echo "Consider setting up GitHub Actions email notifications or Slack webhooks."
diff --git a/agent-dispatchers/kinesis/pom.xml b/agent-dispatchers/kinesis/pom.xml
index 8506eb6..e523f11 100644
--- a/agent-dispatchers/kinesis/pom.xml
+++ b/agent-dispatchers/kinesis/pom.xml
@@ -13,7 +13,7 @@
     <artifactId>haystack-agent-kinesis-dispatcher</artifactId>
 
     <properties>
-        <aws.kinesis.producer.lib.version>0.14.0</aws.kinesis.producer.lib.version>
+        <aws.kinesis.producer.lib.version>0.15.12</aws.kinesis.producer.lib.version>
     </properties>
 
     <dependencies>
diff --git a/agent-dispatchers/kinesis/src/main/java/com/expedia/www/haystack/agent/dispatcher/KinesisDispatcher.java b/agent-dispatchers/kinesis/src/main/java/com/expedia/www/haystack/agent/dispatcher/KinesisDispatcher.java
index 40f084f..86a7db7 100644
--- a/agent-dispatchers/kinesis/src/main/java/com/expedia/www/haystack/agent/dispatcher/KinesisDispatcher.java
+++ b/agent-dispatchers/kinesis/src/main/java/com/expedia/www/haystack/agent/dispatcher/KinesisDispatcher.java
@@ -34,6 +34,7 @@
 import com.google.common.util.concurrent.FutureCallback;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
+import com.google.common.util.concurrent.MoreExecutors;
 import com.typesafe.config.Config;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.Validate;
@@ -194,7 +195,7 @@ public void onFailure(final Throwable throwable) {
                             formatAttempts(result.getAttempts()), e);
                 }
             }
-        });
+        }, MoreExecutors.directExecutor());
     }
 
     private String formatAttempts(final List<Attempt> attempts) {
diff --git a/agent-providers/span/pom.xml b/agent-providers/span/pom.xml
index 727efd6..953b3b2 100644
--- a/agent-providers/span/pom.xml
+++ b/agent-providers/span/pom.xml
@@ -11,6 +11,10 @@
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
+    <properties>
+        <okhttp.version>2.7.5</okhttp.version>
+    </properties>
+
     <dependencies>
         <dependency>
             <groupId>com.expedia.www</groupId>
@@ -33,6 +37,12 @@
             <groupId>commons-io</groupId>
             <artifactId>commons-io</artifactId>
         </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp</groupId>
+            <artifactId>okhttp</artifactId>
+            <version>${okhttp.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/api/pom.xml b/api/pom.xml
index 2d4022f..867a88e 100644
--- a/api/pom.xml
+++ b/api/pom.xml
@@ -26,6 +26,13 @@
             <groupId>io.grpc</groupId>
             <artifactId>grpc-services</artifactId>
         </dependency>
+
+        <!-- javax.annotation for Java 9+ compatibility -->
+        <dependency>
+            <groupId>javax.annotation</groupId>
+            <artifactId>javax.annotation-api</artifactId>
+            <version>1.3.2</version>
+        </dependency>
     </dependencies>
 
     <build>
@@ -60,7 +67,7 @@
                             <goal>run</goal>
                         </goals>
                         <configuration>
-                            <protocArtifact>com.google.protobuf:protoc:3.0.0</protocArtifact>
+                            <protocArtifact>com.google.protobuf:protoc:${protobuf.version}</protocArtifact>
                             <includeDirectories>
                                 <include>${project.basedir}/../haystack-idl/proto</include>
                                 <include>${project.basedir}/../haystack-idl/proto/api</include>
@@ -75,7 +82,7 @@
                                 </outputTarget>
                                 <outputTarget>
                                     <type>grpc-java</type>
-                                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.0.1</pluginArtifact>
+                                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.68.2</pluginArtifact>
                                 </outputTarget>
                             </outputTargets>
                         </configuration>
diff --git a/bundlers/haystack-agent/pom.xml b/bundlers/haystack-agent/pom.xml
index d487f69..18acfe9 100644
--- a/bundlers/haystack-agent/pom.xml
+++ b/bundlers/haystack-agent/pom.xml
@@ -51,11 +51,23 @@
             <groupId>com.expedia.www</groupId>
             <artifactId>blobs-agent-dispatchers</artifactId>
             <version>${blobs.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.expedia.www</groupId>
+                    <artifactId>haystack-agent-api</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <dependency>
             <groupId>com.expedia.www</groupId>
             <artifactId>blobs-agent-server</artifactId>
             <version>${blobs.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>com.expedia.www</groupId>
+                    <artifactId>haystack-agent-api</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
         <!-- grpc -->
         <dependency>
diff --git a/pom.xml b/pom.xml
index 578d25d..3041585 100644
--- a/pom.xml
+++ b/pom.xml
@@ -68,34 +68,33 @@
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.jdk.version>1.8</project.jdk.version>
-        <protobuf.version>3.4.0</protobuf.version>
-        <logback.version>1.2.3</logback.version>
-        <slf4j-api.version>1.7.25</slf4j-api.version>
-        <jackson.version>2.9.10.4</jackson.version>
-        <jackson-dataformat.version>2.9.10</jackson-dataformat.version>
-        <commons-lang.version>3.4</commons-lang.version>
-        <grpc.version>1.9.0</grpc.version>
+        <protobuf.version>3.25.5</protobuf.version>
+        <logback.version>1.2.13</logback.version>
+        <slf4j-api.version>1.7.36</slf4j-api.version>
+        <jackson.version>2.13.5</jackson.version>
+        <commons-lang.version>3.17.0</commons-lang.version>
+        <grpc.version>1.68.2</grpc.version>
         <metrics-core.version>3.2.5</metrics-core.version>
         <jaxb.version>2.3.0</jaxb.version>
         <javax.activation.version>1.1.1</javax.activation.version>
         <blobs.version>1.0.3</blobs.version>
 
-        <jetty.version>9.4.18.v20190429</jetty.version>
-        <zipkin2.version>2.15.0</zipkin2.version>
+        <jetty.version>9.4.56.v20240826</jetty.version>
+        <zipkin2.version>2.27.1</zipkin2.version>
         <scala.major.version>2</scala.major.version>
         <scala.minor.version>12</scala.minor.version>
-        <scala.tiny.version>6</scala.tiny.version>
+        <scala.tiny.version>19</scala.tiny.version>
         <scala.major.minor.version>${scala.major.version}.${scala.minor.version}</scala.major.minor.version>
         <scala-library.version>${scala.major.version}.${scala.minor.version}.${scala.tiny.version}</scala-library.version>
         <testng.version>6.8</testng.version>
         <pegdown.version>1.6.0</pegdown.version>
-        <scalatest.version>3.0.5</scalatest.version>
-        <easymock.version>3.6</easymock.version>
+        <scalatest.version>3.0.9</scalatest.version>
+        <easymock.version>5.4.0</easymock.version>
         <junit.version>4.12</junit.version>
 
-        <aws-sdk.version>1.11.128</aws-sdk.version>
+        <aws-sdk.version>1.12.779</aws-sdk.version>
         <typesafe-config.version>1.3.1</typesafe-config.version>
-        <commons-io.version>2.6</commons-io.version>
+        <commons-io.version>2.18.0</commons-io.version>
 
         <maven-pmd-plugin.version>3.0.1</maven-pmd-plugin.version>
         <pmd.version>5.1.3</pmd.version>
@@ -180,14 +179,11 @@
             </dependency>
 
             <dependency>
-                <groupId>com.fasterxml.jackson.dataformat</groupId>
-                <artifactId>jackson-dataformat-yaml</artifactId>
-                <version>${jackson-dataformat.version}</version>
-            </dependency>
-            <dependency>
-                <groupId>com.fasterxml.jackson.core</groupId>
-                <artifactId>jackson-databind</artifactId>
+                <groupId>com.fasterxml.jackson</groupId>
+                <artifactId>jackson-bom</artifactId>
                 <version>${jackson.version}</version>
+                <scope>import</scope>
+                <type>pom</type>
             </dependency>
             <dependency>
                 <groupId>com.amazonaws</groupId>
@@ -202,14 +198,22 @@
             </dependency>
             <dependency>
                 <groupId>org.eclipse.jetty</groupId>
-                <artifactId>jetty-servlet</artifactId>
+                <artifactId>jetty-bom</artifactId>
                 <version>${jetty.version}</version>
+                <scope>import</scope>
+                <type>pom</type>
             </dependency>
             <dependency>
                 <groupId>io.zipkin.zipkin2</groupId>
                 <artifactId>zipkin</artifactId>
                 <version>${zipkin2.version}</version>
             </dependency>
+            <dependency>
+                <groupId>org.scala-lang.modules</groupId>
+                <artifactId>scala-xml_2.12</artifactId>
+                <version>1.1.1</version>
+                <scope>test</scope>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 
@@ -507,48 +511,6 @@
                     <autoReleaseAfterClose>true</autoReleaseAfterClose>
                 </configuration>
             </plugin>
-            <plugin>
-                <groupId>org.jacoco</groupId>
-                <artifactId>jacoco-maven-plugin</artifactId>
-                <version>${jacoco.version}</version>
-                <executions>
-                    <execution>
-                        <id>default-prepare-agent</id>
-                        <goals>
-                            <goal>prepare-agent</goal>
-                        </goals>
-                    </execution>
-                    <execution>
-                        <id>default-report</id>
-                        <goals>
-                            <goal>report</goal>
-                        </goals>
-                    </execution>
-                    <execution>
-                        <id>default-check</id>
-                        <goals>
-                            <goal>check</goal>
-                        </goals>
-                        <configuration>
-                            <excludes>
-                                <exclude>**/com/expedia/open/tracing/**/*</exclude>
-                            </excludes>
-                            <rules>
-                                <rule implementation="org.jacoco.maven.RuleConfiguration">
-                                    <element>BUNDLE</element>
-                                    <limits>
-                                        <limit implementation="org.jacoco.report.check.Limit">
-                                            <counter>INSTRUCTION</counter>
-                                            <value>COVEREDRATIO</value>
-                                            <minimum>0.4</minimum>
-                                        </limit>
-                                    </limits>
-                                </rule>
-                            </rules>
-                        </configuration>
-                    </execution>
-                </executions>
-            </plugin>
         </plugins>
     </build>