RIPE NCC has merged 81e06b1

* Fix deploy-check script to include head refs [c20fe531]
* Fix spelling [07d51e00]
* Rename Unknown to Not Found in email templates and code around them [4fbe7ed1]
* chore(deps): update dependency org.eclipse.jgit:org.eclipse.jgit to v7.4.0.202509020913-r [8619385b]
* chore(deps): update dependency io.sentry:sentry-bom to v8.23.0 [a0a98f8b]
* chore(deps): update dependency io.freefair.lombok:io.freefair.lombok.gradle.plugin to v9 [e2ccb024]
* chore(deps): update dependency io.sentry:sentry-bom to v8.22.0 [f96d52fc]
* chore(deps): update dependency org.postgresql:postgresql to v42.7.8 [87b420fd]
* Use nCipherKM version 13.6.12 [a10059fb]
* Cleanup [0a945174]
* Apply sonarqube [961b6b48]
* Revert broken tests [fecf950e]
* Fix EqualsAndHashCode [20dfa20d]
* Make UpdateAspaConfigurationCommand a bit more clear, add tests [211f326f]
* Add ASPA notation https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-notation/ [4e7314bd]
* Add test [2518b1cd]
* Process empty case specially [4c7b28a0]
* chore(deps): update dependency com.google.code.gson:gson to v2.13.2 [9489022f]
* chore(deps): update dependency io.sentry:sentry-bom to v8.21.1 [14527f3b]
* hsm: inline `$spring_boot_version` [fcd47503]
* rpki-commons: 1.40 -> 1.41 [cd535c1e]
* chore(deps): update dependency org.sonarqube:org.sonarqube.gradle.plugin to v6.3.1.5724 [a67e6b6e]
* chore(deps): update dependency com.gorylenko.gradle-git-properties:com.gorylenko.gradle-git-properties.gradle.plugin to v2.5.3 [e668ff7f]
* chore(deps): update actions/setup-java action to v5 [9f79a49b]
* chore(deps): update dependency io.freefair.lombok:io.freefair.lombok.gradle.plugin to v8.14.2 [b1645b70]
* chore(deps): update dependency io.sentry:sentry-bom to v8.19.1 [435c3652]
* chore(deps): update actions/checkout action to v5 [2bee2f72]

Author: RPKI Team at RIPE NCC

.github/workflows/unit-tests.yml

@@ -18,9 +18,9 @@ jobs:
         options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: setup java
-        uses: actions/setup-java@4
+        uses: actions/setup-java@5
         with:
           java-version: 17
           distribution: temurin

build.gradle

@@ -44,21 +44,19 @@ dependencies {
     implementation "org.thymeleaf:thymeleaf:3.1.2.RELEASE"
     implementation "org.thymeleaf:thymeleaf-spring6:3.1.3.RELEASE"
 
-    implementation platform('io.sentry:sentry-bom:8.18.0')
+    implementation platform('io.sentry:sentry-bom:8.23.0')
     implementation 'io.sentry:sentry-spring-boot-starter'
     implementation 'io.sentry:sentry-logback'
 
-    implementation("net.ripe.rpki:rpki-commons:$rpki_commons_version") {
-        exclude group: "net.sf.saxon", module: "Saxon-HE"
-    }
+    implementation("net.ripe.rpki:rpki-commons:$rpki_commons_version")
 
     implementation 'org.springdoc:springdoc-openapi-ui:1.8.0'
 
     runtimeOnly 'io.micrometer:micrometer-registry-prometheus'
-    implementation 'org.postgresql:postgresql:42.7.7'
+    implementation 'org.postgresql:postgresql:42.7.8'
     runtimeOnly 'org.springframework.boot:spring-boot-starter-tomcat'
 
-    implementation 'com.google.code.gson:gson:2.13.1'
+    implementation 'com.google.code.gson:gson:2.13.2'
     implementation 'com.jamesmurty.utils:java-xmlbuilder:1.3'
     implementation 'commons-codec:commons-codec:1.19.0'
     implementation 'commons-io:commons-io:2.20.0'

buildSrc/build.gradle

@@ -9,10 +9,10 @@ repositories {
 }
 
 dependencies {
-    implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.14'
-    implementation('com.gorylenko.gradle-git-properties:com.gorylenko.gradle-git-properties.gradle.plugin:2.5.2') {
+    implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:9.0.0'
+    implementation('com.gorylenko.gradle-git-properties:com.gorylenko.gradle-git-properties.gradle.plugin:2.5.3') {
         exclude group: 'org.eclipse.jgit', module: 'org.eclipse.jgit'
     }
-    implementation 'org.eclipse.jgit:org.eclipse.jgit:7.3.0.202506031305-r'
-    implementation 'org.sonarqube:org.sonarqube.gradle.plugin:6.2.0.5505'
+    implementation 'org.eclipse.jgit:org.eclipse.jgit:7.4.0.202509020913-r'
+    implementation 'org.sonarqube:org.sonarqube.gradle.plugin:6.3.1.5724'
 }

dependencies.gradle

@@ -1,4 +1,3 @@
 ext {
-    rpki_commons_version = '1.40'
-    spring_boot_version = '2.7.18'
+    rpki_commons_version = '1.41'
 }

hsm/build.gradle

@@ -30,16 +30,15 @@ dependencies {
             requireCapability('net.ripe.rpki.hsm:api-only')
         }
     }
-    thalesImplementation("net.ripe.rpki:rpki-commons:$rpki_commons_version") {
-        exclude group: "net.sf.saxon", module: "Saxon-HE"
-    }
+    thalesImplementation("net.ripe.rpki:rpki-commons:$rpki_commons_version")
+
     // 2024-4-26: Final DBProvider 1.6 provided by Entrust
     thalesImplementation 'com.thales.esecurity.asg.ripe.db-jceprovider:DBProvider:1.6'
     // **When using JDK 11** make sure the matching version of nCipherKM is on classpath because DBProvider depends on it.
-    thalesImplementation 'com.ncipher.nfast:nCipherKM:13.6.11'
+    thalesImplementation 'com.ncipher.nfast:nCipherKM:13.6.12'
 
     thalesImplementation 'org.springframework:spring-context:6.1.15'
     // used in spring-context, but not exported.
     thalesImplementation 'javax.annotation:javax.annotation-api:1.3.2'
-    thalesImplementation "org.springframework.boot:spring-boot-autoconfigure:$spring_boot_version"
+    thalesImplementation "org.springframework.boot:spring-boot-autoconfigure:2.7.18"
 }

scripts/gitlab-deploy-check

@@ -128,6 +128,7 @@ const calculateDeploymentDurations = (timeline, mergeRequest) => {
     const matchesMR = ({ref, sha}) => {
         return sha === mergeRequest.sha
             || ref === mergeRequest.source_branch
+            || ref === `refs/merge-requests/${mergeRequest.iid}/head`
             || ref === `refs/merge-requests/${mergeRequest.iid}/merge`;
     };
     const matchesLastCommit = ({sha, parent_ids}) =>

src/main/java/net/ripe/rpki/domain/aspa/AspaConfigurationMaintenanceServiceBean.java

@@ -17,7 +17,6 @@
 
 import java.util.List;
 import java.util.SortedMap;
-import java.util.stream.Collectors;
 
 /**
  * Updates the ASPA configuration based on the current certified resources, removing any ASPA configuration with a that
@@ -87,7 +86,7 @@ public String toString() {
             // This string representation is stored in the command audit table and shown to the user
             return String.format(
                 "Updated ASPA configuration due to changed resources, removed customer ASNs: %s.",
-                UpdateAspaConfigurationCommand.getHumanReadableAspaConfiguration(removed)
+                UpdateAspaConfigurationCommand.inIETFNotation(removed)
             );
         }
     }

src/main/java/net/ripe/rpki/server/api/commands/UpdateAspaConfigurationCommand.java

@@ -11,29 +11,27 @@
 public class UpdateAspaConfigurationCommand extends CertificateAuthorityModificationCommand {
 
     private final String ifMatch;
-    private final List<AspaConfigurationData> configuration;
+    private final List<AspaConfigurationData> configurations;
 
-    public UpdateAspaConfigurationCommand(VersionedId certificateAuthorityId, String ifMatch, List<AspaConfigurationData> configuration) {
+    public UpdateAspaConfigurationCommand(VersionedId certificateAuthorityId, String ifMatch, List<AspaConfigurationData> configurations) {
         super(certificateAuthorityId, CertificateAuthorityCommandGroup.USER);
         this.ifMatch = ifMatch;
-        this.configuration = configuration;
+        this.configurations = configurations;
     }
 
     @Override
     public String getCommandSummary() {
-        return "Update ASPA configuration to: " + getHumanReadableAspaConfiguration(configuration) + ".";
+        var s = "Update ASPA configuration to: ";
+        if (configurations.isEmpty()) {
+            return s + "empty.";
+        }
+        return s + inIETFNotation(configurations) + ".";
     }
 
-    public static String getHumanReadableAspaConfiguration(List<AspaConfigurationData> aspaConfiguration) {
-        // This string representation is stored in the command audit table and shown to the user
+    public static String inIETFNotation(List<AspaConfigurationData> aspaConfiguration) {
         return aspaConfiguration.stream()
-            .map(aspa -> aspa.getCustomerAsn() + " -> " + getHumanReadableProviders(aspa))
-            .collect(Collectors.joining("; "));
+                .map(AspaConfigurationData::inIETFNotation)
+                .collect(Collectors.joining("; "));
     }
 
-    private static String getHumanReadableProviders(AspaConfigurationData aspa) {
-        return aspa.getProviders().stream()
-            .map(Object::toString)
-            .collect(Collectors.joining(", "));
-    }
 }

src/main/java/net/ripe/rpki/server/api/dto/AspaConfigurationData.java

@@ -1,16 +1,17 @@
 package net.ripe.rpki.server.api.dto;
 
 import com.google.gson.Gson;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
 import lombok.NonNull;
 import lombok.Value;
 import net.ripe.ipresource.Asn;
 import net.ripe.rpki.util.Streams;
+import org.apache.commons.lang3.Validate;
 
 import java.nio.charset.StandardCharsets;
-import java.util.List;
-import java.util.SortedMap;
-import java.util.SortedSet;
-import java.util.TreeSet;
+import java.util.*;
+import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 import static net.ripe.rpki.util.Streams.streamToSortedMap;
@@ -42,4 +43,14 @@ public static SortedMap<Asn, SortedSet<Asn>> dataToMaps(List<AspaConfigurationDa
             ac -> new TreeSet<>(ac.getProviders())
         );
     }
+
+    public static String inIETFNotation(AspaConfigurationData aspa) {
+        if (aspa.getProviders().isEmpty()) {
+            return "";
+        }
+        return aspa.getProviders().stream()
+                .sorted(Comparator.comparing(Asn::longValue))
+                .map(Object::toString)
+                .collect(Collectors.joining(", ", aspa.getCustomerAsn() + " => ", ""));
+    }
 }

src/main/java/net/ripe/rpki/services/impl/RoaAlertChecker.java

@@ -82,7 +82,7 @@ public void checkAndSendRoaAlertEmailToSubscription(RoaAlertConfigurationData co
         final Set<RouteValidityState> routeValidityStates = configuration.getRouteValidityStates();
         final List<AnnouncedRoute> invalidAsnsToMail = routeValidityStates.contains(RouteValidityState.INVALID_ASN) ? announcedRoutes.invalidAsns : Collections.emptyList();
         final List<AnnouncedRoute> invalidLengthsToMail = routeValidityStates.contains(RouteValidityState.INVALID_LENGTH) ? announcedRoutes.invalidLengths : Collections.emptyList();
-        final List<AnnouncedRoute> unknownsToMail = routeValidityStates.contains(RouteValidityState.UNKNOWN) ? announcedRoutes.unknowns : Collections.emptyList();
+        final List<AnnouncedRoute> unknownsToMail = routeValidityStates.contains(RouteValidityState.UNKNOWN) ? announcedRoutes.notFounds : Collections.emptyList();
         final Set<AnnouncedRoute> ignoredAnnouncements = configuration.getIgnoredAnnouncements();
 
         updateMetrics(invalidAsnsToMail, invalidLengthsToMail, unknownsToMail);
@@ -114,7 +114,7 @@ AnnouncedRoutes getAnnouncedRoutesForCA(CertificateAuthorityData ca, Set<Announc
                         announcedRoutes.valids.add(announcedRoute);
                         break;
                     case UNKNOWN:
-                        announcedRoutes.unknowns.add(announcedRoute);
+                        announcedRoutes.notFounds.add(announcedRoute);
                         break;
                     case INVALID_ASN:
                         announcedRoutes.invalidAsns.add(announcedRoute);
@@ -131,12 +131,12 @@ AnnouncedRoutes getAnnouncedRoutesForCA(CertificateAuthorityData ca, Set<Announc
     private void sendRoaAlertEmailToSubscription(RoaAlertConfigurationData configuration,
                                                  List<AnnouncedRoute> invalidAsnsToMail,
                                                  List<AnnouncedRoute> invalidLengthsToMail,
-                                                 List<AnnouncedRoute> unknowns,
+                                                 List<AnnouncedRoute> notFounds,
                                                  Set<AnnouncedRoute> unsortedIgnoredAlerts) {
         String humanizedCaName = internalNamePresenter.humanizeCaName(configuration.getCertificateAuthority().getName());
         Collections.sort(invalidAsnsToMail);
         Collections.sort(invalidLengthsToMail);
-        Collections.sort(unknowns);
+        Collections.sort(notFounds);
 
         final SortedSet<AnnouncedRoute> ignoredAlerts = new TreeSet<>();
         ignoredAlerts.addAll(unsortedIgnoredAlerts);
@@ -146,7 +146,7 @@ private void sendRoaAlertEmailToSubscription(RoaAlertConfigurationData configura
             "ignoredAlerts", ignoredAlerts,
             "invalidAsns", invalidAsnsToMail,
             "invalidLengths", invalidLengthsToMail,
-            "unknowns", unknowns,
+            "notFounds", notFounds,
             "subscription", configuration
         );
 
@@ -163,7 +163,7 @@ private void sendRoaAlertEmailToSubscription(RoaAlertConfigurationData configura
     static final class AnnouncedRoutes {
         final List<AnnouncedRoute> invalidAsns = new ArrayList<>();
         final List<AnnouncedRoute> invalidLengths = new ArrayList<>();
-        final List<AnnouncedRoute> unknowns = new ArrayList<>();
+        final List<AnnouncedRoute> notFounds = new ArrayList<>();
         final List<AnnouncedRoute> valids = new ArrayList<>();
     }
 }