Add CDI Lite signature test evidence

graemerocher · graemerocher · commit 9226a00951a8 · 2026-05-20T15:50:21.000+02:00
diff --git a/.github/scripts/collect-cdi-lite-tck-evidence.sh b/.github/scripts/collect-cdi-lite-tck-evidence.sh
@@ -7,6 +7,8 @@ cd "${repo_root}"
 
 evidence_dir="build/tck-evidence/jdk-${java_version}"
 result_dir="tck-runner/build/test-results/fullTckTest"
+signature_dir="tck-runner/build/reports/cdi-signature-test"
+signature_result_dir="tck-runner/build/test-results/cdiSignatureTest"
 summary_file="${evidence_dir}/summary.md"
 index_file="${evidence_dir}/index.html"
 
@@ -54,6 +56,106 @@ if [ -d "${result_dir}" ]; then
   done
 fi
 
+property_value() {
+  local file="$1"
+  local key="$2"
+  sed -n "s/^${key}=//p" "${file}" | head -1
+}
+
+signature_status="not-run"
+signature_tests="0"
+signature_failures="0"
+signature_errors="0"
+signature_skipped="0"
+signature_tool="unavailable"
+signature_file="unavailable"
+signature_source="unavailable"
+signature_boot_cp="unavailable"
+signature_packages="unavailable"
+signature_api_artifacts="unavailable"
+signature_report="unavailable"
+
+rm -rf "${evidence_dir}/signature-test"
+if [ -d "${signature_dir}" ]; then
+  mkdir -p "${evidence_dir}/signature-test"
+  for signature_artifact in \
+    signature-test.properties \
+    signature-test-report.txt \
+    cdi-api-jdk17.sig; do
+    if [ -f "${signature_dir}/${signature_artifact}" ]; then
+      cp "${signature_dir}/${signature_artifact}" "${evidence_dir}/signature-test/${signature_artifact}"
+    fi
+  done
+fi
+
+if [ -d "${signature_result_dir}" ]; then
+  mkdir -p "${evidence_dir}/signature-test/junit-xml"
+  for result_file in "${signature_result_dir}"/TEST-*.xml; do
+    [ -f "${result_file}" ] || continue
+    perl -0pe 's#<system-out>.*?</system-out>\n?##gs; s#<system-err>.*?</system-err>\n?##gs' \
+      "${result_file}" > "${evidence_dir}/signature-test/junit-xml/$(basename "${result_file}")"
+  done
+fi
+
+if [ -f "${signature_dir}/signature-test.properties" ]; then
+  signature_status="$(property_value "${signature_dir}/signature-test.properties" status)"
+  signature_tests="$(property_value "${signature_dir}/signature-test.properties" tests)"
+  signature_failures="$(property_value "${signature_dir}/signature-test.properties" failures)"
+  signature_errors="$(property_value "${signature_dir}/signature-test.properties" errors)"
+  signature_skipped="$(property_value "${signature_dir}/signature-test.properties" skipped)"
+  signature_tool="$(property_value "${signature_dir}/signature-test.properties" sigtestTool)"
+  signature_file="$(property_value "${signature_dir}/signature-test.properties" signatureFile)"
+  signature_source="$(property_value "${signature_dir}/signature-test.properties" signatureSource)"
+  signature_boot_cp="$(property_value "${signature_dir}/signature-test.properties" bootCpRelease)"
+  signature_packages="$(property_value "${signature_dir}/signature-test.properties" packages)"
+  signature_api_artifacts="$(property_value "${signature_dir}/signature-test.properties" apiArtifacts)"
+  signature_report="$(property_value "${signature_dir}/signature-test.properties" report)"
+fi
+
+if [ -d "${evidence_dir}/signature-test" ]; then
+  cat > "${evidence_dir}/signature-test/index.html" <<EOF
+<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>ODI CDI Lite Signature-Test Evidence - JDK ${java_version}</title>
+  <style>
+    body { font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; line-height: 1.5; max-width: 960px; margin: 2rem auto; padding: 0 1rem; color: #1f2933; }
+    code, pre { background: #f5f7fa; border-radius: 4px; }
+    code { padding: 0.1rem 0.25rem; }
+    table { border-collapse: collapse; width: 100%; margin: 1rem 0; }
+    th, td { border: 1px solid #d9e2ec; padding: 0.5rem; text-align: left; }
+    th { background: #f5f7fa; }
+  </style>
+</head>
+<body>
+  <h1>ODI CDI Lite Signature-Test Evidence - JDK ${java_version}</h1>
+  <table>
+    <tr><th>Status</th><th>Tests</th><th>Failures</th><th>Errors</th><th>Skipped</th></tr>
+    <tr><td>${signature_status}</td><td>${signature_tests}</td><td>${signature_failures}</td><td>${signature_errors}</td><td>${signature_skipped}</td></tr>
+  </table>
+  <ul>
+    <li>Tool: ${signature_tool}</li>
+    <li>TCK signature file: ${signature_file}</li>
+    <li>Signature source: ${signature_source}</li>
+    <li>Boot class path release: ${signature_boot_cp}</li>
+    <li>Checked packages: <code>${signature_packages}</code></li>
+    <li>API artifacts: <code>${signature_api_artifacts}</code></li>
+  </ul>
+  <p>The signature file is extracted dynamically from the resolved Jakarta CDI TCK artifact during the CI run.</p>
+  <h2>Artifacts</h2>
+  <ul>
+    <li><a href="./${signature_report}">Signature-test report</a></li>
+    <li><a href="./signature-test.properties">Signature-test metadata</a></li>
+    <li><a href="./${signature_file}">TCK signature file</a></li>
+    <li><a href="./junit-xml/TEST-cdi-signature-test.xml">JUnit XML</a></li>
+  </ul>
+</body>
+</html>
+EOF
+fi
+
 cat > "${summary_file}" <<EOF
 # ODI CDI Lite TCK Results - JDK ${java_version}
 
@@ -93,7 +195,24 @@ Excluded TestNG groups: \`cdi-full\`, \`integration\`, \`javaee-full\`, \`se\`.
 
 ## Additional Certification Requirements
 
-- Signature-test evidence: pending; this workflow does not claim signature tests passed.
+- Signature-test evidence: ${signature_status}
+
+## Signature Test
+
+- Status: ${signature_status}
+- Tests: ${signature_tests}
+- Failures: ${signature_failures}
+- Errors: ${signature_errors}
+- Skipped: ${signature_skipped}
+- Tool: ${signature_tool}
+- TCK signature file: ${signature_file}
+- Signature source: ${signature_source}
+- Boot class path release: ${signature_boot_cp}
+- Checked packages: ${signature_packages}
+- API artifacts: ${signature_api_artifacts}
+- Report: ./signature-test/${signature_report}
+
+The signature file is extracted dynamically from the resolved Jakarta CDI TCK artifact during the CI run.
 
 ## Environment
 
@@ -109,6 +228,7 @@ ${java_runtime}
 ## Artifacts
 
 - Sanitized JUnit XML: ./junit-xml/
+- Signature-test evidence: ./signature-test/
 
 Raw Gradle console output and unsanitized Gradle reports are intentionally not published because the build runs with secret-backed environment variables.
 EOF
@@ -170,7 +290,23 @@ cat > "${index_file}" <<EOF
   </ul>
 
   <h2>Additional Certification Requirements</h2>
-  <p>Signature-test evidence is pending; this workflow does not claim signature tests passed.</p>
+  <p>Signature-test evidence: ${signature_status}</p>
+
+  <h2>Signature Test</h2>
+  <table>
+    <tr><th>Status</th><th>Tests</th><th>Failures</th><th>Errors</th><th>Skipped</th></tr>
+    <tr><td>${signature_status}</td><td>${signature_tests}</td><td>${signature_failures}</td><td>${signature_errors}</td><td>${signature_skipped}</td></tr>
+  </table>
+  <ul>
+    <li>Tool: ${signature_tool}</li>
+    <li>TCK signature file: ${signature_file}</li>
+    <li>Signature source: ${signature_source}</li>
+    <li>Boot class path release: ${signature_boot_cp}</li>
+    <li>Checked packages: <code>${signature_packages}</code></li>
+    <li>API artifacts: <code>${signature_api_artifacts}</code></li>
+    <li>Report: <a href="./signature-test/${signature_report}">signature-test/${signature_report}</a></li>
+  </ul>
+  <p>The signature file is extracted dynamically from the resolved Jakarta CDI TCK artifact during the CI run.</p>
 
   <h2>Environment</h2>
   <ul>
@@ -185,6 +321,7 @@ cat > "${index_file}" <<EOF
   <ul>
     <li><a href="./summary.md">Markdown summary</a></li>
     <li><a href="./junit-xml/">Sanitized JUnit XML results</a></li>
+    <li><a href="./signature-test/">Signature-test evidence</a></li>
   </ul>
   <p>Raw Gradle console output and unsanitized Gradle reports are intentionally not published because the build runs with secret-backed environment variables.</p>
 </body>
diff --git a/.github/workflows/tck.yml b/.github/workflows/tck.yml
@@ -73,7 +73,7 @@ jobs:
           GH_USERNAME: ${{ secrets.GH_USERNAME }}
         run: |
           set -euo pipefail
-          ./gradlew :micronaut-tck-runner:fullTckTest --no-daemon --continue
+          ./gradlew :micronaut-tck-runner:fullTckTest :micronaut-tck-runner:cdiSignatureTest --no-daemon --continue
 
       - name: Collect CDI Lite TCK evidence
         if: always()
@@ -85,7 +85,9 @@ jobs:
         uses: mikepenz/action-junit-report@bccf2e31636835cf0874589931c4116687171386 # v6
         with:
           check_name: CDI Lite TCK run / Test Report (25)
-          report_paths: 'tck-runner/build/test-results/fullTckTest/TEST-*.xml'
+          report_paths: |
+            tck-runner/build/test-results/fullTckTest/TEST-*.xml
+            tck-runner/build/test-results/cdiSignatureTest/TEST-*.xml
           check_retries: 'true'
 
       - name: Upload CDI Lite TCK evidence
diff --git a/tck-runner/build.gradle.kts b/tck-runner/build.gradle.kts
@@ -1,3 +1,7 @@
+import java.io.ByteArrayOutputStream
+import java.io.File
+import org.gradle.api.tasks.JavaExec
+
 plugins {
     id("org.eclipse.odi.build.internal.base")
     id("com.adarshr.test-logger")
@@ -7,6 +11,22 @@ description = "CDI TCK runner"
 
 val generatedCdiTckSources = layout.buildDirectory.dir("generated/sources/cdiTck/java/test")
 
+val cdiSignatureApi by configurations.creating {
+    isCanBeConsumed = false
+    isCanBeResolved = true
+}
+
+val cdiSignatureTck by configurations.creating {
+    isCanBeConsumed = false
+    isCanBeResolved = true
+    isTransitive = false
+}
+
+val cdiSignatureTool by configurations.creating {
+    isCanBeConsumed = false
+    isCanBeResolved = true
+}
+
 dependencies {
     annotationProcessor(project(":micronaut-odi-processor-cdi"))
 
@@ -36,6 +56,10 @@ dependencies {
             type = "xml"
         }
     }
+
+    cdiSignatureApi(libs.cdi.api)
+    cdiSignatureTck(libs.cdi.tck.impl)
+    cdiSignatureTool("jakarta.tck:sigtest-maven-plugin:2.6")
 }
 
 val observingBeanSource = "org/jboss/cdi/tck/tests/se/events/lifecycle/ObservingBean.java"
@@ -108,6 +132,131 @@ tasks.register<Test>("fullTckTest") {
     }
 }
 
+fun xmlEscape(value: String): String {
+    return value
+        .replace("&", "&amp;")
+        .replace("<", "&lt;")
+        .replace(">", "&gt;")
+        .replace("\"", "&quot;")
+        .replace("'", "&apos;")
+}
+
+tasks.register<JavaExec>("cdiSignatureTest") {
+    group = "verification"
+    description = "Runs the Jakarta CDI API signature test using the TCK-provided signature file."
+
+    val cdiVersion = libs.cdi.tck.impl.get().versionConstraint.requiredVersion
+    val outputDir = layout.buildDirectory.dir("reports/cdi-signature-test")
+    val signatureFile = outputDir.map { it.file("cdi-api-jdk17.sig") }
+    val signatureReport = outputDir.map { it.file("signature-test-report.txt") }
+    val metadataFile = outputDir.map { it.file("signature-test.properties") }
+    val junitReport = layout.buildDirectory.file("test-results/cdiSignatureTest/TEST-cdi-signature-test.xml")
+    val output = ByteArrayOutputStream()
+    lateinit var extractedSignatureFile: File
+    lateinit var tckJar: File
+    lateinit var apiArtifacts: List<File>
+
+    inputs.files(cdiSignatureApi)
+    inputs.files(cdiSignatureTck)
+    inputs.files(cdiSignatureTool)
+    outputs.dir(outputDir)
+    outputs.file(junitReport)
+
+    classpath = cdiSignatureTool
+    mainClass.set("com.sun.tdk.signaturetest.Main")
+    standardOutput = output
+    errorOutput = output
+    isIgnoreExitValue = true
+
+    doFirst {
+        val outputDirectory = outputDir.get().asFile
+        outputDirectory.mkdirs()
+
+        tckJar = cdiSignatureTck.resolve()
+            .singleOrNull { it.name == "cdi-tck-core-impl-$cdiVersion.jar" }
+            ?: error("Could not resolve cdi-tck-core-impl-$cdiVersion.jar")
+        copy {
+            from(zipTree(tckJar)) {
+                include("cdi-api-jdk17.sig")
+            }
+            into(outputDirectory)
+        }
+
+        extractedSignatureFile = signatureFile.get().asFile
+        if (!extractedSignatureFile.isFile) {
+            error("Could not extract ${extractedSignatureFile.name} from ${tckJar.name}")
+        }
+
+        apiArtifacts = cdiSignatureApi.resolve().sortedBy { it.name }
+        val apiClasspath = apiArtifacts.joinToString(File.pathSeparator) { it.absolutePath }
+        val signatureArgs = listOf(
+            "Test",
+            "-FileName", extractedSignatureFile.absolutePath,
+            "-static",
+            "-b",
+            "-Mode", "bin",
+            "-ApiVersion", cdiVersion,
+            "-PackageWithoutSubpackages", "jakarta.decorator",
+            "-Package", "jakarta.enterprise",
+            "-PackageWithoutSubpackages", "jakarta.interceptor",
+            "-BootCP", "17",
+            "-Classpath", apiClasspath
+        )
+        args(signatureArgs)
+    }
+
+    doLast {
+        val rawReport = output.toString(Charsets.UTF_8)
+        val sanitizedReport = rawReport
+            .lineSequence()
+            .filterNot { it.contains("SignatureTest.args:") }
+            .joinToString(System.lineSeparator())
+            .trimEnd() + System.lineSeparator()
+        val passed = rawReport.contains("STATUS:Passed.")
+        signatureReport.get().asFile.writeText(sanitizedReport)
+        metadataFile.get().asFile.writeText(
+            """
+            status=${if (passed) "passed" else "failed"}
+            tests=1
+            failures=${if (passed) 0 else 1}
+            errors=0
+            skipped=0
+            sigtestTool=jakarta.tck:sigtest-maven-plugin:2.6
+            signatureFile=${extractedSignatureFile.name}
+            signatureSource=${tckJar.name}
+            bootCpRelease=17
+            packages=jakarta.decorator,jakarta.enterprise.**,jakarta.interceptor
+            apiArtifacts=${apiArtifacts.joinToString(",") { it.name }}
+            report=${signatureReport.get().asFile.name}
+            """.trimIndent() + System.lineSeparator()
+        )
+
+        val junitFile = junitReport.get().asFile
+        junitFile.parentFile.mkdirs()
+        val failureElement = if (passed) {
+            ""
+        } else {
+            """
+              <failure type="junit.framework.AssertionFailedError" message="CDI signature test failed">${xmlEscape(sanitizedReport)}</failure>
+            """.trimIndent()
+        }
+        junitFile.writeText(
+            """
+            <?xml version="1.0" encoding="UTF-8"?>
+            <testsuite name="CDI signature test" tests="1" failures="${if (passed) 0 else 1}" errors="0" skipped="0" time="0.0">
+              <testcase classname="jakarta.enterprise.cdi.signature" name="cdi-api-jdk17" time="0.0">
+            ${if (failureElement.isBlank()) "" else "    $failureElement"}
+              </testcase>
+            </testsuite>
+            """.trimIndent() + System.lineSeparator()
+        )
+
+        if (!passed) {
+            throw GradleException("CDI signature test failed; see ${signatureReport.get().asFile}")
+        }
+    }
+}
+
 tasks.register<Test>("singleTest") {
     configureCdiLiteTck()
     val suiteFile = layout.buildDirectory.file("generated-testng/singleTest.xml")
