Change unit test flag value

[eeisegn]

Update unit test to use flag -F value that does not alter the response json structure.

Summary by CodeRabbit

• New Features

  • Support for loading an API key from the SCANOSS_API_KEY environment variable (used when available).

• Tests

  • Adjusted a CLI test parameter to validate scanning with a larger chunk size.

• Chores

  • CI workflows now expose SCANOSS_API_KEY to relevant jobs.
  • Project version bumped to 0.13.1 and several build dependencies updated.

• Documentation

  • Changelog updated for v0.13.1 noting environment-key support.

[coderabbitai]

📝 Walkthrough

Walkthrough

API key resolution now prefers SCANOSS_API_KEY when runtime input is blank; CI workflows expose that secret to jobs. Project version and a few dependencies were bumped, a test CLI -F value was changed, and CHANGELOG updated.

Changes

Cohort / File(s)	Summary
API key resolution src/main/java/com/scanoss/Scanner.java, src/main/java/com/scanoss/rest/ScanApi.java	ScanApi now normalizes/resolves the provided apiKey via a resolver that falls back to the SCANOSS_API_KEY environment variable when the input is blank; Scanner uses the resolved key when building ScanApi.
CI workflows — expose secret .github/workflows/java-ci.yml, .github/workflows/java-native-build.yml, .github/workflows/publish.yml	Added job-level SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }} to various jobs (build_and_test, build_native, build_jars) so the environment key is available to steps.
Version & dependencies pom.xml	Project version bumped 0.13.0 → 0.13.1; updated commons-codec, tika-core, and lombok versions.
CHANGELOG CHANGELOG.md	Added 0.13.1 entry describing environment variable support for SCANOSS_API_KEY and updated comparison links.
Test adjustment src/test/java/com/scanoss/TestCli.java	Changed a single test CLI -F parameter value from 256 to 2048; test assertions unchanged.

Sequence Diagram(s)

sequenceDiagram
    participant Scanner
    participant ScanApi
    participant Env as "Environment"
    participant HTTP as "Remote API"

    Scanner->>ScanApi: new ScanApi(builder) with apiKey (may be blank)
    ScanApi->>Env: read SCANOSS_API_KEY if input blank
    Env-->>ScanApi: returns env value or null
    ScanApi-->>Scanner: stores resolved apiKey
    Scanner->>ScanApi: perform scan request (uses x-api-key header if present)
    ScanApi->>HTTP: send request with x-api-key header
    HTTP-->>ScanApi: response
    ScanApi-->>Scanner: scan result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

I nibble through keys and hop with glee,
A secret found where envs might be.
A tiny bump, a test flag bright,
CI hums softly through the night,
Rabbit cheers — one small change, hooray 🐇

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The PR title 'Change unit test flag value' is only partially accurate. While one change does modify a test flag from 256 to 2048, the PR's primary objectives involve substantial feature additions: API key environment variable support, dependency updates, and version bumping.	Consider a more comprehensive title that reflects the main focus, such as 'Add SCANOSS_API_KEY environment variable support' or clarify if the test flag change is the primary objective.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/change-flag-value-to-avoid-unwanted-format-change

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/test/java/com/scanoss/TestCli.java (1)

136-136: Clarify why flag values differ between test methods.

Flag 256 and 2048 both preserve the JSON response structure; they differ only in content (flag 256 reports all matches, flag 2048 enables path-hint logic). If both tests verify the same behavior, consider standardizing the -F flag value for consistency—either update line 200 to use 2048 or line 136 to use 256, depending on which behavior each test intends to validate.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/test/java/com/scanoss/TestCli.java` at line 136, Two tests use different
-F flag values (256 vs 2048) but appear to assert the same JSON-preservation
behavior; pick one and make them consistent: locate the test that builds args
with "--skip-snippets", "--all-extensions", "-F", "2048" and the other test that
uses "-F", "256" and change the flag to the correct value consistently across
both tests—use 2048 if the test expectations rely on path-hint logic, or use 256
if they only expect "report all matches" behavior—then run the tests to ensure
assertions still match the chosen flag semantics.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/test/java/com/scanoss/TestCli.java`:
- Line 136: Two tests use different -F flag values (256 vs 2048) but appear to
assert the same JSON-preservation behavior; pick one and make them consistent:
locate the test that builds args with "--skip-snippets", "--all-extensions",
"-F", "2048" and the other test that uses "-F", "256" and change the flag to the
correct value consistently across both tests—use 2048 if the test expectations
rely on path-hint logic, or use 256 if they only expect "report all matches"
behavior—then run the tests to ensure assertions still match the chosen flag
semantics.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8c8d6c09-7500-4340-a20f-c886628f5db1

📥 Commits

Reviewing files that changed from the base of the PR and between 1c63728 and ad094f6.

📒 Files selected for processing (1)

• src/test/java/com/scanoss/TestCli.java

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/publish.yml (1)

35-40: API key added to existing env block.

The SCANOSS_API_KEY is correctly appended to the existing environment variables for this job. Minor note: there appears to be a trailing blank line (line 40) within the env block which is valid YAML but slightly unconventional formatting.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/publish.yml around lines 35 - 40, The env block adds
SCANOSS_API_KEY correctly but contains an unnecessary trailing blank line; edit
the workflow's env mapping to remove the extra blank line so the YAML block ends
immediately after SCANOSS_API_KEY: ${{ secrets.SC_API_KEY }}, keeping the
existing keys (MAVEN_USERNAME, MAVEN_PASSWORD, MAVEN_GPG_PASSPHRASE,
SCANOSS_API_KEY) intact and properly aligned.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/publish.yml:
- Around line 35-40: The env block adds SCANOSS_API_KEY correctly but contains
an unnecessary trailing blank line; edit the workflow's env mapping to remove
the extra blank line so the YAML block ends immediately after SCANOSS_API_KEY:
${{ secrets.SC_API_KEY }}, keeping the existing keys (MAVEN_USERNAME,
MAVEN_PASSWORD, MAVEN_GPG_PASSPHRASE, SCANOSS_API_KEY) intact and properly
aligned.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e71e4ce9-691e-4a27-be82-6b9dd3b9e0f3

📥 Commits

Reviewing files that changed from the base of the PR and between ad094f6 and fd024c6.

📒 Files selected for processing (3)

• .github/workflows/java-ci.yml
• .github/workflows/java-native-build.yml
• .github/workflows/publish.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/java-ci.yml

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@CHANGELOG.md`:
- Around line 156-157: Update the duplicate markdown link reference so the
second reference currently labeled "[0.13.0]" is renamed to "[0.13.1]" to match
the URL comparing v0.13.0...v0.13.1; ensure the reference keys in CHANGELOG.md
are unique and that the link text [0.13.1] corresponds to the URL
https://github.com/scanoss/scanoss.java/compare/v0.13.0...v0.13.1.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9fd3e83a-187d-4629-9f1e-2372ae67c29f

📥 Commits

Reviewing files that changed from the base of the PR and between fd024c6 and 84a793b.

📒 Files selected for processing (3)

• CHANGELOG.md
• pom.xml
• src/main/java/com/scanoss/Scanner.java

✅ Files skipped from review due to trivial changes (1)

• pom.xml

[coderabbitai]

🧹 Nitpick comments (1)

src/main/java/com/scanoss/rest/ScanApi.java (1)

87-87: API key resolution logic looks good overall.

The new resolveApiKey method correctly prioritizes user-provided keys over environment variables, and the RuntimeException catch appropriately handles SecurityException from System.getenv().

Minor inconsistency: The new method uses isBlank() to check the API key, but subsequent checks at lines 95 and 128 use isEmpty(). If a whitespace-only key is provided and no env var is set, the whitespace key would be returned and later treated as valid by isEmpty().

Consider aligning the checks for consistency:

♻️ Optional: Use isBlank() consistently

-        } else if (this.apiKey != null && !this.apiKey.isEmpty() && (this.url == null || this.url.isEmpty())) {
+        } else if (this.apiKey != null && !this.apiKey.isBlank() && (this.url == null || this.url.isEmpty())) {

-        if (!this.headers.containsKey("x-api-key") && this.apiKey != null && !this.apiKey.isEmpty()) {
+        if (!this.headers.containsKey("x-api-key") && this.apiKey != null && !this.apiKey.isBlank()) {

Also applies to: 133-153

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/main/java/com/scanoss/rest/ScanApi.java` at line 87, The API key checks
are inconsistent: resolveApiKey uses isBlank() but later validation uses
isEmpty(), so whitespace-only keys slip through; update the validation in
ScanApi (the places currently using isEmpty() around the checks after
resolveApiKey and the blocks you noted) to use isBlank() as well (or explicitly
trim() then isEmpty()) so that whitespace-only keys are treated as invalid
consistently with resolveApiKey; ensure this applies to the checks around the
constructor/initialization and the later validation logic (the same code paths
you referenced).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/main/java/com/scanoss/rest/ScanApi.java`:
- Line 87: The API key checks are inconsistent: resolveApiKey uses isBlank() but
later validation uses isEmpty(), so whitespace-only keys slip through; update
the validation in ScanApi (the places currently using isEmpty() around the
checks after resolveApiKey and the blocks you noted) to use isBlank() as well
(or explicitly trim() then isEmpty()) so that whitespace-only keys are treated
as invalid consistently with resolveApiKey; ensure this applies to the checks
around the constructor/initialization and the later validation logic (the same
code paths you referenced).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 02c44506-3a3f-4bab-9df7-37a47b1779f8

📥 Commits

Reviewing files that changed from the base of the PR and between 84a793b and 530ed41.

📒 Files selected for processing (3)

• CHANGELOG.md
• src/main/java/com/scanoss/Scanner.java
• src/main/java/com/scanoss/rest/ScanApi.java

✅ Files skipped from review due to trivial changes (1)

• CHANGELOG.md

🚧 Files skipped from review as they are similar to previous changes (1)

• src/main/java/com/scanoss/Scanner.java

[isasmendiagus]

LGTM