From c89695b4b2a62fa0bd7e024aebaafb1f07fd4937 Mon Sep 17 00:00:00 2001
From: Eugene Yokota <eed3si9n@gmail.com>
Date: Thu, 1 Aug 2019 16:20:22 -0400
Subject: [PATCH 1/2] Deprecate HTTP resolvers

Ref https://github.com/sbt/sbt/issues/4905
---
 .scalafmt.conf                                |  2 +-
 .../sbt/librarymanagement/URLRepository.scala |  2 +-
 .../main/contraband/librarymanagement.json    |  5 +++-
 .../DependencyBuilders.scala                  |  1 +
 .../sbt/librarymanagement/ModuleIDExtra.scala |  5 +++-
 .../sbt/librarymanagement/ResolverExtra.scala | 25 +++++++++++++++++++
 .../librarymanagement/ResolverSpec.scala      | 16 ++++++++++++
 7 files changed, 52 insertions(+), 4 deletions(-)
 create mode 100644 ivy/src/test/scala/sbt/internal/librarymanagement/ResolverSpec.scala

diff --git a/.scalafmt.conf b/.scalafmt.conf
index 718ce5aed..e98e60599 100644
--- a/.scalafmt.conf
+++ b/.scalafmt.conf
@@ -1,4 +1,4 @@
-version = 2.0.0-RC6
+version = 2.0.0
 maxColumn = 100
 project.git = true
 project.excludeFilters = [ /sbt-test/, /input_sources/, /contraband-scala/ ]
diff --git a/core/src/main/contraband-scala/sbt/librarymanagement/URLRepository.scala b/core/src/main/contraband-scala/sbt/librarymanagement/URLRepository.scala
index 1768cacda..fc39dda73 100644
--- a/core/src/main/contraband-scala/sbt/librarymanagement/URLRepository.scala
+++ b/core/src/main/contraband-scala/sbt/librarymanagement/URLRepository.scala
@@ -7,7 +7,7 @@ package sbt.librarymanagement
 final class URLRepository private (
   name: String,
   patterns: sbt.librarymanagement.Patterns) extends sbt.librarymanagement.PatternsBasedRepository(name, patterns) with Serializable {
-  
+  Resolver.validatePatterns(patterns)
   
   
   override def equals(o: Any): Boolean = o match {
diff --git a/core/src/main/contraband/librarymanagement.json b/core/src/main/contraband/librarymanagement.json
index 52cb34905..2fc2c6fbb 100644
--- a/core/src/main/contraband/librarymanagement.json
+++ b/core/src/main/contraband/librarymanagement.json
@@ -641,7 +641,10 @@
               "name": "URLRepository",
               "namespace": "sbt.librarymanagement",
               "target": "Scala",
-              "type": "record"
+              "type": "record",
+              "extra": [
+                "Resolver.validatePatterns(patterns)"
+              ]
             },
             {
               "name": "SshBasedRepository",
diff --git a/core/src/main/scala/sbt/librarymanagement/DependencyBuilders.scala b/core/src/main/scala/sbt/librarymanagement/DependencyBuilders.scala
index 09b1d8468..a9c9d86fd 100755
--- a/core/src/main/scala/sbt/librarymanagement/DependencyBuilders.scala
+++ b/core/src/main/scala/sbt/librarymanagement/DependencyBuilders.scala
@@ -69,6 +69,7 @@ object DependencyBuilders {
   final class RepositoryName private[sbt] (name: String) {
     def at(location: String) = {
       nonEmpty(location, "Repository location")
+      Resolver.validateUrlString(location)
       MavenRepository(name, location)
     }
   }
diff --git a/core/src/main/scala/sbt/librarymanagement/ModuleIDExtra.scala b/core/src/main/scala/sbt/librarymanagement/ModuleIDExtra.scala
index f15c5acb3..d8c6ca6f2 100644
--- a/core/src/main/scala/sbt/librarymanagement/ModuleIDExtra.scala
+++ b/core/src/main/scala/sbt/librarymanagement/ModuleIDExtra.scala
@@ -99,7 +99,10 @@ private[librarymanagement] abstract class ModuleIDExtra {
    * This value is only consulted if the module is not found in a repository.
    * It is not included in published metadata.
    */
-  def from(url: String) = artifacts(Artifact(name, new URL(url)))
+  def from(url: String) = {
+    Resolver.validateUrlString(url)
+    artifacts(Artifact(name, new URL(url)))
+  }
 
   /** Adds a dependency on the artifact for this module with classifier `c`. */
   def classifier(c: String) = artifacts(Artifact(name, c))
diff --git a/core/src/main/scala/sbt/librarymanagement/ResolverExtra.scala b/core/src/main/scala/sbt/librarymanagement/ResolverExtra.scala
index d359f31ad..d1d435014 100644
--- a/core/src/main/scala/sbt/librarymanagement/ResolverExtra.scala
+++ b/core/src/main/scala/sbt/librarymanagement/ResolverExtra.scala
@@ -7,6 +7,7 @@ import java.io.{ IOException, File }
 import java.net.URL
 import scala.xml.XML
 import org.xml.sax.SAXParseException
+import sbt.util.{ Level, LogExchange }
 
 final class RawRepository(val resolver: AnyRef, name: String) extends Resolver(name) {
   override def toString = "Raw(" + resolver.toString + ")"
@@ -403,4 +404,28 @@ private[librarymanagement] abstract class ResolverFunctions {
     val pList = Vector(localBasePattern)
     Patterns().withIvyPatterns(pList).withArtifactPatterns(pList).withIsMavenCompatible(false)
   }
+
+  lazy val log = {
+    val log0 = LogExchange.logger("sbt.librarymanagement.ResolverExtra")
+    LogExchange.bindLoggerAppenders(
+      "sbt.librarymanagement.ResolverExtra",
+      List(LogExchange.buildAsyncStdout -> Level.Info)
+    )
+    log0
+  }
+  private[sbt] def warnHttp(value: String): Unit = {
+    log.warn(s"insecure HTTP request is deprecated '$value'; switch to HTTPS")
+  }
+  private[sbt] def validatePatterns(patterns: Patterns): Unit = {
+    val ivy = patterns.ivyPatterns.headOption map (_.startsWith("http:"))
+    val art = patterns.artifactPatterns.headOption map (_.startsWith("http:"))
+    (ivy orElse art) foreach { _ =>
+      warnHttp(patterns.toString)
+    }
+  }
+  private[sbt] def validateUrlString(url: String): Unit = {
+    if (url.startsWith("http:")) {
+      warnHttp(url)
+    }
+  }
 }
diff --git a/ivy/src/test/scala/sbt/internal/librarymanagement/ResolverSpec.scala b/ivy/src/test/scala/sbt/internal/librarymanagement/ResolverSpec.scala
new file mode 100644
index 000000000..64afda27e
--- /dev/null
+++ b/ivy/src/test/scala/sbt/internal/librarymanagement/ResolverSpec.scala
@@ -0,0 +1,16 @@
+package sbttest
+
+import java.net.URL
+import org.scalatest._
+import sbt.librarymanagement._
+import sbt.librarymanagement.syntax._
+
+class ResolverSpec extends FunSuite with DiagrammedAssertions {
+  test("Resolver.url") {
+    Resolver.url("Test Repo", new URL("http://example.com/"))(Resolver.ivyStylePatterns)
+  }
+
+  test("at") {
+    "something" at "http://example.com"
+  }
+}

From fcc8b610112fdee9c28fb821df8d0011b87ef3d6 Mon Sep 17 00:00:00 2001
From: Eugene Yokota <eed3si9n@gmail.com>
Date: Thu, 1 Aug 2019 17:47:38 -0400
Subject: [PATCH 2/2] use head -1

SDKMAN lists the latest one first.
---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 8d7443c0e..a8a7e50e7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -25,7 +25,7 @@ before_install:
   - source "$HOME/.sdkman/bin/sdkman-init.sh"
 
 install:
-  - sdk install java $(sdk list java | grep -o "$ADOPTOPENJDK\.[0-9\.]*hs-adpt" | tail -1)
+  - sdk install java $(sdk list java | grep -o "$ADOPTOPENJDK\.[0-9\.]*hs-adpt" | head -1)
   - bin/fixpreloaded.sh
   - unset JAVA_HOME
   - java -Xmx32m -version