build.gradle

plugins {
  id 'application'
  id 'jacoco'
  id 'io.spring.dependency-management' version '1.1.6'
  id 'org.springframework.boot' version '2.7.18'
  id 'uk.gov.hmcts.java' version '0.12.57'
  id 'com.github.ben-manes.versions' version '0.51.0'
  id 'com.github.spacialcircumstances.gradle-cucumber-reporting' version '0.1.25'
  id 'org.sonarqube' version '5.0.0.4638'
  id 'au.com.dius.pact' version '4.1.7'
}

ext {
  set('springCloudVersion', '2021.0.8')
  set('spring-security.version','5.7.11')
  set('spring-framework.version','5.3.27')
  set('log4j2.version','2.17.1')
  set('jackson.version','2.16.0')
  set('snakeyaml.version','2.0')
}


group = 'uk.gov.hmcts.reform'

java {
  toolchain {
    languageVersion = JavaLanguageVersion.of(21)
  }
}

application {
  mainClass.set('uk.gov.hmcts.reform.managecase.Application')
}

sourceSets {
  functionalTest {
    java {
      compileClasspath += main.output
      runtimeClasspath += main.output
      srcDir file('src/functionalTest/java')
    }
    resources.srcDir file('src/functionalTest/resources')
  }

  integrationTest {
    java {
      compileClasspath += main.output
      runtimeClasspath += main.output
      srcDir file('src/integrationTest/java')
    }
    resources.srcDir file('src/integrationTest/resources')
  }

  contractTest {
    java {
      compileClasspath += main.output
      runtimeClasspath += main.output
      srcDir file('src/contractTest/java')
    }
    resources.srcDir file('src/contractTest/resources')
  }

}

// tasks.withType(JavaCompile) {
//    options.compilerArgs << "-Xlint:unchecked" << "-Xlint:deprecation"
// }

tasks.withType(Copy).configureEach {
  duplicatesStrategy 'exclude'
}

tasks.withType(Test) {
  useJUnitPlatform()

  testLogging {
    exceptionFormat = 'full'
  }
}

test {
  failFast = true
}

tasks.register('integration', Test) {
  description = "Runs integration tests"
  group = "Verification"
  testClassesDirs = sourceSets.integrationTest.output.classesDirs
  classpath = sourceSets.integrationTest.runtimeClasspath
  failFast = true
}

tasks.register('smoke', Test) {
  description = "Runs smoke tests"
  group = "Verification"
  testClassesDirs = sourceSets.functionalTest.output.classesDirs
  classpath = sourceSets.functionalTest.runtimeClasspath

  generateCucumberReports.enabled = false

  new File("$buildDir/test-results/test").mkdirs()
  copy {
    from "src/functionalTest/resources/DummyTest.xml"
    into "$buildDir/test-results/test"
  }

  doLast {
    generateCucumberReports.enabled = true
    cucumberReports.outputDir = file("${project.buildDir}/reports/tests/befta/smoke")
    cucumberReports.reports = files("${cucumberReports.outputDir}/cucumber.json")
    cucumberReports.notFailingStatuses = ["skipped", "passed"]

    javaexec {
      main = "uk.gov.hmcts.reform.managecase.befta.ManageCaseAssignmentBeftaMain"
      classpath += sourceSets.functionalTest.runtimeClasspath + sourceSets.main.output + sourceSets.test.output
      args = [
              '--plugin', "json:${cucumberReports.outputDir}/cucumber.json",
              '--plugin', "junit:${buildDir}/test-results/smoke/cucumber.xml",
              '--tags', '@Smoke and not @Ignore',
              '--glue', 'uk.gov.hmcts.befta.player',
              '--glue', 'uk.gov.hmcts.reform.managecase.befta', 'src/functionalTest/resources/features'
      ]
      // '--add-opens=...' added to suppress 'WARNING: An illegal reflective access operation has occurred' in uk.gov.hmcts.befta.util.CucumberStepAnnotationUtils
      jvmArgs = [ '--add-opens=java.base/java.lang.reflect=ALL-UNNAMED' ]
    }
  }

  outputs.upToDateWhen { false }
}

tasks.register('functional', Test) {
  description = "Runs functional tests"
  group = "Verification"
  testClassesDirs = sourceSets.functionalTest.output.classesDirs
  classpath = sourceSets.functionalTest.runtimeClasspath

  generateCucumberReports.enabled = false

  doLast {
    generateCucumberReports.enabled = true
    cucumberReports.outputDir = file("${project.buildDir}/reports/tests/befta/functional")
    cucumberReports.reports = files("${cucumberReports.outputDir}/cucumber.json")
    cucumberReports.notFailingStatuses = ["skipped", "passed"]

    javaexec {
      main = "uk.gov.hmcts.reform.managecase.befta.ManageCaseAssignmentBeftaMain"
      classpath += sourceSets.functionalTest.runtimeClasspath + sourceSets.main.output + sourceSets.test.output
      args = [
              '--threads', '1',
              '--plugin', "json:${cucumberReports.outputDir}/cucumber.json",
              '--plugin', "junit:${buildDir}/test-results/functional/cucumber.xml",
              '--tags', 'not @Ignore',
              '--glue', 'uk.gov.hmcts.befta.player',
              '--glue', 'uk.gov.hmcts.reform.managecase.befta', 'src/functionalTest/resources/features'
      ]
      // '--add-opens=...' added to suppress 'WARNING: An illegal reflective access operation has occurred' in uk.gov.hmcts.befta.util.CucumberStepAnnotationUtils
      jvmArgs = [ '--add-opens=java.base/java.lang.reflect=ALL-UNNAMED' ]
    }
  }

  outputs.upToDateWhen { false }
}

jacocoTestReport {
  executionData(test, integration)
  reports {
    xml.required = true
    csv.required = false
    xml.outputLocation = file("${buildDir}/reports/jacoco/test/jacocoTestReport.xml")
  }
}

project.ext {
  pactVersion = getCheckedOutGitCommitHash()
}

tasks.register('contract', Test) {
  description = 'Runs the consumer Pact tests'
  useJUnitPlatform()
  testClassesDirs = sourceSets.contractTest.output.classesDirs
  classpath = sourceSets.contractTest.runtimeClasspath
  include "uk/gov/hmcts/reform/managecase/api/controller/provider/**"
}

tasks.register('runProviderPactVerification', Test) {
  testClassesDirs = sourceSets.contractTest.output.classesDirs
  classpath = sourceSets.contractTest.runtimeClasspath
  if (project.hasProperty('pact.verifier.publishResults')) {
    systemProperty 'pact.verifier.publishResults', project.property('pact.verifier.publishResults')
  }
  systemProperty 'pact.provider.version', project.pactVersion
}

tasks.named('runProviderPactVerification').configure {
  finalizedBy 'pactVerify'
}

def getCheckedOutGitCommitHash() {
  'git rev-parse --verify --short HEAD'.execute().text.trim()
}

pact {
  publish {
    pactDirectory = 'pacts'
    pactBrokerUrl = System.getenv("PACT_BROKER_URL") ?: 'http://localhost:80'
    tags = [System.getenv("PACT_BRANCH_NAME") ?:'Dev']
    version = project.pactVersion
  }
}

project.tasks['sonarqube'].dependsOn jacocoTestReport

sonarqube {
  properties {
    property "sonar.projectName", "Reform::manage-case-assignment"
    property "sonar.projectKey", "uk.gov.hmcts.reform:manage-case-assignment"
    property "sonar.coverage.jacoco.xmlReportPaths", "${jacocoTestReport.reports.xml.outputLocation}"
  }
}

// before committing a change, make sure task still works
dependencyUpdates {
  def isNonStable = { String version ->
    def stableKeyword = ['RELEASE', 'FINAL', 'GA'].any { qualifier -> version.toUpperCase().contains(qualifier) }
    def regex = /^[0-9,.v-]+$/
    return !stableKeyword && !(version ==~ regex)
  }
  rejectVersionIf { selection -> // <---- notice how the closure argument is named
    return isNonStable(selection.candidate.version) && !isNonStable(selection.currentVersion)
  }
}

apply from: './gradle/suppress.gradle'
dependencyCheck {
  suppressionFile = 'config/owasp/suppressions.xml'
}

dependencyManagement {
  imports {
    mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}"
  }
  dependencies {
    dependency(group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: '1.77'){
    }

    // CVE-2018-10237 - Unbounded memory allocation
    dependencySet(group: 'com.google.guava', version: '32.1.2-jre') {
      entry 'guava'
    }

    // CVE-2021-23181
    dependencySet(group: 'org.apache.tomcat.embed', version: '9.0.91') {
      entry 'tomcat-embed-core'
      entry 'tomcat-embed-el'
      entry 'tomcat-embed-websocket'
    }
    // multiple CVEs
    dependencySet(group: 'com.netflix.servo', version: '0.12.5') {
      entry 'servo-core'
    }
    dependencySet(group: 'org.codehaus.groovy', version: '3.0.3') {
      entry 'groovy'
      entry 'groovy-xml'
      entry 'groovy-json'
      entry 'groovy-nio'
    }
  }
}

repositories {
  mavenLocal()
  mavenCentral()
  maven {
    url 'https://jitpack.io'
  }
}

def versions = [
  reformLogging   : '6.0.1',
  springBoot      : springBoot.class.package.implementationVersion,
  springfoxSwagger: '3.0.0',
  restAssured    : '4.3.1',
  lombok  : '1.18.30',
  pact_version    : '4.1.7',
  serviceAuthVersion : '4.0.3',
  idamJavaClient : '2.0.1',
]

configurations.all {
  resolutionStrategy.force 'commons-io:commons-io:2.8.0', 'org.springframework.cloud:spring-cloud-starter:4.0.3'
}

dependencies {
    implementation 'org.springframework.cloud:spring-cloud-starter-openfeign:4.0.3'
    implementation('org.springframework.cloud:spring-cloud-starter'){
      version {
        strictly '3.1.7'
      }
    }

    implementation('org.springframework.boot:spring-boot-starter'){
      version {
        strictly '3.1.7'
      }
    }

    implementation('org.springframework.security:spring-security-rsa'){
      version {
        strictly '1.0.12.RELEASE'
      }
    }

    implementation('org.bouncycastle:bcprov-jdk18on') {
      version {
        strictly '1.77'
      }
    }

  implementation 'com.google.code.gson:gson:2.8.9'
  implementation group: 'pl.jalokim.propertiestojson', name: 'java-properties-to-json', version: '5.1.3'
  implementation group: 'com.vladmihalcea', name: 'hibernate-types-52', version: '2.9.13'
  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-openfeign', version: '4.0.3'

  implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
  implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.7'
  implementation group: 'commons-io', name: 'commons-io', version: '2.14.0'
  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: '4.0.3'
  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-web'
  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-validation'
  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-aop'
  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-json'
  implementation group: 'org.springframework.boot', name: 'spring-boot-starter-cache'

  implementation group: 'org.springframework.hateoas', name: 'spring-hateoas', version: '1.5.5'

  implementation group: 'org.springframework.retry', name: 'spring-retry'

  // this doesn't support spring boot v3, should be replaced with springdoc
  implementation group: 'io.springfox', name: 'springfox-boot-starter', version: versions.springfoxSwagger
  // once updated to spring boot v3, this shouldn't be needed
  implementation group: 'net.bytebuddy', name: 'byte-buddy', version: '1.14.5', {
    version {
      strictly '1.14.5'
    }
  }

  implementation group: 'org.projectlombok', name: 'lombok', version: versions.lombok
  annotationProcessor group: 'org.projectlombok', name: 'lombok', version: versions.lombok

  implementation group: 'com.github.hmcts.java-logging', name: 'logging', version: versions.reformLogging
  implementation group: 'net.logstash.logback', name: 'logstash-logback-encoder', version: '6.6'
  implementation group: 'org.slf4j', name: 'slf4j-api', version: '1.7.30'
  implementation group: 'org.slf4j', name: 'jul-to-slf4j', version: '1.7.32'
  implementation group: 'ch.qos.logback', name: 'logback-classic', version: '1.2.13'
  implementation group: 'ch.qos.logback', name: 'logback-core', version: '1.2.13'


  implementation group: 'com.github.hmcts.java-logging', name: 'logging-appinsights', version: versions.reformLogging

  implementation group: 'io.jsonwebtoken', name: 'jjwt', version:'0.9.1'
  implementation group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: versions.serviceAuthVersion
  implementation group: 'com.github.hmcts', name: 'idam-java-client', version: versions.idamJavaClient
  implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-netflix-zuul', version: '2.2.10.RELEASE'

  implementation "org.springframework.boot:spring-boot-starter-oauth2-client:2.3.8.RELEASE"
  implementation "net.minidev:json-smart:2.4.9"

  // Explicitly specify version of jakarta.el to be used to resolve CVE-2021-28170
  implementation group: 'org.glassfish', name: 'jakarta.el', version: '4.0.1'

  implementation "org.springframework.security:spring-security-web"
  implementation "org.springframework.security:spring-security-config"
  implementation "org.springframework.boot:spring-boot-starter-oauth2-client:2.5.15"
  implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server:2.5.15"

  implementation "io.github.openfeign:feign-httpclient:11.0"
  testImplementation 'io.github.openfeign:feign-jackson:10.7.0'
  testImplementation group: 'io.github.openfeign.form', name: 'feign-form', version: '3.8.0'
  implementation group: 'io.github.openfeign.form', name: 'feign-form-spring', version: '3.8.0'
  implementation "com.github.ben-manes.caffeine:caffeine:2.7.0"
  implementation "org.apache.httpcomponents:httpclient:4.5.13"

  implementation group: 'javax.inject', name: 'javax.inject', version: '1'
  implementation group: 'org.modelmapper', name: 'modelmapper', version: '2.3.7'
  implementation 'uk.gov.service.notify:notifications-java-client:3.15.1-RELEASE'

  // CVE-2021-42550
  implementation group: 'com.nimbusds', name: 'nimbus-jose-jwt', version: '9.37.2'

  implementation 'org.projectlombok:lombok-mapstruct-binding:0.2.0'
  annotationProcessor 'org.mapstruct:mapstruct-processor:1.3.1.Final'
  testAnnotationProcessor 'org.mapstruct:mapstruct-processor:1.3.1.Final'

  testImplementation group: 'org.springframework.boot', name: 'spring-boot-starter-test', {
    exclude group: 'junit', module: 'junit'
    exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
  }

  testImplementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-contract-stub-runner', version: '2.2.8.RELEASE'
  testImplementation group: 'io.rest-assured', name: 'rest-assured', version: versions.restAssured
  testImplementation group: 'io.rest-assured', name: 'json-path', version: versions.restAssured
  testImplementation group: 'io.rest-assured', name: 'xml-path', version: versions.restAssured

  // https://mvnrepository.com/artifact/nl.jqno.equalsverifier/equalsverifier
  testImplementation group: 'nl.jqno.equalsverifier', name: 'equalsverifier', version: '3.14.3'

  // groovy v3.* added to avoid 'WARNING: Illegal reflective access by org.codehaus.groovy.reflection.CachedClass'
  // in groovy:2.5.* when running functional/befta tests
  testImplementation group: 'org.codehaus.groovy', name: 'groovy', version: '3.0.3'

  integrationTestImplementation sourceSets.main.runtimeClasspath
  integrationTestImplementation sourceSets.test.runtimeClasspath

  testImplementation (group: 'com.github.hmcts', name: 'ccd-test-definitions', version: '7.22.2')

  testImplementation group: 'com.github.hmcts', name: 'befta-fw', version: '9.0.2'

  functionalTestImplementation sourceSets.main.runtimeClasspath
  functionalTestImplementation sourceSets.test.runtimeClasspath

  contractTestImplementation group: 'au.com.dius.pact.consumer', name: 'junit5', version: versions.pact_version
  contractTestRuntimeOnly group: 'au.com.dius.pact.consumer', name: 'junit5', version: versions.pact_version

  contractTestImplementation group: 'org.modelmapper', name: 'modelmapper', version: '2.3.7'

  contractTestImplementation group: 'au.com.dius.pact.provider', name: 'junit5', version: versions.pact_version
  contractTestImplementation group: 'au.com.dius.pact.provider', name: 'spring', version: versions.pact_version
  contractTestImplementation group: 'au.com.dius.pact.provider', name: 'junit5spring', version: versions.pact_version
  contractTestImplementation("org.junit.jupiter:junit-jupiter-api:5.7.0")
  contractTestRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:5.7.0")
  contractTestImplementation('org.junit.jupiter:junit-jupiter-api:5.7.0')
  contractTestRuntimeOnly "org.junit.platform:junit-platform-commons:1.7.0"
  contractTestImplementation group: 'com.github.hmcts', name: 'idam-java-client', version: versions.idamJavaClient
  contractTestImplementation group: 'com.github.hmcts', name: 'service-auth-provider-java-client', version: versions.serviceAuthVersion
  contractTestImplementation group: 'org.projectlombok', name: 'lombok', version: versions.lombok
  annotationProcessor group: 'org.projectlombok', name: 'lombok', version: versions.lombok
  contractTestImplementation sourceSets.main.runtimeClasspath
  contractTestImplementation sourceSets.test.runtimeClasspath

  testImplementation 'com.github.hmcts:fortify-client:1.4.3:all'
}

bootJar {
  getArchiveFileName().set(provider {
    'manage-case-assignment.jar'
  })

  manifest {
    attributes('Implementation-Version': project.version.toString())
  }
}

wrapper {
    distributionType = Wrapper.DistributionType.ALL
}

tasks.register('fortifyScan', JavaExec) {
  mainClass = "uk.gov.hmcts.fortifyclient.FortifyClientMainApp"
  classpath += sourceSets.test.runtimeClasspath
  jvmArgs = ['--add-opens=java.base/java.lang.reflect=ALL-UNNAMED']
}

tasks.register('reloadEnvSecrets') {
  doFirst {
    def env = project.findProperty('env') ?: 'demo'
    if (project.file("./.${env}-remote-env").exists()) {
      project.file("./.${env}-remote-env").delete()
    }
  }
}

tasks.register('runRemoteDemo', JavaExec) {
  mainClass = application.mainClass
  classpath = sourceSets.main.runtimeClasspath
  doFirst() {
    configRemoteRunTask(it, 'demo')
  }
}

void configRemoteRunTask(Task execTask, String env) {
  loadEnvSecrets(env)
  project.file("./.${env}-remote-env").readLines().each() {
    def index = it.indexOf("=")
    def key = it.substring(0, index)
    def value = it.substring(index + 1)
    execTask.environment(key, value)
  }
}

void loadEnvSecrets(String env) {
  def azCmd = ['az', 'keyvault', 'secret', 'show', '--vault-name', "ccd-${env}", '-o', 'tsv', '--query', 'value', '--name', 'manage-case-assignment-remote-env']
  if (!project.file("./.${env}-remote-env").exists()) {
    new ByteArrayOutputStream().withStream { os ->
      exec {
        if (System.getProperty('os.name').toLowerCase(Locale.ROOT).contains('windows')) {
          commandLine ['cmd', '/c'] + azCmd
        } else {
          commandLine azCmd
        }
        standardOutput = os
      }
      project.file("./.${env}-remote-env").write(new String(os.toString().replace('\n', '').decodeBase64(), java.nio.charset.StandardCharsets.UTF_8))
    }
  }
}