From 3d899b66fe58c595f48cdf4c8b7e71fa56b0beea Mon Sep 17 00:00:00 2001 From: Yatharth Ranjan Date: Tue, 16 May 2023 14:39:53 +0100 Subject: [PATCH 1/9] snapshot version --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index abb0f44..398245c 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -15,7 +15,7 @@ description = "RADAR Push API Gateway to handle secured data flow to backend." allprojects { group = "org.radarbase" - version = "0.3.1" + version = "0.3.2-SNAPSHOT" repositories { mavenCentral() From c7d68a48c5d0a41b822b6115e98b845c1b5f039c Mon Sep 17 00:00:00 2001 From: this-Aditya Date: Fri, 8 Mar 2024 14:44:54 +0530 Subject: [PATCH 2/9] Build, gradle and dependencies updated --- build.gradle.kts | 8 ++++---- deprecated-javax/build.gradle.kts | 2 +- gradle.properties | 20 ++++++++++---------- gradle/wrapper/gradle-wrapper.properties | 2 +- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index 398245c..cc20127 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -87,9 +87,9 @@ dependencies { tasks.withType { kotlinOptions { - jvmTarget = "11" - apiVersion = "1.5" - languageVersion = "1.5" + jvmTarget = "17" + apiVersion = "1.8" + languageVersion = "1.8" } } @@ -189,5 +189,5 @@ tasks.withType { } tasks.wrapper { - gradleVersion = "7.1" + gradleVersion = "8.3" } diff --git a/deprecated-javax/build.gradle.kts b/deprecated-javax/build.gradle.kts index 70b8ce1..371c9cc 100644 --- a/deprecated-javax/build.gradle.kts +++ b/deprecated-javax/build.gradle.kts @@ -24,7 +24,7 @@ dependencies { implementation("io.confluent:kafka-schema-registry-client:$confluentVersion") { isTransitive = false } - implementation("org.glassfish.jersey.core:jersey-common:2.31") + implementation("org.glassfish.jersey.core:jersey-common:3.1.5") implementation("io.swagger:swagger-annotations:1.6.2") implementation("io.confluent:common-utils:$confluentVersion") { isTransitive = false diff --git a/gradle.properties b/gradle.properties index 8049f71..f6588d4 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,17 +1,17 @@ org.gradle.jvmargs=-Xmx3072m -XX:+HeapDumpOnOutOfMemoryError -Dfile.encoding=UTF-8 dockerComposeStopContainers=true -kotlinVersion=1.6.10 -okhttp3Version=4.9.3 -radarJerseyVersion=0.9.1 -radarCommonsVersion=0.13.2 -radarSchemasVersion=0.8.3 +kotlinVersion=1.9.22 +okhttp3Version=4.12.0 +radarJerseyVersion=0.10.0 +radarCommonsVersion=0.15.0 +radarSchemasVersion=0.8.6 radarOauthClientVersion=0.8.0 jacksonVersion=2.14.1 -slf4jVersion=2.0.7 -log4j2Version=2.20.0 +slf4jVersion=2.0.12 +log4j2Version=2.23.0 kafkaVersion=2.8.1 confluentVersion=6.2.0 -junitVersion=5.7.2 -jedisVersion=3.6.1 -grizzlyVersion=3.0.1 +junitVersion=5.10.2 +jedisVersion=5.1.2 +grizzlyVersion=4.0.2 diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 69a9715..db9a6b8 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists From 0867918acc6bad2b7ab59b75d2d50b174faa206d Mon Sep 17 00:00:00 2001 From: this-Aditya Date: Fri, 8 Mar 2024 14:47:50 +0530 Subject: [PATCH 3/9] Updated to java 17 in workflows --- .github/workflows/main.yml | 7 ++++--- .github/workflows/release.yml | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b3718c6..fa9227a 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,11 +20,12 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - - uses: actions/setup-java@v1 + - uses: actions/setup-java@v4 with: - java-version: 11 + distribution: temurin + java-version: 17 - name: Cache uses: actions/cache@v2.0.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index df99ae0..3a7267a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,10 +13,11 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - uses: actions/setup-java@v1 + - uses: actions/checkout@v4 + - uses: actions/setup-java@v4 with: - java-version: 11 + distribution: temurin + java-version: 17 - name: Cache uses: actions/cache@v2.0.0 From 41ba20b763a85b5b2455bc758f2e45298b4a6370 Mon Sep 17 00:00:00 2001 From: this-Aditya Date: Fri, 8 Mar 2024 17:42:45 +0530 Subject: [PATCH 4/9] Updated dockerfile, kafka and confluent versions --- Dockerfile | 4 ++-- gradle.properties | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index f2997bd..5b8016a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM gradle:7.0.2-jdk11 as builder +FROM --platform=$BUILDPLATFORM gradle:8.3-jdk17 as builder RUN mkdir /code WORKDIR /code @@ -29,7 +29,7 @@ RUN gradle distTar --no-watch-fs \ && tar xzf *.tar.gz \ && rm *.tar.gz radar-push-endpoint-*/lib/radar-push-endpoint-*.jar -FROM openjdk:11-jre-slim +FROM eclipse-temurin:17-jre MAINTAINER @yatharthranjan diff --git a/gradle.properties b/gradle.properties index f6588d4..5b818ad 100644 --- a/gradle.properties +++ b/gradle.properties @@ -10,8 +10,8 @@ radarOauthClientVersion=0.8.0 jacksonVersion=2.14.1 slf4jVersion=2.0.12 log4j2Version=2.23.0 -kafkaVersion=2.8.1 -confluentVersion=6.2.0 +kafkaVersion=3.6.1 +confluentVersion=7.6.0 junitVersion=5.10.2 jedisVersion=5.1.2 grizzlyVersion=4.0.2 From 678d9c24bccbb5712d4bd783073c4cbbe0cad6e0 Mon Sep 17 00:00:00 2001 From: this-Aditya Date: Fri, 8 Mar 2024 18:17:23 +0530 Subject: [PATCH 5/9] Updated workflows --- .github/workflows/main.yml | 16 ++++++++-------- .github/workflows/release.yml | 14 +++++++------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index fa9227a..44b8025 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -28,7 +28,7 @@ jobs: java-version: 17 - name: Cache - uses: actions/cache@v2.0.0 + uses: actions/cache@v3 with: # Cache gradle directories path: | @@ -56,10 +56,10 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Login to Docker Hub - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -67,20 +67,20 @@ jobs: # Add Docker labels and tags - name: Docker meta id: docker_meta - uses: crazy-max/ghaction-docker-meta@v2 + uses: docker/metadata-action@v4 with: images: ${{ env.DOCKER_IMAGE }} # Setup docker build environment - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Cache Docker layers id: cache-buildx - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: /tmp/.buildx-cache key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile', '**/*.gradle.kts', 'gradle.properties', 'src/main/**') }} @@ -95,7 +95,7 @@ jobs: echo "::set-output name=cache-to::type=local,dest=/tmp/.buildx-cache-new,mode=max" fi - name: Build docker - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: cache-from: type=local,src=/tmp/.buildx-cache cache-to: ${{ steps.cache-parameters.outputs.cache-to }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3a7267a..acb808b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -20,7 +20,7 @@ jobs: java-version: 17 - name: Cache - uses: actions/cache@v2.0.0 + uses: actions/cache@v3 with: # A list of files, directories, and wildcard patterns to cache and restore path: | @@ -53,17 +53,17 @@ jobs: # Steps represent a sequence of tasks that will be executed as part of the job steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 # Setup docker build environment - name: Set up QEMU - uses: docker/setup-qemu-action@v1 + uses: docker/setup-qemu-action@v2 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 + uses: docker/setup-buildx-action@v2 - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} @@ -71,14 +71,14 @@ jobs: # Add Docker labels and tags - name: Docker meta id: docker_meta - uses: crazy-max/ghaction-docker-meta@v2 + uses: docker/metadata-action@v4 with: images: ${{ env.DOCKER_IMAGE }} tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} - name: Build docker - uses: docker/build-push-action@v2 + uses: docker/build-push-action@v3 with: # Allow running the image on the architectures supported by openjdk:17-jre-slim platforms: linux/amd64,linux/arm64 From b20798549b2f4ae1f72f42cb0eed4f0626c8c71c Mon Sep 17 00:00:00 2001 From: pvannierop Date: Thu, 10 Oct 2024 13:27:54 +0200 Subject: [PATCH 6/9] Add Snyk GitHub actions --- .github/workflows/scheduled-snyk.yaml | 28 +++++++++++++++++++++++++++ .github/workflows/snyk.yaml | 14 ++++++++++++++ .snyk | 5 +++++ 3 files changed, 47 insertions(+) create mode 100644 .github/workflows/scheduled-snyk.yaml create mode 100644 .github/workflows/snyk.yaml create mode 100644 .snyk diff --git a/.github/workflows/scheduled-snyk.yaml b/.github/workflows/scheduled-snyk.yaml new file mode 100644 index 0000000..c7daaa9 --- /dev/null +++ b/.github/workflows/scheduled-snyk.yaml @@ -0,0 +1,28 @@ +name: Snyk scheduled test +on: + schedule: + - cron: '0 2 1 * *' + push: + branches: + - master + +jobs: + security: + runs-on: ubuntu-latest + env: + REPORT_FILE: test.json + steps: + - uses: actions/checkout@v3 + - uses: snyk/actions/gradle-jdk17@master + name: Run Snyk to check for vulnerabilities + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: --all-projects --configuration-matching='^runtimeClasspath$' --fail-on=upgradable --json-file-output=${{ env.REPORT_FILE }}--org=radar-base --policy-path=$PWD/.snyk + + - name: Report new vulnerabilities + uses: thehyve/report-vulnerability@master + if: success() || failure() + with: + report-file: ${{ env.REPORT_FILE }} + env: + TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/snyk.yaml b/.github/workflows/snyk.yaml new file mode 100644 index 0000000..9a1d3ac --- /dev/null +++ b/.github/workflows/snyk.yaml @@ -0,0 +1,14 @@ +name: Snyk test +on: + pull_request: + branches: [ master, dev ] +jobs: + security: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: snyk/actions/gradle-jdk17@master + name: Run Snyk to check for vulnerabilities + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + with: --all-projects --configuration-matching='^runtimeClasspath$' --org=radar-base --policy-path=$PWD/.snyk diff --git a/.snyk b/.snyk new file mode 100644 index 0000000..2b62034 --- /dev/null +++ b/.snyk @@ -0,0 +1,5 @@ +# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. +version: v1.25.0 +# ignores vulnerabilities until expiry date; change duration by modifying expiry date +ignore: +patch: {} From 1e00843a299d02b4f9b82b6f3f24723e6dd0dfd5 Mon Sep 17 00:00:00 2001 From: pvannierop Date: Thu, 10 Oct 2024 14:11:11 +0200 Subject: [PATCH 7/9] Upgrade radar-schemas to 0.8.11 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 5b818ad..1b32664 100644 --- a/gradle.properties +++ b/gradle.properties @@ -5,7 +5,7 @@ kotlinVersion=1.9.22 okhttp3Version=4.12.0 radarJerseyVersion=0.10.0 radarCommonsVersion=0.15.0 -radarSchemasVersion=0.8.6 +radarSchemasVersion=0.8.11 radarOauthClientVersion=0.8.0 jacksonVersion=2.14.1 slf4jVersion=2.0.12 From e5ce666f1615e586d584b49582a0b8855188eaa1 Mon Sep 17 00:00:00 2001 From: Pim van Nierop Date: Thu, 10 Oct 2024 14:47:38 +0200 Subject: [PATCH 8/9] Create codeql.yml --- .github/workflows/codeql.yml | 96 ++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..bf58ceb --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,96 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL Advanced" + +on: + push: + branches: [ "master", "dev" ] + pull_request: + branches: [ "master", "dev" ] + schedule: + - cron: '29 9 * * 0' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: 'ubuntu-latest' + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: java-kotlin + build-mode: autobuild + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - uses: actions/setup-java@v1 + with: + java-version: 17 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + echo 'If you are using a "manual" build mode for one or more of the' \ + 'languages you are analyzing, replace this with the commands to build' \ + 'your code, for example:' + echo ' make bootstrap' + echo ' make release' + exit 1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From 80493426bd8a51b0b60f3ec1fedd32d9d8930b0f Mon Sep 17 00:00:00 2001 From: pvannierop Date: Thu, 10 Oct 2024 14:57:39 +0200 Subject: [PATCH 9/9] Set project version to 0.3.2 --- build.gradle.kts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index cc20127..3bfbdfd 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -15,7 +15,7 @@ description = "RADAR Push API Gateway to handle secured data flow to backend." allprojects { group = "org.radarbase" - version = "0.3.2-SNAPSHOT" + version = "0.3.2" repositories { mavenCentral()