Michael Hoennig
0f71c6a88d
Co-authored-by: Michael Hoennig <michael@hoennig.de> Reviewed-on: #7 Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>
347 lines
12 KiB
Groovy
347 lines
12 KiB
Groovy
plugins {
|
|
id 'java'
|
|
id 'org.springframework.boot' version '3.1.7'
|
|
id 'io.spring.dependency-management' version '1.1.4'
|
|
id 'io.openapiprocessor.openapi-processor' version '2023.2'
|
|
id 'com.github.jk1.dependency-license-report' version '2.5'
|
|
id "org.owasp.dependencycheck" version "9.0.7"
|
|
id "com.diffplug.spotless" version "6.23.3"
|
|
id 'jacoco'
|
|
id 'info.solidsoft.pitest' version '1.15.0'
|
|
id 'se.patrikerdes.use-latest-versions' version '0.2.18'
|
|
id 'com.github.ben-manes.versions' version '0.50.0'
|
|
}
|
|
|
|
group = 'net.hostsharing'
|
|
version = '0.0.1-SNAPSHOT'
|
|
|
|
wrapper {
|
|
distributionType = Wrapper.DistributionType.BIN
|
|
gradleVersion = '8.5'
|
|
}
|
|
|
|
configurations {
|
|
compileOnly {
|
|
extendsFrom annotationProcessor
|
|
}
|
|
testCompile {
|
|
extendsFrom testAnnotationProcessor
|
|
|
|
// Only JUNit 5 (Jupiter) should be used at compile time.
|
|
// For runtime it's still needed by testcontainers, though.
|
|
exclude group: 'junit', module: 'junit'
|
|
exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
|
|
}
|
|
}
|
|
|
|
repositories {
|
|
mavenCentral()
|
|
maven { url 'https://repo.spring.io/milestone' }
|
|
maven { url 'https://repo.spring.io/snapshot' }
|
|
}
|
|
|
|
java {
|
|
toolchain {
|
|
languageVersion = JavaLanguageVersion.of(21)
|
|
vendor = JvmVendorSpec.ADOPTIUM
|
|
implementation = JvmImplementation.VENDOR_SPECIFIC
|
|
}
|
|
}
|
|
|
|
ext {
|
|
set('testcontainersVersion', "1.17.3")
|
|
}
|
|
|
|
dependencies {
|
|
implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
|
|
implementation 'org.springframework.boot:spring-boot-starter-data-rest'
|
|
implementation 'org.springframework.boot:spring-boot-starter-jdbc'
|
|
implementation 'org.springframework.boot:spring-boot-starter-web'
|
|
implementation 'org.springframework.boot:spring-boot-starter-validation'
|
|
implementation 'com.github.gavlyukovskiy:datasource-proxy-spring-boot-starter:1.9.1'
|
|
implementation 'org.springdoc:springdoc-openapi:2.3.0'
|
|
implementation 'org.postgresql:postgresql:42.7.1'
|
|
implementation 'org.liquibase:liquibase-core:4.25.1'
|
|
implementation 'com.vladmihalcea:hibernate-types-60:2.21.1'
|
|
implementation 'io.hypersistence:hypersistence-utils-hibernate-62:3.7.0'
|
|
implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.16.1'
|
|
implementation 'org.openapitools:jackson-databind-nullable:0.2.6'
|
|
implementation 'org.apache.commons:commons-text:1.11.0'
|
|
implementation 'org.modelmapper:modelmapper:3.2.0'
|
|
implementation 'org.iban4j:iban4j:3.2.7-RELEASE'
|
|
implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0'
|
|
|
|
// fixes vulnerability CVE-2022-1471
|
|
// The dependency usually comes from Spring Boot, just in the wrong version.
|
|
// TODO: Remove this explicit dependency once we are on SpringBoot 3.2.x
|
|
// as well as the related exclude in settings.gradle
|
|
// and the dependency suppression in owasp-dependency-check-suppression.xml.
|
|
implementation('org.yaml:snakeyaml') {
|
|
version {
|
|
strictly('2.2')
|
|
}
|
|
}
|
|
|
|
compileOnly 'org.projectlombok:lombok'
|
|
testCompileOnly 'org.projectlombok:lombok'
|
|
|
|
developmentOnly 'org.springframework.boot:spring-boot-devtools'
|
|
|
|
|
|
annotationProcessor 'org.projectlombok:lombok'
|
|
testAnnotationProcessor 'org.projectlombok:lombok'
|
|
|
|
testImplementation 'org.springframework.boot:spring-boot-starter-test'
|
|
testImplementation 'org.testcontainers:testcontainers'
|
|
testImplementation 'org.testcontainers:junit-jupiter'
|
|
testImplementation 'org.junit.jupiter:junit-jupiter'
|
|
testImplementation 'org.testcontainers:postgresql'
|
|
testImplementation 'com.tngtech.archunit:archunit-junit5:1.2.1'
|
|
testImplementation 'io.rest-assured:spring-mock-mvc'
|
|
testImplementation 'org.hamcrest:hamcrest-core:2.2'
|
|
testImplementation 'org.pitest:pitest-junit5-plugin:1.2.1'
|
|
}
|
|
|
|
dependencyManagement {
|
|
imports {
|
|
mavenBom "org.testcontainers:testcontainers-bom:${testcontainersVersion}"
|
|
}
|
|
}
|
|
|
|
// Java Compiler Options
|
|
tasks.withType(JavaCompile) {
|
|
options.compilerArgs += [
|
|
"-parameters" // keep parameter names => no need for @Param for SpringData
|
|
]
|
|
}
|
|
|
|
// Configure tests
|
|
tasks.named('test') {
|
|
useJUnitPlatform()
|
|
jvmArgs '-Duser.language=en'
|
|
jvmArgs '-Duser.country=US'
|
|
}
|
|
|
|
// OpenAPI Source Code Generation
|
|
openapiProcessor {
|
|
springRoot {
|
|
processorName 'spring'
|
|
processor 'io.openapiprocessor:openapi-processor-spring:2022.5'
|
|
apiPath "$projectDir/src/main/resources/api-definition.yaml"
|
|
mapping "$projectDir/src/main/resources/api-mappings.yaml"
|
|
targetDir "$projectDir/build/generated/sources/openapi-javax"
|
|
showWarnings true
|
|
openApiNullable true
|
|
}
|
|
springRbac {
|
|
processorName 'spring'
|
|
processor 'io.openapiprocessor:openapi-processor-spring:2022.5'
|
|
apiPath "$projectDir/src/main/resources/api-definition/rbac/rbac.yaml"
|
|
mapping "$projectDir/src/main/resources/api-definition/rbac/api-mappings.yaml"
|
|
targetDir "$projectDir/build/generated/sources/openapi-javax"
|
|
showWarnings true
|
|
openApiNullable true
|
|
}
|
|
springTest {
|
|
processorName 'spring'
|
|
processor 'io.openapiprocessor:openapi-processor-spring:2022.5'
|
|
apiPath "$projectDir/src/main/resources/api-definition/test/test.yaml"
|
|
mapping "$projectDir/src/main/resources/api-definition/test/api-mappings.yaml"
|
|
targetDir "$projectDir/build/generated/sources/openapi-javax"
|
|
showWarnings true
|
|
openApiNullable true
|
|
}
|
|
springHs {
|
|
processorName 'spring'
|
|
processor 'io.openapiprocessor:openapi-processor-spring:2022.5'
|
|
apiPath "$projectDir/src/main/resources/api-definition/hs-office/hs-office.yaml"
|
|
mapping "$projectDir/src/main/resources/api-definition/hs-office/api-mappings.yaml"
|
|
targetDir "$projectDir/build/generated/sources/openapi-javax"
|
|
showWarnings true
|
|
openApiNullable true
|
|
}
|
|
}
|
|
sourceSets.main.java.srcDir 'build/generated/sources/openapi'
|
|
abstract class ProcessSpring extends DefaultTask {}
|
|
tasks.register('processSpring', ProcessSpring)
|
|
['processSpringRoot', 'processSpringRbac', 'processSpringTest', 'processSpringHs'].each {
|
|
project.tasks.processSpring.dependsOn it
|
|
}
|
|
project.tasks.processResources.dependsOn processSpring
|
|
project.tasks.compileJava.dependsOn processSpring
|
|
|
|
// Rename javax to jakarta in OpenApi generated java files because
|
|
// io.openapiprocessor.openapi-processor 2022.2 does not yet support the openapiprocessor useSpringBoot3 config option.
|
|
task openApiGenerate(type: Copy) {
|
|
from "$buildDir/generated/sources/openapi-javax"
|
|
into "$buildDir/generated/sources/openapi"
|
|
filter { line -> line.replaceAll('javax', 'jakarta') }
|
|
}
|
|
compileJava.source "$buildDir/generated/sources/openapi"
|
|
compileJava.dependsOn openApiGenerate
|
|
openApiGenerate.dependsOn processSpring
|
|
|
|
// Spotless Code Formatting
|
|
spotless {
|
|
java {
|
|
removeUnusedImports()
|
|
indentWithSpaces(4)
|
|
endWithNewline()
|
|
toggleOffOn()
|
|
|
|
target fileTree(rootDir) {
|
|
include '**/*.java'
|
|
exclude '**/generated/**/*.java'
|
|
}
|
|
}
|
|
}
|
|
project.tasks.check.dependsOn(spotlessCheck)
|
|
// HACK: no idea why spotless uses the output of these tasks, but we get warnings without those
|
|
project.tasks.spotlessJava.dependsOn(
|
|
tasks.generateLicenseReport,
|
|
tasks.pitest,
|
|
tasks.jacocoTestReport,
|
|
tasks.processResources,
|
|
tasks.processTestResources)
|
|
|
|
// OWASP Dependency Security Test
|
|
dependencyCheck {
|
|
nvd {
|
|
apiKey = project.property('OWASP_API_KEY') // set it in ~/.gradle/gradle.properties
|
|
delay = 16000
|
|
}
|
|
format = 'ALL'
|
|
suppressionFile = 'etc/owasp-dependency-check-suppression.xml'
|
|
failOnError = true
|
|
failBuildOnCVSS = 5
|
|
}
|
|
project.tasks.check.dependsOn(dependencyCheckAnalyze)
|
|
project.tasks.dependencyCheckAnalyze.doFirst { // Why not doLast? See README.md!
|
|
println "OWASP Dependency Security Report: file:///${project.rootDir}/build/reports/dependency-check-report.html"
|
|
}
|
|
|
|
|
|
// License Check
|
|
licenseReport {
|
|
excludeBoms = true
|
|
allowedLicensesFile = new File("$projectDir/etc/allowed-licenses.json")
|
|
}
|
|
project.tasks.check.dependsOn(checkLicense)
|
|
|
|
// JaCoCo Test Code Coverage
|
|
jacoco {
|
|
toolVersion = "0.8.10"
|
|
}
|
|
test {
|
|
finalizedBy jacocoTestReport // generate report after tests
|
|
excludes = [
|
|
'net.hostsharing.hsadminng.**.generated.**',
|
|
]
|
|
}
|
|
jacocoTestReport {
|
|
dependsOn test
|
|
afterEvaluate {
|
|
classDirectories.setFrom(files(classDirectories.files.collect {
|
|
fileTree(dir: it, exclude: [
|
|
"net/hostsharing/hsadminng/**/generated/**/*.class",
|
|
"net/hostsharing/hsadminng/hs/HsadminNgApplication.class"
|
|
])
|
|
}))
|
|
}
|
|
doFirst { // Why not doLast? See README.md!
|
|
println "HTML Jacoco Test Code Coverage Report: file://${reports.html.outputLocation.get()}/index.html"
|
|
}
|
|
}
|
|
project.tasks.check.dependsOn(jacocoTestCoverageVerification)
|
|
jacocoTestCoverageVerification {
|
|
violationRules {
|
|
rule {
|
|
limit {
|
|
minimum = 0.92
|
|
}
|
|
}
|
|
|
|
// element: PACKAGE, BUNDLE, CLASS, SOURCEFILE or METHOD
|
|
// counter: INSTRUCTION, BRANCH, LINE, COMPLEXITY, METHOD, or CLASS
|
|
// value: TOTALCOUNT, COVEREDCOUNT, MISSEDCOUNT, COVEREDRATIO or MISSEDRATIO
|
|
|
|
rule {
|
|
element = 'CLASS'
|
|
excludes = [
|
|
'net.hostsharing.hsadminng.**.generated.**',
|
|
'net.hostsharing.hsadminng.HsadminNgApplication',
|
|
'net.hostsharing.hsadminng.ping.PingController',
|
|
'net.hostsharing.hsadminng.mapper.Mapper'
|
|
]
|
|
|
|
limit {
|
|
counter = 'LINE'
|
|
value = 'COVEREDRATIO'
|
|
minimum = 0.98
|
|
}
|
|
}
|
|
rule {
|
|
element = 'METHOD'
|
|
excludes = [
|
|
'net.hostsharing.hsadminng.**.generated.**',
|
|
'net.hostsharing.hsadminng.HsadminNgApplication.main',
|
|
'net.hostsharing.hsadminng.ping.PingController.*'
|
|
]
|
|
|
|
limit {
|
|
counter = 'BRANCH'
|
|
value = 'COVEREDRATIO'
|
|
minimum = 1.00
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// pitest mutation testing
|
|
pitest {
|
|
targetClasses = ['net.hostsharing.hsadminng.**']
|
|
excludedClasses = [
|
|
'net.hostsharing.hsadminng.config.**',
|
|
'net.hostsharing.hsadminng.**.*Controller',
|
|
'net.hostsharing.hsadminng.**.generated.**'
|
|
]
|
|
|
|
targetTests = ['net.hostsharing.hsadminng.**.*UnitTest', 'net.hostsharing.hsadminng.**.*RestTest']
|
|
excludedTestClasses = ['**AcceptanceTest*', '**IntegrationTest*']
|
|
|
|
pitestVersion = '1.15.3'
|
|
junit5PluginVersion = '1.1.0'
|
|
|
|
threads = 4
|
|
|
|
// As Java unit tests are pretty pointless in our case, this maybe makes not much sense.
|
|
mutationThreshold = 71
|
|
coverageThreshold = 57
|
|
testStrengthThreshold = 87
|
|
|
|
outputFormats = ['XML', 'HTML']
|
|
timestampedReports = false
|
|
}
|
|
project.tasks.check.dependsOn(project.tasks.pitest)
|
|
project.tasks.pitest.doFirst { // Why not doLast? See README.md!
|
|
println "PiTest Mutation Report: file:///${project.rootDir}/build/reports/pitest/index.html"
|
|
}
|
|
|
|
|
|
// Dependency Versions Upgrade
|
|
useLatestVersions {
|
|
finalizedBy check
|
|
}
|
|
|
|
def isNonStable = { String version ->
|
|
def stableKeyword = ['RELEASE', 'FINAL', 'GA'].any { it -> version.toUpperCase().contains(it) }
|
|
def regex = /^[0-9,.v-]+(-r)?$/
|
|
return !stableKeyword && !(version ==~ regex)
|
|
}
|
|
|
|
tasks.named("dependencyUpdates").configure {
|
|
rejectVersionIf {
|
|
isNonStable(it.candidate.version)
|
|
}
|
|
}
|