diff --git a/.github/workflows/build-and-test-backend.yml b/.github/workflows/build-and-test-backend.yml index 9f80f257..d2171358 100644 --- a/.github/workflows/build-and-test-backend.yml +++ b/.github/workflows/build-and-test-backend.yml @@ -5,6 +5,7 @@ on: # branches: [ "main" ] pull_request: branches: [ "main" ] + workflow_dispatch: schedule: - cron: "0 3 * * *" # 3am every night @@ -13,33 +14,59 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - name: "Setup Java JDK" - uses: actions/setup-java@v2 + - uses: actions/setup-java@v4 with: - distribution: "zulu" - java-version: "17" - java-package: jdk # optional (jdk or jre) - defaults to jdk + distribution: temurin + java-version: 17 - ## Set up Maven Cache - - name: Cache Maven packages - uses: actions/cache@v1 + - uses: gradle/gradle-build-action@v2.9.0 + id: setup-gradle with: - path: ~/.m2 - key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} - restore-keys: ${{ runner.os }}-m2 + gradle-version: wrapper - - name: "Analyse dependencies" - run: make back-check-dependencies + - name: Print JAVA_HOME + run: | + echo "JAVA_HOME is $JAVA_HOME" + echo "JAVA_HOME=$JAVA_HOME" >> $GITHUB_ENV - - name: "Tests" - env: - CI: true - run: make back-test + - name: build and test + run: make back-build + + # - name: dependency-check + # uses: dependency-check/Dependency-Check_Action@main + # id: dependency-check + # env: + # JAVA_HOME: ${{ env.JAVA_HOME }} + # with: + # project: 'rapportnav' + # path: './backend' + # format: 'HTML' + # out: 'reports' # this is the default, no need to specify unless you wish to override it + # args: > + # --failOnCVSS 7 + # --enableRetired + + # - name: Upload Test results + # uses: actions/upload-artifact@master + # with: + # name: dependency-check-report + # path: ${{github.workspace}}/reports + + # - name: "Analyse dependencies" + # run: make back-check-dependencies + + # - name: "Tests" + # env: + # CI: true + # run: make back-test # - name: "Check clean architecture" # run: make check-clean-archi - - name: "Build" + - name: "test maven" + run: make back-test-mvn + + - name: "build maven" run: make back-build-mvn diff --git a/.github/workflows/build-and-test-frontend.yml b/.github/workflows/build-and-test-frontend.yml index 1877942e..6582de19 100644 --- a/.github/workflows/build-and-test-frontend.yml +++ b/.github/workflows/build-and-test-frontend.yml @@ -3,8 +3,9 @@ name: "[Build & Test] Frontend" on: # push: # branches: [ "main" ] - pull_request: - branches: [ "main" ] + # pull_request: + # branches: [ "main" ] + workflow_dispatch: schedule: - cron: "0 3 * * *" # 3am every night diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 821b6d9f..812a8a33 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -14,8 +14,8 @@ name: "[Analyse] CodeQL" on: # push: # branches: ["main"] - pull_request: - branches: [ "main" ] + # pull_request: + # branches: [ "main" ] schedule: - cron: "0 3 * * *" # 3am every night diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000..fd59a830 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,23 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement +name: '[Analyse] Dependency Review' +on: [ pull_request ] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Dependency Review + uses: actions/dependency-review-action@v4 + with: + fail-on-severity: critical diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 266a9225..b4783229 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,8 @@ name: "Release" on: - push: - branches: [ "main" ] + # push: + # branches: [ "main" ] release: types: [ published ] diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 9b61c28c..9a69f6cf 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -31,8 +31,8 @@ name: "[Analyse] SonarCloud" on: # push: # branches: [ "main" ] - pull_request: - branches: [ "main" ] + # pull_request: + # branches: [ "main" ] # types: [ opened, synchronize, reopened ] schedule: - cron: "0 3 * * *" # 3am every night diff --git a/.github/workflows/trivy-db.yml b/.github/workflows/trivy-db.yml index 9e224099..70873dc9 100644 --- a/.github/workflows/trivy-db.yml +++ b/.github/workflows/trivy-db.yml @@ -11,6 +11,7 @@ on: # pull_request: # # The branches below must be a subset of the branches above # branches: [ "main" ] + workflow_dispatch: schedule: - cron: "0 3 * * *" # 3am every night diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index c60b2fd4..80d3d0c1 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -11,6 +11,7 @@ on: # pull_request: # # The branches below must be a subset of the branches above # branches: [ "main" ] + workflow_dispatch: schedule: - cron: "0 3 * * *" # 3am every night diff --git a/Makefile b/Makefile index 46cd5bb9..e938130d 100644 --- a/Makefile +++ b/Makefile @@ -47,16 +47,22 @@ front-visualize-bundle: BACKEND_DIR := backend BACKEND_CONFIGURATION_FOLDER=$(shell pwd)/infra/configurations/backend/ -.PHONY: back-show-dependencies back-local +.PHONY: back-show-dependencies back-build back-test back-local back-show-dependencies: cd $(BACKEND_DIR) && ./gradlew dependencies +back-build: + cd $(BACKEND_DIR) && ./gradlew build + +back-test: + cd $(BACKEND_DIR) && ./gradlew test + back-start-local: cd $(BACKEND_DIR) && ./gradlew bootRun --args='--spring.profiles.active=local --spring.config.additional-location=$(BACKEND_CONFIGURATION_FOLDER)' -.PHONY: back-clean-install back-check-dependencies back-test back-sonar +.PHONY: back-clean-install back-check-dependencies back-test-mvn back-sonar back-clean-install: cd $(BACKEND_DIR) && ./mvnw clean install -DskipTests @@ -73,7 +79,7 @@ back-sonar: -Dsonar.java.libraries=. \ -Dsonar.verbose=true -back-test: +back-test-mvn: cd $(BACKEND_DIR) && ./mvnw test -Pci -Dmaven.main.skip=true diff --git a/backend/build.gradle.kts b/backend/build.gradle.kts index 6711e79d..34a1e939 100644 --- a/backend/build.gradle.kts +++ b/backend/build.gradle.kts @@ -10,85 +10,95 @@ val springVersion by extra("3.2.0") val testcontainersVersion by extra("1.19.2") plugins { - `java-library` - `maven-publish` - kotlin("jvm") version "1.9.0" - kotlin("plugin.spring") version "1.9.0" - kotlin("plugin.jpa") version "1.9.0" - id("org.springframework.boot") version "3.2.0" - id("io.spring.dependency-management") version "1.1.4" - id("org.owasp.dependencycheck") version "8.4.0" + `java-library` + `maven-publish` + kotlin("jvm") version "1.9.0" + kotlin("plugin.spring") version "1.9.0" + kotlin("plugin.jpa") version "1.9.0" + id("org.springframework.boot") version "3.2.0" + id("io.spring.dependency-management") version "1.1.4" + id("org.owasp.dependencycheck") version "8.4.0" } springBoot { - mainClass.set("fr.gouv.dgampa.rapportnav.RapportNavApplicationKt") + mainClass.set("fr.gouv.dgampa.rapportnav.RapportNavApplicationKt") } repositories { - mavenCentral() + mavenCentral() } configurations.all { - exclude(group = "org.springframework.boot", module = "spring-boot-starter-logging") + exclude(group = "org.springframework.boot", module = "spring-boot-starter-logging") } dependencyManagement { - imports { - mavenBom("org.testcontainers:testcontainers-bom:$testcontainersVersion") - } - dependencies { - dependency("com.graphql-java:graphql-java:21.1") - } + imports { + mavenBom("org.testcontainers:testcontainers-bom:$testcontainersVersion") + } + dependencies { + dependency("com.graphql-java:graphql-java:21.1") + } } dependencies { - implementation("org.springframework.boot:spring-boot-starter-data-jpa:$springVersion") - implementation("org.springframework.boot:spring-boot-starter-data-rest:$springVersion") - implementation("org.springframework.boot:spring-boot-starter-web:$springVersion") - implementation("org.springframework.boot:spring-boot-starter-graphql:$springVersion") - implementation("org.springframework.boot:spring-boot-autoconfigure:$springVersion") - implementation("org.springframework.boot:spring-boot-starter-log4j2:$springVersion") - implementation("org.springframework.boot:spring-boot-starter-security:$springVersion") - implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server:$springVersion") - implementation("com.fasterxml.jackson.module:jackson-module-kotlin") - implementation("org.jetbrains.kotlin:kotlin-reflect") - implementation("org.jetbrains.kotlin:kotlin-stdlib") - runtimeOnly("org.postgresql:postgresql:42.7.0") - implementation("org.flywaydb:flyway-core:9.22.3") - implementation("org.n52.jackson:jackson-datatype-jts:1.2.10") { - exclude(group = "org.locationtech.jts", module = "jts-core") - } - implementation("io.jsonwebtoken:jjwt-api:0.12.3") - implementation("javax.xml.bind:jaxb-api:2.3.1") - implementation("org.springframework.security:spring-security-oauth2-jose:6.2.0") - implementation("org.locationtech.jts:jts-core:1.19.0") - implementation("io.swagger.core.v3:swagger-core:2.2.19") - implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:$serializationVersion") - implementation("io.sentry:sentry-spring-boot-starter-jakarta:7.0.0") - implementation("io.sentry:sentry-log4j2:7.0.0") - testImplementation("org.springframework.boot:spring-boot-starter-test") - testImplementation("org.springframework:spring-webflux") - testImplementation("org.springframework.graphql:spring-graphql-test") - testImplementation("org.testcontainers:testcontainers") - testImplementation("org.testcontainers:junit-jupiter") - testImplementation("org.testcontainers:postgresql") + implementation("org.springframework.boot:spring-boot-starter-data-jpa:$springVersion") + implementation("org.springframework.boot:spring-boot-starter-data-rest:$springVersion") + implementation("org.springframework.boot:spring-boot-starter-web:$springVersion") + implementation("org.springframework.boot:spring-boot-starter-graphql:$springVersion") + implementation("org.springframework.boot:spring-boot-autoconfigure:$springVersion") + implementation("org.springframework.boot:spring-boot-starter-log4j2:$springVersion") + implementation("org.springframework.boot:spring-boot-starter-security:$springVersion") + implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server:$springVersion") + implementation("com.fasterxml.jackson.module:jackson-module-kotlin") + implementation("org.jetbrains.kotlin:kotlin-reflect") + implementation("org.jetbrains.kotlin:kotlin-stdlib") + runtimeOnly("org.postgresql:postgresql:42.7.0") + implementation("org.flywaydb:flyway-core:9.22.3") + implementation("org.n52.jackson:jackson-datatype-jts:1.2.10") { + exclude(group = "org.locationtech.jts", module = "jts-core") + } + implementation("io.jsonwebtoken:jjwt-api:0.12.3") + implementation("javax.xml.bind:jaxb-api:2.3.1") + implementation("org.springframework.security:spring-security-oauth2-jose:6.2.0") + implementation("org.locationtech.jts:jts-core:1.19.0") + implementation("io.swagger.core.v3:swagger-core:2.2.19") + implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:$serializationVersion") + implementation("io.sentry:sentry-spring-boot-starter-jakarta:7.0.0") + implementation("io.sentry:sentry-log4j2:7.0.0") + testImplementation("org.springframework.boot:spring-boot-starter-test") + testImplementation("org.springframework:spring-webflux") + testImplementation("org.springframework.graphql:spring-graphql-test") + testImplementation("org.testcontainers:testcontainers") + testImplementation("org.testcontainers:junit-jupiter") + testImplementation("org.testcontainers:postgresql") } java { - sourceCompatibility = JavaVersion.VERSION_17 + sourceCompatibility = JavaVersion.VERSION_17 } kotlin { - jvmToolchain(17) + jvmToolchain(17) } tasks.withType { - kotlinOptions { - freeCompilerArgs += "-Xjsr305=strict" - jvmTarget = "17" - } + kotlinOptions { + freeCompilerArgs += "-Xjsr305=strict" + jvmTarget = "17" + } } + +tasks.named("test") { + useJUnitPlatform() + + testLogging { + events("passed") + } +} + + //val sonarOrganization by extra("mtes-mct") //val sonarProjectKey by extra("MTES-MCT_rapportnav2") // diff --git a/frontend/package-lock.json b/frontend/package-lock.json index 51e644bc..c980ff46 100644 --- a/frontend/package-lock.json +++ b/frontend/package-lock.json @@ -9,7 +9,7 @@ "version": "0.0.1-alpha.15", "dependencies": { "@apollo/client": "^3.8.6", - "@mtes-mct/monitor-ui": "^10.15.2", + "@mtes-mct/monitor-ui": "^11.2.0", "@sentry/integrations": "^7.93.0", "@sentry/react": "^7.93.0", "apollo3-cache-persist": "^0.14.1", @@ -4136,9 +4136,9 @@ } }, "node_modules/@mtes-mct/monitor-ui": { - "version": "10.15.2", - "resolved": "https://registry.npmjs.org/@mtes-mct/monitor-ui/-/monitor-ui-10.15.2.tgz", - "integrity": "sha512-OcOGYA5SMkfUOHvkNKEwMMThFJb8IsrydO+JzBGKBr62IjgA65j97cC0sLJMV13GICEoiWLBBv5bDpJ9knSjQQ==", + "version": "11.2.0", + "resolved": "https://registry.npmjs.org/@mtes-mct/monitor-ui/-/monitor-ui-11.2.0.tgz", + "integrity": "sha512-tggPizrGT+E2KVHf51sfumFm60mI5pHEdwKlg2x3jn37O1K+h6wPrAldPM/1m0oanRfCBxYPVR+qxl0fgKFZZA==", "dependencies": { "@babel/runtime": "7.22.15", "@tanstack/react-table": "8.9.7", diff --git a/frontend/package.json b/frontend/package.json index 0af2d4bd..a4316850 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -19,7 +19,7 @@ }, "dependencies": { "@apollo/client": "^3.8.6", - "@mtes-mct/monitor-ui": "^10.15.2", + "@mtes-mct/monitor-ui": "^11.2.0", "@sentry/integrations": "^7.93.0", "@sentry/react": "^7.93.0", "apollo3-cache-persist": "^0.14.1",