Merge branch 'develop' into mwatson/spring6

.github/workflows/dora-lead-time-for-changes.yml

@@ -1,9 +1,6 @@
 ###################### DO NOT DELETE OR MODIFY THIS FILE #######################
 #
-# This GitHub Workflow was added to your repository automatically by the
-# Lighthouse Delivery Infrastructure's SecRel team. It is required.
-#
-# It calculates the Lead Time for Changes DORA metric for PRs merged into your
+# This workflow calculates the Lead Time for Changes DORA metric for PRs merged into your
 # default branch.
 #
 ###################### DO NOT DELETE OR MODIFY THIS FILE #######################
@@ -15,9 +12,157 @@ on:
 jobs:
   calculate-lead-time-for-changes:
     if: ${{ github.ref_type == 'tag' }}
-    uses: department-of-veterans-affairs/lighthouse-di-documentation/.github/workflows/dora-lead-time-for-changes.yml@main
-    secrets:
-      # The SecRel team maintains a GitHub action that publishes these secrets
-      # to your repo. Do not delete these secrets from your repo.
-      DATADOG_API_KEY_FOR_LEAD_TIME_METRIC: ${{ secrets.DATADOG_API_KEY_FOR_LEAD_TIME_METRIC }}
-      DATADOG_APP_KEY_FOR_LEAD_TIME_METRIC: ${{ secrets.DATADOG_APP_KEY_FOR_LEAD_TIME_METRIC }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Calculate Lead Time
+        uses: actions/github-script@v6
+        env:
+          DATADOG_API_KEY_FOR_LEAD_TIME_METRIC: ${{ secrets.DATADOG_API_KEY_FOR_LEAD_TIME_METRIC }}
+          DATADOG_APP_KEY_FOR_LEAD_TIME_METRIC: ${{ secrets.DATADOG_APP_KEY_FOR_LEAD_TIME_METRIC }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          script: |
+            const { GITHUB_TOKEN, DATADOG_API_KEY_FOR_LEAD_TIME_METRIC, DATADOG_APP_KEY_FOR_LEAD_TIME_METRIC } = process.env
+
+            if(!DATADOG_API_KEY_FOR_LEAD_TIME_METRIC || !DATADOG_APP_KEY_FOR_LEAD_TIME_METRIC || !GITHUB_TOKEN) {
+              core.setFailed('DATADOG_API_KEY_FOR_LEAD_TIME_METRIC or DATADOG_APP_KEY_FOR_LEAD_TIME_METRIC or GITHUB_TOKEN is falsy. All must be set.')
+              process.exit(1)
+            }
+
+            const millisecondsPerSecond = 1000
+            const datadogGuageMetricType = 3
+            const datadogSubmitMetricsUrl = 'https://api.ddog-gov.com/api/v2/series'
+
+            const repoName = context?.payload?.repository?.name
+            if (!repoName) {
+              core.setFailed('Error: Github context object > context.payload.repository.name not defined. Exiting script.')
+              process.exit(1)
+            }
+            const ghBaseUrl = `https://api.github.com/repos/department-of-veterans-affairs/${repoName}`
+
+            async function doFetch(url, options) {
+              const response = await fetch(url, options)
+              return await response.json()
+            }
+
+            function concatDedupe (newElements, dedupedArray, dedupeByKey) {
+              for (let newElement of newElements) {
+                let elementAlreadyInArray = true
+                elementAlreadyInArray = dedupedArray.find(p => p[dedupeByKey] === newElement[dedupeByKey])
+                if (!elementAlreadyInArray) {
+                  dedupedArray.push(newElement)
+                }
+              }
+              return dedupedArray
+            }
+
+            async function getPulls() {
+              const githubOptions = {
+                method: 'GET',
+                headers: {
+                  Authorization: `bearer ${GITHUB_TOKEN}`,
+                  Accept: 'application/vnd.github+json',
+                  'X-GitHub-Api-Version': '2022-11-28'
+                }
+              }
+              const tagsData = await doFetch(`${ghBaseUrl}/tags`, githubOptions)
+
+              if (!tagsData || !tagsData.length || tagsData.length < 2) {
+                core.setFailed('Unable to calculate DORA Lead Time for Changes for PRs between the most recent and second most recent git tags because this repo has less than two git tags.')
+                process.exit(1)
+              }
+
+              // Per the requirements in the ticket (API-28959) and the spike ticket (API-28443),
+              // we *assume* the second element in the array of tags is the second-most recent tag.
+              const newTag = tagsData[0].name
+              const previousTag = tagsData[1].name
+
+              core.info(`The new tag is: ${newTag}. The previous tag is: ${previousTag}`)
+
+              const commitsData = await doFetch(`${ghBaseUrl}/compare/${previousTag}...${newTag}`, githubOptions)
+
+              if (!commitsData || !commitsData.commits || !commitsData.commits.length || commitsData.commits.length < 1) {
+                core.setFailed('Unable to calculate DORA Lead Time for Changes for PRs between the most recent and second most recent git tags because there are no commits between these two tags.')
+                process.exit(1)
+              }
+
+              let dedupedPulls = []
+              for (let commit of commitsData.commits) {
+                let pullsData = await doFetch(`${ghBaseUrl}/commits/${commit.sha}/pulls`, githubOptions)
+                dedupedPulls = concatDedupe(pullsData, dedupedPulls, 'id')
+              }
+
+              if (!dedupedPulls || !dedupedPulls.length || dedupedPulls.length < 1) {
+                core.setFailed('Unable to calculate DORA Lead Time for Changes for PRs between the most recent and second most recent git tags because there are no PRs between these two tags.')
+                process.exit(1)
+              }
+
+              return dedupedPulls
+            }
+
+            function calculateAvergeLeadTime(pulls) {
+              let averageLeadTime = 0
+              let mergedPullsCount = 0
+
+              for (let pull of dedupedPulls) {
+                if (pull.merged_at === null) {
+                  core.info(`Pull number ${pull.number} was never merged. Skipping...`)
+                  continue
+                }
+
+                mergedPullsCount++
+
+                let millisecondsBetween = new Date().getTime() - new Date(pull.created_at).getTime()
+                averageLeadTime += Math.round(millisecondsBetween / millisecondsPerSecond)
+
+                core.info(`Lead Time for pull number ${pull.number} is ${Math.round(millisecondsBetween / millisecondsPerSecond)} seconds.`)
+              }
+
+              if (mergedPullsCount === 0) {
+                core.setFailed('Unable to calculate DORA Lead Time for Changes for PRs between the most recent and second most recent git tags because there are no merged PRs between these two tags.')
+                process.exit(1)
+              }
+
+              return Math.round(averageLeadTime / mergedPullsCount)
+            }
+
+            async function submitMetrics(averageLeadTime) {
+              let datadogPostBody = {
+                series: [
+                  {
+                    metric: "lead_time_for_changes",
+                    points: [
+                      {
+                        timestamp: Math.round(new Date().getTime() / millisecondsPerSecond),
+                        value: averageLeadTime
+                      }
+                    ],
+                    type: datadogGuageMetricType,
+                    "tags": [ `repo_name:${repoName}` ],
+                    "unit": "second"
+                  }
+                ]
+              }
+
+              let datadogOptions = {
+                method: 'POST',
+                headers: {
+                  'Content-Type': 'application/json',
+                  'DD-API-KEY': DATADOG_API_KEY_FOR_LEAD_TIME_METRIC,
+                  'DD-APPLICATION-KEY': DATADOG_APP_KEY_FOR_LEAD_TIME_METRIC
+                },
+                body: JSON.stringify(datadogPostBody),
+              }
+
+              const datadogData = await doFetch(datadogSubmitMetricsUrl, datadogOptions)
+              core.info('Datadog metric submission response body is:')
+              core.info(JSON.stringify(datadogData, null, 2))
+            }
+
+            const dedupedPulls = await getPulls()
+
+            const averageLeadTime = calculateAvergeLeadTime(dedupedPulls)
+
+            core.info(`Average Lead Time of the merged PRs is ${averageLeadTime} seconds.`)
+
+            await submitMetrics(averageLeadTime)

gradle-plugins/build.gradle

@@ -17,8 +17,8 @@ dependencies {
     // Set versions for these plugins so we don't have to repeat the versions in convention.gradle files
     // https://discuss.gradle.org/t/applying-a-plugin-version-inside-a-convention-plugin/42160
     // Syntax: "<pluginName>:<pluginName>.gradle.plugin:<pluginVersion>"
-    implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.3'
-    implementation 'com.diffplug.spotless:com.diffplug.spotless.gradle.plugin:6.21.0'
+    implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.4'
+    implementation 'com.diffplug.spotless:com.diffplug.spotless.gradle.plugin:6.22.0'
     implementation 'com.felipefzdz.gradle.shellcheck:com.felipefzdz.gradle.shellcheck.gradle.plugin:1.4.6'
     implementation 'com.palantir.docker:com.palantir.docker.gradle.plugin:0.35.0'
     implementation 'com.palantir.docker-run:com.palantir.docker-run.gradle.plugin:0.35.0'

helm/api-gateway/Chart.yaml

@@ -16,4 +16,4 @@ version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 # This field is informational, and has no impact on chart version calculations.
-appVersion: "3.4.18"
+appVersion: "3.5.2"

helm/domain-cc/Chart.yaml

@@ -16,4 +16,4 @@ version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 # This field is informational, and has no impact on chart version calculations.
-appVersion: "3.4.18"
+appVersion: "3.5.2"

helm/domain-ee/Chart.yaml

@@ -16,4 +16,4 @@ version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 # This field is informational, and has no impact on chart version calculations.
-appVersion: "3.4.18"
+appVersion: "3.5.2"

helm/platform/Chart.yaml

@@ -21,7 +21,7 @@ version: 0.2.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.4.18"
+appVersion: "3.5.2"
 
 # https://levelup.gitconnected.com/helm-data-sharing-between-parent-and-child-chart-c4487a452d4e
 dependencies:

helm/svc-bgs-api/Chart.yaml

@@ -16,4 +16,4 @@ version: 0.1.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 # This field is informational, and has no impact on chart version calculations.
-appVersion: "3.4.18"
+appVersion: "3.5.2"

helm/svc-lighthouse-api/Chart.yaml

@@ -16,4 +16,4 @@ version: 0.1.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 # This field is informational, and has no impact on chart version calculations.
-appVersion: "3.4.18"
+appVersion: "3.5.2"

helm/vro-app/Chart.yaml

@@ -16,4 +16,4 @@ version: 0.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 # This field is informational, and has no impact on chart version calculations.
-appVersion: "3.4.18"
+appVersion: "3.5.2"

scripts/image_versions.src

@@ -31,3 +31,18 @@
 # Wed Sep 13 14:29:58 UTC 2023 -- v3.4.16
 # Fri Sep 15 15:14:20 UTC 2023 -- v3.4.17
 # Wed Sep 20 17:22:23 UTC 2023 -- v3.4.18
+# Thu Sep 28 18:53:10 UTC 2023 -- v3.4.19
+# Fri Sep 29 16:52:44 UTC 2023 -- v3.4.20
+# Fri Sep 29 17:50:35 UTC 2023 -- v3.4.21
+# Mon Oct  2 20:38:20 UTC 2023 -- v3.5.0
+# Wed Oct 11 19:06:17 UTC 2023 -- v3.5.1
+postgres_VER="v3.5.1"
+apigateway_VER="v3.5.1"
+app_VER="v3.5.1"
+dbinit_VER="v3.5.1"
+svclighthouseapi_VER="v3.5.1"
+svcbiekafka_VER="v3.5.1"
+xampleworkflows_VER="v3.5.1"
+ccapp_VER="v3.5.1"
+eemaxcfiapp_VER="v3.5.1"
+# Thu Oct 12 16:21:59 UTC 2023 -- v3.5.2

svc-bip-api/build.gradle

@@ -20,7 +20,7 @@ dependencies {
   implementation "com.fasterxml.jackson.core:jackson-core"
   implementation "com.fasterxml.jackson.core:jackson-databind"
 
-  def jjwt_version="0.11.5"
+  def jjwt_version="0.12.2"
   implementation "io.jsonwebtoken:jjwt-api:${jjwt_version}"
   implementation "io.jsonwebtoken:jjwt-impl:${jjwt_version}"
   implementation "io.jsonwebtoken:jjwt-jackson:${jjwt_version}"

svc-bip-api/src/main/java/gov/va/vro/bip/service/BipApiProps.java

@@ -1,6 +1,7 @@
 package gov.va.vro.bip.service;
 
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ClaimsBuilder;
 import io.jsonwebtoken.Jwts;
 import lombok.Getter;
 import lombok.Setter;
@@ -48,13 +49,15 @@ public Claims toCommonJwtClaims() {
     Calendar cal = Calendar.getInstance();
     cal.add(Calendar.MINUTE, 30);
     Date expired = cal.getTime();
-    Claims claims = Jwts.claims();
-    claims.put("applicationID", applicationId);
-    claims.put("stationID", stationId);
-    claims.put("userID", claimClientId);
+    ClaimsBuilder claimsBuilder =
+        Jwts.claims()
+            .add("applicationID", applicationId)
+            .add("stationID", stationId)
+            .add("userID", claimClientId);
+
     Date now = cal.getTime();
-    claims.put("iat", now.getTime());
-    claims.put("expires", expired.getTime());
-    return claims;
+    claimsBuilder.add("iat", now.getTime()).add("expires", expired.getTime());
+
+    return claimsBuilder.build();
   }
 }

svc-bip-api/src/main/java/gov/va/vro/bip/service/BipApiService.java

@@ -9,10 +9,7 @@
 import gov.va.vro.bip.model.ClaimContention;
 import gov.va.vro.bip.model.ClaimStatus;
 import gov.va.vro.bip.model.UpdateContentionReq;
-import io.jsonwebtoken.Claims;
-import io.jsonwebtoken.Header;
-import io.jsonwebtoken.Jwts;
-import io.jsonwebtoken.SignatureAlgorithm;
+import io.jsonwebtoken.*;
 import lombok.NonNull;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -221,7 +218,9 @@ String createJwt() throws BipException {
     Map<String, Object> headerType = new HashMap<>();
     headerType.put("typ", Header.JWT_TYPE);
 
-    claims.put("iss", bipApiProps.getClaimIssuer());
+    ClaimsBuilder claimsBuilder =
+        Jwts.claims().add(claims).add("iss", bipApiProps.getClaimIssuer());
+    claims = claimsBuilder.build();
     byte[] signSecretBytes = bipApiProps.getClaimSecret().getBytes(StandardCharsets.UTF_8);
     Key signingKey = new SecretKeySpec(signSecretBytes, SignatureAlgorithm.HS256.getJcaName());
 

svc-lighthouse-api/build.gradle

@@ -17,10 +17,10 @@ dependencies {
   implementation "ca.uhn.hapi.fhir:hapi-fhir-base:${hapi_fhir_version}"
   implementation "ca.uhn.hapi.fhir:hapi-fhir-server-openapi:${hapi_fhir_version}"
 
-  implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
+  implementation 'org.bouncycastle:bcprov-jdk18on:1.76'
   implementation 'org.apache.commons:commons-lang3:3.13.0'
 
-  def jjwt_version="0.11.5"
+  def jjwt_version="0.12.2"
   implementation "io.jsonwebtoken:jjwt-api:${jjwt_version}"
   implementation "io.jsonwebtoken:jjwt-impl:${jjwt_version}"
   implementation "io.jsonwebtoken:jjwt-jackson:${jjwt_version}"

versions.txt

@@ -22,3 +22,9 @@ v3.4.15
 v3.4.16
 v3.4.17
 v3.4.18
+v3.4.19
+v3.4.20
+v3.4.21
+v3.5.0
+v3.5.1
+v3.5.2