-
Notifications
You must be signed in to change notification settings - Fork 88
/
build.gradle
173 lines (160 loc) · 6.46 KB
/
build.gradle
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
plugins {
id 'java'
id 'org.springframework.boot' version '3.2.2'
id 'io.spring.dependency-management' version '1.1.4'
id 'jacoco'
id 'info.solidsoft.pitest' version '1.15.0'
id "org.owasp.dependencycheck" version "9.0.9"
}
String buildId = project.hasProperty('buildId') ? project['buildId'] : 'DEV'
group = 'com.uk'
version = "${semanticVersion}.${buildId}"
sourceCompatibility = '21'
/** Disables generating plain jar introduced in spring boot 2.5.0
** https://docs.spring.io/spring-boot/docs/current/gradle-plugin/reference/htmlsingle/#packaging-executable.and-plain-archives
**/
jar {
enabled = false
}
repositories {
mavenCentral()
}
ext {
mapstructVersion = "1.5.5.Final"
lombokVersion = "1.18.30"
wireMockVersion = "3.0.1"
ioCucumberVersion = "7.15.0"
springDocVersion = "2.3.0"
jacocoVersion = "0.8.9"
junitVintage = "5.10.2"
}
dependencies {
implementation 'org.springframework.boot:spring-boot-starter-web'
implementation 'org.springframework.boot:spring-boot-starter-actuator'
testImplementation('org.springframework.boot:spring-boot-starter-test')
// Cucumber Dependencies for BDD
testImplementation "io.cucumber:cucumber-java:${ioCucumberVersion}"
testImplementation "io.cucumber:cucumber-junit:${ioCucumberVersion}"
testImplementation "io.cucumber:cucumber-spring:${ioCucumberVersion}"
testImplementation "org.junit.vintage:junit-vintage-engine:${junitVintage}"
//WireMock Dependencies
testImplementation "com.github.tomakehurst:wiremock-standalone:${wireMockVersion}"
//Lombok Dependencies
implementation "org.projectlombok:lombok:${lombokVersion}"
testAnnotationProcessor "org.projectlombok:lombok:${lombokVersion}"
annotationProcessor "org.projectlombok:lombok:${lombokVersion}"
//MapStruct Dependencies
implementation "org.mapstruct:mapstruct:${mapstructVersion}"
annotationProcessor "org.mapstruct:mapstruct-processor:${mapstructVersion}"
testAnnotationProcessor "org.mapstruct:mapstruct-processor:${mapstructVersion}"
//SpringDoc
implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:${springDocVersion}"
//Explicitly Added to fix the vulnerabilities identified in previous versions
implementation 'com.fasterxml.jackson.core:jackson-databind:2.16.1'
/*
*https://docs.gradle.org/current/userguide/dependency_management.html#sec:module_substitution
* Example 109. Example: Blacklisting a version with a replacement
*/
// configurations.all {
// /***
// * This is how we can exclude transient dependencies
// * exclude group: "com.google.guava", module: "guava"
// */
// // Replacing a transient dependency to a higher version for fixing vulnerabilities
// resolutionStrategy.eachDependency { DependencyResolveDetails details ->
// if (details.requested.group == 'org.yaml' && details.requested.name == 'snakeyaml' && details.requested.version == '1.33') {
// details.useVersion '2.0'
// details.because 'Fixes vulnerability in prior snakeyaml versions'
// }
// }
// }
}
// Property can be passed along with test task to avoid execution of e2e
tasks.named('test') {
if (project.hasProperty('excludee2e')) {
println '********************************************************'
println ' Excluding E2E tests'
println '********************************************************'
exclude '**/*e2e*'
}
if (project.hasProperty('e2e')) {
println '********************************************************'
println ' Executing E2E tests'
println '********************************************************'
//include all tests from package
filter {
includeTestsMatching "com.uk.companieshouse.e2e.*"
}
}
useJUnitPlatform()
}
// Jacoco for Code Coverage
jacoco {
toolVersion = "${jacocoVersion}"
reportsDirectory = file("$buildDir/customJacocoReportDir")
}
// Runs Jacoco tasks when build task is executed
build {
finalizedBy jacocoTestReport
finalizedBy jacocoTestCoverageVerification
}
// Setting custom parameters when executing jacocoTestReport task
jacocoTestReport {
reports {
xml.required = false
csv.required = false
html.outputLocation = layout.buildDirectory.dir("${buildDir}/reports/jacocoHtml")
}
}
// Setting custom parameters when executing jacocoTestCoverageVerification task for setting rules
jacocoTestCoverageVerification {
dependsOn jacocoTestReport
violationRules {
rule {
limit {
minimum = 0.8
}
}
rule {
enabled = false
element = 'CLASS'
includes = ['org.gradle.*']
limit {
counter = 'LINE'
value = 'TOTALCOUNT'
maximum = 1.0
}
}
}
}
pitest {
junit5PluginVersion = '1.2.1'
targetClasses = ['com.uk.companieshouse.*'] // by default "${project.group}.*"
targetTests = ['com.uk.companieshouse.*'] // by default "${project.group}.*"
outputFormats = ['HTML']
timestampedReports = false
// TODO: Mutation tests failing due to port already in use exception, fix them and then we can remove below
excludedTestClasses = ['com.uk.companieshouse.e2e.*', 'com.uk.companieshouse.CompaniesHouseApplicationTest*']
}
// owasp dependency vulnerability check
// Reference doc : https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/configuration.html
dependencyCheck {
if (project.hasProperty('UseNVDKey')) {
println 'Executing DependencyCheckAnalyse with the NVD_API_KEY environment variable'
nvd {
apiKey = System.getenv('NVD_API_KEY')
delay = 3500
}
} else {
println 'Executing DependencyCheckAnalyse without NVD API Key'
}
analyzedTypes = ['jar']
// CI-tools usually needs XML-reports, but humans needs HTML.
formats = ['HTML', 'JUNIT']
// Specifies if the build should be failed if a CVSS score equal to or above a specified level is identified.
failBuildOnCVSS = 8
// Output directory where the report should be generated
outputDirectory = "build/reports/dependency-vulnerabilities"
// specify a list of known issues which contain false-positives to be suppressed
suppressionFiles = ["$projectDir/config/dependencycheck/dependency-check-suppression.xml"]
}