From c5f44eff4843182666c4fb9b66ab863b38c49d4a Mon Sep 17 00:00:00 2001
From: Oleg Smirnov <oleg.smirnov@exactprosystems.com>
Date: Wed, 6 Sep 2023 11:56:20 +0400
Subject: [PATCH] [TH2-5045] Migrate to th2 transport and versions update (#71)

* [TH2-5045] Update Gradle version
* [TH2-5045] Update gradle plugin versions. Add license check and git info to VERSION file
* [TH2-5045] Add dev-release workflow on tag push
* [TH2-5045] Use BOM to override deps with vulnerabilities
* Disable fail-fast for martix build
---
 .../workflows/dev-docker-matrix-publish.yml   |   1 +
 .../dev-release-docker-matrix-publish.yml     |  25 +++++
 .github/workflows/docker-matrix-publish.yml   |   1 +
 Dockerfile                                    |   4 +-
 build.gradle                                  | 102 +++++++++++++++---
 gradle/wrapper/gradle-wrapper.properties      |   2 +-
 6 files changed, 116 insertions(+), 19 deletions(-)
 create mode 100644 .github/workflows/dev-release-docker-matrix-publish.yml

diff --git a/.github/workflows/dev-docker-matrix-publish.yml b/.github/workflows/dev-docker-matrix-publish.yml
index 7868c98..e6ef4c7 100644
--- a/.github/workflows/dev-docker-matrix-publish.yml
+++ b/.github/workflows/dev-docker-matrix-publish.yml
@@ -12,6 +12,7 @@ on:
 jobs:
   build:
     strategy:
+      fail-fast: false # because the OWASP scan that fails and cancels parallel runs
       matrix:
         proto:
           - conn-fix
diff --git a/.github/workflows/dev-release-docker-matrix-publish.yml b/.github/workflows/dev-release-docker-matrix-publish.yml
new file mode 100644
index 0000000..9d703b2
--- /dev/null
+++ b/.github/workflows/dev-release-docker-matrix-publish.yml
@@ -0,0 +1,25 @@
+name: Build and publish Docker dev-release distributions to Github Container Registry ghcr.io
+
+on:
+  push:
+    tags:
+      - \d+.\d+.\d+-dev
+
+jobs:
+  build:
+    strategy:
+      fail-fast: false # because the OWASP scan that fails and cancels parallel runs
+      matrix:
+        project:
+          - conn-fix
+          - conn-ntg
+          - conn-soup
+    uses: th2-net/.github/.github/workflows/matrix-java-docker.yml@main
+    with:
+      runsOn: ubuntu-20.04
+      projectName: ${{ matrix.project }}
+      build-target: 'Docker'
+      docker-username: ${{ github.actor }}
+      devRelease: true
+    secrets:
+      docker-password: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/docker-matrix-publish.yml b/.github/workflows/docker-matrix-publish.yml
index 2b62a45..7642011 100644
--- a/.github/workflows/docker-matrix-publish.yml
+++ b/.github/workflows/docker-matrix-publish.yml
@@ -12,6 +12,7 @@ on:
 jobs:
   build:
     strategy:
+      fail-fast: false # because the OWASP scan that fails and cancels parallel runs
       matrix:
         proto:
           - conn-fix
diff --git a/Dockerfile b/Dockerfile
index 0cc74cd..f20dca1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,8 @@
-FROM gradle:6.6-jdk11 AS build
+FROM gradle:7.6-jdk11 AS build
 COPY ./ .
 RUN gradle --no-daemon clean dockerPrepare
 
-FROM ghcr.io/th2-net/th2-conn-sailfish:4.0.0-dev-version-4-4113294770-6d25069
+FROM ghcr.io/th2-net/th2-conn-sailfish:4.0.0-dev
 ARG project_name
 WORKDIR /home
 COPY --from=build /home/gradle/${project_name}/build/docker .
diff --git a/build.gradle b/build.gradle
index 27fc416..24a66f4 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,18 +1,25 @@
+import com.github.jk1.license.filter.LicenseBundleNormalizer
+import com.github.jk1.license.render.JsonReportRenderer
+
 plugins {
     id 'com.palantir.docker' version '0.25.0' apply false
-    id 'java'
-    id "org.owasp.dependencycheck" version "8.1.2"
+    id 'org.owasp.dependencycheck' version '8.3.1'
+    id 'com.gorylenko.gradle-git-properties' version '2.4.1' apply false
+    id 'com.github.jk1.dependency-license-report' version '2.5' apply false
+    id 'de.undercouch.download' version '5.4.0' apply false
 }
 
 subprojects {
-    apply plugin: 'base'
     apply plugin: 'java'
     apply plugin: 'com.palantir.docker'
+    apply plugin: 'com.github.jk1.dependency-license-report'
+    apply plugin: 'de.undercouch.download'
+    apply plugin: 'com.gorylenko.gradle-git-properties'
 
     ext {
         sharedDir                     = file("${project.rootDir}/shared")
         baseSailfishVersion           = '3.3'
-        sailfishVersion               = "${baseSailfishVersion}.93"
+        sailfishVersion               = "${baseSailfishVersion}.132"
 
         pluginMainDir                 = file('src/main/plugin')
         pluginGenDir                  = file('src/gen/plugin')
@@ -21,41 +28,81 @@ subprojects {
         dockerSailfishWorkspaceLibDir = "${dockerSailfishWorkspaceDir}/libs"
     }
 
+    ext.excludeSailfish = { rcd ->
+        rcd.excludeModuleByRegex("com\\.exactpro\\.sf", ".*")
+    }
+
     repositories {
         maven {
-            name 'MavenLocal'
-            url sharedDir
+            name 'Sonatype_snapshots'
+            url 'https://s01.oss.sonatype.org/content/repositories/snapshots/'
+            content {
+                excludeSailfish(it)
+            }
         }
-        mavenCentral()
+        // ignoreGradleMetadataRedirection is used for sonatype because
+        // Sailfish dependencies have constrains that interfere with our BOM
+        // so we exclude Gradle metadata for this repositories.
+        // We've checked these versions - they are compatible and safe to use
         maven {
             name 'Sonatype_snapshots'
             url 'https://s01.oss.sonatype.org/content/repositories/snapshots/'
+            metadataSources {
+                mavenPom()
+                artifact()
+                ignoreGradleMetadataRedirection()
+            }
         }
         maven {
             name 'Sonatype_releases'
             url 'https://s01.oss.sonatype.org/content/repositories/releases/'
+            content {
+                excludeSailfish(it)
+            }
         }
+        maven {
+            name 'Sonatype_releases'
+            url 'https://s01.oss.sonatype.org/content/repositories/releases/'
+            metadataSources {
+                mavenPom()
+                artifact()
+                ignoreGradleMetadataRedirection()
+            }
+        }
+        mavenCentral()
         mavenLocal()
 
-        configurations.all {
+        configurations.configureEach {
             resolutionStrategy.cacheChangingModulesFor 0, 'seconds'
             resolutionStrategy.cacheDynamicVersionsFor 0, 'seconds'
         }
     }
 
     configurations {
-        service
+        service {
+            exclude module: 'sailfish-core'
+            exclude module: 'sailfish-common'
+        }
     }
 
     dependencies {
-        service ("com.exactpro.sf:${sf_service_name}:${sailfishVersion}") {
-            exclude module: 'sailfish-core'
-            exclude module: 'sailfish-common'
+        service platform("com.exactpro.th2:bom:4.5.0") {
+            because('we need to fource dependnecies without vulnerabilities')
         }
+        service "com.exactpro.sf:${sf_service_name}:${sailfishVersion}"
+    }
 
+    gitProperties {
+        // git properties will be put in a map at project.ext.gitProps
+        // this is done to use in in the pluginWriteVersion task
+        extProperty = 'gitProps'
     }
+    // make sure the generateGitProperties task always executes (even when git.properties is not changed)
+    generateGitProperties.outputs.upToDateWhen { false }
+
+    def pluginWriteVersion = tasks.register("pluginWriteVersion") {
+        dependsOn(generateGitProperties)
 
-    task pluginWriteVersion {
         outputs.file versionFile
         doLast{
             versionFile.write "lightweight: true\n" +
@@ -63,8 +110,8 @@ subprojects {
                               "name: th2_service\n" +
                               "build_number: 0\n" +
                               "revision: 0\n" +
-                              "git_hash: 0\n" +
-                              "branch: fake\n" +
+                              "git_hash: ${project.ext.gitProps['git.commit.id.abbrev']}\n" +
+                              "branch: ${project.ext.gitProps['git.branch']}\n" +
                               "version: ${baseSailfishVersion}.0.0\n" +
                               "core_version: ${baseSailfishVersion}.0"
         }
@@ -91,6 +138,29 @@ subprojects {
     clean {
         delete(pluginGenDir)
     }
+
+    licenseReport {
+        def licenseNormalizerBundlePath = "$buildDir/license-normalizer-bundle.json"
+
+        if (!file(licenseNormalizerBundlePath).exists()) {
+            download.run {
+                src 'https://raw.githubusercontent.com/th2-net/.github/main/license-compliance/gradle-license-report/license-normalizer-bundle.json'
+                dest "$buildDir/license-normalizer-bundle.json"
+                overwrite false
+            }
+        }
+
+        configurations = ['runtimeClasspath', 'service']
+
+        filters = [
+                new LicenseBundleNormalizer(licenseNormalizerBundlePath, false)
+        ]
+        renderers = [
+                new JsonReportRenderer('licenses.json', false),
+        ]
+        excludeOwnGroup = false
+        allowedLicensesFile = new URL("https://raw.githubusercontent.com/th2-net/.github/main/license-compliance/gradle-license-report/allowed-licenses.json")
+    }
 }
 
 dependencyCheck {
@@ -102,4 +172,4 @@ dependencyCheck {
         nugetconfEnabled = false
         nodeEnabled = false
     }
-}
+}
\ No newline at end of file
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index b31d0aa..00b55b5 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 #Tue Apr 14 11:21:33 MSK 2020
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.6-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-all.zip
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStorePath=wrapper/dists