Merge branch 'dependencies-update' into dependabot/maven/org.springfr…

…amework-spring-test-5.3.5
bcgov · Mar 18, 2022 · 5660df1 · 5660df1
2 parents 93537ed + 33eada4
commit 5660df1
Show file tree

Hide file tree

Showing 3 changed files with 118 additions and 11 deletions.
diff --git a/.github/workflows/image-build-push-scan.yaml b/.github/workflows/image-build-push-scan.yaml
@@ -0,0 +1,39 @@
+# Creates a new image and push to Openshift image stream & also scan for vulnerabilities
+
+name: Build and Push Updated Image to Openshift Registry & scan for vulnerabilities
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+    branches:
+      - main
+
+jobs:
+
+  build-push-image:
+    uses: SierraSystems/reusable-workflows/.github/workflows/openshift-source-to-image.yml@main
+    with:
+      build_config_name: bc-paris-api
+    secrets:
+      openshift_namespace: ${{ secrets.OPENSHIFT_LICENSE_PLATE_SILVER }}-tools
+      openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL_SILVER }}
+      openshift_token: ${{ secrets.OPENSHIFT_SA_PIPELINE_TOKEN_SILVER }}
+      openshift_external_repository: ${{ secrets.OPENSHIFT_EXTERNAL_REPOSITORY_SILVER }}
+
+  trivy-scan-image:
+    uses: SierraSystems/reusable-workflows/.github/workflows/trivy-scanning-s2i.yml@main
+    needs:
+      - build-push-image
+    with:
+      imagestream_name: bc-paris-api
+      source_image_tag: latest
+    secrets:
+      openshift_namespace: ${{ secrets.OPENSHIFT_LICENSE_PLATE_SILVER }}-tools
+      openshift_sa_name: ${{ secrets.OPENSHIFT_SA_NAME }}
+      openshift_sa_password: ${{ secrets.OPENSHIFT_SA_PASSWORD }}
+      openshift_external_repository: ${{ secrets.OPENSHIFT_EXTERNAL_REPOSITORY_SILVER }}
diff --git a/.github/workflows/openshift-deployment.yml b/.github/workflows/openshift-deployment.yml
@@ -0,0 +1,67 @@
+# Used to trigger deployment to dev, test & prod Openshift environnment by Image stream re-tagging and labelling pod
+
+name: Trigger deployment to dev, test & prod Openshift environnment by Image stream re-tagging and labelling pod
+
+on:        
+    workflow_dispatch:
+        inputs:
+            app:
+                description: 'App Name (bc-paris-api)'    
+                required: true
+                default: 'bc-paris-api'
+            imageSourceEnv:
+                description: 'Image Source Env'     
+                required: true
+                default: 'latest'
+            imageTargetEnv:
+                description: 'Target Release Env'
+                required: true
+                default: 'dev'
+
+jobs:
+
+  promote-image:
+    uses: SierraSystems/reusable-workflows/.github/workflows/openshift-tag-image.yml@main
+    with:
+      image_stream_name: ${{ github.event.inputs.app }}
+      source_image_tag: ${{ github.event.inputs.imageSourceEnv }}
+      image_tags: ${{ github.event.inputs.imageTargetEnv }}
+    secrets:
+      openshift_namespace: ${{ secrets.OPENSHIFT_LICENSE_PLATE_SILVER }}-tools
+      openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL_SILVER }}
+      openshift_token: ${{ secrets.OPENSHIFT_SA_PIPELINE_TOKEN_SILVER }}
+      openshift_external_repository: ${{ secrets.OPENSHIFT_EXTERNAL_REPOSITORY_SILVER }}
+
+  git-commitversion:
+    uses: SierraSystems/reusable-workflows/.github/workflows/get-github-commitversion.yml@main
+    with:
+      working_directory: .
+
+  backup-image:
+    if: ${{ (github.event.inputs.imageTargetEnv != 'dev') }}
+    uses: SierraSystems/reusable-workflows/.github/workflows/openshift-tag-image.yml@main
+    needs:
+      - git-commitversion
+    with:
+      image_stream_name: ${{ github.event.inputs.app }}
+      source_image_tag: ${{ github.event.inputs.imageSourceEnv }}
+      image_tags: ${{ needs.git-commitversion.outputs.github-release-version }}
+    secrets:
+      openshift_namespace: ${{ secrets.OPENSHIFT_LICENSE_PLATE_SILVER }}-tools
+      openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL_SILVER }}
+      openshift_token: ${{ secrets.OPENSHIFT_SA_PIPELINE_TOKEN_SILVER }}
+      openshift_external_repository: ${{ secrets.OPENSHIFT_EXTERNAL_REPOSITORY_SILVER }}
+
+  label-pods:
+    if: ${{ (github.event.inputs.imageTargetEnv != 'dev') }}
+    uses: SierraSystems/reusable-workflows/.github/workflows/openshift-dc-pods-labelling.yml@main
+    needs:
+      - git-commitversion
+    with:
+      app: ${{ github.event.inputs.app }}
+      target_env: ${{ github.event.inputs.imageTargetEnv }}
+      label: ${{ needs.git-commitversion.outputs.github-release-version }}
+    secrets:
+      openshift_namespace: ${{ secrets.OPENSHIFT_LICENSE_PLATE_SILVER }}
+      openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_URL_SILVER }}
+      openshift_sa_env_deployer_token: ${{ secrets.OPENSHIFT_SA_ENV_DEPLOYER_TOKEN }}
diff --git a/pom.xml b/pom.xml
@@ -7,9 +7,10 @@
 	<groupId>ca.bc.gov.bcparis</groupId>
 	<artifactId>bcparis-service</artifactId>
 	<name>BCPARIS Legacy Migration</name>
-	<version>1.3.0-SNAPSHOT</version>
+	<version>1.3.1</version>
 
 	<properties>
+		<log4j2.version>2.17.1</log4j2.version>
 		<sonar.exclusions>
 			**/AutoWiringSpringBeanJobFactory.java,
 			**/SwaggerConfig.java
@@ -33,8 +34,8 @@
 		<maven-springboot-plugin.version>${springboot.version}</maven-springboot-plugin.version>
 
 		<springframework.version>5.2.9.RELEASE</springframework.version>
-		<spring-security.version>5.4.1</spring-security.version>
-		<spring-test.version>5.3.5</spring-test.version>
+		<spring-security.version>5.4.7</spring-security.version>
+		<spring-test.version>${springframework.version}</spring-test.version>
 		<metrics-spring.version>3.1.3</metrics-spring.version>
 
 		<junit.version>4.13.1</junit.version>
@@ -44,7 +45,7 @@
 		<logback.version>1.2.3</logback.version>
 		<logstash.version>6.4</logstash.version>
 		<httpclient.version>4.5.13</httpclient.version>
-		<guava.version>29.0-jre</guava.version>
+		<guava.version>30.1-jre</guava.version>
 
 	</properties>
 
@@ -360,21 +361,21 @@
 		<dependency>
 			<groupId>org.apache.logging.log4j</groupId>
 			<artifactId>log4j-core</artifactId>
-			<version>2.13.3</version>
+			<version>${log4j2.version}</version>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api -->
 		<dependency>
 			<groupId>org.apache.logging.log4j</groupId>
 			<artifactId>log4j-api</artifactId>
-			<version>2.13.3</version>
+			<version>${log4j2.version}</version>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-to-slf4j -->
 		<dependency>
 			<groupId>org.apache.logging.log4j</groupId>
 			<artifactId>log4j-to-slf4j</artifactId>
-			<version>2.13.3</version>
+			<version>${log4j2.version}</version>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/org.dom4j/dom4j -->
@@ -388,7 +389,7 @@
 		<dependency>
 			<groupId>org.apache.tomcat.embed</groupId>
 			<artifactId>tomcat-embed-core</artifactId>
-			<version>9.0.39</version>
+			<version>9.0.43</version>
 		</dependency>
 
 		<!-- https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-websocket -->
@@ -416,7 +417,7 @@
 				<dependency>
 					<groupId>com.splunk.logging</groupId>
 					<artifactId>splunk-library-javalogging</artifactId>
-					<version>1.8.0</version>
+					<version>1.11.2</version>
 				</dependency>
 			</dependencies>
 
@@ -446,7 +447,7 @@
 			<plugin>
 				<groupId>org.jacoco</groupId>
 				<artifactId>jacoco-maven-plugin</artifactId>
-				<version>0.8.6</version>
+				<version>0.8.7</version>
 				<executions>
 					<execution>
 						<goals>
@@ -466,7 +467,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-jar-plugin</artifactId>
-				<version>3.2.0</version>
+				<version>3.2.2</version>
 				<configuration>
 					<archive>
 						<addMavenDescriptor>false</addMavenDescriptor>