From 257971190c93e086bac45192520c81bf808581e7 Mon Sep 17 00:00:00 2001 From: Mike Halma Date: Fri, 24 Jan 2025 08:15:23 +0000 Subject: [PATCH 1/7] SDIT-2488 Upgrade to Spring Boot 3.4.2 --- build.gradle.kts | 20 +++++------ gradle/wrapper/gradle-wrapper.properties | 2 +- release-notes/7.x.md | 33 +++++++++++++++++++ .../AppInsightsConfigManager.kt | 2 +- .../pluginmanagers/KtlintPluginManager.kt | 7 ++++ 5 files changed, 52 insertions(+), 12 deletions(-) create mode 100644 release-notes/7.x.md diff --git a/build.gradle.kts b/build.gradle.kts index ee289b5e..a3af7a4a 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -3,13 +3,13 @@ import org.jetbrains.kotlin.gradle.dsl.JvmTarget import org.jetbrains.kotlin.gradle.tasks.KotlinCompile plugins { - kotlin("jvm") version "2.0.21" + kotlin("jvm") version "2.1.0" id("com.gradle.plugin-publish") version "1.3.0" id("java-gradle-plugin") id("maven-publish") - id("com.github.ben-manes.versions") version "0.51.0" + id("com.github.ben-manes.versions") version "0.52.0" id("se.patrikerdes.use-latest-versions") version "0.2.18" - id("org.owasp.dependencycheck") version "8.4.3" + id("org.owasp.dependencycheck") version "12.0.1" id("com.adarshr.test-logger") version "4.0.0" id("org.jlleitschuh.gradle.ktlint") version "12.1.2" } @@ -30,7 +30,7 @@ fun isNonStable(version: String): Boolean { } group = "uk.gov.justice.hmpps.gradle" -version = "6.1.2" +version = "7.0.0-beta" gradlePlugin { website.set("https://github.com/ministryofjustice/dps-gradle-spring-boot") @@ -50,20 +50,20 @@ gradlePlugin { dependencies { implementation(kotlin("reflect")) - implementation("org.springframework.boot:spring-boot-gradle-plugin:3.4.1") + implementation("org.springframework.boot:spring-boot-gradle-plugin:3.4.2") implementation(kotlin("gradle-plugin")) implementation("io.spring.dependency-management:io.spring.dependency-management.gradle.plugin:1.1.7") - implementation("org.owasp:dependency-check-core:8.4.3") - implementation("org.owasp:dependency-check-gradle:8.4.3") - implementation("com.github.ben-manes:gradle-versions-plugin:0.51.0") + implementation("org.owasp:dependency-check-core:12.0.1") + implementation("org.owasp:dependency-check-gradle:12.0.1") + implementation("com.github.ben-manes:gradle-versions-plugin:0.52.0") implementation("com.gorylenko.gradle-git-properties:com.gorylenko.gradle-git-properties.gradle.plugin:2.4.2") implementation("com.adarshr.test-logger:com.adarshr.test-logger.gradle.plugin:4.0.0") implementation("se.patrikerdes.use-latest-versions:se.patrikerdes.use-latest-versions.gradle.plugin:0.2.18") implementation("org.jlleitschuh.gradle.ktlint:org.jlleitschuh.gradle.ktlint.gradle.plugin:12.1.2") testImplementation("org.junit.jupiter:junit-jupiter:5.11.4") - testImplementation("org.mockito:mockito-junit-jupiter:5.14.2") - testImplementation("org.assertj:assertj-core:3.27.0") + testImplementation("org.mockito:mockito-junit-jupiter:5.15.2") + testImplementation("org.assertj:assertj-core:3.27.3") testImplementation("net.javacrumbs.json-unit:json-unit-assertj:4.1.0") testImplementation("com.google.code.gson:gson:2.11.0") testImplementation("org.eclipse.jgit:org.eclipse.jgit:7.1.0.202411261347-r") diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index e2847c82..cea7a793 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,6 +1,6 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.11.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-bin.zip networkTimeout=10000 validateDistributionUrl=true zipStoreBase=GRADLE_USER_HOME diff --git a/release-notes/7.x.md b/release-notes/7.x.md new file mode 100644 index 00000000..cd9b41fb --- /dev/null +++ b/release-notes/7.x.md @@ -0,0 +1,33 @@ +# 7.0.0 + +## Breaking changes + +### ktlint + +This Spring Boot release (3.4.2) breaks the ktlint Spring Boot Plugin as detailed in this issue: https://github.com/JLLeitschuh/ktlint-gradle/issues/809 + +To fix this we've upgraded the version of ktlint used to the lowest version that works around this bug. Unfortunately this has broken `ktlintCheck` on most projects. + +Action required: run command `./gradlew ktlintFormat` + +## Version upgrades + +### Plugins +- Kotlin jvm [2.0.21 -> 2.1.0] +- com.github.ben-manes.versions [0.51.0 -> 0.52.0] +- org.owasp.dependencycheck [8.4.3 -> 12.0.1] + +### Dependencies applied by plugins +- ktlint [1.0.1 -> 1.4.1]] + +### Dependencies +- org.springframework.boot:spring-boot-gradle-plugin [3.4.1 -> 3.4.2] +- org.owasp:dependency-check-core [8.4.3 -> 12.0.1] +- org.owasp:dependency-check-gradle [8.4.3 -> 12.0.1] +- com.github.ben-manes:gradle-versions-plugin [0.51.0 -> 0.52.0] + +- io.opentelemetry:opentelemetry-api [1.43.0 -> 1.46.0] + +### Test Dependencies +- org.mockito:mockito-junit-jupiter [5.14.2 -> 5.15.2] +- org.assertj:assertj-core [3.27.0 -> 3.27.3] \ No newline at end of file diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt index 97cfb785..bb88ae50 100644 --- a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt +++ b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt @@ -5,7 +5,7 @@ import org.gradle.api.tasks.Copy import uk.gov.justice.digital.hmpps.gradle.ConfigManager private const val APP_INSIGHTS_VERSION = "3.6.2" -const val OPENTELEMETRY_VERSION = "1.43.0" +const val OPENTELEMETRY_VERSION = "1.46.0" class AppInsightsConfigManager(override val project: Project) : ConfigManager { override fun configure() { diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/pluginmanagers/KtlintPluginManager.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/pluginmanagers/KtlintPluginManager.kt index 6866de6f..faef42b3 100644 --- a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/pluginmanagers/KtlintPluginManager.kt +++ b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/pluginmanagers/KtlintPluginManager.kt @@ -2,9 +2,14 @@ package uk.gov.justice.digital.hmpps.gradle.pluginmanagers import org.gradle.api.Project import org.gradle.api.Task +import org.jlleitschuh.gradle.ktlint.KtlintExtension import org.jlleitschuh.gradle.ktlint.KtlintPlugin import uk.gov.justice.digital.hmpps.gradle.PluginManager +// TODO The ktlint version applied by the ktlint plugin needs pinning to 1.4.1 to workaround this issue: https://github.com/JLLeitschuh/ktlint-gradle/issues/809 +// TODO Once the issue is solved we should stop pinning the version and take the default version provided by the ktlint plugin +private const val KTLINT_VERSION = "1.4.1" + class KtlintPluginManager(override val project: Project) : PluginManager { override val pluginProject = KtlintPlugin::class.java @@ -14,6 +19,8 @@ class KtlintPluginManager(override val project: Project) : PluginManager { it.dependsOn("${getProjectPrefix(it)}:ktlintCheck") } + (project.extensions.getByName("ktlint") as KtlintExtension).version.set(KTLINT_VERSION) + copyResourcesFile(".editorconfig") } From 00aadaea676517f177291df89aa8b1e5344b6841 Mon Sep 17 00:00:00 2001 From: Mike Halma Date: Fri, 24 Jan 2025 09:02:42 +0000 Subject: [PATCH 2/7] SDIT-2488 Don't upgrade dependency check This is due to https://github.com/jeremylong/DependencyCheck?tab=readme-ov-file#the-nvd-api-key-ci-and-rate-limiting --- build.gradle.kts | 6 +++--- release-notes/7.x.md | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/build.gradle.kts b/build.gradle.kts index a3af7a4a..0f8d348c 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -9,7 +9,7 @@ plugins { id("maven-publish") id("com.github.ben-manes.versions") version "0.52.0" id("se.patrikerdes.use-latest-versions") version "0.2.18" - id("org.owasp.dependencycheck") version "12.0.1" + id("org.owasp.dependencycheck") version "8.4.3" id("com.adarshr.test-logger") version "4.0.0" id("org.jlleitschuh.gradle.ktlint") version "12.1.2" } @@ -53,8 +53,8 @@ dependencies { implementation("org.springframework.boot:spring-boot-gradle-plugin:3.4.2") implementation(kotlin("gradle-plugin")) implementation("io.spring.dependency-management:io.spring.dependency-management.gradle.plugin:1.1.7") - implementation("org.owasp:dependency-check-core:12.0.1") - implementation("org.owasp:dependency-check-gradle:12.0.1") + implementation("org.owasp:dependency-check-core:8.4.3") + implementation("org.owasp:dependency-check-gradle:8.4.3") implementation("com.github.ben-manes:gradle-versions-plugin:0.52.0") implementation("com.gorylenko.gradle-git-properties:com.gorylenko.gradle-git-properties.gradle.plugin:2.4.2") implementation("com.adarshr.test-logger:com.adarshr.test-logger.gradle.plugin:4.0.0") diff --git a/release-notes/7.x.md b/release-notes/7.x.md index cd9b41fb..87bad94e 100644 --- a/release-notes/7.x.md +++ b/release-notes/7.x.md @@ -22,8 +22,6 @@ Action required: run command `./gradlew ktlintFormat` ### Dependencies - org.springframework.boot:spring-boot-gradle-plugin [3.4.1 -> 3.4.2] -- org.owasp:dependency-check-core [8.4.3 -> 12.0.1] -- org.owasp:dependency-check-gradle [8.4.3 -> 12.0.1] - com.github.ben-manes:gradle-versions-plugin [0.51.0 -> 0.52.0] - io.opentelemetry:opentelemetry-api [1.43.0 -> 1.46.0] From 0578d2590173819373ed52f4846825459f97fa82 Mon Sep 17 00:00:00 2001 From: Mike Halma Date: Fri, 24 Jan 2025 09:05:46 +0000 Subject: [PATCH 3/7] SDIT-2488 Improve docs --- release-notes/7.x.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release-notes/7.x.md b/release-notes/7.x.md index 87bad94e..fa0256c8 100644 --- a/release-notes/7.x.md +++ b/release-notes/7.x.md @@ -4,9 +4,9 @@ ### ktlint -This Spring Boot release (3.4.2) breaks the ktlint Spring Boot Plugin as detailed in this issue: https://github.com/JLLeitschuh/ktlint-gradle/issues/809 +This upgrade to Kotlin 2.1.0 breaks the ktlint Spring Boot Plugin as detailed in this issue: https://github.com/JLLeitschuh/ktlint-gradle/issues/809 -To fix this we've upgraded the version of ktlint used to the lowest version that works around this bug. Unfortunately this has broken `ktlintCheck` on most projects. +To fix this we've upgraded the version of ktlint used to the lowest version that works around this bug. Unfortunately this causes `ktlintCheck` formatting issues on most projects. Action required: run command `./gradlew ktlintFormat` From 7b367dac20831ac2fecc40aed7345f474d072ada Mon Sep 17 00:00:00 2001 From: Mike Halma Date: Fri, 24 Jan 2025 09:24:53 +0000 Subject: [PATCH 4/7] SDIT-2488 Use latest ktlint --- release-notes/7.x.md | 4 ++-- .../hmpps/gradle/pluginmanagers/KtlintPluginManager.kt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/release-notes/7.x.md b/release-notes/7.x.md index fa0256c8..a0b4ca19 100644 --- a/release-notes/7.x.md +++ b/release-notes/7.x.md @@ -6,7 +6,7 @@ This upgrade to Kotlin 2.1.0 breaks the ktlint Spring Boot Plugin as detailed in this issue: https://github.com/JLLeitschuh/ktlint-gradle/issues/809 -To fix this we've upgraded the version of ktlint used to the lowest version that works around this bug. Unfortunately this causes `ktlintCheck` formatting issues on most projects. +To fix this we've upgraded the version of ktlint to the latest version. Unfortunately this causes `ktlintCheck` formatting issues on most projects. Action required: run command `./gradlew ktlintFormat` @@ -18,7 +18,7 @@ Action required: run command `./gradlew ktlintFormat` - org.owasp.dependencycheck [8.4.3 -> 12.0.1] ### Dependencies applied by plugins -- ktlint [1.0.1 -> 1.4.1]] +- ktlint [1.0.1 -> 1.5.0]] ### Dependencies - org.springframework.boot:spring-boot-gradle-plugin [3.4.1 -> 3.4.2] diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/pluginmanagers/KtlintPluginManager.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/pluginmanagers/KtlintPluginManager.kt index faef42b3..c6cf4fa6 100644 --- a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/pluginmanagers/KtlintPluginManager.kt +++ b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/pluginmanagers/KtlintPluginManager.kt @@ -6,9 +6,9 @@ import org.jlleitschuh.gradle.ktlint.KtlintExtension import org.jlleitschuh.gradle.ktlint.KtlintPlugin import uk.gov.justice.digital.hmpps.gradle.PluginManager -// TODO The ktlint version applied by the ktlint plugin needs pinning to 1.4.1 to workaround this issue: https://github.com/JLLeitschuh/ktlint-gradle/issues/809 +// TODO The ktlint version applied by the ktlint plugin needs pinning to 1.5.0 to workaround this issue: https://github.com/JLLeitschuh/ktlint-gradle/issues/809 // TODO Once the issue is solved we should stop pinning the version and take the default version provided by the ktlint plugin -private const val KTLINT_VERSION = "1.4.1" +private const val KTLINT_VERSION = "1.5.0" class KtlintPluginManager(override val project: Project) : PluginManager { From dd2f06a90e99dbe5ed70b06a59e6aa9691f3cacd Mon Sep 17 00:00:00 2001 From: Mike Halma Date: Fri, 24 Jan 2025 09:28:00 +0000 Subject: [PATCH 5/7] SDIT-2488 Use same opentelemetry version as App Insights --- build.gradle.kts | 1 + .../hmpps/gradle/configmanagers/AppInsightsConfigManager.kt | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/build.gradle.kts b/build.gradle.kts index 0f8d348c..1ff13aef 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -9,6 +9,7 @@ plugins { id("maven-publish") id("com.github.ben-manes.versions") version "0.52.0" id("se.patrikerdes.use-latest-versions") version "0.2.18" + // This is not using the latest version due to https://github.com/jeremylong/DependencyCheck?tab=readme-ov-file#the-nvd-api-key-ci-and-rate-limiting id("org.owasp.dependencycheck") version "8.4.3" id("com.adarshr.test-logger") version "4.0.0" id("org.jlleitschuh.gradle.ktlint") version "12.1.2" diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt index bb88ae50..0363ff1a 100644 --- a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt +++ b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt @@ -5,7 +5,8 @@ import org.gradle.api.tasks.Copy import uk.gov.justice.digital.hmpps.gradle.ConfigManager private const val APP_INSIGHTS_VERSION = "3.6.2" -const val OPENTELEMETRY_VERSION = "1.46.0" +// This should be kept at the same version as used by App Insights: https://github.com/microsoft/ApplicationInsights-Java/blob/3.6.2/dependencyManagement/build.gradle.kts#L14 +const val OPENTELEMETRY_VERSION = "1.43.0" class AppInsightsConfigManager(override val project: Project) : ConfigManager { override fun configure() { From e13ddbac98d8cf95953c296557ca54514bb1146f Mon Sep 17 00:00:00 2001 From: Mike Halma Date: Fri, 24 Jan 2025 09:31:08 +0000 Subject: [PATCH 6/7] SDIT-2488 Fix ktlintCheck --- .../hmpps/gradle/configmanagers/AppInsightsConfigManager.kt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt index 0363ff1a..ec0b101a 100644 --- a/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt +++ b/src/main/kotlin/uk/gov/justice/digital/hmpps/gradle/configmanagers/AppInsightsConfigManager.kt @@ -5,6 +5,7 @@ import org.gradle.api.tasks.Copy import uk.gov.justice.digital.hmpps.gradle.ConfigManager private const val APP_INSIGHTS_VERSION = "3.6.2" + // This should be kept at the same version as used by App Insights: https://github.com/microsoft/ApplicationInsights-Java/blob/3.6.2/dependencyManagement/build.gradle.kts#L14 const val OPENTELEMETRY_VERSION = "1.43.0" From 0eed91afdc0e5b0ba31f50f1352771c9a9252225 Mon Sep 17 00:00:00 2001 From: Mike Halma Date: Fri, 24 Jan 2025 09:38:54 +0000 Subject: [PATCH 7/7] SDIT-2488 Fix documentation --- release-notes/7.x.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/release-notes/7.x.md b/release-notes/7.x.md index a0b4ca19..76f46a45 100644 --- a/release-notes/7.x.md +++ b/release-notes/7.x.md @@ -12,10 +12,11 @@ Action required: run command `./gradlew ktlintFormat` ## Version upgrades +Gradle [8.11.1 -> 8.12]] + ### Plugins - Kotlin jvm [2.0.21 -> 2.1.0] - com.github.ben-manes.versions [0.51.0 -> 0.52.0] -- org.owasp.dependencycheck [8.4.3 -> 12.0.1] ### Dependencies applied by plugins - ktlint [1.0.1 -> 1.5.0]] @@ -24,8 +25,6 @@ Action required: run command `./gradlew ktlintFormat` - org.springframework.boot:spring-boot-gradle-plugin [3.4.1 -> 3.4.2] - com.github.ben-manes:gradle-versions-plugin [0.51.0 -> 0.52.0] -- io.opentelemetry:opentelemetry-api [1.43.0 -> 1.46.0] - ### Test Dependencies - org.mockito:mockito-junit-jupiter [5.14.2 -> 5.15.2] - org.assertj:assertj-core [3.27.0 -> 3.27.3] \ No newline at end of file