Merge branch 'master' of github.com:elasticio/petstore-component-java

# Conflicts:
#	build.gradle
#	gradle/wrapper/gradle-wrapper.jar
#	gradlew

Author: ShkarupaNick

.circleci/config.yml

@@ -0,0 +1,129 @@
+version: 2.1
+parameters:
+  node-version:
+    type: string
+    default: "16.13.2"
+orbs:
+  node: circleci/[email protected]
+  slack: circleci/[email protected]
+commands:
+  notify_on_failure:
+    steps:
+      - slack/notify:
+          event: fail
+          custom: |
+            {
+            	"blocks": [
+            		{
+            			"type": "section",
+            			"fields": [
+            				{
+            					"type": "mrkdwn",
+            					"text": ":red_circle: *$CIRCLE_PROJECT_REPONAME*:*$CIRCLE_TAG* build failed"
+            				}
+            			]
+            		},
+            		{
+            			"type": "actions",
+            			"elements": [
+            				{
+            					"type": "button",
+            					"text": {
+            						"type": "plain_text",
+            						"text": "View Job"
+            					},
+            					"url": "${CIRCLE_BUILD_URL}"
+            				}
+            			]
+            		}
+            	]
+            }
+  notify_on_pass:
+    steps:
+      - slack/notify:
+          event: pass
+          custom: |
+            {
+            	"blocks": [
+            		{
+            			"type": "section",
+            			"fields": [
+            				{
+            					"type": "mrkdwn",
+            					"text": ":tada: *$CIRCLE_PROJECT_REPONAME*:*$CIRCLE_TAG* was successfully built and published"
+            				}
+            			]
+            		},
+            		{
+            			"type": "actions",
+            			"elements": [
+            				{
+            					"type": "button",
+            					"text": {
+            						"type": "plain_text",
+            						"text": "View Job"
+            					},
+            					"url": "${CIRCLE_BUILD_URL}"
+            				}
+            			]
+            		}
+            	]
+            }
+
+  openjdk-install: cloudesire/[email protected]
+jobs:
+  test:
+    docker:
+      - image: circleci/openjdk:8
+    steps:
+      - checkout
+      - restore_cache:
+          key: gradle-{{ checksum "build.gradle" }}
+
+      - run: ./gradlew downloadDependencies --daemon
+      - save_cache:
+          key: gradle-{{ checksum "build.gradle" }}
+          paths:
+            - ~/.gradle/caches
+            - ~/.gradle/wrapper
+      - run:
+          name: Audit Dependencies
+          command: ./gradlew dependencyCheckAnalyze -PrunWithDependencyCheck
+  build:
+    docker:
+      - image: cimg/base:stable
+        user: root
+    steps:
+      - checkout
+      - node/install:
+          node-version: << pipeline.parameters.node-version >>
+      - setup_remote_docker:
+          version: 19.03.13
+          docker_layer_caching: true
+      # build and push Docker image
+      - run:
+          name: Install component-build-helper lib
+          command: npm install -g @elastic.io/component-build-helper
+      - run:
+          name: Build and publish docker image
+          command: build_component_docker
+      - notify_on_failure
+      - notify_on_pass
+
+workflows:
+  test:
+    jobs:
+      - test:
+          name: "Running tests"
+          filters:
+            tags:
+              ignore: /.*/
+  publish_release:
+    jobs:
+      - build:
+          name: "Build and publish docker image"
+          filters:
+            branches:
+              ignore: /.*/
+            tags:
+              only: /^([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$/

CHANGELOG.md

@@ -0,0 +1,12 @@
+## 1.0.6 (May 11, 2022)
+* Made an automated vulnerability check run in CI/CD
+
+## 1.0.5 (May 6, 2022)
+* Add an automated vulnerability check
+
+## 1.0.4 (April 08, 2022)
+* Updated the Sailor version to 3.3.9
+
+## 1.0.3 (March 16, 2022)
+* Updated the sailor version to 3.3.8
+* Add a component pusher to Docker hub

build.gradle

@@ -3,9 +3,26 @@ apply plugin: 'groovy'
 apply plugin: 'idea'
 apply plugin: 'eclipse'
 apply plugin: 'java-library-distribution'
+if (hasProperty('runWithDependencyCheck')) {
+    apply plugin: org.owasp.dependencycheck.gradle.DependencyCheckPlugin
+
+    check.dependsOn dependencyCheckAnalyze
+
+    dependencyCheck {
+        format = 'HTML'
+        failBuildOnCVSS = 7
+        suppressionFile='./dependencyCheck-suppression.xml'
+    }
+}
 
 group = 'io.elastic'
-version = '1.0.2'
+
+task downloadDependencies() {
+    description 'Download all dependencies to the Gradle cache'
+    doLast {
+        configurations.findAll { it.canBeResolved }.files
+    }
+}
 
 sourceCompatibility = 1.8
 targetCompatibility = 1.8
@@ -31,9 +48,9 @@ repositories {
 }
 
 dependencies {
-    compile "io.elastic:sailor-jvm:4.0.0-SNAPSHOT"
-    compile "org.glassfish.jersey.core:jersey-client:2.39"
-    compile "org.glassfish.jersey.media:jersey-media-json-processing:2.39"
+    compile "io.elastic:sailor-jvm:3.3.9"
+    compile "org.glassfish.jersey.core:jersey-client:2.25.1"
+    compile "org.glassfish.jersey.media:jersey-media-json-processing:2.25.1"
 }
 
 uploadArchives {
@@ -42,6 +59,15 @@ uploadArchives {
     }
 }
 
+buildscript {
+    repositories {
+        mavenCentral()
+    }
+    dependencies {
+        classpath 'org.owasp:dependency-check-gradle:7.1.0.1'
+    }
+}
+
 wrapper {
     gradleVersion = '5.4.1'
 }

component.json

@@ -2,6 +2,7 @@
   "title": "Petstore API (Java)",
   "description": "elastic.io component for the Petstore API",
   "docsUrl": "https://github.com/elasticio/petstore-component-java",
+  "version": "1.0.6",
   "credentials": {
     "fields": {
       "apiKey": {

dependencyCheck-suppression.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+  <suppress>
+    <notes><![CDATA[
+      file name: logback-jackson-0.1.5.jar
+      ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:maven/ch\.qos\.logback\.contrib/logback\-jackson@.*$</packageUrl>
+    <cve>CVE-2017-5929</cve>
+    <cve>CVE-2021-42550</cve>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[
+      file name: logback-json-classic-0.1.5.jar
+      ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:maven/ch\.qos\.logback\.contrib/logback\-json\-classic@.*$</packageUrl>
+    <cpe>cpe:/a:qos:logback</cpe>
+  </suppress>
+  <suppress>
+    <notes><![CDATA[
+      file name: logback-json-core-0.1.5.jar
+      ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:maven/ch\.qos\.logback\.contrib/logback\-json\-core@.*$</packageUrl>
+    <cpe>cpe:/a:qos:logback</cpe>
+  </suppress>
+</suppressions>

gradle/wrapper/gradle-wrapper.jar

@@ -162,7 +162,7 @@ save () {
 APP_ARGS=$(save "$@")
 
 # Collect all arguments for the java command, following the shell quoting and substitution rules
-eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+eval set -- $DEFAULT_JVM_OPTS --illegal-access=permit $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
 
 # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
 if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then