feature: use owasp encoder to sanitize urls

Also tidy the build.gradle a little
Tidy integration test by moving into test folder out of apiTest
Add actuator api test
Fixup actuator api test to hit /info not /actuator/info, sadly

Author: coling01

Dockerfile

@@ -1,37 +1,17 @@
-# ---- Base image (default fallback) ----
-ARG BASE_IMAGE
-FROM ${BASE_IMAGE:-eclipse-temurin:21}
+FROM eclipse-temurin:21
 
-# ---- Runtime arguments ----
-ARG SERVER_PORT
-ARG JAR_FILENAME
-ARG JAR_FILE_PATH
-ARG CP_BACKEND_URL
-ARG CJSCPPUID
-
-ENV JAR_FILENAME=${JAR_FILENAME:-app.jar}
-ENV JAR_FILE_PATH=${JAR_FILE_PATH:-build/libs}
-ENV JAR_FULL_PATH=$JAR_FILE_PATH/$JAR_FILENAME
-
-ENV CP_BACKEND_URL=$CP_BACKEND_URL
-ENV CJSCPPUID=$CJSCPPUID
-
-# ---- Set runtime ENV for Spring Boot to bind port
-ENV SERVER_PORT=${SERVER_PORT:-4550}
+WORKDIR /app
 
 # ---- Dependencies ----
 RUN apt-get update \
     && apt-get install -y curl \
     && rm -rf /var/lib/apt/lists/*
 
 # ---- Application files ----
-COPY $JAR_FULL_PATH /opt/app/app.jar
-COPY lib/applicationinsights.json /opt/app/
-
-# ---- Permissions ----
-RUN chmod 755 /opt/app/app.jar
+COPY build/libs/*.jar /app/
+COPY lib/applicationinsights.json /app/
 
 # ---- Runtime ----
 EXPOSE 4550
 
-CMD ["java", "-jar", "/opt/app/app.jar"]
+ENTRYPOINT ["sh","-c","exec java -jar $(ls /app/*.jar | grep -v 'plain' | head -n1)"]

build.gradle

@@ -1,12 +1,13 @@
 plugins {
   id 'application'
   id 'java'
-  id 'io.spring.dependency-management' version '1.1.7'
   id 'org.springframework.boot' version '4.0.0'
+  id 'io.spring.dependency-management' version '1.1.7'
   id 'jacoco'
   id 'maven-publish'
   id "com.github.ben-manes.versions" version "0.53.0"
   id "org.cyclonedx.bom" version "3.1.0"
+  id 'com.avast.gradle.docker-compose' version '0.17.20'
 }
 
 group = 'uk.gov.hmcts.cp'
@@ -16,14 +17,14 @@ apply {
   from("$rootDir/gradle/dependencies/java-core.gradle")
   from("$rootDir/gradle/dependencies/spring-core.gradle")
 
-  from("$rootDir/gradle/dependency.gradle")
-  from("$rootDir/gradle/buildinfo.gradle")
-  from("$rootDir/gradle/integration.gradle")
-  from("$rootDir/gradle/jar.gradle")
-  from("$rootDir/gradle/java.gradle")
-  from("$rootDir/gradle/pmd.gradle")
-  from("$rootDir/gradle/repositories.gradle")
-  from("$rootDir/gradle/test.gradle")
+  from("$rootDir/gradle/github/repositories.gradle")
+  from("$rootDir/gradle/github/java.gradle")
+  from("$rootDir/gradle/github/dependency.gradle")
+  from("$rootDir/gradle/github/pmd.gradle")
+  from("$rootDir/gradle/github/test.gradle")
+  from("$rootDir/gradle/github/jar.gradle")
+
+  from("$rootDir/gradle/tasks/apitest.gradle")
 }
 
 ext {

docker-compose.yml

@@ -1,35 +1,6 @@
-version: '3.8'
-
 services:
-  service-cp-caseadmin-case-urn-mapper:
-    env_file:
-      - .env
+  app:
     build:
-      context: .
       dockerfile: Dockerfile
-      args:
-        http_proxy: ${http_proxy}
-        https_proxy: ${https_proxy}
-        no_proxy: ${no_proxy}
-        BASE_IMAGE: ${BASE_IMAGE}
-        SERVER_PORT: ${SERVER_PORT}
-        JAR_FILENAME: ${JAR_FILENAME}
-        JAR_FILE_PATH: ${JAR_FILE_PATH}
-        CP_BACKEND_URL: ${CP_BACKEND_URL}
-        CJSCPPUID: ${CJSCPPUID}
-    environment:
-      - SERVER_PORT=${SERVER_PORT:-4550}
     ports:
-      - "${SERVER_PORT:-4550}:${SERVER_PORT:-4550}"
-    networks:
-      - service-network
-    healthcheck:
-      test: [ "CMD", "curl", "-f", "http://localhost:${SERVER_PORT}/health" ]
-      interval: 30s
-      timeout: 10s
-      retries: 3
-      start_period: 5s
-
-networks:
-  service-network:
-    name: service-cp-caseadmin-case-urn-mapper-network
+      - "4550:4550"

gradle/buildinfo.gradle

@@ -0,0 +1,11 @@
+// check dependencies upon release ONLY
+tasks.named("dependencyUpdates").configure {
+  def isNonStable = { String version ->
+    def stableKeyword = ['RELEASE', 'FINAL', 'GA'].any { qualifier -> version.toUpperCase().contains(qualifier) }
+    def regex = /^[0-9,.v-]+$/
+    return !stableKeyword && !(version ==~ regex)
+  }
+  rejectVersionIf {
+    isNonStable(it.candidate.version) && !isNonStable(it.currentVersion)
+  }
+}

gradle/dependency.gradle

@@ -0,0 +1,34 @@
+jar {
+  enabled = true
+  archiveClassifier.set('plain')
+  manifest {
+    attributes(
+      'Implementation-Title': project.name,
+      'Implementation-Version': project.version.toString()
+    )
+  }
+  if (file("CHANGELOG.md").exists()) {
+    from('CHANGELOG.md') {
+      into 'META-INF'
+    }
+  } else {
+    println "⚠️  CHANGELOG.md not found, skipping inclusion in JAR"
+  }
+}
+
+bootJar {
+  archiveFileName = "${rootProject.name}-${project.version}.jar"
+
+  manifest {
+    attributes('Implementation-Version': project.version.toString())
+  }
+}
+
+tasks.named('composeBuild') {
+  dependsOn tasks.named('bootJar')
+}
+
+tasks.withType(AbstractArchiveTask).configureEach {
+  preserveFileTimestamps = false
+  reproducibleFileOrder = true
+}

gradle/github/dependency.gradle

@@ -0,0 +1,12 @@
+java {
+  sourceCompatibility = JavaVersion.VERSION_21
+  targetCompatibility = JavaVersion.VERSION_21
+}
+tasks.withType(JavaCompile).configureEach {
+  options.compilerArgs << "-Xlint:unchecked" << "-Werror"
+}
+
+// https://github.com/gradle/gradle/issues/16791
+tasks.withType(JavaExec).configureEach {
+  javaLauncher.set(javaToolchains.launcherFor(java.toolchain))
+}

gradle/github/jar.gradle

@@ -0,0 +1,29 @@
+apply plugin: 'pmd'
+
+pmd {
+  ruleSets = []
+  ruleSetFiles = files(".github/pmd-ruleset.xml")
+  ignoreFailures = false
+}
+
+tasks.named("pmdMain").configure {
+  onlyIf { gradle.startParameter.taskNames.contains(name) }
+}
+
+tasks.named("pmdTest").configure {
+  enabled = false
+}
+
+tasks.withType(Pmd) {
+  reports {
+    xml.required.set(true)
+    html.required.set(true)
+  }
+}
+
+tasks.withType(Checkstyle).configureEach {
+  def generatedDir = file("${layout.buildDirectory.get().asFile.absolutePath}/generated/src/main/java").canonicalPath
+  source = source.filter { file ->
+    !file.canonicalPath.startsWith(generatedDir)
+  }
+}

gradle/github/java.gradle

@@ -0,0 +1,46 @@
+def githubActor = project.findProperty("github.actor") ?: System.getenv("GITHUB_ACTOR")
+def githubToken = project.findProperty("github.token") ?: System.getenv("GITHUB_TOKEN")
+def githubRepo = System.getenv("GITHUB_REPOSITORY")
+
+def azureADOArtifactRepository = 'https://pkgs.dev.azure.com/hmcts/Artifacts/_packaging/hmcts-lib/maven/v1'
+def azureADOArtifactActor = System.getenv("AZURE_DEVOPS_ARTIFACT_USERNAME")
+def azureADOArtifactToken = System.getenv("AZURE_DEVOPS_ARTIFACT_TOKEN")
+
+repositories {
+  mavenLocal()
+  mavenCentral()
+  maven {
+    url = azureADOArtifactRepository
+  }
+}
+
+publishing {
+  publications {
+    mavenJava(MavenPublication) {
+      artifact(tasks.named('bootJar'))
+      artifact(tasks.named('jar'))
+      pom {
+        name = project.name
+        url = "https://github.com/${githubRepo ?: 'org/repo'}"
+      }
+    }
+  }
+  repositories {
+    maven {
+      name = "GitHubPackages"
+      url = uri("https://maven.pkg.github.com/$githubRepo")
+      credentials {
+        username = githubActor
+        password = githubToken
+      }
+    }
+    maven {
+      name = "AzureArtifacts"
+      url = uri(azureADOArtifactRepository)
+      credentials {
+        username = azureADOArtifactActor
+        password = azureADOArtifactToken
+      }
+    }
+  }
+}