From 72d7da389f9fca1e4a5a3d81f8941100f491c99c Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Wed, 20 Nov 2024 17:46:48 -0700 Subject: [PATCH 01/26] Fix Snyc vulnerability Upgrade tomcat-embed-core to 10.1.31 to fix critical vulnerability (SNYK-JAVA-ORGAPACHETOMCATEMBED-8383920): https://cwe.mitre.org/data/definitions/248.html --- .../src/main/groovy/shared.java.vro-dep-constraints.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle-plugins/src/main/groovy/shared.java.vro-dep-constraints.gradle b/gradle-plugins/src/main/groovy/shared.java.vro-dep-constraints.gradle index c447bf7fb..2c3f16f23 100644 --- a/gradle-plugins/src/main/groovy/shared.java.vro-dep-constraints.gradle +++ b/gradle-plugins/src/main/groovy/shared.java.vro-dep-constraints.gradle @@ -61,7 +61,7 @@ dependencies { implementation 'org.apache.commons:commons-compress:1.24.0' // for tomcat - implementation 'org.apache.tomcat.embed:tomcat-embed-core:10.1.25' + implementation 'org.apache.tomcat.embed:tomcat-embed-core:10.1.31' implementation 'org.springframework.amqp:spring-amqp:3.0.10' implementation 'org.springframework.security:spring-security-config:6.1.5' From 968ed6376faf55e92de900d98c564e191fe9f592 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 10:09:54 +0000 Subject: [PATCH 02/26] Bump org.flywaydb.flyway from 10.21.0 to 10.22.0 Bumps org.flywaydb.flyway from 10.21.0 to 10.22.0. --- updated-dependencies: - dependency-name: org.flywaydb.flyway dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- db-init/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db-init/build.gradle b/db-init/build.gradle index 354de2a55..0240f6e31 100644 --- a/db-init/build.gradle +++ b/db-init/build.gradle @@ -1,5 +1,5 @@ plugins { - id 'org.flywaydb.flyway' version '10.21.0' + id 'org.flywaydb.flyway' version '10.22.0' id 'shared.docker.container-conventions' id 'shared.java.vro-dep-constraints' } From 98368d9411b54980007ca6ebe9bf34969588dcad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Nov 2024 10:58:19 +0000 Subject: [PATCH 03/26] Bump flyway/flyway from 10.21-alpine to 10.22-alpine in /db-init Bumps flyway/flyway from 10.21-alpine to 10.22-alpine. --- updated-dependencies: - dependency-name: flyway/flyway dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- db-init/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db-init/Dockerfile b/db-init/Dockerfile index 09979525a..82a546148 100644 --- a/db-init/Dockerfile +++ b/db-init/Dockerfile @@ -1,4 +1,4 @@ -FROM flyway/flyway:10.21-alpine +FROM flyway/flyway:10.22-alpine # hadolint ignore=DL3018 RUN < Date: Thu, 21 Nov 2024 11:07:41 +0000 Subject: [PATCH 04/26] Bump amazon/aws-cli from 2.22.0 to 2.22.2 in /dev-tools Bumps amazon/aws-cli from 2.22.0 to 2.22.2. --- updated-dependencies: - dependency-name: amazon/aws-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- dev-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile index 382d331bd..58e62e8d3 100644 --- a/dev-tools/Dockerfile +++ b/dev-tools/Dockerfile @@ -1,5 +1,5 @@ # Use the official AWS CLI image for the first stage -FROM amazon/aws-cli:2.22.0 as awscli +FROM amazon/aws-cli:2.22.2 as awscli # Use the bitnami/minideb:bookworm as the base image for the second stage FROM bitnami/minideb:bookworm From d20308c45090cec9db2620603860541a7e4c3164 Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Thu, 21 Nov 2024 11:38:20 -0700 Subject: [PATCH 05/26] Fix secrel#publish-to-grc workflow ubuntu/gradle version issue Gradle 8.11, which the latest version of Ubuntu uses, introduced a Publish to GCR Workflow issue: ``` Compiling initialization script '/home/runner/.gradle/init.d/gradle-actions.inject-develocity.init.gradle' using BuildScriptTransformer. Starting Build FAILURE: Build failed with an exception. * Where: Initialization script '/home/runner/work/_temp/dummy-cleanup-project/init.gradle' line: 8 * What went wrong: Cannot get the value of write-only property 'removeUnusedEntriesOlderThan' for object of type org.gradle.api.internal.cache.DefaultCacheConfigurations$DefaultCacheResourceConfiguration. ``` The below Ubuntu version pulls in the last known Gradle version that passed - 8.10.2: https://github.com/actions/runner-images/blob/ubuntu24/20241117.1/images/ubuntu/Ubuntu2004-Readme.md --- .github/workflows/secrel.yml | 2 +- gradle-plugins/build.gradle | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/secrel.yml b/.github/workflows/secrel.yml index 468b99a8b..cb37ecbce 100644 --- a/.github/workflows/secrel.yml +++ b/.github/workflows/secrel.yml @@ -106,7 +106,7 @@ jobs: outputs: vro-images: ${{ steps.publish-images.outputs.images_list }} slack-response-ts: ${{ fromJson(steps.notify-slack.outputs.slack-result).response.message.ts }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-20.04 # NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. steps: - name: "Determine image tag" id: image-props diff --git a/gradle-plugins/build.gradle b/gradle-plugins/build.gradle index e3a6eb89f..3fd9301df 100644 --- a/gradle-plugins/build.gradle +++ b/gradle-plugins/build.gradle @@ -18,7 +18,7 @@ dependencies { // Set versions for these plugins so we don't have to repeat the versions in convention.gradle files // https://discuss.gradle.org/t/applying-a-plugin-version-inside-a-convention-plugin/42160 // Syntax: ":.gradle.plugin:" - implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.11' + implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.10.2' // NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. implementation 'com.diffplug.spotless:com.diffplug.spotless.gradle.plugin:6.24.0' implementation 'com.felipefzdz.gradle.shellcheck:com.felipefzdz.gradle.shellcheck.gradle.plugin:1.4.6' implementation 'com.palantir.docker:com.palantir.docker.gradle.plugin:0.35.0' From cc92c5dcd7675201906db9ce55332079d26113c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 10:31:25 +0000 Subject: [PATCH 06/26] Bump io.freefair.lombok:io.freefair.lombok.gradle.plugin Bumps [io.freefair.lombok:io.freefair.lombok.gradle.plugin](https://github.com/freefair/gradle-plugins) from 8.10.2 to 8.11. - [Release notes](https://github.com/freefair/gradle-plugins/releases) - [Commits](https://github.com/freefair/gradle-plugins/compare/8.10.2...8.11) --- updated-dependencies: - dependency-name: io.freefair.lombok:io.freefair.lombok.gradle.plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- gradle-plugins/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle-plugins/build.gradle b/gradle-plugins/build.gradle index 3fd9301df..66647046a 100644 --- a/gradle-plugins/build.gradle +++ b/gradle-plugins/build.gradle @@ -18,7 +18,7 @@ dependencies { // Set versions for these plugins so we don't have to repeat the versions in convention.gradle files // https://discuss.gradle.org/t/applying-a-plugin-version-inside-a-convention-plugin/42160 // Syntax: ":.gradle.plugin:" - implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.10.2' // NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. + implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.11' // NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. implementation 'com.diffplug.spotless:com.diffplug.spotless.gradle.plugin:6.24.0' implementation 'com.felipefzdz.gradle.shellcheck:com.felipefzdz.gradle.shellcheck.gradle.plugin:1.4.6' implementation 'com.palantir.docker:com.palantir.docker.gradle.plugin:0.35.0' From b556c3d56c63b13584be3ae10d8431f991edf35e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 10:31:41 +0000 Subject: [PATCH 07/26] Bump org.flywaydb.flyway from 10.22.0 to 11.0.0 Bumps org.flywaydb.flyway from 10.22.0 to 11.0.0. --- updated-dependencies: - dependency-name: org.flywaydb.flyway dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- db-init/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db-init/build.gradle b/db-init/build.gradle index 0240f6e31..1ba71bdd2 100644 --- a/db-init/build.gradle +++ b/db-init/build.gradle @@ -1,5 +1,5 @@ plugins { - id 'org.flywaydb.flyway' version '10.22.0' + id 'org.flywaydb.flyway' version '11.0.0' id 'shared.docker.container-conventions' id 'shared.java.vro-dep-constraints' } From 338f42c110afcf1230c7f01e4f2b46d7308cf857 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 10:39:24 +0000 Subject: [PATCH 08/26] Bump amazon/aws-cli from 2.22.2 to 2.22.3 in /dev-tools Bumps amazon/aws-cli from 2.22.2 to 2.22.3. --- updated-dependencies: - dependency-name: amazon/aws-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- dev-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile index 58e62e8d3..cd09426f4 100644 --- a/dev-tools/Dockerfile +++ b/dev-tools/Dockerfile @@ -1,5 +1,5 @@ # Use the official AWS CLI image for the first stage -FROM amazon/aws-cli:2.22.2 as awscli +FROM amazon/aws-cli:2.22.3 as awscli # Use the bitnami/minideb:bookworm as the base image for the second stage FROM bitnami/minideb:bookworm From 65f58b0894b5d85f8a3a1070dc4dd08d848a49bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 10:44:59 +0000 Subject: [PATCH 09/26] Bump flyway/flyway from 10.22-alpine to 11.0-alpine in /db-init Bumps flyway/flyway from 10.22-alpine to 11.0-alpine. --- updated-dependencies: - dependency-name: flyway/flyway dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- db-init/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db-init/Dockerfile b/db-init/Dockerfile index 82a546148..f6e6d214b 100644 --- a/db-init/Dockerfile +++ b/db-init/Dockerfile @@ -1,4 +1,4 @@ -FROM flyway/flyway:10.22-alpine +FROM flyway/flyway:11.0-alpine # hadolint ignore=DL3018 RUN < Date: Fri, 22 Nov 2024 11:06:47 -0700 Subject: [PATCH 10/26] downgrade gradle upgrade see: https://github.com/department-of-veterans-affairs/abd-vro/pull/3789 --- gradle-plugins/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle-plugins/build.gradle b/gradle-plugins/build.gradle index 66647046a..3fd9301df 100644 --- a/gradle-plugins/build.gradle +++ b/gradle-plugins/build.gradle @@ -18,7 +18,7 @@ dependencies { // Set versions for these plugins so we don't have to repeat the versions in convention.gradle files // https://discuss.gradle.org/t/applying-a-plugin-version-inside-a-convention-plugin/42160 // Syntax: ":.gradle.plugin:" - implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.11' // NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. + implementation 'io.freefair.lombok:io.freefair.lombok.gradle.plugin:8.10.2' // NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. implementation 'com.diffplug.spotless:com.diffplug.spotless.gradle.plugin:6.24.0' implementation 'com.felipefzdz.gradle.shellcheck:com.felipefzdz.gradle.shellcheck.gradle.plugin:1.4.6' implementation 'com.palantir.docker:com.palantir.docker.gradle.plugin:0.35.0' From b227b848203a37646fe51d0c5fb607bea6e898fc Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Fri, 22 Nov 2024 11:58:03 -0700 Subject: [PATCH 11/26] Explicitly set Gradle 8.10.2 in `setup-vro` action This will hopefully resolve the removeUnusedEntriesOlderThan GHCR pipeline issue. For more details, see: https://github.com/department-of-veterans-affairs/abd-vro/pull/3789 --- .github/actions/setup-vro/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/actions/setup-vro/action.yml b/.github/actions/setup-vro/action.yml index 0b232d318..66c67d94d 100644 --- a/.github/actions/setup-vro/action.yml +++ b/.github/actions/setup-vro/action.yml @@ -18,6 +18,7 @@ runs: - name: "Setup Gradle" uses: gradle/actions/setup-gradle@v3 with: + gradle-version: 8.10.2 # NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. # Only write to the cache for builds on the 'main' and 'develop' branches. (Default is 'main' only.) # Builds on other branches will only read existing entries from the cache. cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/qa' && github.ref != 'refs/heads/develop' }} From b67bb1376bfbf20e8fe623daf05acd17fa5baea7 Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Fri, 22 Nov 2024 14:02:48 -0700 Subject: [PATCH 12/26] Fix Gradle: Make cache changes * Align gate-check's Gradle version with publish-to-ghcr. * Clear Gradle caches temporarily to ensure no residual versions interfere. * Set `gradle-home-cache-cleanup: false` See details here: https://github.com/department-of-veterans-affairs/abd-vro/pull/3794#issuecomment-2494789396 --- .github/actions/setup-vro/action.yml | 7 ++++++- .github/workflows/secrel.yml | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/actions/setup-vro/action.yml b/.github/actions/setup-vro/action.yml index 66c67d94d..d974212c8 100644 --- a/.github/actions/setup-vro/action.yml +++ b/.github/actions/setup-vro/action.yml @@ -25,7 +25,7 @@ runs: # To avoid a growing cache over time, attempt to delete any files in the Gradle User Home # that were not used by Gradle during the workflow, prior to saving the cache. # https://github.com/gradle/actions/setup-gradle@v3#removing-unused-files-from-gradle-user-home-before-saving-to-cache - gradle-home-cache-cleanup: true + gradle-home-cache-cleanup: false - uses: ./.github/actions/install-java-tools @@ -55,3 +55,8 @@ runs: python3 -m venv ${VENV_EP_MERGE} source ${VENV_EP_MERGE}/bin/activate pip install -r domain-ee/ee-ep-merge-app/src/requirements.txt + + - name: "Clear Gradle Cache (Debug Step)" + shell: bash + run: rm -rf ~/.gradle || true + if: always() # Ensure cache is cleared even on workflow failures diff --git a/.github/workflows/secrel.yml b/.github/workflows/secrel.yml index cb37ecbce..9e60cd191 100644 --- a/.github/workflows/secrel.yml +++ b/.github/workflows/secrel.yml @@ -68,7 +68,7 @@ jobs: outputs: run-secrel: ${{ steps.check-run-conds.outputs.run_secrel }} publish-images: ${{ steps.check-run-conds.outputs.publish_images }} - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 # NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. steps: - name: "Decide downstream actions" id: check-run-conds From c0e2ab661356693d04367beffcd64343e9fea11a Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Fri, 22 Nov 2024 16:54:46 -0700 Subject: [PATCH 13/26] Fix Gradle: isolate fix See PR comment: https://github.com/department-of-veterans-affairs/abd-vro/pull/3794#issuecomment-2494789396 I attempted the above proposed next steps in this branch and ran the pipeline manually, it and one of the changes fixed the issue! I'm now going to figure out which specific change fixed the Gradle version issue, and I'll put up a new PR. The first isolated change will be `workflows/secrel.yml#gate-check:# runs-on: ubuntu-20.04` --- .github/actions/setup-vro/action.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/actions/setup-vro/action.yml b/.github/actions/setup-vro/action.yml index d974212c8..66c67d94d 100644 --- a/.github/actions/setup-vro/action.yml +++ b/.github/actions/setup-vro/action.yml @@ -25,7 +25,7 @@ runs: # To avoid a growing cache over time, attempt to delete any files in the Gradle User Home # that were not used by Gradle during the workflow, prior to saving the cache. # https://github.com/gradle/actions/setup-gradle@v3#removing-unused-files-from-gradle-user-home-before-saving-to-cache - gradle-home-cache-cleanup: false + gradle-home-cache-cleanup: true - uses: ./.github/actions/install-java-tools @@ -55,8 +55,3 @@ runs: python3 -m venv ${VENV_EP_MERGE} source ${VENV_EP_MERGE}/bin/activate pip install -r domain-ee/ee-ep-merge-app/src/requirements.txt - - - name: "Clear Gradle Cache (Debug Step)" - shell: bash - run: rm -rf ~/.gradle || true - if: always() # Ensure cache is cleared even on workflow failures From 40f2997c17c7b8c1f02c1525d70d38bc05cb3718 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:56:55 +0000 Subject: [PATCH 14/26] Bump amazon/aws-cli from 2.22.3 to 2.22.4 in /dev-tools Bumps amazon/aws-cli from 2.22.3 to 2.22.4. --- updated-dependencies: - dependency-name: amazon/aws-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- dev-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile index cd09426f4..25604a5de 100644 --- a/dev-tools/Dockerfile +++ b/dev-tools/Dockerfile @@ -1,5 +1,5 @@ # Use the official AWS CLI image for the first stage -FROM amazon/aws-cli:2.22.3 as awscli +FROM amazon/aws-cli:2.22.4 as awscli # Use the bitnami/minideb:bookworm as the base image for the second stage FROM bitnami/minideb:bookworm From 6424650f28d5d918420643e4f7575f19826ce158 Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Mon, 25 Nov 2024 12:53:09 -0700 Subject: [PATCH 15/26] remove unnecessary setup gradle property The relevant wrapper files that determine the Gradle version used in CI: https://github.com/department-of-veterans-affairs/abd-vro/blob/ae86f6ba447e7e1ac8e1a4d6e8b20bb502d91dc1/gradlew.bat https://github.com/department-of-veterans-affairs/abd-vro/blob/82b1c36985acb08f0fcbaa0ba098a9bb3f2b1370/gradle/wrapper/gradle-wrapper.properties See: https://github.com/gradle/actions/blob/v3.5.0/setup-gradle/action.yml --- .github/actions/setup-vro/action.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/actions/setup-vro/action.yml b/.github/actions/setup-vro/action.yml index 66c67d94d..2b502ae74 100644 --- a/.github/actions/setup-vro/action.yml +++ b/.github/actions/setup-vro/action.yml @@ -15,16 +15,15 @@ runs: # cache the Gradle User Home" # cache: 'gradle' + # https://github.com/gradle/actions/blob/v3.5.0/setup-gradle/action.yml - name: "Setup Gradle" uses: gradle/actions/setup-gradle@v3 with: - gradle-version: 8.10.2 # NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. # Only write to the cache for builds on the 'main' and 'develop' branches. (Default is 'main' only.) # Builds on other branches will only read existing entries from the cache. cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/qa' && github.ref != 'refs/heads/develop' }} # To avoid a growing cache over time, attempt to delete any files in the Gradle User Home # that were not used by Gradle during the workflow, prior to saving the cache. - # https://github.com/gradle/actions/setup-gradle@v3#removing-unused-files-from-gradle-user-home-before-saving-to-cache gradle-home-cache-cleanup: true - uses: ./.github/actions/install-java-tools From d32f1ac7b60ad25d41f3d694bf50f6a575b794c3 Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Mon, 25 Nov 2024 12:54:58 -0700 Subject: [PATCH 16/26] update gradle-wrapper.properties distribution --- gradle/wrapper/gradle-wrapper.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index fae08049a..1e2fbf0d4 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.1.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists From 9e0b670a7f40377ef438898dea8e50a3b8c903db Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Mon, 25 Nov 2024 12:56:27 -0700 Subject: [PATCH 17/26] use gradle/actions/setup-gradle@v3 consistently --- .github/workflows/lint-gradle-files.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint-gradle-files.yml b/.github/workflows/lint-gradle-files.yml index e295888ff..e704e23e9 100644 --- a/.github/workflows/lint-gradle-files.yml +++ b/.github/workflows/lint-gradle-files.yml @@ -23,7 +23,7 @@ jobs: # cache the Gradle User Home" # cache: 'gradle' - name: "Setup Gradle" - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@v3 with: # Only write to the cache for builds on the 'main' and 'develop' branches. (Default is 'main' only.) # Builds on other branches will only read existing entries from the cache. From 55c6f71ccc164487a3e2d06c3c9ff93792fb4808 Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Mon, 25 Nov 2024 19:12:32 -0700 Subject: [PATCH 18/26] Switch to Using Gradle Wrapper Exclusively - Removed `gradle/actions/setup-gradle@v3` from the workflow as it is redundant when using the Gradle Wrapper (`./gradlew`). - Ensures the Gradle version specified in `gradle-wrapper.properties` is always used, avoiding potential version conflicts. - Simplifies the workflow and eliminates the need for `cache-read-only` and `gradle-home-cache-cleanup` settings. - Focuses cache management on clearing `~/.gradle` to avoid issues with residual or mismatched Gradle versions. Setting the Ubuntu version worked only momentarily, as Ubuntu 20.04 upgraded to Gradle 8.11 a few days ago :homer_doh: https://github.com/actions/runner-images/pull/10999 --- .github/actions/setup-vro/action.yml | 30 ++++++++++++++++++---------- .github/workflows/secrel.yml | 4 ++-- 2 files changed, 22 insertions(+), 12 deletions(-) diff --git a/.github/actions/setup-vro/action.yml b/.github/actions/setup-vro/action.yml index 2b502ae74..396629414 100644 --- a/.github/actions/setup-vro/action.yml +++ b/.github/actions/setup-vro/action.yml @@ -15,16 +15,26 @@ runs: # cache the Gradle User Home" # cache: 'gradle' - # https://github.com/gradle/actions/blob/v3.5.0/setup-gradle/action.yml - - name: "Setup Gradle" - uses: gradle/actions/setup-gradle@v3 - with: - # Only write to the cache for builds on the 'main' and 'develop' branches. (Default is 'main' only.) - # Builds on other branches will only read existing entries from the cache. - cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/qa' && github.ref != 'refs/heads/develop' }} - # To avoid a growing cache over time, attempt to delete any files in the Gradle User Home - # that were not used by Gradle during the workflow, prior to saving the cache. - gradle-home-cache-cleanup: true + # # https://github.com/gradle/actions/blob/v3.5.0/setup-gradle/action.yml + # - name: "Setup Gradle" + # uses: gradle/actions/setup-gradle@v3 + # with: + # # Only write to the cache for builds on the 'main' and 'develop' branches. (Default is 'main' only.) + # # Builds on other branches will only read existing entries from the cache. + # cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/qa' && github.ref != 'refs/heads/develop' }} + # # To avoid a growing cache over time, attempt to delete any files in the Gradle User Home + # # that were not used by Gradle during the workflow, prior to saving the cache. + # gradle-home-cache-cleanup: true + + - name: "Clear Gradle Cache" + shell: bash + run: rm -rf ~/.gradle || true + + - name: "Validate Gradle Wrapper Version" + shell: bash + run: | + # Ensure Gradle Wrapper uses the desired version (specified in gradle-wrapper.properties) + ./gradlew --version - uses: ./.github/actions/install-java-tools diff --git a/.github/workflows/secrel.yml b/.github/workflows/secrel.yml index 9e60cd191..e21e21c5e 100644 --- a/.github/workflows/secrel.yml +++ b/.github/workflows/secrel.yml @@ -68,7 +68,7 @@ jobs: outputs: run-secrel: ${{ steps.check-run-conds.outputs.run_secrel }} publish-images: ${{ steps.check-run-conds.outputs.publish_images }} - runs-on: ubuntu-20.04 # NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. + runs-on: ubuntu-latest steps: - name: "Decide downstream actions" id: check-run-conds @@ -106,7 +106,7 @@ jobs: outputs: vro-images: ${{ steps.publish-images.outputs.images_list }} slack-response-ts: ${{ fromJson(steps.notify-slack.outputs.slack-result).response.message.ts }} - runs-on: ubuntu-20.04 # NOTE: As VRO is being shut down, this version is pinned to get around a .gradle issue with removeUnusedEntriesOlderThan. + runs-on: ubuntu-latest steps: - name: "Determine image tag" id: image-props From cde044b63664382102434043d6781bc271fb6799 Mon Sep 17 00:00:00 2001 From: Gabriel Zurita Date: Mon, 25 Nov 2024 20:30:44 -0700 Subject: [PATCH 19/26] clean up unnecessary items --- .github/actions/setup-vro/action.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/.github/actions/setup-vro/action.yml b/.github/actions/setup-vro/action.yml index 396629414..b572ced28 100644 --- a/.github/actions/setup-vro/action.yml +++ b/.github/actions/setup-vro/action.yml @@ -15,27 +15,10 @@ runs: # cache the Gradle User Home" # cache: 'gradle' - # # https://github.com/gradle/actions/blob/v3.5.0/setup-gradle/action.yml - # - name: "Setup Gradle" - # uses: gradle/actions/setup-gradle@v3 - # with: - # # Only write to the cache for builds on the 'main' and 'develop' branches. (Default is 'main' only.) - # # Builds on other branches will only read existing entries from the cache. - # cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/qa' && github.ref != 'refs/heads/develop' }} - # # To avoid a growing cache over time, attempt to delete any files in the Gradle User Home - # # that were not used by Gradle during the workflow, prior to saving the cache. - # gradle-home-cache-cleanup: true - - name: "Clear Gradle Cache" shell: bash run: rm -rf ~/.gradle || true - - name: "Validate Gradle Wrapper Version" - shell: bash - run: | - # Ensure Gradle Wrapper uses the desired version (specified in gradle-wrapper.properties) - ./gradlew --version - - uses: ./.github/actions/install-java-tools - name: "Install Python" From 3d5e3a4c8ea96d875c79b944da83d973206a9887 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 26 Nov 2024 10:19:28 +0000 Subject: [PATCH 20/26] Bump amazon/aws-cli from 2.22.4 to 2.22.5 in /dev-tools Bumps amazon/aws-cli from 2.22.4 to 2.22.5. --- updated-dependencies: - dependency-name: amazon/aws-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- dev-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile index 25604a5de..2f40e6c4c 100644 --- a/dev-tools/Dockerfile +++ b/dev-tools/Dockerfile @@ -1,5 +1,5 @@ # Use the official AWS CLI image for the first stage -FROM amazon/aws-cli:2.22.4 as awscli +FROM amazon/aws-cli:2.22.5 as awscli # Use the bitnami/minideb:bookworm as the base image for the second stage FROM bitnami/minideb:bookworm From 739f4fe686988b8ec7aadc85449ca0806e60c4fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 10:19:34 +0000 Subject: [PATCH 21/26] Bump amazon/aws-cli from 2.22.5 to 2.22.6 in /dev-tools Bumps amazon/aws-cli from 2.22.5 to 2.22.6. --- updated-dependencies: - dependency-name: amazon/aws-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- dev-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile index 2f40e6c4c..395f83b82 100644 --- a/dev-tools/Dockerfile +++ b/dev-tools/Dockerfile @@ -1,5 +1,5 @@ # Use the official AWS CLI image for the first stage -FROM amazon/aws-cli:2.22.5 as awscli +FROM amazon/aws-cli:2.22.6 as awscli # Use the bitnami/minideb:bookworm as the base image for the second stage FROM bitnami/minideb:bookworm From a15be529bb08f641dde5dbc2cc0932fc9e4f03c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 10:22:29 +0000 Subject: [PATCH 22/26] Bump org.apache.kafka:connect-api from 7.7.1-ce to 7.7.2-ce Bumps org.apache.kafka:connect-api from 7.7.1-ce to 7.7.2-ce. --- updated-dependencies: - dependency-name: org.apache.kafka:connect-api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- svc-bie-kafka/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/svc-bie-kafka/build.gradle b/svc-bie-kafka/build.gradle index 4d1403b21..3a9421696 100644 --- a/svc-bie-kafka/build.gradle +++ b/svc-bie-kafka/build.gradle @@ -37,7 +37,7 @@ dependencies { // avro schema and kafka implementation 'org.apache.avro:avro:1.12.0' implementation 'io.confluent:kafka-avro-serializer:7.7.1' - implementation 'org.apache.kafka:connect-api:7.7.1-ce' + implementation 'org.apache.kafka:connect-api:7.7.2-ce' implementation 'org.apache.commons:commons-compress:1.27.1' implementation 'com.google.guava:guava:33.3.1-jre' // RabbitMQ From 256a0c9104fc50229077da15d4e87516d62dbf7f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 10:22:49 +0000 Subject: [PATCH 23/26] Bump io.confluent:kafka-avro-serializer from 7.7.1 to 7.7.2 Bumps [io.confluent:kafka-avro-serializer](https://github.com/confluentinc/schema-registry) from 7.7.1 to 7.7.2. - [Commits](https://github.com/confluentinc/schema-registry/commits) --- updated-dependencies: - dependency-name: io.confluent:kafka-avro-serializer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- svc-bie-kafka/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/svc-bie-kafka/build.gradle b/svc-bie-kafka/build.gradle index 4d1403b21..024880cf1 100644 --- a/svc-bie-kafka/build.gradle +++ b/svc-bie-kafka/build.gradle @@ -36,7 +36,7 @@ dependencies { // avro schema and kafka implementation 'org.apache.avro:avro:1.12.0' - implementation 'io.confluent:kafka-avro-serializer:7.7.1' + implementation 'io.confluent:kafka-avro-serializer:7.7.2' implementation 'org.apache.kafka:connect-api:7.7.1-ce' implementation 'org.apache.commons:commons-compress:1.27.1' implementation 'com.google.guava:guava:33.3.1-jre' From 7d4baeb6ebb2e61298538c16d89a8882c231cb45 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Nov 2024 10:59:30 +0000 Subject: [PATCH 24/26] Bump com.fasterxml.jackson.core:jackson-databind from 2.18.1 to 2.18.2 Bumps [com.fasterxml.jackson.core:jackson-databind](https://github.com/FasterXML/jackson) from 2.18.1 to 2.18.2. - [Commits](https://github.com/FasterXML/jackson/commits) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- db-init/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/db-init/build.gradle b/db-init/build.gradle index 1ba71bdd2..ef851630f 100644 --- a/db-init/build.gradle +++ b/db-init/build.gradle @@ -16,7 +16,7 @@ dependencies { // flywayMigration platform("gov.va.starter:starter-bom:${starter_boot_version}") flywayMigration "org.postgresql:postgresql:${postgresql_version}" constraints { - implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.1' + implementation 'com.fasterxml.jackson.core:jackson-databind:2.18.2' } } From ca5e07e1c721741ce4eb1304e6ca184b671c2d86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Nov 2024 10:59:45 +0000 Subject: [PATCH 25/26] Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 Bumps com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.18.1 to 2.18.2. --- updated-dependencies: - dependency-name: com.fasterxml.jackson.datatype:jackson-datatype-jsr310 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- svc-bip-api/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/svc-bip-api/build.gradle b/svc-bip-api/build.gradle index 683a231dc..3bb81b717 100644 --- a/svc-bip-api/build.gradle +++ b/svc-bip-api/build.gradle @@ -19,7 +19,7 @@ dependencies { implementation "com.fasterxml.jackson.core:jackson-core" implementation "com.fasterxml.jackson.core:jackson-databind" - implementation "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.1" + implementation "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.18.2" def jjwt_version = "0.12.6" implementation "io.jsonwebtoken:jjwt-api:${jjwt_version}" From 9ad41489834b5ba5b9c05e464fe65cd4359c90c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 11:55:33 +0000 Subject: [PATCH 26/26] Bump amazon/aws-cli from 2.22.6 to 2.22.8 in /dev-tools Bumps amazon/aws-cli from 2.22.6 to 2.22.8. --- updated-dependencies: - dependency-name: amazon/aws-cli dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- dev-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile index 395f83b82..ef92b5742 100644 --- a/dev-tools/Dockerfile +++ b/dev-tools/Dockerfile @@ -1,5 +1,5 @@ # Use the official AWS CLI image for the first stage -FROM amazon/aws-cli:2.22.6 as awscli +FROM amazon/aws-cli:2.22.8 as awscli # Use the bitnami/minideb:bookworm as the base image for the second stage FROM bitnami/minideb:bookworm