Merge pull request #79 from RADAR-base/release-1.0.6

release-1.0.6

Author: pvannierop

.github/workflows/main.yml

@@ -1,36 +1,28 @@
-# Continuous integration, including test and integration test
 name: CI
 
-# Run in main and dev branches and in all pull requests to those branches
 on:
   push:
     branches: [ master, dev ]
   pull_request:
     branches: [ master, dev ]
 
 jobs:
-  # Build and test the code
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
-      - uses: actions/setup-java@v3
+      - uses: actions/setup-java@v5
         with:
           distribution: temurin
           java-version: 17
 
       - name: Setup Gradle
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/actions/setup-gradle@v3
 
-      # Compile the code
       - name: Compile code
         run: ./gradlew assemble
 
-      # Gradle check
       - name: Check
         run: ./gradlew check

.github/workflows/release.yml

@@ -1,44 +1,40 @@
-# Create release files
 name: Release
 
 on:
   release:
     types: [ published ]
 
 env:
-  DOCKER_IMAGE: radarbase/radar-redcapintegration
+  REGISTRY: ghcr.io
+  REPOSITORY: ${{ github.repository }}
+  IMAGE_NAME: radar-redcapintegration
 
 jobs:
-  # Build and push tagged release docker image
   docker:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
 
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
-      # Add Docker labels and tags
-      - name: Docker meta
-        id: docker_meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ${{ env.DOCKER_IMAGE }}
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-
-      - name: Login to DockerHub
+      - name: Login to Container Registry
         uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Lowercase image name
+        run: |
+          echo "DOCKER_IMAGE=${REGISTRY}/${REPOSITORY,,}/${IMAGE_NAME}" >>${GITHUB_ENV}
 
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v6
         with:
-          # Allow running the image on the architectures supported by openjdk:11-jre-slim
+          # Allow running the image on the architectures supported by openjdk:17-jre-slim
           push: true
           tags: ${{ steps.docker_meta.outputs.tags }}
           context: .

.github/workflows/scheduled-snyk-docker.yaml

@@ -6,14 +6,23 @@ on:
   workflow_dispatch:
 
 env:
-  DOCKER_IMAGE: radarbase/radar-redcapintegration
+  REGISTRY: ghcr.io
+  REPOSITORY: ${{ github.repository }}
+  IMAGE_NAME: radar-redcapintegration
 
 jobs:
   security:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
+
+      - name: Lowercase image name
+        run: |
+          echo "DOCKER_IMAGE=${REGISTRY}/${REPOSITORY,,}/${IMAGE_NAME}" >>${GITHUB_ENV}
 
       - name: Run Snyk to check for vulnerabilities
         continue-on-error: true # To make sure that SARIF upload gets called

.github/workflows/scheduled-snyk.yaml

@@ -8,12 +8,13 @@ on:
 jobs:
   security:
     runs-on: ubuntu-latest
+    permissions: write-all
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/gradle-jdk17@master
+        uses: snyk/actions/gradle-8-jdk17@master
         continue-on-error: true # To make sure that SARIF upload gets called
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
@@ -23,7 +24,7 @@ jobs:
             --configuration-matching='^runtimeClasspath$'
             --fail-on=upgradable
             --severity-threshold=high
-            --policy-path=.snykS
+            --policy-path=.snyk
             --org=radar-base
             --sarif-file-output=snyk.sarif
 

.github/workflows/snyk.yaml

@@ -11,10 +11,10 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v5
 
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/gradle-jdk17@master
+        uses: snyk/actions/gradle-8-jdk17@master
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with:

Dockerfile

@@ -10,17 +10,14 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM openjdk:17 as builder
+
+FROM --platform=$BUILDPLATFORM gradle:8.13-jdk17 AS builder
 
 RUN mkdir /code
 WORKDIR /code
 
 ENV GRADLE_OPTS -Dorg.gradle.daemon=false
 
-COPY ./gradle/wrapper /code/gradle/wrapper
-COPY ./gradlew /code/
-RUN ./gradlew --version
-
 COPY ./build.gradle ./settings.gradle /code/
 
 RUN ./gradlew downloadApplicationDependencies

build.gradle

@@ -5,7 +5,7 @@ plugins {
     id 'checkstyle'
     id 'jacoco'
     id 'application'
-    id 'org.jetbrains.kotlin.jvm' version '1.5.21'
+    id 'org.jetbrains.kotlin.jvm' version '1.9.25'
 }
 
 group = 'org.radarbase'
@@ -17,7 +17,7 @@ application {
 
 java {
     toolchain {
-        languageVersion = JavaLanguageVersion.of(11)
+        languageVersion = JavaLanguageVersion.of(17)
     }
 }
 
@@ -64,7 +64,7 @@ configurations {
 
 ext {
     apacheCommonsIoVersion = '2.5'
-    apacheCommonsLangVersion = '3.6'
+    apacheCommonsLangVersion = '3.18.0'
     jerseyVersion = '2.31'
     jerseymediaVersion = '2.30.1'
     junitVersion = '4.12'
@@ -75,6 +75,15 @@ ext {
     jacksonVersion = '2.16.1'
 }
 
+configurations.configureEach {
+    resolutionStrategy {
+        /* The entries in the block below are added here to force the version of
+        *  transitive dependencies and mitigate reported vulnerabilities */
+        force("org.apache.commons:commons-lang3:$apacheCommonsLangVersion")
+    }
+}
+
+
 dependencies {
     implementation "ch.qos.logback:logback-classic:$logbackVersion"
     runtimeOnly "org.glassfish.jersey.media:jersey-media-json-jackson:$jerseymediaVersion"
@@ -125,12 +134,12 @@ tasks.withType(JavaCompile) {
 }
 
 tasks.named('wrapper') {
-    gradleVersion = '7.4'
+    gradleVersion = '8.13'
 }
 
-tasks.withType(Tar) {
+tasks.withType(Tar).configureEach {
     compression = Compression.GZIP
-    extension = "tar"
+    archiveExtension.set("tar")
 }
 
 test {
@@ -199,8 +208,10 @@ tasks.register('copyConf', Copy) {
     }
 }
 
+
+
 tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile) {
     kotlinOptions {
-        jvmTarget = "11"
+        jvmTarget = "17"
     }
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.4-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.13-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists