/* * Copyright OpenSearch Contributors * SPDX-License-Identifier: Apache-2.0 */ import com.github.jk1.license.render.TextReportRenderer buildscript { repositories { mavenCentral() { metadataSources { mavenPom() ignoreGradleMetadataRedirection() } } maven { url 'https://plugins.gradle.org/m2/' metadataSources { mavenPom() ignoreGradleMetadataRedirection() } } } dependencies { classpath 'com.github.jk1:gradle-license-report:2.1' } } plugins { id 'com.diffplug.spotless' version '6.11.0' id 'io.spring.dependency-management' version '1.1.0' } apply from: file("${rootDir}/build-resources.gradle") allprojects { apply plugin: 'checkstyle' apply plugin: 'com.diffplug.spotless' apply plugin: 'com.github.jk1.dependency-license-report' group = 'org.opensearch.dataprepper' ext { mavenPublicationRootFile = file("${rootProject.buildDir}/m2") } repositories { mavenCentral() maven { url 'https://jitpack.io' } maven { url 'https://packages.confluent.io/maven/' } } spotless { format 'markdown', { target '*.md' // TODO: enrich format rules endWithNewline() } format 'misc', { target '.gitignore', '*.yml', '*.yaml' // TODO: enrich format rules trimTrailingWhitespace() endWithNewline() } } } subprojects { apply plugin: 'java' apply plugin: 'maven-publish' apply plugin: 'jacoco' java { toolchain { languageVersion = JavaLanguageVersion.of(11) } } spotless { java { targetExclude 'build/generated-src/antlr/**' // TODO: enrich format rules removeUnusedImports() } } dependencies { implementation platform('com.fasterxml.jackson:jackson-bom:2.15.0') implementation platform('io.micrometer:micrometer-bom:1.10.5') implementation libs.guava.core implementation libs.slf4j.api testImplementation testLibs.bundles.junit testImplementation testLibs.bundles.mockito testImplementation testLibs.hamcrest testImplementation testLibs.awaitility constraints { implementation('org.apache.httpcomponents:httpclient') { version { require '4.5.14' } because 'We want the newest version of httpclient.' } implementation('org.apache.logging.log4j:log4j-core') { version { require '2.17.1' } because 'Log4j 2.17.1 fixes CVE-2021-44228, CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832' } implementation('org.apache.logging.log4j:log4j-api') { version { require '2.17.1' } because 'the build fails if the Log4j API is not update along with log4j-core' } implementation('com.google.code.gson:gson') { version { require '2.8.9' } because 'Fixes WS-2021-0419 DoS vulnerability' } implementation('com.google.protobuf:protobuf-java') { version { require '3.21.11' } because 'Fixes CVE-2022-3509, CVE-2022-3510' } implementation('org.yaml:snakeyaml') { version { require '2.0' } because 'Fixes CVE-2022-1471' } implementation('org.codehaus.jettison:jettison') { version { require '1.5.4' } because 'CVE from transitive dependecies' } implementation('net.minidev:json-smart') { version { require '2.4.11' } because 'CVE from transitive dependencies' } implementation('org.eclipse.jetty:jetty-http') { version { require '11.0.15' } because 'CVE from transitive dependencies' } implementation('org.eclipse.jetty:jetty-server') { version { require '11.0.15' } because 'CVE from transitive dependencies' } implementation('org.jetbrains.kotlin:kotlin-stdlib') { version { require '1.8.21' } because 'CVE from transitive dependencies' } } } test { useJUnitPlatform() } configurations.all { resolutionStrategy.eachDependency { def details -> if (details.requested.group == 'io.netty') { if (details.requested.name == 'netty') { details.useTarget group: 'io.netty', name: 'netty-all', version: '4.1.86.Final' // replace with your desired version } else if (!details.requested.name.startsWith('netty-tcnative')) { details.useVersion '4.1.86.Final' details.because 'Fixes CVE-2022-41881, CVE-2021-21290 and CVE-2022-41915.' } } else if (details.requested.group == 'log4j' && details.requested.name == 'log4j') { details.useTarget group: 'org.apache.logging.log4j', name: 'log4j-1.2-api', version: '2.17.1' } else if (details.requested.group == 'org.xerial.snappy' && details.requested.name == 'snappy-java') { details.useTarget group: 'org.xerial.snappy', name: 'snappy-java', version: '1.1.10.1' } } } build.dependsOn test jacocoTestReport { dependsOn test // tests are required to run before generating the report reports { xml.required } } task allDeps(type: DependencyReportTask) {} } configure(subprojects.findAll {it.name != 'data-prepper-api'}) { dependencies { implementation platform('software.amazon.awssdk:bom:2.17.264') implementation 'jakarta.validation:jakarta.validation-api:3.0.2' } } configure(mavenArtifactProjects) { java { withJavadocJar() withSourcesJar() } publishing { repositories { maven { url "file://${mavenPublicationRootFile.absolutePath}" } } publications { maven(MavenPublication) { from components.java pom { name = project.name description = "Data Prepper project: ${project.name}" url = 'https://github.com/opensearch-project/data-prepper' licenses { license { name = 'The Apache Software License, Version 2.0' url = 'http://www.apache.org/licenses/LICENSE-2.0.txt' distribution = 'repo' } } developers { developer { name = 'OpenSearch' url = 'https://github.com/opensearch-project' } } scm { url = 'https://github.com/opensearch-project/data-prepper' } } } } } } configure(coreProjects) { jacocoTestReport { dependsOn test // tests are required to run before generating the report reports { xml.required csv.required html.destination file("${buildDir}/reports/jacocoHtml") } } test { finalizedBy jacocoTestReport // report is always generated after tests run } jacocoTestCoverageVerification { dependsOn jacocoTestReport violationRules { rule { limit { minimum = 0.65 //TODO increase this to 0.75 } } } } check.dependsOn jacocoTestCoverageVerification } licenseReport { excludeOwnGroup = true excludeBoms = true excludes = ['software.amazon.awssdk:bom'] renderers = new TextReportRenderer() } task generateThirdPartyReport(type: Copy) { from 'build/reports/dependency-license/' into '.' include 'THIRD-PARTY-NOTICES.txt' rename 'THIRD-PARTY-NOTICES.txt', 'THIRD-PARTY' generateThirdPartyReport.dependsOn(generateLicenseReport) }