hmcts · endakelly · Jan 26, 2024
@@ -105,21 +105,21 @@
    ]]></notes>
     <cve>CVE-2023-35116</cve>
   </suppress>
-  <suppress until="2024-01-12">
+  <suppress until="2024-02-12">
    <notes><![CDATA[
    file name: jackson-databind-2.15.3.jar
    ]]></notes>
    <packageUrl regex="true">^pkg:maven/com\.fasterxml\.jackson\.core/jackson\-databind@.*$</packageUrl>
    <cve>CVE-2023-35116</cve>
 </suppress>
-<suppress until="2024-01-12">
+<suppress until="2024-02-12">
    <notes><![CDATA[
    file name: logback-classic-1.4.11.jar
    ]]></notes>
    <packageUrl regex="true">^pkg:maven/ch\.qos\.logback/logback\-classic@.*$</packageUrl>
    <cve>CVE-2023-6378</cve>
 </suppress>
-<suppress until="2024-01-12">
+<suppress until="2024-02-12">
    <notes><![CDATA[
    file name: logback-core-1.4.11.jar
    ]]></notes>

@@ -1,23 +1,31 @@
----
-version: '2.1'
+version: "3"
 
 services:
-  pdf-service-api:
-    build:
-      context: .
-      args:
-        - http_proxy
-        - https_proxy
-        - no_proxy
-    image: hmctspublic.azurecr.io/rpe/pdf-service
+  api:
+    image: ruby:3.2-alpine
     environment:
-      # used by java-logging library
-      - ROOT_APPENDER
-      - JSON_CONSOLE_PRETTY_PRINT
-      - ROOT_LOGGING_LEVEL
-      - REFORM_SERVICE_NAME
-      - REFORM_TEAM
-      - REFORM_ENVIRONMENT
-      - AZURE_APPLICATIONINSIGHTS_INSTRUMENTATIONKEY=0000-0000-0000-0000
-    ports:
-      - 5500:5500
+      # Setting the response body as an environment variable is just a way
+      # to get around the multiple layers of nested quotes in the command!
+      RESPONSE_BODY: "{\"id\": \"1\", \"name\": \"Foo\"}"
+    command: sh -c "gem install webrick -v 1.8.1 && gem install rack -v 2.2.7 && rackup -o 0.0.0.0 -b \"run ->(env){ [200, {'Content-Type' => 'application/pdf'}, [ENV['RESPONSE_BODY']]] }\""
+    expose:
+      - "9292"
+
+  pact_verifier:
+    image: pactfoundation/pact-cli:0.53.0-pactcli0.52.0
+    depends_on:
+      - api
+    environment:
+      - PACT_BROKER_BASE_URL
+      - PACT_BROKER_USERNAME
+      - PACT_BROKER_PASSWORD
+      - PACT_BROKER_PUBLISH_VERIFICATION_RESULTS
+      - GIT_COMMIT
+      - GIT_BRANCH
+    command: >
+      verify
+      --provider-base-url http://api:9292
+      --provider rpePdfService_PDFGenerationEndpointV2 
+      --provider-app-version ${GIT_COMMIT}
+      --provider-version-tag ${GIT_BRANCH}
+      --wait 20
diff --git a/infrastructure/state.tf b/infrastructure/state.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.86.0"
+      version = "~> 3.88.0"
     }
     random = {
       source = "hashicorp/random"

@@ -0,0 +1,64 @@
+def nonProdName = System.getenv("NONPROD_SUBSCRIPTION_NAME")
+
+def mirrorHost = nonProdName == "sandbox" || nonProdName == "sbox" ? 'artifactory.sandbox' : 'artifactory'
+def mirrorUrl = "https://${mirrorHost}.platform.hmcts.net/artifactory/maven-remotes"
+
+allprojects {
+  repositories {
+    maven {
+      url mirrorUrl
+    }
+  }
+  buildscript {
+    repositories {
+      maven {
+        url mirrorUrl
+      }
+      mavenCentral()
+    }
+    dependencies {
+      classpath  group: 'org.postgresql', name: 'postgresql', version: '42.6.0'
+    }
+  }
+
+  task printVersionInit {
+    doLast { println project.version }
+  }
+}
+
+settingsEvaluated { settings ->
+  settings.pluginManagement {
+    repositories {
+      maven {
+        url mirrorUrl
+      }
+    }
+  }
+}
+
+allprojects {
+  afterEvaluate { project ->
+    if (project.hasProperty('dependencyCheck')) {
+      configure(project) {
+        dependencyCheck {
+          autoUpdate = false
+          hostedSuppressions.forceupdate = true
+          // Any CVE should fail the build.
+          failBuildOnCVSS = 0
+
+          // JSON dependency check reports are logged to cosmos for reporting.
+          formats += 'JSON'
+
+          // Scan only the dependencies used at application runtime.
+          // See https://docs.gradle.org/current/userguide/java_plugin.html#sec:java_plugin_and_dependency_management
+          if (!('runtimeClasspath' in it.scanConfigurations)) {
+            scanConfigurations += 'runtimeClasspath'
+          }
+          // Scan and skip configurations are mutually exclusive,
+          // so we must clear any skipped configurations the build may have configured.
+          skipConfigurations = []
+        }
+      }
+    }
+  }
+}