Merge branch 'main' into PI-2065-fixes-and-pagination

.github/actions/analyse/action.yml

@@ -23,7 +23,7 @@ runs:
       shell: bash
 
     - name: Publish test reports
-      uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1
+      uses: mikepenz/action-junit-report@ac30be7acb0a361e5492575ab42e47fcadec4928 # v4.2.2
       if: always() && github.actor != 'dependabot[bot]'
       with:
         check_name: |-

.github/actions/app-insights-to-slack/action.yml

@@ -73,7 +73,11 @@ runs:
           | where timestamp between (${{ inputs.time_range }})
           | where cloud_RoleName in ("${{ inputs.project_name }}")
           | where name in ("${{ steps.event_names.outputs.result }}")
-          | project customDimensions.${{ inputs.column1_value }}, iif(isempty(customDimensions.${{ inputs.column2_value }}), "n/a", customDimensions.${{ inputs.column2_value }}), itemId, timestamp
+          | project 
+              customDimensions.${{ inputs.column1_value }},
+              iif(isempty(customDimensions.${{ inputs.column2_value }}), "N/A", customDimensions.${{ inputs.column2_value }}),
+              itemId,
+              timestamp
           | order by tostring(customDimensions_${{ inputs.column1_value }}) asc
 
     - name: Transform results into Slack message
@@ -94,7 +98,7 @@ runs:
               {
                 "type": "section",
                 "text": {
-                  "type": "plain_text",
+                  "type": "mrkdwn",
                   "text": "${{ inputs.summary }}"
                 },
                 "fields": [

.github/actions/format-code/action.yml

@@ -60,7 +60,7 @@ runs:
       env:
         mask: ${{ inputs.mask }}
 
-    - uses: planetscale/ghcommit-action@21a8cda29f55e5cc2cdae0cdbdd08e38dd148c25 # v0.2.9
+    - uses: planetscale/ghcommit-action@84c52a5164423e2cd66371ecae81d9049a2cf105 # v0.1.41
       with:
         commit_message: ${{ inputs.commit_message }}
         repo: ${{ github.repository }}

.github/actions/render-project-template/action.yml

@@ -30,6 +30,7 @@ runs:
         sed -i '/add new projects here/a \    "${{ inputs.project_name }}",' settings.gradle.kts
         sed -i '/add new projects here/i \          - '"'"'["${{ inputs.project_name }}"]'"'"'' .github/workflows/access.yml
         sed -i '/add new projects here/i \          - '"'"'["${{ inputs.project_name }}"]'"'"'' .github/workflows/deploy.yml
+        sed -i '/add new projects here/i \          - '"'"'["${{ inputs.project_name }}"]'"'"'' .github/workflows/service-catalogue.yml
         sed -i '/add new projects here/i \          - ${{ inputs.project_name }}' .github/workflows/build.yml
         sed -i '/add new projects here/i \* [${{ steps.project_name.outputs.title_case }}](https://ministryofjustice.github.io/hmpps-probation-integration-services/tech-docs/projects/${{ inputs.project_name }})' doc/tech-docs/source/services.html.md.erb
         sed 's/$SERVICE_NAME/${{ inputs.project_name }}/g' templates/runConfiguration.xml > '.idea/runConfigurations/${{ steps.project_name.outputs.underscore }}.xml'

.github/workflows/docs.yml

@@ -129,14 +129,14 @@ jobs:
 
       - name: Deploy main
         if: github.ref_name == 'main'
-        uses: JamesIves/github-pages-deploy-action@ec9c88baef04b842ca6f0a132fd61c762aa6c1b0 # v4.6.0
+        uses: JamesIves/github-pages-deploy-action@5c6e9e9f3672ce8fd37b9856193d2a537941e66c # v4.6.1
         with:
           folder: tech-docs
           target-folder: tech-docs
 
       - name: Deploy branch
         if: github.ref_name != 'main'
-        uses: JamesIves/github-pages-deploy-action@ec9c88baef04b842ca6f0a132fd61c762aa6c1b0 # v4.6.0
+        uses: JamesIves/github-pages-deploy-action@5c6e9e9f3672ce8fd37b9856193d2a537941e66c # v4.6.1
         with:
           folder: tech-docs
           target-folder: tech-docs-drafts/${{ github.ref_name }}

.github/workflows/gradle.yml

@@ -32,7 +32,7 @@ jobs:
           passphrase: ${{ secrets.BOT_GPG_PASSPHRASE }}
           git_user_signingkey: true
           git_commit_gpgsign: true
-      - uses: gradle-update/update-gradle-wrapper-action@v1
+      - uses: gradle-update/update-gradle-wrapper-action@0407394b9d173dfc9cf5695f9f560fef6d61a5fe # v1
         with:
           labels: dependencies
           repo-token: ${{ secrets.BOT_GITHUB_TOKEN }}
@@ -41,6 +41,6 @@ jobs:
           if [ "$(git branch --show-current)" != main ]; then
             git config --local user.name probation-integration-bot
             git config --local user.email [email protected]
-            git commit --amend --reset-author --no-edit
+            git rebase --exec 'git commit --amend --reset-author --no-edit' "HEAD~$(find . -type f -name gradlew | wc -l)"
             git push --set-upstream origin "$(git branch --show-current)" --force
           fi

.github/workflows/reports.yml

@@ -61,11 +61,11 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/app-insights-to-slack
         with:
-          title: Offence added
-          summary: The following offences were updated from the Manage Offences service.
+          title: New Offences
+          summary: The following offences were newly created in the <https://manage-offences.hmpps.service.justice.gov.uk|Manage Offences service> over the last 7 days.
           event_name: OffenceCodeCreated
           project_name: manage-offences-and-delius
-          column1_header: "Offence Code"
+          column1_header: Offence Code
           column1_value: offenceCode
           column2_header: Home Office Code
           column2_value: homeOfficeCode

.github/workflows/schema-spy.yml

@@ -34,7 +34,7 @@ jobs:
           DB_PASSWORD: ${{ secrets.SCHEMA_SPY_PASSWORD }}
 
       - name: Publish HTML report
-        uses: JamesIves/github-pages-deploy-action@ec9c88baef04b842ca6f0a132fd61c762aa6c1b0 # v4.6.0
+        uses: JamesIves/github-pages-deploy-action@5c6e9e9f3672ce8fd37b9856193d2a537941e66c # v4.6.1
         with:
           folder: schema-spy-report
           target-folder: schema-spy-report

.github/workflows/security.yml

@@ -38,7 +38,7 @@ jobs:
           echo >> projects/${{ matrix.project }}/.trivyignore
 
       - name: Scan image
-        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
+        uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0
         with:
           image-ref: 'ghcr.io/ministryofjustice/hmpps-probation-integration-services/${{ matrix.project }}:latest'
           ignore-unfixed: true
@@ -56,7 +56,7 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
       - name: Get Trivy results
-        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
+        uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # v0.21.0
         with:
           image-ref: 'ghcr.io/ministryofjustice/hmpps-probation-integration-services/${{ matrix.project }}:latest'
           ignore-unfixed: true

.github/workflows/service-catalogue.yml

@@ -0,0 +1,156 @@
+name: Service catalogue
+# Add projects to the HMPPS Service Catalogue
+
+on:
+  workflow_dispatch:
+    inputs:
+      projects:
+        description: Project
+        type: choice
+        required: true
+        options:
+          - 'All'
+          - '["accredited-programmes-and-oasys"]'
+          - '["approved-premises-and-delius"]'
+          - '["approved-premises-and-oasys"]'
+          - '["arns-and-delius"]'
+          - '["assessment-summary-and-delius"]'
+          - '["cas2-and-delius"]'
+          - '["cas3-and-delius"]'
+          - '["core-person-record-and-delius"]'
+          - '["court-case-and-delius"]'
+          - '["create-and-vary-a-licence-and-delius"]'
+          - '["custody-key-dates-and-delius"]'
+          - '["domain-events-and-delius"]'
+          - '["dps-and-delius"]'
+          - '["effective-proposal-framework-and-delius"]'
+          - '["external-api-and-delius"]'
+          - '["hdc-licences-and-delius"]'
+          - '["hmpps-auth-and-delius"]'
+          - '["make-recall-decisions-and-delius"]'
+          - '["manage-offences-and-delius"]'
+          - '["manage-pom-cases-and-delius"]'
+          - '["manage-supervision-and-delius"]'
+          - '["manage-supervision-and-oasys"]'
+          - '["oasys-and-delius"]'
+          - '["offender-events-and-delius"]'
+          - '["opd-and-delius"]'
+          - '["pathfinder-and-delius"]'
+          - '["person-search-index-from-delius"]'
+          - '["pre-sentence-reports-to-delius"]'
+          - '["prison-case-notes-to-probation"]'
+          - '["prison-custody-status-to-delius"]'
+          - '["prison-education-and-delius"]'
+          - '["prison-identifier-and-delius"]'
+          - '["prisoner-profile-and-delius"]'
+          - '["probation-search-and-delius"]'
+          - '["refer-and-monitor-and-delius"]'
+          - '["resettlement-passport-and-delius"]'
+          - '["risk-assessment-scores-to-delius"]'
+          - '["sentence-plan-and-delius"]'
+          - '["sentence-plan-and-oasys"]'
+          - '["soc-and-delius"]'
+          - '["tier-to-delius"]'
+          - '["unpaid-work-and-delius"]'
+          - '["workforce-allocations-to-delius"]'
+          # ^ add new projects here
+          # GitHub Actions doesn't support dynamic choices, we must add each project here to enable manual deployments
+          # See https://github.com/community/community/discussions/11795
+  push:
+    branches:
+      - main
+    paths:
+      - 'projects/**/deploy'
+
+jobs:
+  get-projects:
+    outputs:
+      projects: ${{ steps.output.outputs.projects }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - id: check-changes
+        if: github.event_name == 'push'
+        uses: ./.github/actions/check-changes
+        with:
+          filters: |
+            projects:
+              - 'projects/**/deploy'
+      - name: Get projects - changed
+        if: github.event_name == 'push'
+        run: echo "projects=$PROJECTS" | tee -a "$GITHUB_ENV"
+        env:
+          PROJECTS: ${{ steps.check-changes.outputs.projects }}
+      - name: Get projects - all
+        if: github.event_name == 'workflow_dispatch' && inputs.projects == 'All'
+        run: echo "projects=$(find projects -mindepth 1 -maxdepth 1 -printf "%f\n" | jq --raw-input . | jq --slurp --compact-output .)" | tee -a "$GITHUB_ENV"
+      - name: Get projects - selected
+        if: github.event_name == 'workflow_dispatch' && inputs.projects != 'All'
+        run: echo 'projects=${{ inputs.projects }}' | tee -a "$GITHUB_ENV"
+      - id: output
+        run: echo 'projects=${{ env.projects }}' | tee -a "$GITHUB_OUTPUT"
+
+  update-catalogue:
+    runs-on: ubuntu-latest
+    needs: get-projects
+    strategy:
+      fail-fast: false
+      matrix:
+        project: ${{ fromJson(needs.get-projects.outputs.projects) }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ./.github/actions/cloud-platform-auth
+        with:
+          api: ${{ secrets.KUBE_ENV_API }}
+          cert: ${{ secrets.KUBE_CERT }}
+          cluster: ${{ secrets.KUBE_CLUSTER }}
+          namespace: ${{ secrets.KUBE_NAMESPACE }}
+          token: ${{ secrets.KUBE_TOKEN }}
+
+      - name: Get environment details
+        id: environments
+        run: |
+          environments=[]
+          for env in dev preprod prod; do
+            values_file="projects/$PROJECT_NAME/deploy/values-$env.yml"
+            if [ -f "$values_file" ] && [ "$(yq '.enabled' "$values_file" | sed 's/^null$/true/')" = "true" ] && [ -n "$(yq '.generic-service.ingress.host' "$values_file")" ]; then 
+              url=$(yq '.generic-service.ingress.host' "$values_file")
+              health_path=$(yq '.generic-service.livenessProbe.httpGet.path // "/health"' "projects/$PROJECT_NAME/deploy/values.yaml")
+              environments=$(echo "$environments" | jq -c '. += [{
+                "name": $name,
+                "type": $name,
+                "url": ("https://" + $url),
+                "health_path": $health_path,
+                "info_path": "/info",
+                "namespace": ("hmpps-probation-integration-services-" + $name)
+              }]' --arg name "$env" --arg url "$url" --arg health_path "$health_path")
+            fi
+          done
+          echo "environments=$environments" | tee -a "$GITHUB_OUTPUT"
+        env:
+          PROJECT_NAME: ${{ matrix.project }}
+
+      - name: Update catalogue
+        run: |
+          ./script/start-service-pod.sh
+          PROJECT_TITLE="$(awk 'BEGIN {RS=""; FS="\n"} !/^[#\/]/ {gsub("\n", " ", $0); sub(/\. .*/, "."); print; exit}' "projects/$PROJECT_NAME/README.md")" # First line of the project's README.md
+          kubectl cp ./script/update-service-catalogue.sh "$POD_NAME:/tmp/update-service-catalogue.sh"
+          kubectl exec "$POD_NAME" -- env \
+            PROJECT_NAME="$PROJECT_NAME" \
+            PROJECT_TITLE="$PROJECT_TITLE" \
+            ENVIRONMENTS="$ENVIRONMENTS" \
+            SERVICE_CATALOGUE_API_KEY="$SERVICE_CATALOGUE_API_KEY" \
+          /tmp/update-service-catalogue.sh
+        env:
+          NAMESPACE: ${{ secrets.KUBE_NAMESPACE }}
+          POD_NAME: sc-${{ matrix.project }}
+          PROJECT_NAME: ${{ matrix.project }}
+          ENVIRONMENTS: ${{ steps.environments.outputs.environments }}
+          SERVICE_CATALOGUE_API_KEY: ${{ secrets.SERVICE_CATALOGUE_API_KEY }}
+
+      - name: Delete pod
+        if: always()
+        run: kubectl delete pod "$POD_NAME" || true
+        env:
+          POD_NAME: sc-${{ matrix.project }}

.gitignore

@@ -5,6 +5,9 @@ build/
 !**/src/main/**/build/
 !**/src/test/**/build/
 
+### Kotlin 2.0 ###
+.kotlin
+
 ### STS ###
 .apt_generated
 .classpath

.trivyignore

@@ -1,6 +0,0 @@
-# Reason: The git plugin is only used for reading git metadata, not cloning repos.
-#         A pull request has been raised to bump the jgit version (https://github.com/n0mer/gradle-git-properties/pull/231),
-#         however the last commit to that repo was in 2022 - so it's unlikely to be merged.
-# Package: org.eclipse.jgit:org.eclipse.jgit:4.5.0.201609210915-r
-#          (used by Gradle plugin: com.gorylenko.gradle-git-properties)
-CVE-2023-4759 exp:2024-06-01

build.gradle.kts

@@ -1,5 +1,5 @@
 import com.gorylenko.GenerateGitPropertiesTask
-import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
+import org.jetbrains.kotlin.gradle.dsl.JvmTarget
 import org.jetbrains.kotlin.noarg.gradle.NoArgExtension
 import org.springframework.boot.gradle.tasks.buildinfo.BuildInfo
 import org.springframework.boot.gradle.tasks.bundling.BootJar
@@ -8,13 +8,12 @@ import uk.gov.justice.digital.hmpps.plugins.ClassPathPlugin
 import uk.gov.justice.digital.hmpps.plugins.JibConfigPlugin
 
 plugins {
-    kotlin("jvm") version "1.9.23"
-    kotlin("plugin.spring") version "1.9.23" apply false
-    kotlin("plugin.jpa") version "1.9.23" apply false
-    kotlin("kapt") version "1.9.23" apply false
-    id("org.springframework.boot") version "3.2.5" apply false
-    id("io.spring.dependency-management") version "1.1.4" apply false
-    id("com.gorylenko.gradle-git-properties") version "2.4.1" apply false
+    kotlin("jvm") version "2.0.0"
+    kotlin("plugin.spring") version "2.0.0" apply false
+    kotlin("plugin.jpa") version "2.0.0" apply false
+    id("org.springframework.boot") version "3.3.0" apply false
+    id("io.spring.dependency-management") version "1.1.5" apply false
+    id("com.gorylenko.gradle-git-properties") version "2.4.2" apply false
     id("com.google.cloud.tools.jib") apply false
     id("base")
     id("org.sonarqube")
@@ -40,38 +39,43 @@ allprojects {
         mavenCentral()
     }
 
+    apply {
+        plugin("org.jetbrains.kotlin.jvm")
+    }
+
+    kotlin {
+        compilerOptions {
+            jvmTarget.set(JvmTarget.JVM_21)
+            freeCompilerArgs.add("-Xjsr305=strict") // to make use of Spring's null-safety annotations
+        }
+    }
+
     tasks {
         withType<JavaCompile> {
             sourceCompatibility = "21"
         }
 
-        withType<KotlinCompile> {
-            kotlinOptions {
-                freeCompilerArgs = listOf("-Xjsr305=strict")
-                jvmTarget = "21"
-            }
-        }
-
         withType<BootJar> {
             enabled = false
         }
     }
 }
 
 subprojects {
-    apply { plugin("org.springframework.boot") }
-    apply { plugin("io.spring.dependency-management") }
-    apply { plugin("org.jetbrains.kotlin.jvm") }
-    apply { plugin("org.jetbrains.kotlin.kapt") }
-    apply { plugin("org.jetbrains.kotlin.plugin.jpa") }
-    apply { plugin("org.jetbrains.kotlin.plugin.spring") }
-    apply { plugin("jacoco") }
-    apply { plugin("test-report-aggregation") }
-    apply { plugin("jacoco-report-aggregation") }
-    apply { plugin("org.sonarqube") }
-    apply { plugin("com.gorylenko.gradle-git-properties") }
-    apply { plugin(JibConfigPlugin::class.java) }
-    apply { plugin(ClassPathPlugin::class.java) }
+    apply {
+        plugin("org.springframework.boot")
+        plugin("io.spring.dependency-management")
+        plugin("org.jetbrains.kotlin.jvm")
+        plugin("org.jetbrains.kotlin.plugin.jpa")
+        plugin("org.jetbrains.kotlin.plugin.spring")
+        plugin("jacoco")
+        plugin("test-report-aggregation")
+        plugin("jacoco-report-aggregation")
+        plugin("org.sonarqube")
+        plugin("com.gorylenko.gradle-git-properties")
+        plugin(JibConfigPlugin::class.java)
+        plugin(ClassPathPlugin::class.java)
+    }
 
     tasks {
         withType<BootRun> {

buildSrc/build.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-    id("com.google.cloud.tools.jib") version "3.4.2" apply false
+    id("com.google.cloud.tools.jib") version "3.4.3" apply false
     id("org.sonarqube") version "5.0.0.4638" apply false
     `kotlin-dsl`
 }