LodLive · ioggstream · Oct 5, 2022 · Oct 6, 2022 · Oct 25, 2022 · Oct 25, 2022
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,9 @@
+version: 2
+updates:
+- package-ecosystem: gradle
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "18:45"
+    timezone: "Europe/Rome"
+  open-pull-requests-limit: 10
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,86 @@
+#################
+# Jetbrains IDEs
+#################
+
+
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# AWS User-specific
+.idea/**/aws.xml
+
+# Generated files
+.idea/**/contentModel.xml
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/artifacts
+# .idea/compiler.xml
+# .idea/jarRepositories.xml
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# SonarLint plugin
+.idea/sonarlint/
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests
+
+# Android studio 3.1+ serialized cache file
+.idea/caches/build_file_checksums.ser
+
 #################
 ## Eclipse
 #################
@@ -70,14 +153,12 @@ build/
 *.tlb
 *.tli
 *.tlh
-*.tmp
 *.tmp_proj
 *.log
 *.vspscc
 *.vssscc
 .builds
 *.pidb
-*.log
 *.scc
 
 # Visual C++ cache files
@@ -196,7 +277,6 @@ $RECYCLE.BIN/
 *.egg
 *.egg-info
 dist/
-build/
 eggs/
 parts/
 var/
@@ -216,3 +296,53 @@ pip-log.txt
 
 #Mr Developer
 .mr.developer.cfg
+
+#############
+## Other exclusions from gitignore.io
+#############
+
+# Created by http://gitignore.io
+
+### Linux ###
+.*
+!.gitignore
+!.git*
+
+### OSX ###
+.AppleDouble
+.LSOverride
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes
+
+### Java ###
+*.class
+
+# Package Files #
+*.jar
+*.war
+*.ear
+
+### Gradle ###
+# Exclude Folder List #
+.gradle/
+
+### Eclipse ###
+bin/**
+tmp/**
+tmp/**/*
+
+### IntelliJ ###
+*.iml
+*.ipr
+
+### SVN ###
+.svn/
+
+/bin
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,12 @@
-FROM maven:3-jdk-8 AS builder
+FROM openjdk:11-jdk-slim as builder
 WORKDIR /app
 COPY . /app
-RUN mvn compile war:war
+RUN ./gradlew clean build
 
-FROM tomcat:7
-LABEL [email protected]
-ENV CATALINA_OPTS="-XX:+UseSerialGC"
-COPY --from=builder /app/target/lodview.war /usr/local/tomcat/webapps/lodview.war
-CMD ["catalina.sh", "run"]
+# Execute container as user.
+FROM openjdk:11-jdk-slim
+LABEL [email protected]
+USER 1001
+COPY --from=builder /app/build/libs/lodview.war /lodview.war
+CMD ["java", "-jar", "/lodview.war"]
 EXPOSE 8080 8009
diff --git a/WebContent/META-INF/MANIFEST.MF b/WebContent/META-INF/MANIFEST.MF
diff --git a/build.gradle b/build.gradle
@@ -0,0 +1,100 @@
+plugins {
+    id 'org.springframework.boot' version '2.7.5'
+    id 'io.spring.dependency-management' version '1.1.0'
+    id 'java'
+    id "org.owasp.dependencycheck" version "7.3.0"
+    id 'com.github.spotbugs' version '5.0.13'
+    id 'war'
+}
+
+group = 'it.gov.innovazione'
+version = '0.0.1-SNAPSHOT'
+sourceCompatibility = '11'
+
+configurations {
+    compileOnly {
+        extendsFrom annotationProcessor
+    }
+}
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    implementation('org.springframework.boot:spring-boot-starter-web') {
+        exclude group: 'org.yaml'
+    }
+
+    providedRuntime('org.springframework.boot:spring-boot-starter-tomcat')
+
+    implementation 'org.apache.jena:apache-jena-libs:4.6.1'
+    constraints {
+        implementation ('com.google.protobuf:protobuf-java:3.21.8') {
+            because 'previous versions have security bugs'
+        }
+    }
+
+    implementation 'org.apache.tomcat.embed:tomcat-embed-jasper'
+    implementation 'org.apache.commons:commons-text:1.10.0'
+
+    implementation 'org.apache.taglibs:taglibs-standard-spec:1.2.5'
+    implementation 'org.apache.taglibs:taglibs-standard-impl:1.2.5'
+    implementation 'org.apache.taglibs:taglibs-standard-jstlel:1.2.5'
+    compileOnly 'org.projectlombok:lombok'
+    annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor'
+    annotationProcessor 'org.projectlombok:lombok'
+    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+}
+
+spotbugsMain {
+    excludeFilter = file("${rootProject.projectDir}/config/spotbugs/exclude-filter.xml")
+
+    reports {
+        html {
+            enabled = true
+            destination = file("$buildDir/reports/spotbugs/main/spotbugs.html")
+        }
+    }
+}
+
+spotbugsTest {
+    excludeFilter = file("${rootProject.projectDir}/config/spotbugs/exclude-filter.xml")
+    reports {
+        html {
+            enabled = true
+            destination = file("$buildDir/reports/spotbugs/test/spotbugs.html")
+        }
+    }
+}
+
+dependencyCheck {
+    skipConfigurations = ['spotbugs']
+
+//set up a quality gate for vulnerabilities with high severity level:
+//let's consider that a vulnerability has a high severity level if its CVSS score is higher than 7
+//the build is going to fail if vulnerabilities with high severity level found
+    failBuildOnCVSS = 7
+
+//specify a list of known issues which contain:
+//false-positives
+//confirmed vulnerabilities which are not fixed yet, but we have a ticket for that
+    suppressionFile = 'config/dependency-check/dependency-check-known-issues.xml'
+}
+
+gradle.taskGraph.whenReady { graph ->
+    if (graph.hasTask(build)) {
+        spotbugsMain.enabled = false
+        dependencyCheckAnalyze.enabled = false
+        spotbugsTest.enabled = false
+    }
+}
+
+bootWar {
+    enabled = true
+    archiveName("lodview.war")
+}
+
+tasks.named('test') {
+    useJUnitPlatform()
+}