dvsa · sdh100shaun · May 8, 2024 · May 7, 2024 · May 7, 2024 · May 7, 2024
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -0,0 +1,54 @@
+name: CD
+
+on:
+    push:
+     branches:
+       -  main
+
+jobs:
+  release-please:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+    outputs:
+      tag_name: ${{ steps.release.outputs.tag_name }}
+      release_created: ${{ steps.release.outputs.release_created }}
+    steps:
+      - uses: google-github-actions/release-please-action@v4
+        id: release
+        with:
+          release-type: maven
+
+  call-build-maven:
+    needs: release-please
+    name: build with Maven
+    uses: ./.github/workflows/maven_build.yml
+
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    needs: 
+      - release-please
+      - call-build-maven
+    steps:
+        - name: checkout code
+          uses: actions/checkout@v4
+
+        - name: Set up JDK 11
+          uses: actions/setup-java@v4
+          with:
+            java-version: '11'
+            distribution: 'corretto'
+            cache: 'maven'
+
+        - name: Publish to GitHub Packages Apache Maven
+          if: ${{needs.release-please.outputs.release_created}}
+          run: mvn --batch-mode deploy
+          env:
+            GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+
+
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,17 @@
+name: CI
+
+on:
+    pull_request:
+
+jobs:
+  security:
+    name: Security
+    uses: ./.github/workflows/security.yaml
+    secrets: inherit
+
+  build-maven:      
+    name: build with Maven
+    uses: ./.github/workflows/maven_build.yaml
+    needs: security
+
+
diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
diff --git a/.github/workflows/maven_build.yaml b/.github/workflows/maven_build.yaml
@@ -0,0 +1,19 @@
+name: Maven Build
+
+on:
+  workflow_call:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+    build:
+      name: build
+      runs-on: ubuntu-latest
+      steps:
+       - uses: actions/checkout@v4
+
+       - run: mvn -B -P github package
+
+
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -0,0 +1,30 @@
+name: Maven Package and Deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK 11
+        uses: actions/setup-java@v4
+        with:
+          java-version: '11'
+          distribution: 'corretto'
+
+      - name: Build with Maven
+        run: mvn -B -Pgithub package --file pom.xml
+
+      - name: Publish to GitHub Packages Apache Maven
+        run: mvn --batch-mode deploy
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
@@ -0,0 +1,42 @@
+name: Security Scan
+
+on:
+  workflow_call:
+    inputs:
+      severity-threshold:
+        description: "Severity threshold"
+        required: false
+        default: "high"
+        type: string
+    secrets:
+      SNYK_TOKEN:
+        description: "Snyk token"
+        required: true
+  schedule:
+    # Weekly on Monday at 00:00 UTC
+    - cron: 0 0 * * 1
+
+permissions:
+  contents: read
+  packages: read
+
+jobs:      
+    scan:
+        name: scan
+        runs-on: ubuntu-latest
+        steps:
+
+        - uses: actions/checkout@v4
+        - uses: snyk/actions/setup@master
+        - uses: actions/setup-java@v4
+          with:
+            distribution: "corretto"
+            java-version: "11"
+            cache: maven
+        - uses: whelk-io/maven-settings-xml-action@v22
+          with:
+            servers: '[{ "id":"github-vol-active-support", "configuration": { "httpHeaders": { "property": { "name":"Authorization", "value":"Bearer ${{ secrets.GITHUB_TOKEN }}"} } } } ]'
+
+        - run: snyk test --severity-threshold=${{ inputs.severity-threshold || 'high' }} -- -P github 
+          env:
+            SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.snyk b/.snyk
@@ -0,0 +1,30 @@
+# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.
+version: v1.25.0
+# ignores vulnerabilities until expiry date; change duration by modifying expiry date
+ignore:
+  SNYK-JAVA-DOM4J-174153:
+    - '*':
+        reason: None Given
+        expires: 2024-06-07T13:36:08.904Z
+        created: 2024-05-08T13:36:08.910Z
+  SNYK-JAVA-ORGYAML-2806360:
+    - '*':
+        reason: None Given
+        expires: 2024-06-07T13:49:35.026Z
+        created: 2024-05-08T13:49:35.034Z
+  SNYK-JAVA-DOM4J-2812975:
+    - '*':
+        reason: None Given
+        expires: 2024-06-07T13:52:40.223Z
+        created: 2024-05-08T13:52:40.231Z
+  SNYK-JAVA-ORGYAML-6056527:
+    - '*':
+        reason: None Given
+        expires: 2024-06-07T13:53:08.534Z
+        created: 2024-05-08T13:53:08.541Z
+  SNYK-JAVA-SOFTWAREAMAZONION-6153869:
+    - '*':
+        reason: None Given
+        expires: 2024-06-07T13:53:47.241Z
+        created: 2024-05-08T13:53:47.250Z
+patch: {}
diff --git a/pom.xml b/pom.xml
@@ -32,13 +32,21 @@
         <java-native-access.version>5.14.0</java-native-access.version>
         <rest-assured.version>5.4.0</rest-assured.version>
         <selenium.version>4.20.0</selenium.version>
-        <log4j.version>2.22.0</log4j.version>
-        <og4j12.version>2.22.0</og4j12.version>
+        <log4j.version>2.17.1</log4j.version>
+        <og4j12.version>2.17.1</og4j12.version>
         <typesafe.version>1.4.3</typesafe.version>
-        <browserstack.version>1.0.6</browserstack.version>
+        <browserstack.version>1.1.1</browserstack.version>
         <google-zxing.version>3.5.1</google-zxing.version>
         <totp.version>1.0</totp.version>
         <gson.version>2.10.1</gson.version>
+        <browserstack.version>1.1.1</browserstack.version>
+        <commons-beanutils.version>1.9.2</commons-beanutils.version>
+        <commons-collections.version>3.2.2</commons-collections.version>
+        <dom4j.version>1.6.1</dom4j.version>
+        <org.apache.commons.commons-text.version>1.10.0</org.apache.commons.commons-text.version>
+        <org.postgresql.version>42.3.3</org.postgresql.version>
+        <org.yaml.snakeyaml.version>2.0</org.yaml.snakeyaml.version>
+        <software.amazon.ion.version>1.0.2</software.amazon.ion.version>
     </properties>
 
     <build>
@@ -60,6 +68,46 @@
     </build>
 
     <dependencies>
+        <dependency>
+            <groupId>com.browserstack</groupId>
+            <artifactId>browserstack-local-java</artifactId>
+            <version>${browserstack.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>${commons-beanutils.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-collections</groupId>
+            <artifactId>commons-collections</artifactId>
+            <version>${commons-collections.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>dom4j</groupId>
+            <artifactId>dom4j</artifactId>
+            <version>${dom4j.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-text</artifactId>
+            <version>${org.apache.commons.commons-text.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>${org.postgresql.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>${org.yaml.snakeyaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>software.amazon.ion</groupId>
+            <artifactId>ion-java</artifactId>
+            <version>${software.amazon.ion.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents.client5</groupId>
             <artifactId>httpclient5</artifactId>
@@ -157,7 +205,7 @@
         <dependency>
             <groupId>com.google.guava</groupId>
             <artifactId>guava</artifactId>
-            <version>31.1-jre</version>
+            <version>32.1.2-jre</version>
         </dependency>
         <dependency>
             <groupId>net.java.dev.jna</groupId>
@@ -259,6 +307,31 @@
             <artifactId>gson</artifactId>
             <version>${gson.version}</version>
         </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>2.11.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>42.3.9</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-beanutils</groupId>
+            <artifactId>commons-beanutils</artifactId>
+            <version>1.9.4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.yaml</groupId>
+            <artifactId>snakeyaml</artifactId>
+            <version>${org.yaml.snakeyaml.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.15</version>
+        </dependency>
     </dependencies>