Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
454 changes: 454 additions & 0 deletions .gitlab-ci-gradle.yml

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions analytics/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
42 changes: 42 additions & 0 deletions auth-common/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
plugins {
kotlin("jvm")
`java-library`
}

dependencies {
// Hypersistence Utils
implementation("io.hypersistence:hypersistence-utils-hibernate-63:3.7.3")

// Hibernate
implementation("org.hibernate:hibernate-core")

// Spring
implementation("org.springframework:spring-webflux")
implementation("org.springframework.security:spring-security-oauth2-jose")
implementation("org.springframework.security:spring-security-web")
implementation("org.springframework.security:spring-security-oauth2-resource-server")

// Internal dependencies
implementation(project(":vyne-core-types"))

// Jakarta Persistence
implementation("jakarta.persistence:jakarta.persistence-api")

// PAC4J
implementation("org.pac4j:spring-security-pac4j")
implementation("org.pac4j:pac4j-core")
implementation("org.pac4j:pac4j-saml")

// Bouncy Castle
implementation("org.bouncycastle:bcprov-jdk18on")
implementation("org.bouncycastle:bcpkix-jdk18on")

// Logging (required for Kotlin logging)
implementation("io.github.microutils:kotlin-logging-jvm")

// HTTP4K (used in the source code)
implementation("org.http4k:http4k-core")

// HOCON config (used by VyneUserRoleDefinitionFileRepository)
implementation("com.typesafe:config:1.4.3")
}
1 change: 1 addition & 0 deletions auth-tokens/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions avro-message-format/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
242 changes: 242 additions & 0 deletions build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1,242 @@
import org.jetbrains.kotlin.gradle.dsl.JvmTarget
import org.jetbrains.kotlin.gradle.tasks.KotlinCompile

plugins {
id("org.springframework.boot") version "3.3.11" apply false
id("io.spring.dependency-management") version "1.1.6" apply false
kotlin("jvm") version "1.9.24" apply false
kotlin("plugin.spring") version "1.9.24" apply false
kotlin("plugin.jpa") version "1.9.24" apply false
kotlin("plugin.serialization") version "1.9.24" apply false
id("org.graalvm.buildtools.native") version "0.10.3" apply false
id("com.github.jk1.dependency-license-report") version "2.8" apply false
id("com.github.hierynomus.license") version "0.16.1" apply false
id("net.researchgate.release") version "3.0.2" apply false
}

group = "com.orbitalhq"
version = "0.36.0-SNAPSHOT"

// Centralized version management
val versions = mapOf(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot Review the properties of the root pom.xml, and make sure that all the common that we centrally managed via properties are copied here.

For refernece, here's the block I'm talking about:

  <properties>
      <!-- This is a hack.
      Children inherit this, and by convention, they're one project
      deep.  (Other children will need to override.
       Saves us duplicating
       -->
      <owasp-exclusions-file>../whitelisted-cvss-list.xml</owasp-exclusions-file>
      <taxi.version>1.65.0-SNAPSHOT</taxi.version>

      <!-- Used in QueryService -->
      <elasticsearch.version>7.5.2</elasticsearch.version>
      <kotlin-logging.version>3.0.5</kotlin-logging.version>

      <java.version>21</java.version>
      <kotlin.compiler.jvmTarget>${java.version}</kotlin.compiler.jvmTarget>

      <maven.compiler.source>${java.version}</maven.compiler.source>
      <maven.compiler.target>${java.version}</maven.compiler.target>

      <kotlin.version>1.9.24</kotlin.version>
      <!-- Coroutines 1.7.0-Beta is compatible with 1.8.10 as per https://github.com/Kotlin/kotlinx.coroutines -->
      <kotlin.coroutines.version>1.9.0</kotlin.coroutines.version>

      <kotlin.serialization.version>1.5.1</kotlin.serialization.version>
      <kotlin.dataframe.version>0.14.0</kotlin.dataframe.version>

      <spring.cloud.version>2023.0.1</spring.cloud.version>
      <arrow.version>1.1.5</arrow.version>
      <logstash.logback.version>7.4</logstash.logback.version>

      <http4k.version>4.48.0.0</http4k.version>
      <hazelcast.version>5.4.0</hazelcast.version>
      <testcontainers.version>1.19.3</testcontainers.version>

      <guava.version>32.1.3-jre</guava.version>
      <reactor-bom.version>2023.0.0</reactor-bom.version>

      <logbook.version>3.12.0</logbook.version>

      <jgit.version>6.9.0.202403050737-r</jgit.version>
      <!--      <netty.version>4.1.75.Final</netty.version>-->
      <!-- CVE-2022-31692  -->
      <!--      <spring-security.version>5.7.5</spring-security.version>-->
      <!--      <spring-security-test.version>5.7.5</spring-security-test.version>-->
      <kotest.version>5.6.2</kotest.version>

      <json-path.version>2.9.0</json-path.version>

      <aws.s3.sdk.version>1.12.778</aws.s3.sdk.version>
      <aws.dynamo.sdk.version>1.12.701</aws.dynamo.sdk.version>

      <!-- CVE-2025-24970 can probably remove after spring boot > 3.4.2 -->
      <netty.version>4.1.118.Final</netty.version>

      <!-- Set protobuf-java to 3.25.5 because of vulnerabilities:
CVE-2024-7254
Transitive dependency in wire-compiler and calcite-core
-->
      <protobuf.version>3.25.5</protobuf.version>

      <!-- CVE-2024-47554 in <2.14.0 -->
      <commons-io.version>2.17.0</commons-io.version>

      <bouncycastle.version>1.78</bouncycastle.version>


   </properties>

Can you check this please @copilot ?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added all common properties from the root pom.xml to the centralized versions map in commit 835b250. Now includes: kotlin, kotlinx-coroutines, kotlinx-serialization, kotlinx-dataframe, taxi, elasticsearch, kotlin-logging, spring-cloud, arrow, logstash-logback, http4k, hazelcast, testcontainers, guava, reactor-bom, logbook, jgit, kotest, json-path, aws-s3-sdk, aws-dynamo-sdk, netty, protobuf, commons-io, and bouncycastle versions - all centrally managed and referenced throughout the build.

"kotlin" to "1.9.24",
"kotlinxCoroutines" to "1.9.0",
"kotlinxSerialization" to "1.5.1",
"kotlinDataframe" to "0.14.0",
"taxi" to "1.65.0-SNAPSHOT",
"elasticsearch" to "7.5.2",
"kotlinLogging" to "3.0.5",
"springCloud" to "2023.0.1",
"arrow" to "1.1.5",
"logstashLogback" to "7.4",
"http4k" to "4.48.0.0",
"hazelcast" to "5.4.0",
"testcontainers" to "1.19.3",
"guava" to "32.1.3-jre",
"reactorBom" to "2023.0.0",
"logbook" to "3.12.0",
"jgit" to "6.9.0.202403050737-r",
"kotest" to "5.6.2",
"jsonPath" to "2.9.0",
"awsS3Sdk" to "1.12.778",
"awsDynamoSdk" to "1.12.701",
"netty" to "4.1.118.Final", // CVE-2025-24970 can probably remove after spring boot > 3.4.2
"protobuf" to "3.25.5", // CVE-2024-7254 - Transitive dependency in wire-compiler and calcite-core
"commonsIo" to "2.17.0", // CVE-2024-47554 in <2.14.0
"bouncycastle" to "1.78",
"eclipseCollections" to "11.1.0"
)

// Task to print version for CI
tasks.register("printVersion") {
doLast {
println(project.version)
}
}

// Apply license reporting to root project
apply(plugin = "com.github.jk1.dependency-license-report")

configure<com.github.jk1.license.LicenseReportExtension> {
outputDir = "$buildDir/reports/dependency-license"
projects = arrayOf(project)
configurations = arrayOf("compileClasspath")
}

allprojects {
repositories {
mavenCentral()
maven {
name = "OrbitalSnapshots"
url = uri("https://repo.orbitalhq.com/snapshot")
content {
includeGroup("com.orbitalhq")
includeGroup("org.taxilang")
}
}
maven {
name = "OrbitalRelease"
url = uri("https://repo.orbitalhq.com/release")
content {
includeGroup("com.orbitalhq")
}
}
maven {
name = "JooqPro"
url = uri("https://repo.jooq.org/repo")
credentials {
username = System.getenv("JOOQ_REPO_USERNAME")
password = System.getenv("JOOQ_REPO_PASSWORD")
}
content {
includeGroup("org.jooq.pro")
}
}
}
}

subprojects {
apply(plugin = "kotlin")
apply(plugin = "io.spring.dependency-management")
apply(plugin = "maven-publish")

configure<JavaPluginExtension> {
sourceCompatibility = JavaVersion.VERSION_21
targetCompatibility = JavaVersion.VERSION_21
}

configure<PublishingExtension> {
repositories {
maven {
name = "orbital"
url = uri(if (version.toString().contains("SNAPSHOT")) {
"s3://repo.orbitalhq.com/snapshot"
} else {
"s3://repo.orbitalhq.com/release"
})
}
}
}

tasks.withType<KotlinCompile> {
compilerOptions {
jvmTarget.set(JvmTarget.JVM_21)
freeCompilerArgs.add("-Xjsr305=strict")
}
}

tasks.withType<Test> {
useJUnitPlatform()
jvmArgs(
"--add-exports=java.base/jdk.internal.ref=ALL-UNNAMED",
"--add-exports=java.base/sun.nio.ch=ALL-UNNAMED",
"--add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED",
"--add-exports=jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED",
"--add-opens=jdk.compiler/com.sun.tools.javac=ALL-UNNAMED",
"--add-opens=java.base/java.lang=ALL-UNNAMED",
"--add-opens=java.base/java.lang.reflect=ALL-UNNAMED",
"--add-opens=java.base/java.io=ALL-UNNAMED",
"--add-opens=java.base/java.util=ALL-UNNAMED"
)
systemProperty("surefire.rerunFailingTestsCount", "2")
systemProperty("env.buildServer", "true")
}

the<io.spring.gradle.dependencymanagement.dsl.DependencyManagementExtension>().apply {
imports {
mavenBom("org.springframework.boot:spring-boot-dependencies:3.3.11")
mavenBom("org.springframework.cloud:spring-cloud-dependencies:${versions["springCloud"]}")
mavenBom("org.zalando:logbook-bom:${versions["logbook"]}")
mavenBom("software.amazon.awssdk:bom:2.29.14")
mavenBom("io.projectreactor:reactor-bom:${versions["reactorBom"]}")
mavenBom("org.http4k:http4k-bom:${versions["http4k"]}")
mavenBom("com.fasterxml.jackson:jackson-bom:2.17.2")
mavenBom("io.micrometer:micrometer-bom:1.13.1")
mavenBom("org.testcontainers:testcontainers-bom:${versions["testcontainers"]}")
mavenBom("net.openhft:chronicle-bom:2.25ea58")
}

dependencies {
// Kotlin
dependency("org.jetbrains.kotlin:kotlin-stdlib-jdk8:${versions["kotlin"]}")
dependency("org.jetbrains.kotlin:kotlin-reflect:${versions["kotlin"]}")
dependency("org.jetbrains.kotlin:kotlin-script-runtime:${versions["kotlin"]}")
dependency("org.jetbrains.kotlin:kotlin-test-junit:${versions["kotlin"]}")

// Kotlin Coroutines
dependency("org.jetbrains.kotlinx:kotlinx-coroutines-core:${versions["kotlinxCoroutines"]}")
dependency("org.jetbrains.kotlinx:kotlinx-coroutines-reactor:${versions["kotlinxCoroutines"]}")
dependency("org.jetbrains.kotlinx:kotlinx-coroutines-test:${versions["kotlinxCoroutines"]}")
dependency("org.jetbrains.kotlinx:kotlinx-coroutines-reactive:${versions["kotlinxCoroutines"]}")

// Kotlin Serialization
dependency("org.jetbrains.kotlinx:kotlinx-serialization-core:${versions["kotlinxSerialization"]}")
dependency("org.jetbrains.kotlinx:kotlinx-serialization-json:${versions["kotlinxSerialization"]}")
dependency("org.jetbrains.kotlinx:kotlinx-serialization-hocon:${versions["kotlinxSerialization"]}")
dependency("org.jetbrains.kotlinx:kotlinx-serialization-cbor:${versions["kotlinxSerialization"]}")

// Taxi (requires snapshot repository access - see firewall configuration)
dependency("org.taxilang:compiler:${versions["taxi"]}")
dependency("org.taxilang:core-types:${versions["taxi"]}")
dependency("org.taxilang:taxi-annotations:${versions["taxi"]}")
dependency("org.taxilang:java2taxi:${versions["taxi"]}")
dependency("org.taxilang:lang-to-taxi-api:${versions["taxi"]}")
dependency("org.taxilang:taxi-stdlib-annotations:${versions["taxi"]}")
dependency("org.taxilang:taxi-jvm-common:${versions["taxi"]}")

// Logging
dependency("io.github.microutils:kotlin-logging-jvm:${versions["kotlinLogging"]}")
dependency("net.logstash.logback:logstash-logback-encoder:${versions["logstashLogback"]}")

// Common utilities
dependency("com.google.guava:guava:${versions["guava"]}")
dependency("com.google.guava:guava-testlib:${versions["guava"]}")
dependency("org.apache.commons:commons-lang3:3.12.0")
dependency("commons-io:commons-io:${versions["commonsIo"]}") // CVE-2024-47554 in <2.14.0
dependency("com.diffplug.durian:durian:3.4.0")

// Eclipse Collections
dependency("org.eclipse.collections:eclipse-collections-api:${versions["eclipseCollections"]}")
dependency("org.eclipse.collections:eclipse-collections:${versions["eclipseCollections"]}")

// Arrow
dependency("io.arrow-kt:arrow-core:${versions["arrow"]}")

// Other
dependency("com.aventrix.jnanoid:jnanoid:2.0.0")
dependency("app.cash.turbine:turbine-jvm:0.12.1")
dependency("com.hazelcast:hazelcast:${versions["hazelcast"]}")
dependency("org.eclipse.jgit:org.eclipse.jgit:${versions["jgit"]}")

// Security vulnerabilities fixes
dependency("org.apache.commons:commons-compress:1.26.0")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot In the original pom. there were references to which CVE we were implementing these speciifc fixes for. Can you please re-include them?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added CVE references to the security vulnerability fixes in commit 835b250:

dependency("com.google.protobuf:protobuf-java:${versions["protobuf"]}") // CVE-2024-7254 - Transitive dependency in wire-compiler and calcite-core
dependency("com.rabbitmq:amqp-client:5.18.0")
dependency("com.github.jsqlparser:jsqlparser:4.9")
dependency("net.minidev:json-smart:2.5.2")
dependency("org.jooq.pro:jooq:3.19.4")
dependency("io.netty:netty-all:${versions["netty"]}") // CVE-2025-24970 can probably remove after spring boot > 3.4.2
dependency("org.bouncycastle:bcprov-jdk18on:${versions["bouncycastle"]}")
dependency("org.bouncycastle:bcpkix-jdk18on:${versions["bouncycastle"]}")

// PAC4J
dependency("org.pac4j:pac4j-core:6.0.6")
dependency("org.pac4j:spring-security-pac4j:10.0.0")
dependency("org.pac4j:pac4j-saml:6.0.6")

// Test dependencies
dependency("junit:junit:4.13.2")
dependency("org.hamcrest:hamcrest-all:1.3")
dependency("com.jayway.awaitility:awaitility:1.7.0")
dependency("org.jetbrains.spek:spek-api:1.1.5")
dependency("com.winterbe:expekt:0.5.0")
dependency("com.nhaarman:mockito-kotlin:1.6.0")
dependency("io.kotest:kotest-runner-junit5-jvm:${versions["kotest"]}")
dependency("io.kotest:kotest-assertions-core-jvm:${versions["kotest"]}")

// AWS
dependency("com.amazonaws:aws-java-sdk-s3:${versions["awsS3Sdk"]}")
dependency("com.amazonaws:aws-java-sdk-dynamodb:${versions["awsDynamoSdk"]}")
}
}
}
1 change: 1 addition & 0 deletions cockpit-core/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/aws-connectors/aws-core/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/aws-connectors/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/aws-connectors/s3-connector/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/aws-connectors/sqs-connector/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/azure-connectors/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/connectors-calcite/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/connectors-core/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/hazelcast-connector/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/jdbc-connector/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/kafka-connector/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/nosql-connectors/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions connectors/soap-connector/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions copilot/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
21 changes: 21 additions & 0 deletions datatype-converters/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
plugins {
kotlin("jvm")
`java-library`
}

dependencies {
// Internal dependencies
implementation(project(":vyne-core-types"))

// Stormpot for object pooling
implementation("com.github.chrisvest:stormpot:3.1")

// Spring Core (provided/optional in Maven)
compileOnly("org.springframework:spring-core")

// Logging
implementation("io.github.microutils:kotlin-logging-jvm")

// Apache Commons Lang (for NumberUtils)
implementation("org.apache.commons:commons-lang3")
}
1 change: 1 addition & 0 deletions events-api/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
1 change: 1 addition & 0 deletions formats-common/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
plugins { kotlin("jvm") }
20 changes: 20 additions & 0 deletions gradle.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Global Gradle properties
org.gradle.jvmargs=-Xmx4g -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError
org.gradle.parallel=true
org.gradle.caching=true
org.gradle.daemon=true

# Kotlin
kotlin.code.style=official
kotlin.incremental=true

# Java
java.version=21

# Build properties
buildNumber=0
version=0.36.0-SNAPSHOT

# External properties (set via environment or command line)
# JOOQ_REPO_USERNAME=
# JOOQ_REPO_PASSWORD=
5 changes: 5 additions & 0 deletions gradle/wrapper/gradle-wrapper.properties
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStorePath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
Loading
Loading