build.gradle

buildscript {
    dependencies {
        classpath "com.diffplug.spotless:spotless-plugin-gradle:${spotless_plugin_version}"
        // This is required so that the latest version of the liquibase gradle plugin works
        classpath "org.liquibase:liquibase-core:${liquibase_version}"
    }
}

plugins {
    id "checkstyle"
    id "idea"
    id "jacoco"
    id "java"
    id "com.adarshr.test-logger" version "4.0.0"
    id "com.diffplug.spotless" version "${spotless_plugin_version}"
    id "com.github.andygoossens.modernizer" version "${modernizer_plugin_version}"
    id "com.github.ben-manes.versions" version "0.51.0"
    id "com.github.node-gradle.node" version "${gradle_node_plugin_version}"
    id "com.google.cloud.tools.jib" version "3.4.4"
    id "com.gorylenko.gradle-git-properties" version "2.4.2"
    id "io.spring.dependency-management" version "1.1.7"
    id "org.liquibase.gradle" version "${liquibase_plugin_version}"
    id "org.owasp.dependencycheck" version "11.1.1"
    id "org.springframework.boot" version "${spring_boot_version}"
}

group = "de.tum.cit.aet.artemis"
version = "7.8.3"
description = "Interactive Learning with Individual Feedback"

java {
    sourceCompatibility = JavaVersion.VERSION_21
    targetCompatibility = JavaVersion.VERSION_21
}

wrapper {
    gradleVersion = "8.12"
}

node {
    download = true
    version = "${node_version}"
    npmVersion = "${npm_version}"
}

apply from: "gradle/liquibase.gradle"
apply from: "gradle/test.gradle"
apply from: "gradle/spotless.gradle"

if (project.hasProperty("prod")) {
    apply from: "gradle/profile_prod.gradle"
} else {
    apply from: "gradle/profile_dev.gradle"
}

if (project.hasProperty("war")) {
    apply from: "gradle/war.gradle"
}

idea {
    module {
        excludeDirs += files("node_modules")
    }
}

defaultTasks "bootRun"

springBoot {
    mainClass = "de.tum.cit.aet.artemis.ArtemisApp"
}

modernizer {
    failOnViolations = false
    includeTestClasses = true
    // Copy the rule name as defined in https://github.com/gaul/modernizer-maven-plugin/blob/master/modernizer-maven-plugin/src/main/resources/modernizer.xml to exclude it
    exclusions = ["java/util/Optional.get:()Ljava/lang/Object;"]
}

configurations {
    providedRuntime
}

repositories {
    mavenCentral()
    mavenLocal()
    // required for org.gradle:gradle-tooling-api dependency
    maven {
        url = "https://repo.gradle.org/gradle/libs-releases"
    }
    // required for org.opensaml:* dependencies
    maven {
        url = "https://build.shibboleth.net/maven/releases"
    }
}

configurations.configureEach {
//    exclude group: "org.dom4j", module: "dom4j"
    exclude group: "org.xmlpull", module: "pull-parser"
    exclude group: "jaxen", module: "jaxen"
    exclude group: "xmlpull", module: "xpp3"
    exclude group: "xsdlib", module: "xsdlib"
    exclude group: "javax.xml.stream", module: "stax-api"
//    exclude group: "javax.xml.bind", module: "jaxb-api"

    exclude group: "org.junit.vintage", module: "junit-vintage-engine"
    exclude group: "com.vaadin.external.google", module: "android-json"
    exclude group: "org.xmlunit", module: "xmlunit-core"

    exclude group: "org.testcontainers", module: "mariadb"
    exclude group: "org.testcontainers", module: "mssqlserver"

    exclude group: "jakarta.ws.rs", module: "jsr311-api"

    exclude group: "org.springframework.boot", module: "spring-boot-starter-undertow"

    // these modules include security issues and are not needed
    exclude group: "commons-jxpath", module: "commons-jxpath"
    exclude group: "com.fasterxml.woodstox", module: "woodstox-core"

    // those are transitive dependencies of JPlag Text --> Stanford NLP
    // Note: we exclude them because they are not needed and might have security vulnerabilities
    exclude group: "org.apache.lucene", module: "lucene-queryparser"
    exclude group: "org.apache.lucene", module: "lucene-core"
    exclude group: "org.apache.lucene", module: "lucene-analyzers-common"
    exclude group: "com.google.protobuf", module: "protobuf-java"
}

dependencies {

    // Note: jenkins-client is not well maintained and includes dependencies to libraries with critical security issues (e.g. CVE-2020-10683 for dom4j@1.6.1)
    //    implementation "com.offbytwo.jenkins:jenkins-client:0.3.8"
    implementation files("libs/jenkins-client-0.4.1.jar")
    // The following 4 dependencies are explicitly integrated as transitive dependencies of jenkins-client-0.4.0.jar
    implementation "org.apache.httpcomponents.client5:httpclient5:5.4.1"
    implementation "org.apache.httpcomponents.core5:httpcore5:5.3.1"
    implementation "org.apache.httpcomponents:httpmime:4.5.14"
    implementation("org.dom4j:dom4j:2.1.4") {
        // Note: avoid org.xml.sax.SAXNotRecognizedException: unrecognized feature http://xml.org/sax/features/external-general-entities
        // also see https://github.com/dom4j/dom4j/issues/99
        exclude module: "pull-parser"
        exclude module: "jaxen"
        exclude module: "xpp3"
        exclude module: "xsdlib"
        exclude module: "stax-api"
        exclude module: "jaxb-api"
    }

    implementation "org.gitlab4j:gitlab4j-api:6.0.0-rc.8"

    implementation "de.jplag:jplag:${jplag_version}"

    implementation "de.jplag:c:${jplag_version}"
    implementation "de.jplag:cpp:${jplag_version}"
    implementation "de.jplag:csharp:${jplag_version}"
    implementation "de.jplag:golang:${jplag_version}"
    implementation "de.jplag:java:${jplag_version}"
    implementation "de.jplag:javascript:${jplag_version}"
    implementation "de.jplag:kotlin:${jplag_version}"
    implementation "de.jplag:python-3:${jplag_version}"
    implementation "de.jplag:rlang:${jplag_version}"
    implementation "de.jplag:rust:${jplag_version}"
    implementation "de.jplag:swift:${jplag_version}"
    implementation "de.jplag:text:${jplag_version}"
    implementation "de.jplag:typescript:${jplag_version}"

    // we have to override those values to use the latest version
    implementation "org.slf4j:jcl-over-slf4j:${slf4j_version}"
    implementation "org.slf4j:jul-to-slf4j:${slf4j_version}"
    implementation("org.slf4j:slf4j-api") {
        version {
            strictly "${slf4j_version}"
        }
    }

    implementation "org.apache.logging.log4j:log4j-to-slf4j:2.24.3"

    implementation "uk.ac.ox.ctl:spring-security-lti13:0.3.0"

    // https://search.maven.org/artifact/org.eclipse.jgit/org.eclipse.jgit
    implementation "org.eclipse.jgit:org.eclipse.jgit:${jgit_version}"
    implementation "org.eclipse.jgit:org.eclipse.jgit.ssh.apache:${jgit_version}"
    implementation "org.eclipse.jgit:org.eclipse.jgit.http.server:${jgit_version}"

    // apache ssh enabled the ssh git operations in LocalVC together with JGit
    implementation "org.apache.sshd:sshd-core:${sshd_version}"
    implementation "org.apache.sshd:sshd-git:${sshd_version}"
    implementation "org.apache.sshd:sshd-osgi:${sshd_version}"
    implementation "org.apache.sshd:sshd-sftp:${sshd_version}"

    // https://mvnrepository.com/artifact/net.sourceforge.plantuml/plantuml
    implementation "net.sourceforge.plantuml:plantuml:1.2024.8"
    implementation "org.jasypt:jasypt:1.9.3"
    implementation "me.xdrop:fuzzywuzzy:1.4.0"
    implementation("org.yaml:snakeyaml") {
        version {
            strictly "2.3"
            // needed to reduce the number of vulnerabilities, also see https://mvnrepository.com/artifact/org.yaml/snakeyaml
        }
    }

    implementation "com.thoughtworks.qdox:qdox:2.2.0"
    implementation "io.sentry:sentry-logback:${sentry_version}"
    implementation "io.sentry:sentry-spring-boot-starter-jakarta:${sentry_version}"

    // NOTE: the following six dependencies use the newer versions explicitly to avoid other dependencies to use older versions
    implementation "ch.qos.logback:logback-classic:${logback_version}"
    implementation "ch.qos.logback:logback-core:${logback_version}"
    // required by eureka client
    implementation "com.thoughtworks.xstream:xstream:1.4.21"
    // required by JPlag, should NOT be used in other places
    implementation "xerces:xercesImpl:2.12.2"
    // required by JPlag, should NOT be used in other places
    implementation "xalan:xalan:2.7.3"
    // required by JPlag, should NOT be used in other places
    implementation "xalan:serializer:2.7.3"
    // required by Saml2, should NOT be used in other places
    implementation "org.apache.santuario:xmlsec:4.0.3"

    implementation "org.jsoup:jsoup:1.18.3"
    implementation "commons-codec:commons-codec:1.17.1"   // needed for spring security saml2

    // use the latest version to avoid security vulnerabilities
    implementation "org.springframework:spring-webmvc:${spring_framework_version}"

    implementation "com.vdurmont:semver4j:3.1.0"

    implementation "com.github.docker-java:docker-java-core:${docker_java_version}"
    // Note: we explicitly use docker-java-transport-zerodep, because docker-java-transport-httpclient5 uses an outdated http5 version which is not compatible with Spring Boot >= 3.4.0
    implementation "com.github.docker-java:docker-java-transport-zerodep:${docker_java_version}"

    // use newest version of commons-compress to avoid security issues through outdated dependencies
    implementation "org.apache.commons:commons-compress:1.27.1"


    // import JHipster dependencies BOM
    implementation platform("tech.jhipster:jhipster-dependencies:${jhipster_dependencies_version}")

    implementation "tech.jhipster:jhipster-framework:${jhipster_dependencies_version}"
    implementation "org.springframework.boot:spring-boot-starter-cache:${spring_boot_version}"
    implementation "io.micrometer:micrometer-registry-prometheus:1.14.2"
    implementation "net.logstash.logback:logstash-logback-encoder:8.0"

    // Defines low-level streaming API, and includes JSON-specific implementations
    implementation "com.fasterxml.jackson.core:jackson-core:${fasterxml_version}"
    // Contains standard Jackson annotations
    implementation "com.fasterxml.jackson.core:jackson-annotations:${fasterxml_version}"
    // Implements data-binding (and object serialization) support
    implementation "com.fasterxml.jackson.core:jackson-databind:${fasterxml_version}"
    // Support for "Java 8 Dates"
    implementation "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${fasterxml_version}"
    // Support JSON serialization and deserialization of Hibernate (https://hibernate.org) specific data types and properties; especially lazy-loading aspects
    implementation "com.fasterxml.jackson.datatype:jackson-datatype-hibernate6:${fasterxml_version}"
    // Support XML serialization and deserialization
    implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:${fasterxml_version}"
    // Support YML serialization and deserialization
    implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:${fasterxml_version}"


    implementation "com.hazelcast:hazelcast:${hazelcast_version}"
    implementation "com.hazelcast:hazelcast-spring:${hazelcast_version}"
    implementation "com.hazelcast:hazelcast-hibernate53:5.2.0"

    implementation "javax.cache:cache-api:1.1.1"
    implementation "org.hibernate.orm:hibernate-core:${hibernate_version}"

    implementation "com.zaxxer:HikariCP:6.2.1"

    implementation "org.apache.commons:commons-text:1.13.0"
    implementation "org.apache.commons:commons-math3:3.6.1"

    implementation "javax.transaction:javax.transaction-api:1.3"

    implementation "org.liquibase:liquibase-core:${liquibase_version}"

    implementation "org.springframework.boot:spring-boot-starter-validation:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-loader-tools:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-mail:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-logging:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-actuator:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-aop:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-data-jpa:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-security:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-web:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-tomcat:${spring_boot_version}"

    implementation "org.springframework.boot:spring-boot-starter-websocket:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-thymeleaf:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-oauth2-resource-server:${spring_boot_version}"
    implementation "org.springframework.boot:spring-boot-starter-oauth2-client:${spring_boot_version}"

    implementation "org.springframework.ldap:spring-ldap-core:3.2.10"
    implementation "org.springframework.data:spring-data-ldap:3.4.1"

    implementation "org.springframework.cloud:spring-cloud-starter-netflix-eureka-client:${spring_cloud_version}"
    implementation "org.springframework.cloud:spring-cloud-starter-config:${spring_cloud_version}"
    implementation "org.springframework.cloud:spring-cloud-commons:${spring_cloud_version}"

    implementation "io.netty:netty-all:4.1.116.Final"
    implementation "io.projectreactor.netty:reactor-netty:1.2.1"
    implementation "org.springframework:spring-messaging:${spring_framework_version}"
    implementation "org.springframework.retry:spring-retry:2.0.11"

    implementation "org.springframework.security:spring-security-config:${spring_security_version}"
    implementation "org.springframework.security:spring-security-data:${spring_security_version}"
    implementation "org.springframework.security:spring-security-core:${spring_security_version}"
    implementation "org.springframework.security:spring-security-oauth2-core:${spring_security_version}"
    implementation "org.springframework.security:spring-security-oauth2-client:${spring_security_version}"
    // use newest version of nimbus-jose-jwt to avoid security issues through outdated dependencies
    implementation "com.nimbusds:nimbus-jose-jwt:10.0.1"

    implementation "org.springframework.security:spring-security-oauth2-jose:${spring_security_version}"
    implementation "org.springframework.security:spring-security-crypto:${spring_security_version}"
    implementation "org.springframework.security:spring-security-web:${spring_security_version}"
    implementation "org.springframework.security:spring-security-messaging:${spring_security_version}"
    implementation "org.springframework.security:spring-security-ldap:${spring_security_version}"
    implementation "org.springframework.security:spring-security-saml2-service-provider:${spring_security_version}"

    implementation "org.opensaml:opensaml-security-api:${opensaml_version}"
    implementation "org.opensaml:opensaml-core:${opensaml_version}"
    implementation "org.opensaml:opensaml-saml-impl:${opensaml_version}"
    implementation "org.opensaml:opensaml-saml-api:${opensaml_version}"

    implementation "io.jsonwebtoken:jjwt-api:${jwt_version}"
    runtimeOnly "io.jsonwebtoken:jjwt-impl:${jwt_version}"
    runtimeOnly "io.jsonwebtoken:jjwt-jackson:${jwt_version}"

    implementation "org.bouncycastle:bcpkix-jdk18on:1.79"
    implementation "org.bouncycastle:bcprov-jdk18on:1.79"

    implementation "com.mysql:mysql-connector-j:${mysql_version}"
    implementation "org.postgresql:postgresql:42.7.4"

    implementation "org.zalando:problem-spring-web:0.29.1"
    implementation "org.zalando:jackson-datatype-problem:0.27.1"
    implementation "com.ibm.icu:icu4j-charset:76.1"
    implementation "com.github.seancfoley:ipaddress:5.5.1"
    implementation "org.apache.maven:maven-model:3.9.9"
    implementation "org.apache.pdfbox:pdfbox:3.0.3"
    implementation "org.apache.commons:commons-csv:1.12.0"
    implementation "org.commonmark:commonmark:0.24.0"
    implementation "commons-fileupload:commons-fileupload:1.5"
    implementation "net.lingala.zip4j:zip4j:2.11.5"

    implementation "org.jgrapht:jgrapht-core:1.5.2"
    // use the latest version explicitly to avoid security vulnerabilities (currently Artemis and JPlag rely on jgrapht 1.5.2 which relies on apfloat)
    implementation "org.apfloat:apfloat:1.14.0"

    // use newest version of guava to avoid security issues through outdated dependencies
    implementation "com.google.guava:guava:33.4.0-jre"
    implementation "com.sun.activation:jakarta.activation:2.0.1"

    // use newest version of gson to avoid security issues through outdated dependencies
    implementation "com.google.code.gson:gson:2.11.0"


    implementation "com.google.errorprone:error_prone_annotations:2.36.0"

    // NOTE: we want to keep the same unique version for all configurations, implementation and annotationProcessor
    implementation("net.bytebuddy:byte-buddy") {
        version {
            strictly byte_buddy_version
        }
    }
    annotationProcessor("net.bytebuddy:byte-buddy") {
        version {
            strictly byte_buddy_version
        }
    }
    liquibaseRuntime("net.bytebuddy:byte-buddy") {
        version {
            strictly byte_buddy_version
        }
    }
    implementation("net.bytebuddy:byte-buddy-agent") {
        version {
            strictly byte_buddy_version
        }
    }
    annotationProcessor("net.bytebuddy:byte-buddy-agent") {
        version {
            strictly byte_buddy_version
        }
    }

    annotationProcessor "org.hibernate:hibernate-jpamodelgen:${hibernate_version}"
    annotationProcessor "org.glassfish.jaxb:jaxb-runtime:${jaxb_runtime_version}"
    annotationProcessor "org.springframework.boot:spring-boot-configuration-processor:${spring_boot_version}"


    // ---- CHECKSTYLE DEPENDENCIES ----

    // use newest version of plexus to avoid security issues through outdated dependencies
    checkstyle "org.codehaus.plexus:plexus-container-default:2.1.1"
    checkstyle "org.codehaus.plexus:plexus-classworlds:2.8.0"
    checkstyle "com.puppycrawl.tools:checkstyle:${checkstyle_version}"


    // ---- TEST DEPENDENCIES ----

    testImplementation "org.springframework.boot:spring-boot-starter-test:${spring_boot_version}"
    testImplementation "org.springframework.security:spring-security-test:${spring_security_version}"
    testImplementation "org.springframework.boot:spring-boot-test:${spring_boot_version}"
    testImplementation "org.assertj:assertj-core:3.27.2"
    testImplementation "org.mockito:mockito-core:${mockito_version}"
    testImplementation "org.mockito:mockito-junit-jupiter:${mockito_version}"

    testImplementation "io.github.classgraph:classgraph:4.8.179"
    testImplementation "org.awaitility:awaitility:4.2.2"
    testImplementation "org.apache.maven.shared:maven-invoker:3.3.0"
    testImplementation "org.gradle:gradle-tooling-api:8.12"
    testImplementation "org.apache.maven.surefire:surefire-report-parser:3.5.2"
    testImplementation "com.opencsv:opencsv:5.9"
    testImplementation "io.zonky.test:embedded-database-spring-test:2.6.0"

    testImplementation "com.tngtech.archunit:archunit:1.3.0"
    testImplementation "org.skyscreamer:jsonassert:1.5.3"

    // NOTE: cannot update due to "Syntax error in SQL statement "WITH ids_to_delete" --> should be resolved when we collapse the changelogs again for Artemis 8.0
//    testImplementation "com.h2database:h2:2.3.232"
    testImplementation "com.h2database:h2:2.2.224"

    // Lightweight JSON library needed for the internals of the MockRestServiceServer
    testImplementation "org.json:json:20241224"

    // NOTE: make sure this corresponds to the version used for JUnit in the testImplementation
    testRuntimeOnly "org.junit.platform:junit-platform-launcher:${junit_platform_version}"
}

dependencyManagement {
    imports {
        mavenBom "io.zonky.test.postgres:embedded-postgres-binaries-bom:17.2.0"
    }
}

tasks.register("cleanResources", Delete) {
    delete "build/resources"
}

tasks.withType(JavaCompile).configureEach {
    options.compilerArgs << "-Xlint:deprecation"
}

tasks.register("stage") {
    dependsOn "bootWar"
}

// Set the npm cache (used in the Dockerfile)
tasks.register("npmSetCacheDockerfile", NpmTask) {
    args = ["set", "cache", "/opt/artemis/.npm"]
}

// Command to execute the JavaDoc checkstyle verification ./gradlew checkstyleMain
checkstyle {
    toolVersion = "${checkstyle_version}"
    configFile = file("checkstyle.xml")
    checkstyleTest.enabled = false
    maxErrors = 0
}

def isNonStable = { String version ->
    def stableKeyword = ["RELEASE", "FINAL", "GA"].any { it -> version.toUpperCase().contains(it) }
    def regex = /^[0-9,.v-]+(-r)?$/
    return !stableKeyword && !(version ==~ regex)
}

tasks.named("dependencyUpdates").configure {
    rejectVersionIf {
        isNonStable(it.candidate.version)
    }

    rejectVersionIf {
        isNonStable(it.candidate.version) && !isNonStable(it.currentVersion)
    }
}

// Available commands:
//
// 1) Build production:                             ./gradlew -Pprod -Pwar clean bootWar
// 2) Execute tests with coverage report:           ./gradlew test jacocoTestReport -x webapp
// 2a) Execute tests without coverage report:       ./gradlew test -x webapp
// 2b) Run a single test:                           ./gradlew test --tests ExamIntegrationTest -x webapp or ./gradlew test --tests ExamIntegrationTest.testGetExamScore -x webapp
// 2c) Execute tests with Postgres container:       SPRING_PROFILES_INCLUDE=postgres ./gradlew test -x webapp
// 2d) Execute tests with MySQL container:          SPRING_PROFILES_INCLUDE=mysql ./gradlew test -x webapp
// 3) Verify code coverage (after tests):           ./gradlew jacocoTestCoverageVerification
// 4) Check Java code format:                       ./gradlew spotlessCheck -x webapp
// 5) Apply Java code formatter:                    ./gradlew spotlessApply -x webapp
// 6) Find dependency updates:                      ./gradlew dependencyUpdates -Drevision=release
// 7) Check JavaDoc:                                ./gradlew checkstyleMain -x webapp
// 8) Detects uses of legacy code:                  ./gradlew modernizer -x webapp
// 9) Check for vulnerabilities in dependencies     ./gradlew dependencyCheckAnalyze -x webapp
// 10) Clear Liquibase checksums:                   ./gradlew liquibaseClearChecksums
// 11) Create changelog between Java and DB         ./gradlew liquibaseDiffChangeLog (make sure to set the correct username and password in liquibase.gradle)
// 12) Generate initial schema from DB              ./gradlew liquibaseGenerateChangelog (make sure to set the correct username and password in liquibase.gradle)