Best practices and integrations available for Spring Boot based Microservice in a single repository.
License: MIT License
I am a DevOps and DevSecOps advocate with an appreciation of the benefits of software craft, emergent design, Agile and XP practices.
Loves to explore & Experiment with open source projects & continuously integrate them to achieve the best of Cloud Native practices.
Highly passionate about Learning, Practicing, Teaching DevOps & DevSecOps practices.
My mantra to a teamโs success is โExperiment & break the barriers togetherโ.
While bumping gradlew version checkstyle stopped working hence for time being we have commented on all its relevant references.
We should try fixing it or identify an alternative to it example snyk code test or sonarqube.
Given: The app is deployed
When: I run the performance test in the pipeline
Then: The app should pass the performance test
Done Criteria:
The pipeline should run the performance test after the app deployment successfully.
Notes:
Explore the performance test tooling available (eg jmeter, grinder etc).
The docker image "abhisheksr01/dind-utils" image was recently updated to use the latest version of dependencies.
The image published was an arm image and hence the CircleCI pipeline started failing with the below error:
WARNING: docker image abhisheksr01/dind-utils:latest targets wrong architecture (found arm64 but need [amd64 i386 386])
Docker Image:
https://hub.docker.com/repository/docker/abhisheksr01/dind-utils/general
Use the arm resource class in circleci config as mentioned in the documentation https://circleci.com/docs/using-arm/
Since Springboot 3.0.X, Java 8 is not supported hence we need to migrate to Java 17.
ToDo:
When the k8s deploy job is running it's unable to get the current docker image version from the version.txt file which is being mounted by the previous docker image build job.
Due to which we are always deploying the latest image which can be error-prone as the latest image can be cached & new changes won't be applied.
Possibly the issue could be with the way we are mounting the file as we have already replaced the previous eks-helm image to a new one but still the issue remains.
Dependency check has identified below CRITICAL dependency vulnerabilities.
Dependencies:
spring-plugin-core-2.0.0.RELEASE: https://mvnrepository.com/artifact/org.springframework.plugin/spring-plugin-core
spring-plugin-metadata-2.0.0.RELEASE: https://mvnrepository.com/artifact/org.springframework.plugin/spring-plugin-metadata
ToDo:
Trivy vulnerability scanning is failing in CircleCI with an error message:
2021-10-12T13:17:22.094Z FATAL scan error: image scan failed: failed analysis: analyze error: timeout: context deadline exceeded
Error log:
!/bin/bash -eo pipefail
./gradlew jacocoTestCoverageVerification
Picked up _JAVA_OPTIONS: -Xmx3g
Welcome to Gradle 7.6.1!
Here are the highlights of this release:
- Added support for Java 19.
- Introduced `--rerun` flag for individual task rerun.
- Improved dependency block for test suites to be strongly typed.
- Added a pluggable system for Java toolchains provisioning.
For more details see https://docs.gradle.org/7.6.1/release-notes.html
> Task :compileJava UP-TO-DATE
> Task :processResources UP-TO-DATE
> Task :classes UP-TO-DATE
> Task :jacocoTestReport FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':jacocoTestReport'.
> Could not create service of type IsolatedAntBuilder using BuildScopeServices.createIsolatedAntBuilder().
> Could not inspect the Groovy system for ClassLoader VisitableURLClassLoader(ant-and-gradle-loader)
* Try:
> Run with --stacktrace option to get the stack trace.
> Run with --info or --debug option to get more log output.
> Run with --scan to get full insights.
* Get more help at https://help.gradle.org
Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
See https://docs.gradle.org/7.6.1/userguide/command_line_interface.html#sec:command_line_warnings
BUILD FAILED in 6s
3 actionable tasks: 1 executed, 2 up-to-date
Exited with code exit status 1
CircleCI received exit code 1
Description:
Dependabot bumps the new version of the dependencies. CircleCI runs all the tests for the new version of the dependency in the PR Branch. Then. I have to manually approve the PR to merge it to master.
Requirement:
Given A new dependabot PR is created
When All the tests in the PR branch are green
Then the PR branch should automatically merge to master
And The PR branch should be deleted
The pipeline is failing with an error "create resource config: base resource type not found: git".
Please find below error:
This might be due to the postgres & concourse old version in docker-compose.
Currently, the swagger page is not accessible hence we need to fix it.
We can refer to this document:
https://springdoc.org/v2/
ToDo:
Identity a security tooling to scan the k8s manifest (standard and helm charts) locally and Dockerfile for security recommendations.
Currently, the README is massively outdated and needs to be updated.
This Issue is responsible for identifying the areas which need to be updated and then creating smaller issues dedicated to updating the README as doing it in one go will be very difficult (Agile vs Waterfall)
Often trivy finds vulnerabilities in our docker images in the circleci pipeline which don't have a fix.
Hence causing the pipeline to fail until we bump the base image or dependency causing the issue.
But as mentioned above there might not be a fix available immediately hence in those scenarios we would like to proceed with the pipeline to allow the vulnerable images.
Create a variable in the CircleCI pipeline called al ALLOWED_VULNERABILITIES with comma-separated values for the allowed number of critical and high vulnerabilities.
example: ALLOWED_VULNERABILITIES=1,2
means 1 critical and 2 high vulnerabilities are allowed
Add a test for CompaniesHouseController which runs with SpringBootTest context and can test the annotations are working fine.
The current docker-compose file for spinning up a local concourse pipeline doesn't work for M1 laptops.
tweak or implement functionality to work with Apple M1 laptops locally
Currently, there is no consistent tagging strategy implemented. we use pipeline-based build tags for docker image tagging.
Use coco-gito.
When ./gradlew pitest is executed some output is printed and looks like no mutation tests are running.
Output:
DEPRECATION WARNING. `testPlugin` is deprecated starting with GPP 1.7.4. It is also not used starting with PIT 1.6.7 (to be removed in 1.8.0).
> Task :clean
> Task :compileJava
> Task :processResources
> Task :classes
> Task :compileTestJava
> Task :processTestResources
> Task :testClasses
> Task :pitest
Option (* = required) Description
--------------------- -----------
-?, -h show help
--avoidCallsTo <comma separated list
of packages to consider as
untouchable logging calls>
--classPath <coma separated list of
additional classpath elements>
--classPathFile <File: File with a
list of additional classpath
elements (one per line)>
--coverageThreshold <Integer: Line (default: 0)
coverage below which to throw an
error>
--dependencyDistance <Integer: maximum (default: -1)
distance to look from test for
covered classes>
--detectInlinedCode [Boolean: whether (default: true)
or not to try and detect code
inlined from finally blocks]
--excludedClasses <comma separated
list of globs for classes to exclude
when mutating>
--excludedGroups <TestNG groups/JUnit
categories to include>
--excludedMethods <comma separated
list of filters to match against
methods to exclude from mutation
analysis>
--excludedTestClasses <comma separated
list of globs of test classes to
exclude>
--exportLineCoverage [Boolean: whether (default: true)
or not to dump per test line
coverage data to disk]
--failWhenNoMutations [Boolean: (default: true)
whether to throw error if no
mutations found]
--features <comma separated list of
features to enable/disable.>
--fullMutationMatrix <Boolean: Whether (default: false)
to create a full mutation matrix>
--historyInputLocation <File: File to
read history from for incremental
analysis>
--historyOutputLocation <File: File to
write history to for incremental
analysis>
--includeLaunchClasspath [Boolean: (default: true)
whether or not to analyse launch
classpath]
--includedGroups <TestNG groups/JUnit
categories to include>
--includedTestMethods <Test methods
that should be included for
challenging the mutants>
--jvmArgs <comma separated list of
child JVM args>
--jvmPath <path to java executable>
--maxMutationsPerClass <Integer: No (default: 0)
longer supported. Use CLASSLIMIT
(limit[42]) feature instead>
--maxSurviving <Integer: Maximum (default: -1)
number of surviving mutants to allow
without throwing an error>
--mutableCodePaths <Globs identifying
classpath roots containing mutable
code>
--mutationEngine <mutation engine to (default: gregor)
use>
--mutationThreshold <Integer: Mutation (default: 0)
score below which to throw an error>
--mutationUnitSize <Integer: Maximum (default: 0)
number of mutations to include
within a single unit of analysis>
--mutators <comma separated list of
mutation operators>
--outputFormats <comma separated list (default: HTML)
of listeners to receive mutation
results>
--pluginConfiguration <KeyValuePair:
custom plugin properties>
* --reportDir <directory to create
report folder in>
--skipFailingTests [Boolean: whether (default: false)
to ignore failing tests when
computing coverage]
* --sourceDirs <File: comma separated
list of source directories>
* --targetClasses <comma separated
list of filters to match against
classes to test>
--targetTests <comma separated list of
filters to match against tests to
run>
--testPlugin <test plugin to use> (default: junit)
--threads <Integer: number of threads (default: 1)
to use for testing>
--timeoutConst [Long: constant to (default: 4000)
apply to calculate maximum test
duration]
--timeoutFactor [Float: factor to (default: 1.25)
apply to calculate maximum test
duration]
--timestampedReports [Boolean: whether (default: true)
or not to generated timestamped
directories]
--useClasspathJar [Boolean: support (default: false)
large classpaths by creating a
classpath jar]
--verbose [Boolean: whether or not to (default: true)
generate verbose output]
>>>> verbosity is not a recognized option
Deprecated Gradle features were used in this build, making it incompatible with Gradle 8.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
See https://docs.gradle.org/7.6.1/userguide/command_line_interface.html#sec:command_line_warnings
BUILD SUCCESSFUL in 3s
6 actionable tasks: 6 executed
Hello there!
My name is Ana. I noted that you use the mutation testing tool in the project.
I am a postdoctoral researcher at the University of Seville (Spain), and my colleagues and I are studying how mutation testing tools are used in practice. With this aim in mind, we have analysed over 3,500 public GitHub repositories using mutation testing tools, including yours! This work has recently been published in a journal paper available at https://link.springer.com/content/pdf/10.1007/s10664-022-10177-8.pdf.
To complete this study, we are asking for your help to understand better how mutation testing is used in practice, please! We would be extremely grateful if you could contribute to this study by answering a brief survey of 21 simple questions (no more than 6 minutes). This is the link to the questionnaire https://forms.gle/FvXNrimWAsJYC1zB9.
Drop me an e-mail if you have any questions or comments ([email protected]). Thank you very much in advance!!
Created an issue in the original project. In the meanwhile, we will de bump the pitest dependency.
This issue is for the tracking purpose of the below original one.
The e2e test execution (Acceptance Test) is failing in the pipeline & locally.
When we ran the below command:
./gradlew test -Pe2e
No tests found for given includes: com.uk.companieshouse.e2e.*
> Configure project :
********************************************************
Executing E2E tests
********************************************************
> Task :compileJava
Note: /Users/abhishekrajput/dev/learn-concourse/spring-boot-microservice-best-practices/src/main/java/com/uk/companieshouse/expectionalhandler/ControllerExceptionHandler.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
> Task :compileTestJava
Note: /Users/abhishekrajput/dev/learn-concourse/spring-boot-microservice-best-practices/src/test/java/com/uk/companieshouse/connector/CompaniesHouseConnectorTest.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
> Task :test FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':test'.
> No tests found for given includes: [com.uk.companieshouse.e2e.*](filter.includeTestsMatching)
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 1m 13s
6 actionable tasks: 6 executed
Tried with the 6.7.1 gradlew & iocucumber dependency of 6.10.0.
The current "./gradlew test" command doesn't execute the e2e directory evident from the build/reports as no cucumber reports are available.
Below vulnerabilities have been identified in the pipeline, fix them to make the pipeline green.
#Problem
Since dependency-check has moved from using the NVD data-feed to the NVD API. Without an NVD API Key dependency-check's updates will be extremely slow.
Users of dependency-check are highly encouraged to obtain an NVD API Key; see https://nvd.nist.gov/developers/request-an-api-key.Please see the documentation for the cli, maven, gradle, or ant integrations on how to set the NVD API key.
Hence we either need to start using the API key as recommended or cache the vulnerability data appropriately(which we were doing until now but seems to not working anymore)
https://github.com/jeremylong/Open-Vulnerability-Project/tree/main/vulnz#caching-the-nvd-cve-data
As the new norm, rename the master branch to the main and update all the relevant references.
After upgrading the cucumber version from 5.0.0 to 6.0.0
The plugin for generating HTML report is not working.
Class: CucumberTest.java
code snippet.
@CucumberOptions(features = "src/test/resources",
plugin = {
"pretty", "html:build/reports/cucumber", "json:build/reports/cucumber/"
})
Identify the write plugin options
Done Criteria:
All the E2E tests should pass & generate an HTML report.
Update all the pipelines, tool references and documentation to use Java 21.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.