CDPS-1096: Upgrade spring boot to 3.4.1 (#18)

* CDPS-1096: Upgrade spring boot to 3.4.1

* CDPS-1096: Fixing linting issues

* CDPS-1096: Updating ktlint version to 1.5.0

* CDPS-1096: Reverting to use Kotlin 2.0.21

Author: brightonsbox

.github/workflows/security_owasp.yml

@@ -6,7 +6,7 @@ on:
 jobs:
   security-kotlin-owasp-check:
     name: Kotlin security OWASP dependency check
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_owasp.yml@v1 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_owasp.yml@v2 # WORKFLOW_VERSION
     with:
       channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit

.github/workflows/security_trivy.yml

@@ -6,7 +6,7 @@ on:
 jobs:
   security-kotlin-trivy-check:
     name: Project security trivy dependency check
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v1 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_trivy.yml@v2 # WORKFLOW_VERSION
     with:
       channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit

.github/workflows/security_veracode_pipeline_scan.yml

@@ -6,7 +6,7 @@ on:
 jobs:
   security-veracode-pipeline-scan:
     name: Project security veracode pipeline scan
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_pipeline_scan.yml@v1 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_pipeline_scan.yml@v2 # WORKFLOW_VERSION
     with:
       channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit

.github/workflows/security_veracode_policy_scan.yml

@@ -6,7 +6,7 @@ on:
 jobs:
   security-veracode-policy-check:
     name: Project security veracode policy scan
-    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_policy_scan.yml@v1 # WORKFLOW_VERSION
+    uses: ministryofjustice/hmpps-github-actions/.github/workflows/security_veracode_policy_scan.yml@v2 # WORKFLOW_VERSION
     with:
       channel_id: ${{ vars.SECURITY_ALERTS_SLACK_CHANNEL_ID || 'NO_SLACK' }}
     secrets: inherit

.sdkmanrc

@@ -0,0 +1,3 @@
+# Enable auto-env through the sdkman_auto_env config
+# Add key=value pairs of SDKs to use below
+java=21.0.5-tem

.trivyignore

@@ -10,3 +10,6 @@
 # Suppression for h2 2.1.214 password on command line vulnerability
 #   can be suppressed as we only run h2 locally and not on build environments
 CVE-2022-45868
+# Suppression for tomcat vulnerability affecting jsp compilation in the default servlet
+#   can be suppressed as we do not use the default servlet and haven't configured it for write either
+CVE-2024-50379

build.gradle.kts

@@ -1,5 +1,5 @@
 plugins {
-  id("uk.gov.justice.hmpps.gradle-spring-boot") version "6.0.9"
+  id("uk.gov.justice.hmpps.gradle-spring-boot") version "6.1.2"
   kotlin("plugin.spring") version "2.0.21"
 }
 
@@ -8,12 +8,12 @@ configurations {
 }
 
 dependencies {
-  implementation("uk.gov.justice.service.hmpps:hmpps-kotlin-spring-boot-starter:1.0.8")
+  implementation("uk.gov.justice.service.hmpps:hmpps-kotlin-spring-boot-starter:1.1.1")
   implementation("org.springframework.boot:spring-boot-starter-webflux")
-  implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0")
+  implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.0")
 
-  testImplementation("uk.gov.justice.service.hmpps:hmpps-kotlin-spring-boot-starter-test:1.0.8")
-  testImplementation("org.wiremock:wiremock-standalone:3.9.1")
+  testImplementation("uk.gov.justice.service.hmpps:hmpps-kotlin-spring-boot-starter-test:1.1.1")
+  testImplementation("org.wiremock:wiremock-standalone:3.10.0")
   testImplementation("io.swagger.parser.v3:swagger-parser:2.1.24") {
     exclude(group = "io.swagger.core.v3")
   }

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

helm_deploy/hmpps-person-integration-api/Chart.yaml

@@ -5,7 +5,7 @@ name: hmpps-person-integration-api
 version: 0.2.0
 dependencies:
   - name: generic-service
-    version: "3.7"
+    version: "3.8"
     repository: https://ministryofjustice.github.io/hmpps-helm-charts
   - name: generic-prometheus-alerts
     version: "1.11"

readme/build_test_run.md

@@ -3,6 +3,8 @@
 
 ## Building
 
+To use the same version of Java locally as is used in CI and production, follow [these notes](sdkman.md).
+
 To build the project without tests run:
 
 ```

readme/sdkman.md

@@ -0,0 +1,24 @@
+[< Back](./building_and_running.md)
+---
+
+## sdkman
+
+It is recommended to use [sdkman](https://sdkman.io/) to ensure that you are running the same version of Java that is 
+used in CI and in production.
+
+To do this on a mac:
+
+```shell
+curl -s "https://get.sdkman.io" | bash
+```
+
+Close the terminal and reopen. Then run **within the repository folder**:
+
+```shell
+sdk env
+```
+
+This will pick up the `.sdkmanrc` file which contains the java version that should be used.
+
+To enable sdkman to automatically switch you to the correct java version when changing directory in the terminal,
+edit `~/.sdkman/etc/config` and set `sdkman_auto_env=true`

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/common/config/HmppsPersonIntegrationApiExceptionHandler.kt

@@ -46,69 +46,64 @@ class HmppsPersonIntegrationApiExceptionHandler {
   }
 
   @ExceptionHandler(HttpMessageNotReadableException::class)
-  fun handleValidationException(ex: HttpMessageNotReadableException): ResponseEntity<ErrorResponse> =
-    ResponseEntity
-      .status(BAD_REQUEST)
-      .body(
-        ErrorResponse(
-          status = BAD_REQUEST,
-          userMessage = "Unable to read the request",
-          developerMessage = ex.message,
-        ),
-      ).also { log.info(ex.message) }
+  fun handleValidationException(ex: HttpMessageNotReadableException): ResponseEntity<ErrorResponse> = ResponseEntity
+    .status(BAD_REQUEST)
+    .body(
+      ErrorResponse(
+        status = BAD_REQUEST,
+        userMessage = "Unable to read the request",
+        developerMessage = ex.message,
+      ),
+    ).also { log.info(ex.message) }
 
   @ExceptionHandler(HandlerMethodValidationException::class)
-  fun handleHandlerMethodValidationException(e: HandlerMethodValidationException): ResponseEntity<ErrorResponse> =
-    e.allErrors.map { it.toString() }.distinct().sorted().joinToString("\n")
-      .let { validationErrors ->
-        ResponseEntity
-          .status(BAD_REQUEST)
-          .body(
-            ErrorResponse(
-              status = BAD_REQUEST,
-              userMessage = "Validation failure(s): ${
-                e.allErrors.map { it.defaultMessage }.distinct().sorted().joinToString("\n")
-              }",
-              developerMessage = "${e.message} $validationErrors",
-            ),
-          ).also { log.info("Validation exception: $validationErrors\n {}", e.message) }
-      }
+  fun handleHandlerMethodValidationException(e: HandlerMethodValidationException): ResponseEntity<ErrorResponse> = e.allErrors.map { it.toString() }.distinct().sorted().joinToString("\n")
+    .let { validationErrors ->
+      ResponseEntity
+        .status(BAD_REQUEST)
+        .body(
+          ErrorResponse(
+            status = BAD_REQUEST,
+            userMessage = "Validation failure(s): ${
+              e.allErrors.map { it.defaultMessage }.distinct().sorted().joinToString("\n")
+            }",
+            developerMessage = "${e.message} $validationErrors",
+          ),
+        ).also { log.info("Validation exception: $validationErrors\n {}", e.message) }
+    }
 
   @ExceptionHandler(ValidationException::class)
-  fun handleValidationException(e: ValidationException): ResponseEntity<ErrorResponse> =
-    ResponseEntity
-      .status(BAD_REQUEST)
-      .body(
-        ErrorResponse(
-          status = BAD_REQUEST,
-          userMessage = "Validation failure: ${e.message}",
-          developerMessage = e.message,
-        ),
-      ).also { log.info("Validation exception: {}", e.message) }
+  fun handleValidationException(e: ValidationException): ResponseEntity<ErrorResponse> = ResponseEntity
+    .status(BAD_REQUEST)
+    .body(
+      ErrorResponse(
+        status = BAD_REQUEST,
+        userMessage = "Validation failure: ${e.message}",
+        developerMessage = e.message,
+      ),
+    ).also { log.info("Validation exception: {}", e.message) }
 
   @ExceptionHandler(NoResourceFoundException::class)
-  fun handleNoResourceFoundException(e: NoResourceFoundException): ResponseEntity<ErrorResponse> =
-    ResponseEntity
-      .status(NOT_FOUND)
-      .body(
-        ErrorResponse(
-          status = NOT_FOUND,
-          userMessage = "No resource found failure: ${e.message}",
-          developerMessage = e.message,
-        ),
-      ).also { log.info("No resource found exception: {}", e.message) }
+  fun handleNoResourceFoundException(e: NoResourceFoundException): ResponseEntity<ErrorResponse> = ResponseEntity
+    .status(NOT_FOUND)
+    .body(
+      ErrorResponse(
+        status = NOT_FOUND,
+        userMessage = "No resource found failure: ${e.message}",
+        developerMessage = e.message,
+      ),
+    ).also { log.info("No resource found exception: {}", e.message) }
 
   @ExceptionHandler(AccessDeniedException::class)
-  fun handleAccessDeniedException(e: AccessDeniedException): ResponseEntity<ErrorResponse> =
-    ResponseEntity
-      .status(FORBIDDEN)
-      .body(
-        ErrorResponse(
-          status = FORBIDDEN,
-          userMessage = "Forbidden: ${e.message}",
-          developerMessage = e.message,
-        ),
-      ).also { log.debug("Forbidden (403) returned: {}", e.message) }
+  fun handleAccessDeniedException(e: AccessDeniedException): ResponseEntity<ErrorResponse> = ResponseEntity
+    .status(FORBIDDEN)
+    .body(
+      ErrorResponse(
+        status = FORBIDDEN,
+        userMessage = "Forbidden: ${e.message}",
+        developerMessage = e.message,
+      ),
+    ).also { log.debug("Forbidden (403) returned: {}", e.message) }
 
   @ExceptionHandler(Exception::class)
   fun handleException(e: Exception): ResponseEntity<ErrorResponse> = ResponseEntity

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/common/config/OpenApiConfiguration.kt

@@ -72,10 +72,8 @@ class OpenApiConfiguration(
   }
 
   @Bean
-  fun v1Api(): GroupedOpenApi {
-    return GroupedOpenApi.builder()
-      .group("v1")
-      .pathsToMatch("/v1/**")
-      .build()
-  }
+  fun v1Api(): GroupedOpenApi = GroupedOpenApi.builder()
+    .group("v1")
+    .pathsToMatch("/v1/**")
+    .build()
 }

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/common/config/UserEnhancedOAuth2ClientCredentialGrantRequestConverter.kt

@@ -8,8 +8,7 @@ import org.springframework.util.MultiValueMap
 import java.util.Objects
 
 @Suppress("UNCHECKED_CAST")
-class UserEnhancedOAuth2ClientCredentialGrantRequestConverter :
-  OAuth2ClientCredentialsGrantRequestEntityConverter() {
+class UserEnhancedOAuth2ClientCredentialGrantRequestConverter : OAuth2ClientCredentialsGrantRequestEntityConverter() {
 
   fun enhanceWithUsername(
     grantRequest: OAuth2ClientCredentialsGrantRequest?,

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/common/config/WebClientConfiguration.kt

@@ -36,27 +36,23 @@ class WebClientConfiguration(
   @Value("\${prison-api.timeout:30s}") private val prisonApiTimeout: Duration,
 ) {
   @Bean
-  fun authHealthWebClient(builder: WebClient.Builder): WebClient =
-    builder.healthWebClient(authBaseUri, authHealthTimeout)
+  fun authHealthWebClient(builder: WebClient.Builder): WebClient = builder.healthWebClient(authBaseUri, authHealthTimeout)
 
   @Bean
-  fun prisonApiHealthWebClient(builder: WebClient.Builder): WebClient =
-    builder.healthWebClient(prisonApiBaseUri, prisonApiHealthTimeout)
+  fun prisonApiHealthWebClient(builder: WebClient.Builder): WebClient = builder.healthWebClient(prisonApiBaseUri, prisonApiHealthTimeout)
 
   @Bean
   @RequestScope
   fun prisonApiWebClient(
     clientRegistrationRepository: ClientRegistrationRepository,
     builder: WebClient.Builder,
-  ): WebClient {
-    return getOAuthWebClient(
-      authorizedClientManagerUserEnhanced(clientRegistrationRepository),
-      builder,
-      prisonApiBaseUri,
-      "hmpps-person-integration-api",
-      prisonApiTimeout,
-    )
-  }
+  ): WebClient = getOAuthWebClient(
+    authorizedClientManagerUserEnhanced(clientRegistrationRepository),
+    builder,
+    prisonApiBaseUri,
+    "hmpps-person-integration-api",
+    prisonApiTimeout,
+  )
 
   @Bean
   @DependsOn("prisonApiWebClient")

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/corepersonrecord/resource/CorePersonRecordV1Resource.kt

@@ -145,9 +145,7 @@ class CorePersonRecordV1Resource(
   fun putProfileImageByPrisonerNumber(
     @RequestParam(required = true) @Valid @ValidPrisonerNumber prisonerNumber: String,
     @RequestPart(name = "imageFile", required = true) profileImage: MultipartFile,
-  ): ResponseEntity<Void> {
-    return noContent().build()
-  }
+  ): ResponseEntity<Void> = noContent().build()
 
   @GetMapping("reference-data/domain/{domain}/codes")
   @ResponseStatus(HttpStatus.OK)

src/main/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/personprotectercharacteristics/resource/PersonProtectedCharacteristicsV1Resource.kt

@@ -84,14 +84,12 @@ class PersonProtectedCharacteristicsV1Resource {
   fun putReligionByPrisonerNumber(
     @RequestParam(required = true) @Valid @ValidPrisonerNumber prisonerNumber: String,
     @RequestBody(required = true) @Valid religionV1RequestDto: ReligionV1RequestDto,
-  ): ResponseEntity<PersonReligionInformationV1ResponseDto> {
-    return ok().body(
-      PersonReligionInformationV1ResponseDto(
-        currentReligion = ReligionDto(),
-        religionHistory = emptySet(),
-      ),
-    )
-  }
+  ): ResponseEntity<PersonReligionInformationV1ResponseDto> = ok().body(
+    PersonReligionInformationV1ResponseDto(
+      currentReligion = ReligionDto(),
+      religionHistory = emptySet(),
+    ),
+  )
 
   @GetMapping("reference-data/domain/{domain}/codes")
   @ResponseStatus(HttpStatus.OK)

src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/integration/ResourceSecurityTest.kt

@@ -52,10 +52,9 @@ class ResourceSecurityTest : IntegrationTestBase() {
   }
 }
 
-private fun RequestMappingInfo.getMappings() =
-  methodsCondition.methods
-    .map { it.name }
-    .ifEmpty { listOf("") } // if no methods defined then match all rather than none
-    .flatMap { method ->
-      pathPatternsCondition?.patternValues?.map { "$method $it" } ?: emptyList()
-    }
+private fun RequestMappingInfo.getMappings() = methodsCondition.methods
+  .map { it.name }
+  .ifEmpty { listOf("") } // if no methods defined then match all rather than none
+  .flatMap { method ->
+    pathPatternsCondition?.patternValues?.map { "$method $it" } ?: emptyList()
+  }

src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/integration/wiremock/HmppsAuthMockServer.kt

@@ -14,7 +14,10 @@ import org.junit.jupiter.api.extension.ExtensionContext
 import java.time.LocalDateTime
 import java.time.ZoneOffset
 
-class HmppsAuthApiExtension : BeforeAllCallback, AfterAllCallback, BeforeEachCallback {
+class HmppsAuthApiExtension :
+  BeforeAllCallback,
+  AfterAllCallback,
+  BeforeEachCallback {
   companion object {
     @JvmField
     val hmppsAuth = HmppsAuthMockServer()

src/test/kotlin/uk/gov/justice/digital/hmpps/personintegrationapi/integration/wiremock/PrisonApiMockServer.kt

@@ -110,7 +110,10 @@ class PrisonApiMockServer : WireMockServer(8082) {
   }
 }
 
-class PrisonApiExtension : BeforeAllCallback, AfterAllCallback, BeforeEachCallback {
+class PrisonApiExtension :
+  BeforeAllCallback,
+  AfterAllCallback,
+  BeforeEachCallback {
   companion object {
     @JvmField
     val prisonApi = PrisonApiMockServer()