Check

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "gradle" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/dependent-workflow.yml

@@ -0,0 +1,18 @@
+name: Download and submit dependency graph
+
+on:
+  workflow_run:
+    workflows: ['Generate and save dependency graph']
+    types: [completed]
+
+permissions:
+  contents: write
+
+jobs:
+  submit-dependency-graph:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Download and submit dependency graph
+      uses: gradle/actions/dependency-submission@v3
+      with:
+        dependency-graph: download-and-submit # Download saved dependency-graph and submit

.github/workflows/docker-publish.yml

@@ -0,0 +1,100 @@
+name: Docker
+
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+on:
+  # schedule:
+  #   - cron: '27 0 * * *'
+  push:
+    branches: [ "docker-pieline" ]
+  #   # Publish semver tags as releases.
+  #   tags: [ 'v*.*.*' ]
+  # pull_request:
+  #   branches: [ "main" ]
+    # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      # This is used to complete the identity challenge
+      # with sigstore/fulcio when running outside of PRs.
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Install the cosign tool except on PR
+      # https://github.com/sigstore/cosign-installer
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
+        with:
+          cosign-release: 'v2.1.1'
+
+      # Set up BuildKit Docker container builder to be able to build
+      # multi-platform images and export cache
+      # https://github.com/docker/setup-buildx-action
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      # Login against a Docker registry except on PR
+      # https://github.com/docker/login-action
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      # Extract metadata (tags, labels) for Docker
+      # https://github.com/docker/metadata-action
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      # Build and push Docker image with Buildx (don't push on PR)
+      # https://github.com/docker/build-push-action
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # Sign the resulting Docker image digest except on PRs.
+      # This will only write to the public Rekor transparency log when the Docker
+      # repository is public to avoid leaking data.  If you would like to publish
+      # transparency data even for private images, pass --force to cosign below.
+      # https://github.com/sigstore/cosign
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TAGS: ${{ steps.meta.outputs.tags }}
+          DIGEST: ${{ steps.build-and-push.outputs.digest }}
+        # This step uses the identity token to provision an ephemeral certificate
+        # against the sigstore community Fulcio instance.
+        run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}

.github/workflows/main.yml

@@ -1,46 +1,52 @@
-name: CI
-
-# Controls when the workflow will run
+name: Run Gradle Build
 on:
-  # Triggers the workflow on push or pull request events but only for the "main" branch
   push:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
-
-  # Allows you to run this workflow manually from the Actions tab
-  workflow_dispatch:
-
-env:
-  SECURE_LOG_LEVEL: ${{ secrets.LOG_LEVEL_DEBUG }}
-  CS_REGISTRY_USER: ${{ secrets.SDIP_GITLAB_DEPLOY_USERNAME }}
-  CS_REGISTRY_PASSWORD: ${{ secrets.SDIP_GITLAB_DEPLOY_TOKEN }}
-
-# A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-  # This workflow contains a single job called "build"
   build:
-    # The type of runner that the job will run on
     runs-on: ubuntu-latest
-
-    # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
-      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-      - uses: actions/checkout@v4
-
-      - name: Container Scanning
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: 'true'
+          token: ${{ secrets.PAT_TOKEN }} 
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+      - name: Build with Gradle
         run: |
-          export SDIP_IMAGE_TAG=$GITHUB_SHA
-          export CS_IMAGE=$GITHUB_REPOSITORY:${SDIP_IMAGE_TAG}
-          gtcs scan
-        env:
-          LOG_LEVEL_DEBUG: ${{ secrets.LOG_LEVEL_DEBUG }}
-          SDIP_GITLAB_DEPLOY_USERNAME: ${{ secrets.SDIP_GITLAB_DEPLOY_USERNAME }}
-          SDIP_GITLAB_DEPLOY_TOKEN: ${{ secrets.SDIP_GITLAB_DEPLOY_TOKEN }}
-          SDIP_RUNNER_TAG: ${{ secrets.SDIP_RUNNER_TAG }}
+          chmod +x ./gradlew
+          ./gradlew build
 
-      - name: Upload Container Scanning Report
-        uses: actions/upload-artifact@v2
-        with:
-          name: container_scanning_report
-          path: gl-container-scanning-report.json
+  dependency-submission:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+    - name: Checkout sources
+      uses: actions/checkout@v4
+      with:
+        submodules: 'true'
+        token: ${{ secrets.PAT_TOKEN }} 
+    - name: Setup Java
+      uses: actions/setup-java@v4
+      with:
+        distribution: 'temurin'
+        java-version: 17
+    - name: Generate and submit dependency graph
+      uses: gradle/actions/dependency-submission@v3
+
+  submit-and-review:
+      runs-on: ubuntu-latest
+      if: github.event_name == 'pull_request'
+      needs: build
+      steps:
+      - name: 'Dependency Review'
+        if: github.event_name == 'pull_request'
+        uses: actions/dependency-review-action@v3        

.github/workflows/review.yml

@@ -0,0 +1,17 @@
+name: dependency-review
+
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+    - name: 'Dependency Review'
+      uses: actions/dependency-review-action@v3
+      with:
+        retry-on-snapshot-warnings: true
+        retry-on-snapshot-warnings-timeout: 600

Dockerfile

@@ -0,0 +1,43 @@
+
+FROM openjdk:17
+
+
+ARG configurationUrl
+ARG serviceId
+ARG build_version_tag
+ARG build_environment_tag
+ARG build_service_url
+
+ARG stardogBaseUrl
+ARG resultDb
+ARG ofgDb
+ARG threadPoolSize
+ARG sdosClientSecret
+ARG stardogClientScope
+ARG zureTenantId
+
+ENV service_url=$build_service_url
+ENV configurationUrlVar=$configurationUrl
+ENV serviceIdVar=$serviceId
+ENV version_tag=$build_version_tag
+ENV environment_tag=$build_environment_tag
+
+ENV stardog_url=$stardogBaseUrl
+ENV resultDbNameVar=$resultDb
+ENV ofgDbName=$ofgDb
+ENV threadPool_Size=$threadPoolSize
+ENV sdosClientSecret=$sdosClientSecret
+ENV stardogClientScope=$stardogClientScope
+ENV azureTenantId=$azureTenantId
+
+
+
+RUN cd /opt && mkdir apps
+
+COPY ./build/libs/sdos.jar /opt/apps/sdos.jar
+
+CMD java -Dlog4j2.formatMsgNoLookups=true -DjvmArgs="-Xms10g -Xmx12g -Xss6g" -jar /opt/apps/sdos.jar -b $stardog_url \
+         -r $resultDbNameVar -ofg $ofgDbName -id $serviceIdVar -tpSize $threadPool_Size \
+         -clientSecret $sdosClientSecret -clientScope $stardogClientScope -tenantId $azureTenantId;
+
+EXPOSE 8080

build.gradle

@@ -3,6 +3,7 @@ plugins {
     id 'io.spring.dependency-management' version '1.0.11.RELEASE'
     id 'java'
     id 'org.barfuin.gradle.jacocolog' version '3.1.0'
+    id 'org.owasp.dependencycheck' version '6.0.2'
 }
 
 group = 'com.scania.sdos'
@@ -40,13 +41,11 @@ ext['log4j2.version'] = '2.22.1'
 
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
-    implementation("org.springframework.boot:spring-boot-starter-web") {
-        exclude group: 'org.springframework', module: 'spring-web'
-    }
+    implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.boot:spring-boot-starter-web-services'
     implementation 'org.springframework.boot:spring-boot-starter-log4j2'
     runtimeOnly group: 'org.apache.logging.log4j', name: 'log4j-layout-template-json', version: '2.22.1'
-	implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.4.0'
+    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.4.0'
     implementation 'io.swagger.core.v3:swagger-annotations-jakarta:2.2.20'
     implementation 'org.springframework:spring-web:6.1.5'
 
@@ -55,7 +54,7 @@ dependencies {
     implementation 'com.lmax:disruptor:3.4.1'
     implementation 'org.apache.httpcomponents:httpclient:4.5.13'
     implementation group: 'com.predic8', name: 'soa-model-core', version: '2.0.1'
-    implementation 'org.restlet.jee:org.restlet.ext.json:2.4-M1'
+    implementation 'org.restlet.jee:org.restlet.ext.json:2.3.12'
     implementation group: 'com.google.code.gson', name: 'gson', version: '2.8.9'
     implementation 'org.apache.groovy:groovy-xml:4.0.5'
     implementation 'org.apache.groovy:groovy-json:4.0.5'
@@ -70,7 +69,7 @@ dependencies {
     implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.14.0'
     implementation group: 'org.apache.shiro', name: 'shiro-core', version: '2.0.0'
     implementation group: 'org.json', name: 'json', version: '20240303'
-    implementation group: 'com.google.guava', name: 'guava', version: '33.0.0-jre'
+    implementation group: 'com.google.guava', name: 'guava', version: '32.0.0-jre'
 
     testImplementation 'org.junit.jupiter:junit-jupiter:5.6.0'
     testImplementation 'org.junit.jupiter:junit-jupiter-params:5.6.0'

src/main/java/com/scania/sdos/orchestration/Rdf4jClient.java

@@ -67,6 +67,18 @@ public class Rdf4jClient {
 
   private static String STARDOG_PASS = "password";
 
+  private static String aws_session_token = "gfhvbdfdter547uthgy";
+
+  private static String aws_temporary_access_key_id = "12345";
+
+  private static String azure_function_key = "azure_function_key";
+
+  private static String baiducloud_api_accesskey = "baiducloud_api_accesskey";
+
+  private static String cratesio_api_token = "cratesio_api_token";
+
+
+
   public Rdf4jClient() {
     //default  constructor
   }