From 75e9c7d5dd3581a6bde79056611c9d4bb7e63e6e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jan 2026 21:55:32 +0000 Subject: [PATCH 01/16] build(deps-dev): bump org.assertj:assertj-core in /api-tests Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj) from 3.27.4 to 3.27.7. - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.4...assertj-build-3.27.7) --- updated-dependencies: - dependency-name: org.assertj:assertj-core dependency-version: 3.27.7 dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- api-tests/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-tests/pom.xml b/api-tests/pom.xml index 4fb422a9..139ddec2 100644 --- a/api-tests/pom.xml +++ b/api-tests/pom.xml @@ -32,7 +32,7 @@ 4.9.4 11.0.0 5.13.4 - 3.27.4 + 3.27.7 3.0 1.17.6 3.0.0 From 019d67a96f03f5b0d8f12f8d048df18c049fca95 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Feb 2026 13:26:02 +0000 Subject: [PATCH 02/16] build(deps): bump the low-risk group across 1 directory with 11 updates Bumps the low-risk group with 8 updates in the /java directory: | Package | From | To | | --- | --- | --- | | [com.ensono.stacks.modules:stacks-modules-parent](https://github.com/Ensono/stacks-java-module-parent) | `3.0.111` | `3.0.139` | | [org.springframework.cloud:spring-cloud-dependencies](https://github.com/spring-cloud/spring-cloud-release) | `2025.0.0` | `2025.1.1` | | [au.com.dius.pact:consumer](https://github.com/pact-foundation/pact-jvm) | `4.6.17` | `4.6.19` | | [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) | `1.12.788` | `1.12.797` | | [org.pitest:pitest-junit5-plugin](https://github.com/pitest/pitest-junit5-plugin) | `1.2.1` | `1.2.3` | | [au.com.dius.pact.provider:maven](https://github.com/pact-foundation/pact-jvm) | `4.6.17` | `4.6.19` | | [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) | `12.1.9` | `12.2.0` | | [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) | `3.5.1` | `3.6.3` | Updates `com.ensono.stacks.modules:stacks-modules-parent` from 3.0.111 to 3.0.139 - [Commits](https://github.com/Ensono/stacks-java-module-parent/compare/v3.0.111...v3.0.139) Updates `org.springframework.cloud:spring-cloud-dependencies` from 2025.0.0 to 2025.1.1 - [Release notes](https://github.com/spring-cloud/spring-cloud-release/releases) - [Commits](https://github.com/spring-cloud/spring-cloud-release/compare/v2025.0.0...v2025.1.1) Updates `au.com.dius.pact:consumer` from 4.6.17 to 4.6.19 - [Release notes](https://github.com/pact-foundation/pact-jvm/releases) - [Changelog](https://github.com/pact-foundation/pact-jvm/blob/master/CHANGELOG.md) - [Commits](https://github.com/pact-foundation/pact-jvm/commits) Updates `com.amazonaws:aws-java-sdk-s3` from 1.12.788 to 1.12.797 - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.788...1.12.797) Updates `com.puppycrawl.tools:checkstyle` from 12.3.0 to 12.3.1 - [Release notes](https://github.com/checkstyle/checkstyle/releases) - [Commits](https://github.com/checkstyle/checkstyle/compare/checkstyle-12.3.0...checkstyle-12.3.1) Updates `org.pitest:pitest-junit5-plugin` from 1.2.1 to 1.2.3 - [Release notes](https://github.com/pitest/pitest-junit5-plugin/releases) - [Commits](https://github.com/pitest/pitest-junit5-plugin/compare/1.2.1...1.2.3) Updates `org.springframework.boot:spring-boot-maven-plugin` from 3.5.8 to 3.5.10 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.5.8...v3.5.10) Updates `au.com.dius.pact.provider:maven` from 4.6.17 to 4.6.19 - [Release notes](https://github.com/pact-foundation/pact-jvm/releases) - [Changelog](https://github.com/pact-foundation/pact-jvm/blob/master/CHANGELOG.md) - [Commits](https://github.com/pact-foundation/pact-jvm/commits) Updates `org.pitest:pitest-maven` from 1.22.0 to 1.22.1 - [Release notes](https://github.com/hcoles/pitest/releases) - [Commits](https://github.com/hcoles/pitest/compare/1.22.0...1.22.1) Updates `org.owasp:dependency-check-maven` from 12.1.9 to 12.2.0 - [Release notes](https://github.com/dependency-check/DependencyCheck/releases) - [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/dependency-check/DependencyCheck/compare/v12.1.9...v12.2.0) Updates `org.codehaus.mojo:exec-maven-plugin` from 3.5.1 to 3.6.3 - [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases) - [Commits](https://github.com/mojohaus/exec-maven-plugin/compare/3.5.1...3.6.3) --- updated-dependencies: - dependency-name: com.ensono.stacks.modules:stacks-modules-parent dependency-version: 3.0.139 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.springframework.cloud:spring-cloud-dependencies dependency-version: 2025.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: au.com.dius.pact:consumer dependency-version: 4.6.19 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-version: 1.12.797 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: com.puppycrawl.tools:checkstyle dependency-version: 12.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.pitest:pitest-junit5-plugin dependency-version: 1.2.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.springframework.boot:spring-boot-maven-plugin dependency-version: 3.5.10 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: au.com.dius.pact.provider:maven dependency-version: 4.6.19 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.pitest:pitest-maven dependency-version: 1.22.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.owasp:dependency-check-maven dependency-version: 12.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: org.codehaus.mojo:exec-maven-plugin dependency-version: 3.6.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: low-risk ... Signed-off-by: dependabot[bot] --- java/pom.xml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/java/pom.xml b/java/pom.xml index 87c03022..80deba0a 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -7,7 +7,7 @@ com.ensono.stacks.modules stacks-modules-parent - 3.0.111 + 3.0.139 com.amido.stacks.workloads @@ -28,15 +28,15 @@ 2.6.4 4.0.0 4.0.10 - 4.6.17 - 4.6.17 - 1.12.788 + 4.6.19 + 4.6.19 + 1.12.797 1.9.9.1 - 3.5.1 - 2025.0.0 + 3.6.3 + 2025.1.1 3.5.24 3.5.2 - 12.1.9 + 12.2.0 5.13.4 1.13.4 @@ -398,7 +398,7 @@ org.pitest pitest-junit5-plugin - 1.2.1 + 1.2.3 org.junit.platform From a041f78a7830b3e20505f5f299f4253dc693b53f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Feb 2026 13:11:54 +0000 Subject: [PATCH 03/16] build(deps): bump the low-risk group across 1 directory with 25 updates Bumps the low-risk group with 25 updates in the /api-tests directory: | Package | From | To | | --- | --- | --- | | [com.google.code.gson:gson](https://github.com/google/gson) | `2.13.1` | `2.13.2` | | [ch.qos.logback:logback-classic](https://github.com/qos-ch/logback) | `1.5.18` | `1.5.32` | | [io.cucumber:cucumber-java](https://github.com/cucumber/cucumber-jvm) | `7.33.0` | `7.34.2` | | [io.cucumber:cucumber-junit-platform-engine](https://github.com/cucumber/cucumber-jvm) | `7.33.0` | `7.34.2` | | [org.assertj:assertj-core](https://github.com/assertj/assertj) | `3.27.4` | `3.27.7` | | [net.bytebuddy:byte-buddy](https://github.com/raphw/byte-buddy) | `1.17.6` | `1.18.5` | | com.fasterxml.jackson.core:jackson-core | `2.19.2` | `2.21` | | com.fasterxml.jackson.core:jackson-databind | `2.19.2` | `2.21` | | [com.fasterxml.jackson.core:jackson-annotations](https://github.com/FasterXML/jackson) | `2.19.2` | `2.21` | | [io.netty:netty-codec-http](https://github.com/netty/netty) | `4.2.8.Final` | `4.2.10.Final` | | [io.netty:netty-codec-http2](https://github.com/netty/netty) | `4.2.3.Final` | `4.2.10.Final` | | [io.netty:netty-transport-native-epoll](https://github.com/netty/netty) | `4.2.3.Final` | `4.2.10.Final` | | [com.google.guava:guava](https://github.com/google/guava) | `33.4.8-jre` | `33.5.0-jre` | | [org.projectlombok:lombok](https://github.com/projectlombok/lombok) | `1.18.38` | `1.18.42` | | [org.apache.httpcomponents.client5:httpclient5](https://github.com/apache/httpcomponents-client) | `5.5` | `5.6` | | [commons-codec:commons-codec](https://github.com/apache/commons-codec) | `1.19.0` | `1.21.0` | | [com.github.spotbugs:spotbugs](https://github.com/spotbugs/spotbugs) | `4.9.4` | `4.9.8` | | [org.owasp:dependency-check-maven](https://github.com/dependency-check/DependencyCheck) | `12.1.9` | `12.2.0` | | [org.codehaus.mojo:exec-maven-plugin](https://github.com/mojohaus/exec-maven-plugin) | `3.5.1` | `3.6.3` | | [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.5` | | [org.apache.maven.plugins:maven-failsafe-plugin](https://github.com/apache/maven-surefire) | `3.5.3` | `3.5.5` | | [org.apache.maven.plugins:maven-compiler-plugin](https://github.com/apache/maven-compiler-plugin) | `3.14.0` | `3.15.0` | | [au.com.dius.pact.provider:maven](https://github.com/pact-foundation/pact-jvm) | `4.6.17` | `4.6.20` | | [org.apache.maven.plugins:maven-pmd-plugin](https://github.com/apache/maven-pmd-plugin) | `3.27.0` | `3.28.0` | | [com.github.spotbugs:spotbugs-maven-plugin](https://github.com/spotbugs/spotbugs-maven-plugin) | `4.9.3.2` | `4.9.8.2` | Updates `com.google.code.gson:gson` from 2.13.1 to 2.13.2 - [Release notes](https://github.com/google/gson/releases) - [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md) - [Commits](https://github.com/google/gson/compare/gson-parent-2.13.1...gson-parent-2.13.2) Updates `ch.qos.logback:logback-classic` from 1.5.18 to 1.5.32 - [Release notes](https://github.com/qos-ch/logback/releases) - [Commits](https://github.com/qos-ch/logback/compare/v_1.5.18...v_1.5.32) Updates `io.cucumber:cucumber-java` from 7.33.0 to 7.34.2 - [Release notes](https://github.com/cucumber/cucumber-jvm/releases) - [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md) - [Commits](https://github.com/cucumber/cucumber-jvm/compare/v7.33.0...v7.34.2) Updates `io.cucumber:cucumber-junit-platform-engine` from 7.33.0 to 7.34.2 - [Release notes](https://github.com/cucumber/cucumber-jvm/releases) - [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md) - [Commits](https://github.com/cucumber/cucumber-jvm/compare/v7.33.0...v7.34.2) Updates `io.cucumber:cucumber-junit-platform-engine` from 7.33.0 to 7.34.2 - [Release notes](https://github.com/cucumber/cucumber-jvm/releases) - [Changelog](https://github.com/cucumber/cucumber-jvm/blob/main/CHANGELOG.md) - [Commits](https://github.com/cucumber/cucumber-jvm/compare/v7.33.0...v7.34.2) Updates `org.assertj:assertj-core` from 3.27.4 to 3.27.7 - [Release notes](https://github.com/assertj/assertj/releases) - [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.4...assertj-build-3.27.7) Updates `net.bytebuddy:byte-buddy` from 1.17.6 to 1.18.5 - [Release notes](https://github.com/raphw/byte-buddy/releases) - [Changelog](https://github.com/raphw/byte-buddy/blob/master/release-notes.md) - [Commits](https://github.com/raphw/byte-buddy/compare/byte-buddy-1.17.6...byte-buddy-1.18.5) Updates `com.fasterxml.jackson.core:jackson-core` from 2.19.2 to 2.21 Updates `com.fasterxml.jackson.core:jackson-databind` from 2.19.2 to 2.21 Updates `com.fasterxml.jackson.core:jackson-annotations` from 2.19.2 to 2.21 - [Commits](https://github.com/FasterXML/jackson/commits) Updates `io.netty:netty-codec-http` from 4.2.8.Final to 4.2.10.Final - [Commits](https://github.com/netty/netty/compare/netty-4.2.8.Final...netty-4.2.10.Final) Updates `io.netty:netty-codec-http2` from 4.2.3.Final to 4.2.10.Final - [Commits](https://github.com/netty/netty/compare/netty-4.2.3.Final...netty-4.2.10.Final) Updates `io.netty:netty-transport-native-epoll` from 4.2.3.Final to 4.2.10.Final - [Commits](https://github.com/netty/netty/compare/netty-4.2.3.Final...netty-4.2.10.Final) Updates `com.google.guava:guava` from 33.4.8-jre to 33.5.0-jre - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) Updates `org.projectlombok:lombok` from 1.18.38 to 1.18.42 - [Changelog](https://github.com/projectlombok/lombok/blob/master/doc/changelog.markdown) - [Commits](https://github.com/projectlombok/lombok/compare/v1.18.38...v1.18.42) Updates `org.apache.httpcomponents.client5:httpclient5` from 5.5 to 5.6 - [Changelog](https://github.com/apache/httpcomponents-client/blob/master/RELEASE_NOTES.txt) - [Commits](https://github.com/apache/httpcomponents-client/compare/rel/v5.5...rel/v5.6) Updates `commons-codec:commons-codec` from 1.19.0 to 1.21.0 - [Changelog](https://github.com/apache/commons-codec/blob/master/RELEASE-NOTES.txt) - [Commits](https://github.com/apache/commons-codec/compare/rel/commons-codec-1.19.0...rel/commons-codec-1.21.0) Updates `com.github.spotbugs:spotbugs` from 4.9.4 to 4.9.8 - [Release notes](https://github.com/spotbugs/spotbugs/releases) - [Changelog](https://github.com/spotbugs/spotbugs/blob/master/CHANGELOG.md) - [Commits](https://github.com/spotbugs/spotbugs/compare/4.9.4...4.9.8) Updates `org.owasp:dependency-check-maven` from 12.1.9 to 12.2.0 - [Release notes](https://github.com/dependency-check/DependencyCheck/releases) - [Changelog](https://github.com/dependency-check/DependencyCheck/blob/main/CHANGELOG.md) - [Commits](https://github.com/dependency-check/DependencyCheck/compare/v12.1.9...v12.2.0) Updates `org.codehaus.mojo:exec-maven-plugin` from 3.5.1 to 3.6.3 - [Release notes](https://github.com/mojohaus/exec-maven-plugin/releases) - [Commits](https://github.com/mojohaus/exec-maven-plugin/compare/3.5.1...3.6.3) Updates `org.apache.maven.plugins:maven-surefire-plugin` from 3.5.3 to 3.5.5 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.3...surefire-3.5.5) Updates `org.apache.maven.plugins:maven-failsafe-plugin` from 3.5.3 to 3.5.5 - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.3...surefire-3.5.5) Updates `org.apache.maven.plugins:maven-compiler-plugin` from 3.14.0 to 3.15.0 - [Release notes](https://github.com/apache/maven-compiler-plugin/releases) - [Commits](https://github.com/apache/maven-compiler-plugin/compare/maven-compiler-plugin-3.14.0...maven-compiler-plugin-3.15.0) Updates `au.com.dius.pact.provider:maven` from 4.6.17 to 4.6.20 - [Release notes](https://github.com/pact-foundation/pact-jvm/releases) - [Changelog](https://github.com/pact-foundation/pact-jvm/blob/master/CHANGELOG.md) - [Commits](https://github.com/pact-foundation/pact-jvm/commits) Updates `org.apache.maven.plugins:maven-pmd-plugin` from 3.27.0 to 3.28.0 - [Release notes](https://github.com/apache/maven-pmd-plugin/releases) - [Commits](https://github.com/apache/maven-pmd-plugin/compare/maven-pmd-plugin-3.27.0...maven-pmd-plugin-3.28.0) Updates `com.github.spotbugs:spotbugs-maven-plugin` from 4.9.3.2 to 4.9.8.2 - [Release notes](https://github.com/spotbugs/spotbugs-maven-plugin/releases) - [Commits](https://github.com/spotbugs/spotbugs-maven-plugin/compare/spotbugs-maven-plugin-4.9.3.2...spotbugs-maven-plugin-4.9.8.2) --- updated-dependencies: - dependency-name: com.google.code.gson:gson dependency-version: 2.13.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: ch.qos.logback:logback-classic dependency-version: 1.5.32 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: io.cucumber:cucumber-java dependency-version: 7.34.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: io.cucumber:cucumber-junit-platform-engine dependency-version: 7.34.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: io.cucumber:cucumber-junit-platform-engine dependency-version: 7.34.2 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: org.assertj:assertj-core dependency-version: 3.27.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: net.bytebuddy:byte-buddy dependency-version: 1.18.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-version: '2.21' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: com.fasterxml.jackson.core:jackson-databind dependency-version: '2.21' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: com.fasterxml.jackson.core:jackson-annotations dependency-version: '2.21' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: io.netty:netty-codec-http dependency-version: 4.2.10.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: io.netty:netty-codec-http2 dependency-version: 4.2.10.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: io.netty:netty-transport-native-epoll dependency-version: 4.2.10.Final dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: com.google.guava:guava dependency-version: 33.5.0-jre dependency-type: direct:production update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: org.projectlombok:lombok dependency-version: 1.18.42 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.apache.httpcomponents.client5:httpclient5 dependency-version: '5.6' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: commons-codec:commons-codec dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: com.github.spotbugs:spotbugs dependency-version: 4.9.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.owasp:dependency-check-maven dependency-version: 12.2.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: org.codehaus.mojo:exec-maven-plugin dependency-version: 3.6.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.apache.maven.plugins:maven-failsafe-plugin dependency-version: 3.5.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.apache.maven.plugins:maven-compiler-plugin dependency-version: 3.15.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: au.com.dius.pact.provider:maven dependency-version: 4.6.20 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: low-risk - dependency-name: org.apache.maven.plugins:maven-pmd-plugin dependency-version: 3.28.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: low-risk - dependency-name: com.github.spotbugs:spotbugs-maven-plugin dependency-version: 4.9.8.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: low-risk ... Signed-off-by: dependabot[bot] --- api-tests/pom.xml | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/api-tests/pom.xml b/api-tests/pom.xml index 4fb422a9..e9d6995e 100644 --- a/api-tests/pom.xml +++ b/api-tests/pom.xml @@ -13,12 +13,12 @@ UTF-8 4.3.4 4.3.4 - 7.33.0 - 1.5.18 + 7.34.2 + 1.5.32 UTF-8 4 - 2.19.2 + 2.21 17 (@Functional or @Smoke or @Performance) and not @Ignore @@ -29,41 +29,41 @@ 4.0.10 4.0.10 4.0.10 - 4.9.4 + 4.9.8 11.0.0 5.13.4 - 3.27.4 + 3.27.7 3.0 - 1.17.6 + 1.18.5 3.0.0 3.0.0 - 33.4.8-jre + 33.5.0-jre 20250517 - 4.2.8.Final - 4.2.3.Final - 4.2.3.Final - 5.5 + 4.2.10.Final + 4.2.10.Final + 4.2.10.Final + 5.6 2.12.2 - 1.19.0 + 1.21.0 6.2.9 2.3.34 - 2.13.1 + 2.13.2 5.5.5 0.9.275 - 1.18.38 + 1.18.42 - 4.9.3.2 - 12.1.9 + 4.9.8.2 + 12.2.0 2.13 3.6.0 - 3.5.3 - 3.5.3 - 3.14.0 - 4.6.17 - 3.27.0 + 3.5.5 + 3.5.5 + 3.15.0 + 4.6.20 + 3.28.0 3.0.5 - 3.5.1 + 3.6.3 From 88d4394797522a55f4dc32cfce9432a13125c5c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Mar 2026 23:58:05 +0000 Subject: [PATCH 04/16] build(deps): bump com.fasterxml.jackson.core:jackson-core in /api-tests Bumps [com.fasterxml.jackson.core:jackson-core](https://github.com/FasterXML/jackson-core) from 2.19.2 to 2.21.1. - [Commits](https://github.com/FasterXML/jackson-core/compare/jackson-core-2.19.2...jackson-core-2.21.1) --- updated-dependencies: - dependency-name: com.fasterxml.jackson.core:jackson-core dependency-version: 2.21.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- api-tests/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-tests/pom.xml b/api-tests/pom.xml index 4fb422a9..2147000d 100644 --- a/api-tests/pom.xml +++ b/api-tests/pom.xml @@ -18,7 +18,7 @@ UTF-8 4 - 2.19.2 + 2.21.1 17 (@Functional or @Smoke or @Performance) and not @Ignore From 915b2a455268a5482593a93202cd0022a682ee78 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 00:37:00 +0000 Subject: [PATCH 05/16] build(deps): bump svgo in /build/azDevOps/azure/coverage Bumps [svgo](https://github.com/svg/svgo) from 3.3.2 to 3.3.3. - [Release notes](https://github.com/svg/svgo/releases) - [Commits](https://github.com/svg/svgo/compare/v3.3.2...v3.3.3) --- updated-dependencies: - dependency-name: svgo dependency-version: 3.3.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- .../azDevOps/azure/coverage/package-lock.json | 45 ++++++++++++------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/build/azDevOps/azure/coverage/package-lock.json b/build/azDevOps/azure/coverage/package-lock.json index 30a9bb79..acc17d6a 100644 --- a/build/azDevOps/azure/coverage/package-lock.json +++ b/build/azDevOps/azure/coverage/package-lock.json @@ -270,16 +270,6 @@ "node": ">=10" } }, - "node_modules/@trysound/sax": { - "version": "0.2.0", - "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz", - "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==", - "dev": true, - "license": "ISC", - "engines": { - "node": ">=10.13.0" - } - }, "node_modules/@types/cacheable-request": { "version": "6.0.3", "resolved": "https://registry.npmjs.org/@types/cacheable-request/-/cacheable-request-6.0.3.tgz", @@ -1443,6 +1433,21 @@ "node": ">=10.13.0" } }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, "node_modules/function-bind": { "version": "1.1.2", "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", @@ -3168,6 +3173,16 @@ "dev": true, "license": "MIT" }, + "node_modules/sax": { + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/sax/-/sax-1.5.0.tgz", + "integrity": "sha512-21IYA3Q5cQf089Z6tgaUTr7lDAyzoTPx5HRtbhsME8Udispad8dC/+sziTNugOEx54ilvatQ9YCzl4KQLPcRHA==", + "dev": true, + "license": "BlueOak-1.0.0", + "engines": { + "node": ">=11.0.0" + } + }, "node_modules/semver": { "version": "5.7.2", "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.2.tgz", @@ -3418,19 +3433,19 @@ } }, "node_modules/svgo": { - "version": "3.3.2", - "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.2.tgz", - "integrity": "sha512-OoohrmuUlBs8B8o6MB2Aevn+pRIH9zDALSR+6hhqVfa6fRwG/Qw9VUMSMW9VNg2CFc/MTIfabtdOVl9ODIJjpw==", + "version": "3.3.3", + "resolved": "https://registry.npmjs.org/svgo/-/svgo-3.3.3.tgz", + "integrity": "sha512-+wn7I4p7YgJhHs38k2TNjy1vCfPIfLIJWR5MnCStsN8WuuTcBnRKcMHQLMM2ijxGZmDoZwNv8ipl5aTTen62ng==", "dev": true, "license": "MIT", "dependencies": { - "@trysound/sax": "0.2.0", "commander": "^7.2.0", "css-select": "^5.1.0", "css-tree": "^2.3.1", "css-what": "^6.1.0", "csso": "^5.0.5", - "picocolors": "^1.0.0" + "picocolors": "^1.0.0", + "sax": "^1.5.0" }, "bin": { "svgo": "bin/svgo" From ec5602144ecf980f38d7eb0d5d05824bcc5e89e5 Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Fri, 20 Mar 2026 10:52:36 +0000 Subject: [PATCH 06/16] disable: OWASP Dependency Check temporarily --- build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml index 4abac5ac..31695cf5 100644 --- a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml +++ b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml @@ -7,6 +7,12 @@ ############################################################################################################################# name: $(version_major).$(version_minor).$(version_patch)-$(Build.SourceBranchName)-$(Rev:r) +parameters: + - name: runVulnerabilityScan + displayName: Run OWASP Dependency Check + type: boolean + default: false + pr: - master @@ -138,7 +144,7 @@ variables: # Vulnerability Scan - name: vulnerability_scan - value: true + value: ${{ parameters.runVulnerabilityScan }} - name: vulnerability_scan_report value: "target/dependency-check-report.html" - name: oss_index_username From dd171af823c84041f80df833ce48ef85f3c98de0 Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Fri, 20 Mar 2026 11:34:18 +0000 Subject: [PATCH 07/16] fix: spring boot 3.5 migration --- docs/spring-boot-3.5-migration.md | 26 +++++++------- java/pom.xml | 2 +- .../DomainToDtoMapperMapstructTest.java | 36 ++++++++++--------- 3 files changed, 32 insertions(+), 32 deletions(-) diff --git a/docs/spring-boot-3.5-migration.md b/docs/spring-boot-3.5-migration.md index aee1a94b..a3cef876 100644 --- a/docs/spring-boot-3.5-migration.md +++ b/docs/spring-boot-3.5-migration.md @@ -11,7 +11,7 @@ The `stacks-modules-parent:3.0.98` brings in Spring Boot 3.5.7, which introduces **Problem:** The current Spring Cloud version (`2022.0.4`) is incompatible with Spring Boot 3.5.7. -``` +```text Spring Boot [3.5.7] is not compatible with this Spring Cloud release train. Change Spring Boot version to one of the following versions [3.0.x, 3.1.x]. ``` @@ -24,7 +24,7 @@ Update `spring.cloud.dependencies.version` to a version compatible with Spring B | 3.0.x, 3.1.x | 2022.0.x (Kilburn) | | 3.2.x | 2023.0.x (Leyton) | | 3.3.x, 3.4.x | 2024.0.x | -| 3.5.x | 2025.0.x | +| 3.5.x | 2024.0.x in this repository | **Workaround (current):** Projects can disable the compatibility verifier in `application-test.yml`: @@ -36,7 +36,7 @@ spring: enabled: false ``` -**Action Required:** Update parent POM to use Spring Cloud 2024.0.x or later (once 2025.0.x is available for Spring Boot 3.5.x support). +**Action Required:** Keep this repository on Spring Cloud 2024.0.x while it remains on the current parent POM and Spring Boot 3.5.x line. This repository now uses Spring Cloud 2024.0.3 because Spring Cloud 2025.1.1 pulled in `spring-cloud-config-client 5.0.1`, which is not compatible with the Spring Framework 6.2.x line provided by the current parent. --- @@ -45,7 +45,7 @@ spring: **Problem:** Spring Boot 3.5.x has stricter validation for Spring Security filter chains. Multiple `SecurityFilterChain` beans matching "any request" now throw an error: -``` +```text UnreachableFilterChainException: A filter chain that matches any request [...ApplicationConfig...] has already been configured, which means that this filter chain [...ApplicationNoSecurity...] will never get invoked. @@ -81,7 +81,7 @@ public class ApplicationNoSecurity { **Problem:** Spring Boot 3.5.x has stricter bean resolution when multiple beans of the same type exist through inheritance: -``` +```text NoUniqueBeanDefinitionException: expected single matching bean but found 2: menuService, menuServiceV2 ``` @@ -111,7 +111,7 @@ public class MenuServiceV2 extends MenuService { **Problem:** Property placeholders like `@aws.profile.name@` in `application.yml` are not being replaced because Maven resource filtering is not enabled by default. -``` +```text Profile '@aws.profile.name@' must start and end with a letter or digit ``` @@ -149,9 +149,9 @@ Enable resource filtering in `pom.xml`: ### Recommended (Should Add) -2. **Add default resource filtering configuration** so child projects don't need to configure it manually +1. **Add default resource filtering configuration** so child projects don't need to configure it manually -3. **Update documentation** to note the following breaking changes for downstream projects: +2. **Update documentation** to note the following breaking changes for downstream projects: - Security filter chain mutual exclusivity requirements - Bean resolution changes for inheritance hierarchies - Profile annotation requirements for conditional configurations @@ -160,12 +160,10 @@ Enable resource filtering in `pom.xml`: Until the parent POM is updated, the following workarounds have been applied: -| Issue | Workaround | File | -|--------------------------------|---------------------------------|-------------------------------------------| -| Spring Cloud incompatibility | Disabled compatibility verifier | `src/test/resources/application-test.yml` | -| Security filter chain conflict | Added `@Profile("!test")` | `ApplicationConfig.java` | -| Bean resolution conflict | Added `@Primary` | `MenuService.java` | -| Resource filtering | Added filtering config | `pom.xml` | +- Spring Cloud incompatibility: pin the BOM to `2024.0.3` and avoid Spring bootstrapping in mapper unit tests. Files: `java/pom.xml`, `java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java` +- Security filter chain conflict: added `@Profile("!test")`. File: `ApplicationConfig.java` +- Bean resolution conflict: added `@Primary`. File: `MenuService.java` +- Resource filtering: added filtering config. File: `pom.xml` ## Testing Verification diff --git a/java/pom.xml b/java/pom.xml index 80deba0a..94cbd91f 100644 --- a/java/pom.xml +++ b/java/pom.xml @@ -33,7 +33,7 @@ 1.12.797 1.9.9.1 3.6.3 - 2025.1.1 + 2024.0.3 3.5.24 3.5.2 12.2.0 diff --git a/java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java b/java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java index 9b4a573b..81360651 100644 --- a/java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java +++ b/java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java @@ -15,30 +15,32 @@ import java.util.UUID; import org.junit.jupiter.api.Tag; import org.junit.jupiter.api.Test; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; +import org.springframework.test.util.ReflectionTestUtils; @Tag("Unit") -@SpringBootTest( - classes = { - MenuMapper.class, - MenuMapperImpl.class, - CategoryMapper.class, - CategoryMapperImpl.class, - ItemMapper.class, - ItemMapperImpl.class, - SearchMenuResultItemMapper.class, - SearchMenuResultItemMapperImpl.class - }) class DomainToDtoMapperMapstructTest { - @Autowired private MenuMapper menuMapper; + private final MenuMapper menuMapper; - @Autowired private CategoryMapper categoryMapper; + private final CategoryMapper categoryMapper; - @Autowired private ItemMapper itemMapper; + private final ItemMapper itemMapper; - @Autowired private SearchMenuResultItemMapper searchMenuResultItemMapper; + private final SearchMenuResultItemMapper searchMenuResultItemMapper; + + DomainToDtoMapperMapstructTest() { + itemMapper = new ItemMapperImpl(); + + CategoryMapperImpl categoryMapperImpl = new CategoryMapperImpl(); + ReflectionTestUtils.setField(categoryMapperImpl, "itemMapper", itemMapper); + categoryMapper = categoryMapperImpl; + + MenuMapperImpl menuMapperImpl = new MenuMapperImpl(); + ReflectionTestUtils.setField(menuMapperImpl, "categoryMapper", categoryMapper); + menuMapper = menuMapperImpl; + + searchMenuResultItemMapper = new SearchMenuResultItemMapperImpl(); + } @Test void menuToMenuDto() { From 2af53fb129f139f60c296cc66551c97978abbead Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Fri, 20 Mar 2026 12:00:06 +0000 Subject: [PATCH 08/16] fix: acctuator tests --- .../com/amido/stacks/workloads/actuator/ActuatorTest.java | 2 ++ java/src/test/resources/application-test.yml | 6 ++++++ 2 files changed, 8 insertions(+) create mode 100644 java/src/test/resources/application-test.yml diff --git a/java/src/test/java/com/amido/stacks/workloads/actuator/ActuatorTest.java b/java/src/test/java/com/amido/stacks/workloads/actuator/ActuatorTest.java index db8f210d..d5193c0f 100644 --- a/java/src/test/java/com/amido/stacks/workloads/actuator/ActuatorTest.java +++ b/java/src/test/java/com/amido/stacks/workloads/actuator/ActuatorTest.java @@ -12,12 +12,14 @@ import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.web.client.TestRestTemplate; import org.springframework.http.HttpStatus; +import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.TestPropertySource; @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) @TestPropertySource(properties = {"management.port=0"}) @EnableAutoConfiguration @Tag("Component") +@ActiveProfiles("test") class ActuatorTest { @Value("${local.management.port}") diff --git a/java/src/test/resources/application-test.yml b/java/src/test/resources/application-test.yml new file mode 100644 index 00000000..650e4848 --- /dev/null +++ b/java/src/test/resources/application-test.yml @@ -0,0 +1,6 @@ +spring: + cloud: + compatibility-verifier: + enabled: false + config: + enabled: false From e0c67a996a43ebaab8988f75f6db98160f3fd67c Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Fri, 20 Mar 2026 12:25:18 +0000 Subject: [PATCH 09/16] fix: api-tests dependency resolution --- api-tests/pom.xml | 3 ++- .../java/com/amido/stacks/tests/api/CucumberTestSuite.java | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/api-tests/pom.xml b/api-tests/pom.xml index 391448d9..f2e36add 100644 --- a/api-tests/pom.xml +++ b/api-tests/pom.xml @@ -19,6 +19,7 @@ 4 2.21.1 + 2.21 17 (@Functional or @Smoke or @Performance) and not @Ignore @@ -259,7 +260,7 @@ com.fasterxml.jackson.core jackson-annotations - ${jackson.version} + ${jackson.annotations.version} io.netty diff --git a/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java b/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java index 8ab26026..223735f6 100644 --- a/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java +++ b/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java @@ -1,6 +1,7 @@ package com.amido.stacks.tests.api; import static io.cucumber.junit.platform.engine.Constants.FEATURES_PROPERTY_NAME; +import static io.cucumber.junit.platform.engine.Constants.GLUE_PROPERTY_NAME; import org.junit.jupiter.api.Tag; import org.junit.jupiter.api.condition.DisabledIfSystemProperty; @@ -18,4 +19,5 @@ @DisabledIfSystemProperty(named = "untagged.test.check", matches = "true") @IncludeEngines("cucumber") @ConfigurationParameter(key = FEATURES_PROPERTY_NAME, value = "classpath:cucumber/features") +@ConfigurationParameter(key = GLUE_PROPERTY_NAME, value = "com.amido.stacks.tests.api.stepdefinitions") public class CucumberTestSuite {} From 71ada3def50cb6fabb998dccd75cc772a9177967 Mon Sep 17 00:00:00 2001 From: Richard Slater <630786+RichardSlater@users.noreply.github.com> Date: Mon, 23 Mar 2026 09:47:41 +0000 Subject: [PATCH 10/16] fix: centralized Jackson versions Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- api-tests/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-tests/pom.xml b/api-tests/pom.xml index f2e36add..08247260 100644 --- a/api-tests/pom.xml +++ b/api-tests/pom.xml @@ -19,7 +19,7 @@ 4 2.21.1 - 2.21 + ${jackson.version} 17 (@Functional or @Smoke or @Performance) and not @Ignore From fa8c40f98c2efe0690670064daa00f529b911d37 Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Mon, 23 Mar 2026 10:38:42 +0000 Subject: [PATCH 11/16] fix: address PR #1551 review comments Addresses review feedback on PR #1551 by restoring OWASP scan defaults, passing vulnerability scan booleans through Azure DevOps templates correctly, replacing brittle MapStruct reflection wiring with constructor injection, and correcting the Spring Boot migration note. --- .github/prompts/address-pr-comments.prompt.md | 371 ++++++++++++++++++ .../azure/azure-pipelines-javaspring-k8s.yml | 8 +- docs/spring-boot-3.5-migration.md | 2 +- .../menu/mappers/CategoryMapper.java | 2 + .../workloads/menu/mappers/MenuMapper.java | 2 + .../mappers/SearchMenuResultItemMapper.java | 15 +- .../DomainToDtoMapperMapstructTest.java | 10 +- 7 files changed, 395 insertions(+), 15 deletions(-) create mode 100644 .github/prompts/address-pr-comments.prompt.md diff --git a/.github/prompts/address-pr-comments.prompt.md b/.github/prompts/address-pr-comments.prompt.md new file mode 100644 index 00000000..200daed6 --- /dev/null +++ b/.github/prompts/address-pr-comments.prompt.md @@ -0,0 +1,371 @@ +--- +agent: agent +name: address-pr-comments +description: Review and address all unresolved comments on a GitHub Pull Request, implement the requested changes, and commit the fixes. +model: GPT-5.4 (copilot) +--- + +# Address PR Comments Agent + +## Purpose + +This prompt guides an AI agent to review and address all **unresolved** comments on a GitHub Pull Request, +implement the requested changes, and commit the fixes. When replying to review feedback, +prefer a **single batched review submission** so reviewers receive one grouped notification instead +of one notification per reply. + +## Prerequisites + +- GitHub CLI (`gh`) installed and authenticated +- GitHub MCP server available with PR tools activated +- Current branch matches the PR branch being addressed +- Repository has uncommitted changes handled (stash or commit first) +- Ensure `GH_PAGER` is set to `cat` to avoid pagination issues with less requiring user interaction + +## User Input + +```text +$ARGUMENTS +``` + +The user may provide: + +- A PR number (e.g., `26`) +- A PR URL (e.g., `https://github.com/owner/repo/pull/26`) +- Nothing (use current branch's PR) + +## Execution Flow + +### Phase 1: PR Discovery & Context Gathering + +1. **Determine the target PR**: + - If PR number provided in `$ARGUMENTS`, use it directly + - If PR URL provided, extract the PR number + - If no argument, detect PR from current branch: + + ```bash + gh pr view --json number --jq '.number' + ``` + +2. **Verify branch alignment**: + - Get current git branch: `git branch --show-current` + - Get PR head branch via `gh pr view --json headRefName --jq '.headRefName'` + - If branches don't match, STOP and ask user to switch branches first + +3. **Fetch PR metadata**: + + ```bash + gh pr view --json title,body,state,reviewDecision,reviews,comments + ``` + +### Phase 2: Retrieve All Review Comments + +1. **Get repository details**: + + ```bash + gh repo view --json owner,name --jq '{owner: .owner.login, name: .name}' + ``` + +2. **Get all PR review threads with resolution status**: + + ```bash + # Replace OWNER, REPO, and PR_NUMBER with actual values + gh api graphql -f query=' + query($owner: String!, $repo: String!, $pr: Int!) { + repository(owner: $owner, name: $repo) { + pullRequest(number: $pr) { + reviewThreads(first: 100) { + nodes { + id + isResolved + isOutdated + path + line + comments(first: 10) { + nodes { + databaseId + body + author { login } + createdAt + } + } + } + } + } + } + } + ' -f owner=OWNER -f repo=REPO -F pr=PR_NUMBER + ``` + +3. **Filter to unresolved threads only**: + - `isResolved: false` + - Optionally include `isOutdated: false` to skip comments on old code + +### Phase 3: Analyze & Categorize Comments + +For each unresolved comment, categorize as: + +| Category | Action Required | +| ----------------- | ---------------------------------------- | +| **Code Change** | Modify source file at specified location | +| **Documentation** | Update docs, comments, or Rustdoc | +| **Test Addition** | Add or modify test cases | +| **Clarification** | Reply with explanation (no code change) | +| **Out of Scope** | Mark for follow-up issue creation | +| **Disagree** | Prepare response explaining rationale | + +Create a structured todo list: + +```json +{ + "pr_number": 26, + "unresolved_count": 5, + "comments": [ + { + "id": "thread_id", + "path": "src/lib.rs", + "line": 42, + "category": "Code Change", + "summary": "Add error handling for edge case", + "reviewer": "reviewer_username", + "action_plan": "Add match arm for empty input" + } + ] +} +``` + +### Phase 4: Address Each Comment + +For each comment requiring code changes: + +1. **Read the relevant file context**: + - Use `read_file` tool to get surrounding context (±20 lines around the comment line) + - Understand the current implementation + +2. **Implement the fix**: + - Use `replace_string_in_file` or `multi_replace_string_in_file` for edits + - Follow Constitution principles (TDD, Clean Code, Security-First) + - If the fix requires new tests, add them first (Red-Green-Refactor) + +3. **Validate the change**: + - Run `cargo fmt` to ensure formatting + - Run `cargo clippy` to check for warnings + - Run relevant tests: `cargo test --workspace` + +4. **Prepare reply text** for each addressed comment: + + ```markdown + Addressed in commit [SHA]: + + - [Brief description of the change] + - [Any additional context or decisions made] + ``` + +5. **Prepare batched review content**: + - Keep a per-thread reply for each unresolved thread + - Also prepare one overall review summary covering all addressed, clarified, and deferred items + - Keep broad rationale in the review summary and thread-specific details in the thread reply + +### Phase 5: Commit Changes + +1. **Stage changes by category** (prefer atomic commits): + + ```bash + git add + git commit -m "fix(scope): address review comment - + + Addresses review comment by @reviewer on PR #: + + + Changes: + - + - " + ``` + +2. **Alternative: Single commit for multiple related comments**: + + ```bash + git add -A + git commit -m "fix: address PR # review comments + + Addresses the following review feedback: + - @reviewer1: + - @reviewer2: + + Changes: + - + - + - " + ``` + +3. **Push changes**: + + ```bash + git push origin HEAD + ``` + +### Phase 6: Submit One Batched Review + +Do **not** post each reply individually unless batching is unavailable. Prefer one pending review, +attach all thread replies to it, then submit once so GitHub sends one grouped notification. + +1. **Create a pending review**: + + ```bash + # Replace PR_NODE_ID with the pull request GraphQL node id + gh api graphql -f query=' + mutation($pullRequestId: ID!) { + addPullRequestReview(input: {pullRequestId: $pullRequestId}) { + pullRequestReview { + id + } + } + } + ' -f pullRequestId=PR_NODE_ID + ``` + +2. **Add a reply for each unresolved thread to that pending review**: + + ```bash + # Replace REVIEW_ID and THREAD_ID with GraphQL node ids + gh api graphql -f query=' + mutation($reviewId: ID!, $threadId: ID!, $body: String!) { + addPullRequestReviewThreadReply( + input: { + pullRequestReviewId: $reviewId + pullRequestReviewThreadId: $threadId + body: $body + } + ) { + comment { + id + } + } + } + ' -f reviewId=REVIEW_ID -f threadId=THREAD_ID -f body='Addressed in commit abc1234. + - Added null check for empty input + - Updated tests to cover the edge case' + ``` + +3. **Submit the review once all thread replies are attached**: + + ```bash + gh api graphql -f query=' + mutation($reviewId: ID!, $body: String!) { + submitPullRequestReview( + input: { + pullRequestReviewId: $reviewId + event: COMMENT + body: $body + } + ) { + pullRequestReview { + id + url + } + } + } + ' -f reviewId=REVIEW_ID -f body='Addressed PR feedback in the linked commit(s). + + Summary: + - Resolved the requested code and test updates + - Added clarifications where code changes were not needed + - Deferred any out-of-scope items explicitly' + ``` + +4. **Fallback only if batching is unavailable**: + - Prefer GitHub MCP review tools if they support pending reviews and thread replies + - If review batching is not available, fall back to individual replies and warn that multiple notifications may be sent + - Avoid mixing batched review replies and individual replies unless the tooling forces it + +### Phase 7: Summary Report + +Output a summary: + +```markdown +## PR # Review Comments Addressed + +**Total unresolved comments**: X +**Addressed**: Y +**Deferred/Out of scope**: Z + +### Commits Created + +| Commit | Files | Comments Addressed | +| ------- | -------------------- | ------------------ | +| abc1234 | src/lib.rs | #1, #3 | +| def5678 | tests/integration.rs | #2 | + +### Review Submission + +- [x] Submitted one batched review for addressed threads +- [x] Included per-thread replies in the review +- [ ] Comment #3 by @reviewer3 - Deferred (created issue #XX) + +### Follow-up Items + +- Issue #XX: +``` + +## Error Handling + +- **Branch mismatch**: Stop and instruct user to checkout correct branch +- **Merge conflicts**: Stop and ask user to resolve conflicts first +- **Test failures**: Report which tests fail and ask for guidance +- **Unclear comments**: Ask for clarification before making changes +- **Permissions issues**: Report and suggest manual gh auth refresh +- **Batch review unsupported**: Fall back to individual replies only after stating that multiple notifications may be sent + +## Constitution Compliance + +This workflow MUST adhere to: + +- **Principle I (TDD)**: If adding functionality, write tests first +- **Principle IV (Clean Code)**: Ensure changes are readable and maintainable +- **Principle V (Security-First)**: Review any security implications of changes +- **Commit Hygiene**: GPG-signed commits with conventional commit messages +- **Branching Workflow**: Work on the correct feature branch + +## Example Usage + +```text +User: Address comments on PR 26 +Agent: +1. Fetching PR #26 details... +2. Found 3 unresolved review threads +3. Categorizing comments: + - Comment 1: Code change needed in src/routing.rs:142 + - Comment 2: Documentation update in docs/USAGE.md + - Comment 3: Clarification question (will reply) +4. Implementing fixes... +5. Running validation (fmt, clippy, tests)... +6. Committing changes... +7. Submitting one batched review... +8. Summary: 2 code changes committed, 1 clarification included in the batched review +``` + +## Quick Reference Commands + +```bash +# View PR details +gh pr view + +# List all comments +gh pr view --comments + +# Get review threads (GraphQL) +gh api graphql -f query='...' + +# Create a pending review +gh api repos/{owner}/{repo}/pulls/{pr}/reviews --method POST + +# Submit a pending review +gh api repos/{owner}/{repo}/pulls/{pr}/reviews/{review_id}/events --method POST -f event=COMMENT -f body="..." + +# Push and update PR +git push origin HEAD + +# Re-request review after addressing comments +gh pr edit --add-reviewer +``` + diff --git a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml index 31695cf5..d7d319dd 100644 --- a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml +++ b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml @@ -11,7 +11,7 @@ parameters: - name: runVulnerabilityScan displayName: Run OWASP Dependency Check type: boolean - default: false + default: true pr: - master @@ -234,7 +234,7 @@ stages: # Docker docker_build_container: "${{ variables.docker_java_image }}" # Vulnerability Scanning - vulnerability_scan: "${{ variables.vulnerability_scan }}" + vulnerability_scan: ${{ variables.vulnerability_scan }} nvd_api_key: "$(NVD_API_KEY)" oss_index_username: "${{ variables.oss_index_username }}" oss_index_password: "${{ variables.oss_index_password }}" @@ -259,7 +259,7 @@ stages: # Docker docker_build_container: "${{ variables.docker_java_image }}" # Vulnerability Scan - vulnerability_scan: "${{ variables.vulnerability_scan }}" + vulnerability_scan: ${{ variables.vulnerability_scan }} nvd_api_key: "$(NVD_API_KEY)" oss_index_username: "${{ variables.oss_index_username }}" oss_index_password: "${{ variables.oss_index_password }}" @@ -321,7 +321,7 @@ stages: functional_test: ${{ variables.functional_test }} functional_test_artefact_name: "${{ variables.functional_test_artefact_name }}" functional_test_artefact_path: "${{ variables.functional_test_artefact_path }}" - vulnerability_scan: "${{ variables.vulnerability_scan }}" + vulnerability_scan: ${{ variables.vulnerability_scan }} vulnerability_scan_report: "${{ variables.vulnerability_scan_report }}" java_project_type: "${{ variables.java_project_type }}" functional_test_project_type: "${{ variables.functional_test_project_type }}" diff --git a/docs/spring-boot-3.5-migration.md b/docs/spring-boot-3.5-migration.md index a3cef876..dd3feff8 100644 --- a/docs/spring-boot-3.5-migration.md +++ b/docs/spring-boot-3.5-migration.md @@ -163,7 +163,7 @@ Until the parent POM is updated, the following workarounds have been applied: - Spring Cloud incompatibility: pin the BOM to `2024.0.3` and avoid Spring bootstrapping in mapper unit tests. Files: `java/pom.xml`, `java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java` - Security filter chain conflict: added `@Profile("!test")`. File: `ApplicationConfig.java` - Bean resolution conflict: added `@Primary`. File: `MenuService.java` -- Resource filtering: added filtering config. File: `pom.xml` +- Resource filtering: recommended to add filtering config in the parent POM; not yet applied in `java/pom.xml`. ## Testing Verification diff --git a/java/src/main/java/com/amido/stacks/workloads/menu/mappers/CategoryMapper.java b/java/src/main/java/com/amido/stacks/workloads/menu/mappers/CategoryMapper.java index e4172ee0..c94577b6 100644 --- a/java/src/main/java/com/amido/stacks/workloads/menu/mappers/CategoryMapper.java +++ b/java/src/main/java/com/amido/stacks/workloads/menu/mappers/CategoryMapper.java @@ -3,11 +3,13 @@ import com.amido.stacks.core.mapping.BaseMapper; import com.amido.stacks.workloads.menu.api.v1.dto.response.CategoryDTO; import com.amido.stacks.workloads.menu.domain.Category; +import org.mapstruct.InjectionStrategy; import org.mapstruct.Mapper; import org.mapstruct.NullValueCheckStrategy; @Mapper( componentModel = "spring", uses = {ItemMapper.class}, + injectionStrategy = InjectionStrategy.CONSTRUCTOR, nullValueCheckStrategy = NullValueCheckStrategy.ALWAYS) public interface CategoryMapper extends BaseMapper {} diff --git a/java/src/main/java/com/amido/stacks/workloads/menu/mappers/MenuMapper.java b/java/src/main/java/com/amido/stacks/workloads/menu/mappers/MenuMapper.java index 001a331c..d3e99533 100644 --- a/java/src/main/java/com/amido/stacks/workloads/menu/mappers/MenuMapper.java +++ b/java/src/main/java/com/amido/stacks/workloads/menu/mappers/MenuMapper.java @@ -4,11 +4,13 @@ import com.amido.stacks.core.mapping.MapperUtils; import com.amido.stacks.workloads.menu.api.v1.dto.response.MenuDTO; import com.amido.stacks.workloads.menu.domain.Menu; +import org.mapstruct.InjectionStrategy; import org.mapstruct.Mapper; import org.mapstruct.NullValueCheckStrategy; @Mapper( componentModel = "spring", uses = {MapperUtils.class, CategoryMapper.class}, + injectionStrategy = InjectionStrategy.CONSTRUCTOR, nullValueCheckStrategy = NullValueCheckStrategy.ALWAYS) public interface MenuMapper extends BaseMapper {} diff --git a/java/src/main/java/com/amido/stacks/workloads/menu/mappers/SearchMenuResultItemMapper.java b/java/src/main/java/com/amido/stacks/workloads/menu/mappers/SearchMenuResultItemMapper.java index 6536061f..81c55378 100644 --- a/java/src/main/java/com/amido/stacks/workloads/menu/mappers/SearchMenuResultItemMapper.java +++ b/java/src/main/java/com/amido/stacks/workloads/menu/mappers/SearchMenuResultItemMapper.java @@ -5,10 +5,21 @@ import com.amido.stacks.workloads.menu.api.v1.dto.response.SearchMenuResultItem; import com.amido.stacks.workloads.menu.domain.Menu; import org.mapstruct.Mapper; +import org.mapstruct.Mapping; +import org.mapstruct.MappingTarget; import org.mapstruct.NullValueCheckStrategy; @Mapper( componentModel = "spring", - uses = {MapperUtils.class, CategoryMapper.class}, + uses = {MapperUtils.class}, nullValueCheckStrategy = NullValueCheckStrategy.ALWAYS) -public interface SearchMenuResultItemMapper extends BaseMapper {} +public interface SearchMenuResultItemMapper extends BaseMapper { + + @Override + @Mapping(target = "categories", ignore = true) + Menu fromDto(SearchMenuResultItem arg0); + + @Override + @Mapping(target = "categories", ignore = true) + void updateFromDto(SearchMenuResultItem arg0, @MappingTarget Menu arg1); +} diff --git a/java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java b/java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java index 81360651..7d1a5699 100644 --- a/java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java +++ b/java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java @@ -15,7 +15,6 @@ import java.util.UUID; import org.junit.jupiter.api.Tag; import org.junit.jupiter.api.Test; -import org.springframework.test.util.ReflectionTestUtils; @Tag("Unit") class DomainToDtoMapperMapstructTest { @@ -31,13 +30,8 @@ class DomainToDtoMapperMapstructTest { DomainToDtoMapperMapstructTest() { itemMapper = new ItemMapperImpl(); - CategoryMapperImpl categoryMapperImpl = new CategoryMapperImpl(); - ReflectionTestUtils.setField(categoryMapperImpl, "itemMapper", itemMapper); - categoryMapper = categoryMapperImpl; - - MenuMapperImpl menuMapperImpl = new MenuMapperImpl(); - ReflectionTestUtils.setField(menuMapperImpl, "categoryMapper", categoryMapper); - menuMapper = menuMapperImpl; + categoryMapper = new CategoryMapperImpl(itemMapper); + menuMapper = new MenuMapperImpl(categoryMapper); searchMenuResultItemMapper = new SearchMenuResultItemMapperImpl(); } From 15c3513330a3a446de1fd07cc0dae14c45cc16ad Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Wed, 25 Mar 2026 11:19:43 +0000 Subject: [PATCH 12/16] Fix api-tests Jackson dependency management --- api-tests/pom.xml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/api-tests/pom.xml b/api-tests/pom.xml index 08247260..97bf68f9 100644 --- a/api-tests/pom.xml +++ b/api-tests/pom.xml @@ -18,8 +18,7 @@ UTF-8 4 - 2.21.1 - ${jackson.version} + 2.20.1 17 (@Functional or @Smoke or @Performance) and not @Ignore @@ -69,6 +68,13 @@ + + com.fasterxml.jackson + jackson-bom + ${jackson-bom.version} + pom + import + org.junit junit-bom @@ -250,17 +256,14 @@ com.fasterxml.jackson.core jackson-core - ${jackson.version} com.fasterxml.jackson.core jackson-databind - ${jackson.version} com.fasterxml.jackson.core jackson-annotations - ${jackson.annotations.version} io.netty From e77b1bed0ec6964e4a31d19fae0aa8ebabefd75a Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Wed, 25 Mar 2026 11:33:51 +0000 Subject: [PATCH 13/16] Disable vulnerability scan by default --- build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml index d7d319dd..6be0bc7f 100644 --- a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml +++ b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml @@ -11,7 +11,8 @@ parameters: - name: runVulnerabilityScan displayName: Run OWASP Dependency Check type: boolean - default: true + # Default off because refreshing the NVD database adds significant runtime and often stalls normal branch validation. + default: false pr: - master From 13a95002fe311850afb1c87063a31f210263708a Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Wed, 25 Mar 2026 11:45:17 +0000 Subject: [PATCH 14/16] Format Cucumber test suite --- .../java/com/amido/stacks/tests/api/CucumberTestSuite.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java b/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java index 223735f6..42902a5a 100644 --- a/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java +++ b/api-tests/src/test/java/com/amido/stacks/tests/api/CucumberTestSuite.java @@ -19,5 +19,7 @@ @DisabledIfSystemProperty(named = "untagged.test.check", matches = "true") @IncludeEngines("cucumber") @ConfigurationParameter(key = FEATURES_PROPERTY_NAME, value = "classpath:cucumber/features") -@ConfigurationParameter(key = GLUE_PROPERTY_NAME, value = "com.amido.stacks.tests.api.stepdefinitions") +@ConfigurationParameter( + key = GLUE_PROPERTY_NAME, + value = "com.amido.stacks.tests.api.stepdefinitions") public class CucumberTestSuite {} From 05b1c1716dedbceba1e2d9afd911d30d37040c92 Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Wed, 25 Mar 2026 12:46:23 +0000 Subject: [PATCH 15/16] Align AKS pipeline inputs with output variable groups --- .../azure/azure-pipelines-javaspring-k8s.yml | 34 +++++++++---------- build/azDevOps/azure/azuredevops-vars.yml | 28 ++------------- deploy/azure/app/kube/app_insights.tf | 4 +-- deploy/azure/app/kube/main.tf | 2 +- deploy/azure/app/kube/variables.tf | 12 +++++++ 5 files changed, 34 insertions(+), 46 deletions(-) diff --git a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml index 6be0bc7f..7346ea25 100644 --- a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml +++ b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml @@ -344,11 +344,12 @@ stages: - group: stacks-acr-creds - group: stacks-infra-credentials-nonprod - group: stacks-credentials-nonprod-kv + - group: stacks-dev-outputs - group: stacks-java-api - name: dns_name value: "$(Environment.ShortName)-java-api" - name: infra_resource_group - value: $(tf_core_resource_group_nonprod) + value: $(resource_group_name) - name: Environment.ShortName value: dev - name: BUILD_ATTEMPT_NUMBER @@ -366,8 +367,6 @@ stages: value: "{}" - name: resource_group_location value: "$(region)" - - name: app_gateway_frontend_ip_name - value: $(tf_app_gateway_frontend_ip_name_nonprod) - name: create_cosmosdb value: false - name: create_cache @@ -376,8 +375,6 @@ stages: value: true - name: create_cdn_endpoint value: false - - name: app_insights_name - value: $(tf_app_insights_name_nonprod) strategy: runOnce: deploy: @@ -421,7 +418,6 @@ stages: TF_VAR_attributes: "${{ variables.attributes }}", TF_VAR_tags: "${{ variables.tags }}", TF_VAR_resource_group_location: "${{ variables.resource_group_location }}", - TF_VAR_app_gateway_frontend_ip_name: "${{ variables.app_gateway_frontend_ip_name }}", TF_VAR_dns_record: "${{ variables.dns_name }}", TF_VAR_dns_zone_name: "${{ variables.base_domain_nonprod }}", TF_VAR_dns_zone_resource_group: "${{ variables.dns_zone_resource_group }}", @@ -431,7 +427,10 @@ stages: TF_VAR_create_cache: "${{ variables.create_cache }}", TF_VAR_create_dns_record: "${{ variables.create_dns_record }}", TF_VAR_create_cdn_endpoint: "${{ variables.create_cdn_endpoint }}", - TF_VAR_app_insights_name: "${{ variables.app_insights_name }}", + TF_VAR_app_gateway_frontend_ip_name: "$(app_gateway_public_ip_name)", + TF_VAR_app_gateway_resource_group_name: "$(app_gateway_resource_group_name)", + TF_VAR_app_insights_name: "$(app_insights_name)", + TF_VAR_app_insights_resource_group_name: "$(app_insights_resource_group_name)", } terraform_output_commands: | raw_tf=$(terraform output -json | jq -r 'keys[] as $k | "##vso[task.setvariable variable=\($k);isOutput=true]\(.[$k] | .value)"') @@ -460,9 +459,9 @@ stages: - name: functional_test_base_url value: "https://${{ variables.dns_pointer }}${{ variables.k8s_app_path }}" - name: aks_cluster_resourcegroup - value: "${{ variables.infra_resource_group }}" + value: $(aks_resource_group_name) - name: aks_cluster_name - value: $(kubernetes_clustername_nonprod) + value: $(aks_cluster_name) - name: app_name value: "java-api" strategy: @@ -553,11 +552,12 @@ stages: - group: stacks-acr-creds - group: stacks-infra-credentials-prod - group: stacks-credentials-prod-kv + - group: stacks-prod-outputs - group: stacks-java-api - name: dns_name value: "$(Environment.ShortName)-java-api" - name: infra_resource_group - value: $(tf_core_resource_group_prod) + value: $(resource_group_name) - name: Environment.ShortName value: prod - name: BUILD_ATTEMPT_NUMBER @@ -569,10 +569,6 @@ stages: vmImage: $(pool_vm_image) environment: ${{ variables.domain }}-prod variables: - - name: app_insights_name - value: $(tf_app_insights_name_prod) - - name: app_gateway_frontend_ip_name - value: $(tf_app_gateway_frontend_ip_name_prod) - name: attributes value: "[]" - name: tags @@ -630,7 +626,6 @@ stages: TF_VAR_attributes: "${{ variables.attributes }}", TF_VAR_tags: "${{ variables.tags }}", TF_VAR_resource_group_location: "${{ variables.resource_group_location }}", - TF_VAR_app_gateway_frontend_ip_name: "${{ variables.app_gateway_frontend_ip_name }}", TF_VAR_dns_record: "${{ variables.dns_name }}", TF_VAR_dns_zone_name: "${{ variables.base_domain_prod }}", TF_VAR_dns_zone_resource_group: "${{ variables.dns_zone_resource_group }}", @@ -640,7 +635,10 @@ stages: TF_VAR_create_cache: "${{ variables.create_cache }}", TF_VAR_create_dns_record: "${{ variables.create_dns_record }}", TF_VAR_create_cdn_endpoint: "${{ variables.create_cdn_endpoint }}", - TF_VAR_app_insights_name: "${{ variables.app_insights_name }}", + TF_VAR_app_gateway_frontend_ip_name: "$(app_gateway_public_ip_name)", + TF_VAR_app_gateway_resource_group_name: "$(app_gateway_resource_group_name)", + TF_VAR_app_insights_name: "$(app_insights_name)", + TF_VAR_app_insights_resource_group_name: "$(app_insights_resource_group_name)", } terraform_output_commands: | raw_tf=$(terraform output -json | jq -r 'keys[] as $k | "##vso[task.setvariable variable=\($k);isOutput=true]\(.[$k] | .value)"') @@ -710,9 +708,9 @@ stages: - name: functional_test_base_url value: "https://${{ variables.dns_pointer }}/${{ variables.k8s_app_path }}" - name: aks_cluster_resourcegroup - value: "${{ variables.infra_resource_group }}" + value: $(aks_resource_group_name) - name: aks_cluster_name - value: $(kubernetes_clustername_prod) + value: $(aks_cluster_name) - name: app_name value: "java-api" strategy: diff --git a/build/azDevOps/azure/azuredevops-vars.yml b/build/azDevOps/azure/azuredevops-vars.yml index 837ea963..f24136e1 100644 --- a/build/azDevOps/azure/azuredevops-vars.yml +++ b/build/azDevOps/azure/azuredevops-vars.yml @@ -32,31 +32,9 @@ variables: - name: tf_state_key value: stacks-api-java - # TF Variables - # --nonprod - - name: tf_app_insights_name_nonprod - value: ed-stacks-nonprod-euw-core - - name: tf_app_gateway_frontend_ip_name_nonprod - value: ed-stacks-nonprod-euw-core - - name: tf_core_resource_group_nonprod - value: ed-stacks-nonprod-euw-core - - # --prod - - name: tf_app_insights_name_prod - value: ed-stacks-prod-euw-core - - name: tf_app_gateway_frontend_ip_name_prod - value: ed-stacks-prod-euw-core - - name: tf_core_resource_group_prod - value: ed-stacks-prod-euw-core - - # Kubernetes configuration - # --nonprod - - name: kubernetes_clustername_nonprod - value: ed-stacks-nonprod-euw-core - - # --prod - - name: kubernetes_clustername_prod - value: ed-stacks-prod-euw-core + # AKS-integrated deployment values now come from Azure DevOps Library variable groups + # created by stacks-infrastructure-aks, for example stacks-dev-outputs/stacks-prod-outputs. + # Keep repo-local defaults here only for values that are static across environments. # Container registry configuration - name: docker_container_registry_name_nonprod diff --git a/deploy/azure/app/kube/app_insights.tf b/deploy/azure/app/kube/app_insights.tf index b2cab387..4f1b01db 100644 --- a/deploy/azure/app/kube/app_insights.tf +++ b/deploy/azure/app/kube/app_insights.tf @@ -1,6 +1,6 @@ # Example of further extensions to Stacks Core templates # Potential user defined extensions data "azurerm_application_insights" "example" { - name = var.infra_resource_group - resource_group_name = var.app_insights_name + name = var.app_insights_name + resource_group_name = var.app_insights_resource_group_name != "" ? var.app_insights_resource_group_name : var.infra_resource_group } diff --git a/deploy/azure/app/kube/main.tf b/deploy/azure/app/kube/main.tf index 5850e6dd..def1c85e 100644 --- a/deploy/azure/app/kube/main.tf +++ b/deploy/azure/app/kube/main.tf @@ -35,6 +35,6 @@ module "app" { infra_resource_group = var.infra_resource_group dns_zone_resource_group = var.dns_zone_resource_group != "" ? var.dns_zone_resource_group : var.infra_resource_group dns_ip_address_name = var.app_gateway_frontend_ip_name - dns_ip_address_resource_group = var.infra_resource_group + dns_ip_address_resource_group = var.app_gateway_resource_group_name != "" ? var.app_gateway_resource_group_name : var.infra_resource_group subscription_id = data.azurerm_client_config.current.subscription_id } diff --git a/deploy/azure/app/kube/variables.tf b/deploy/azure/app/kube/variables.tf index 1ce5627c..8c9f28aa 100644 --- a/deploy/azure/app/kube/variables.tf +++ b/deploy/azure/app/kube/variables.tf @@ -63,6 +63,12 @@ variable "app_gateway_frontend_ip_name" { type = string } +variable "app_gateway_resource_group_name" { + type = string + description = "Resource group containing the Application Gateway public IP" + default = "" +} + variable "dns_record" { type = string } @@ -137,3 +143,9 @@ variable "app_insights_name" { type = string description = "app insights name for key retriaval in memory" } + +variable "app_insights_resource_group_name" { + type = string + description = "Resource group containing the Application Insights instance" + default = "" +} From 16033229973fc806172867915037c61f01aeddd0 Mon Sep 17 00:00:00 2001 From: Richard Slater Date: Thu, 26 Mar 2026 11:13:32 +0000 Subject: [PATCH 16/16] fix: address PR #1551 review feedback --- .github/prompts/address-pr-comments.prompt.md | 15 +++++++-------- api-tests/pom.xml | 2 +- .../azure/azure-pipelines-javaspring-k8s.yml | 4 ++-- docs/spring-boot-3.5-migration.md | 18 ++++++++---------- .../mappers/SearchMenuResultItemMapper.java | 4 ++-- java/src/main/resources/application.yml | 3 +++ 6 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.github/prompts/address-pr-comments.prompt.md b/.github/prompts/address-pr-comments.prompt.md index 200daed6..a218dcfc 100644 --- a/.github/prompts/address-pr-comments.prompt.md +++ b/.github/prompts/address-pr-comments.prompt.md @@ -108,7 +108,7 @@ For each unresolved comment, categorize as: | Category | Action Required | | ----------------- | ---------------------------------------- | | **Code Change** | Modify source file at specified location | -| **Documentation** | Update docs, comments, or Rustdoc | +| **Documentation** | Update docs, comments, or Javadoc | | **Test Addition** | Add or modify test cases | | **Clarification** | Reply with explanation (no code change) | | **Out of Scope** | Mark for follow-up issue creation | @@ -123,7 +123,7 @@ Create a structured todo list: "comments": [ { "id": "thread_id", - "path": "src/lib.rs", + "path": "java/pom.xml", "line": 42, "category": "Code Change", "summary": "Add error handling for edge case", @@ -148,9 +148,9 @@ For each comment requiring code changes: - If the fix requires new tests, add them first (Red-Green-Refactor) 3. **Validate the change**: - - Run `cargo fmt` to ensure formatting - - Run `cargo clippy` to check for warnings - - Run relevant tests: `cargo test --workspace` + - Run `./mvnw fmt:format` in each modified Maven module (for example `java/` and `api-tests/`) to keep formatting checks green + - Run relevant module tests such as `./mvnw test` or `./mvnw verify` in `java/` and `api-tests/` + - If the change touches the Azure coverage tooling, run `npm ci` and the relevant validation command in `build/azDevOps/azure/coverage/` 4. **Prepare reply text** for each addressed comment: @@ -293,7 +293,7 @@ Output a summary: | Commit | Files | Comments Addressed | | ------- | -------------------- | ------------------ | -| abc1234 | src/lib.rs | #1, #3 | +| abc1234 | java/pom.xml | #1, #3 | | def5678 | tests/integration.rs | #2 | ### Review Submission @@ -334,7 +334,7 @@ Agent: 1. Fetching PR #26 details... 2. Found 3 unresolved review threads 3. Categorizing comments: - - Comment 1: Code change needed in src/routing.rs:142 + - Comment 1: Code change needed in java/pom.xml:36 - Comment 2: Documentation update in docs/USAGE.md - Comment 3: Clarification question (will reply) 4. Implementing fixes... @@ -368,4 +368,3 @@ git push origin HEAD # Re-request review after addressing comments gh pr edit --add-reviewer ``` - diff --git a/api-tests/pom.xml b/api-tests/pom.xml index 97bf68f9..9bc835c8 100644 --- a/api-tests/pom.xml +++ b/api-tests/pom.xml @@ -18,7 +18,7 @@ UTF-8 4 - 2.20.1 + 2.21.1 17 (@Functional or @Smoke or @Performance) and not @Ignore diff --git a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml index 7346ea25..e6bc70ad 100644 --- a/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml +++ b/build/azDevOps/azure/azure-pipelines-javaspring-k8s.yml @@ -11,8 +11,8 @@ parameters: - name: runVulnerabilityScan displayName: Run OWASP Dependency Check type: boolean - # Default off because refreshing the NVD database adds significant runtime and often stalls normal branch validation. - default: false + # Default on to preserve the existing security posture; opt out explicitly if a non-default branch flow requires it. + default: true pr: - master diff --git a/docs/spring-boot-3.5-migration.md b/docs/spring-boot-3.5-migration.md index dd3feff8..62e98658 100644 --- a/docs/spring-boot-3.5-migration.md +++ b/docs/spring-boot-3.5-migration.md @@ -17,17 +17,15 @@ Change Spring Boot version to one of the following versions [3.0.x, 3.1.x]. ``` **Required Fix in Parent POM:** -Update `spring.cloud.dependencies.version` to a version compatible with Spring Boot 3.5.x: +Update `spring.cloud.dependencies.version` to a release train that Spring Boot 3.5.x accepts without disabling the verifier: -| Spring Boot Version | Compatible Spring Cloud Version | -| ------------------- | ------------------------------- | -| 3.0.x, 3.1.x | 2022.0.x (Kilburn) | -| 3.2.x | 2023.0.x (Leyton) | -| 3.3.x, 3.4.x | 2024.0.x | -| 3.5.x | 2024.0.x in this repository | +- Spring Boot 3.0.x / 3.1.x: Spring Cloud 2022.0.x (Kilburn) +- Spring Boot 3.2.x: Spring Cloud 2023.0.x (Leyton) +- Spring Boot 3.3.x / 3.4.x: Spring Cloud 2024.0.x +- Spring Boot 3.5.x: this repository is temporarily pinned to Spring Cloud 2024.0.3 and disables the compatibility verifier until upstream support catches up **Workaround (current):** -Projects can disable the compatibility verifier in `application-test.yml`: +This repository currently disables the compatibility verifier in `application.yml` so the application can start while the parent POM and Spring Cloud release train catch up: ```yaml spring: @@ -36,7 +34,7 @@ spring: enabled: false ``` -**Action Required:** Keep this repository on Spring Cloud 2024.0.x while it remains on the current parent POM and Spring Boot 3.5.x line. This repository now uses Spring Cloud 2024.0.3 because Spring Cloud 2025.1.1 pulled in `spring-cloud-config-client 5.0.1`, which is not compatible with the Spring Framework 6.2.x line provided by the current parent. +**Action Required:** Move this repository to a Spring Cloud train that passes the compatibility verifier with Spring Boot 3.5.x, then remove the global `spring.cloud.compatibility-verifier.enabled=false` workaround. The repo is currently pinned to `2024.0.3`, which still requires the verifier workaround at runtime. --- @@ -160,7 +158,7 @@ Enable resource filtering in `pom.xml`: Until the parent POM is updated, the following workarounds have been applied: -- Spring Cloud incompatibility: pin the BOM to `2024.0.3` and avoid Spring bootstrapping in mapper unit tests. Files: `java/pom.xml`, `java/src/test/java/com/amido/stacks/workloads/menu/mappers/DomainToDtoMapperMapstructTest.java` +- Spring Cloud incompatibility: pin the BOM to `2024.0.3` and disable the compatibility verifier globally until an officially compatible train is available. Files: `java/pom.xml`, `java/src/main/resources/application.yml` - Security filter chain conflict: added `@Profile("!test")`. File: `ApplicationConfig.java` - Bean resolution conflict: added `@Primary`. File: `MenuService.java` - Resource filtering: recommended to add filtering config in the parent POM; not yet applied in `java/pom.xml`. diff --git a/java/src/main/java/com/amido/stacks/workloads/menu/mappers/SearchMenuResultItemMapper.java b/java/src/main/java/com/amido/stacks/workloads/menu/mappers/SearchMenuResultItemMapper.java index 81c55378..9ffb67ad 100644 --- a/java/src/main/java/com/amido/stacks/workloads/menu/mappers/SearchMenuResultItemMapper.java +++ b/java/src/main/java/com/amido/stacks/workloads/menu/mappers/SearchMenuResultItemMapper.java @@ -17,9 +17,9 @@ public interface SearchMenuResultItemMapper extends BaseMapper