CIV-13426 import ccd definition issue fix (#111)

* changes required

* changing to yq

* Update .nvmrc

* Update suppressions.xml

* Update import-ccd-definition.sh

* changes

.nvmrc

@@ -1 +1 @@
-18.16.0
+18.17.1

Jenkinsfile_CNP

@@ -62,21 +62,23 @@ withPipeline(type, product, component) {
     loadVaultSecrets(secrets)
   }
     before('smoketest:preview') {
-      sh """
-      eval \$(./bin/variables/load-preview-environment-variables.sh ${CHANGE_ID})
-      ./bin/add-roles.sh
-      ./bin/pull-latest-camunda-files.sh ${camundaBranch}
-      ./bin/import-ccd-definition.sh "-e *-prod.json,*HNL-nonprod.json,*-shuttered.json" ${ccddefbranch}
+      retry (3) {
+        sh """
+           eval \$(./bin/variables/load-preview-environment-variables.sh ${CHANGE_ID})
+          ./bin/add-roles.sh
+          ./bin/pull-latest-camunda-files.sh ${camundaBranch}
+          ./bin/import-ccd-definition.sh "-e *-prod.json,*HNL-nonprod.json,*-shuttered.json" ${ccddefbranch}
     """
-      env.IDAM_API_URL = "https://idam-api.aat.platform.hmcts.net"
-      env.CIVIL_ORCHESTRATOR_SERVICE_URL="https://civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
-      env.CCD_DATA_STORE_URL = "https://ccd-data-store-api-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
-      env.DM_STORE_URL = "http://dm-store-aat.service.core-compute-aat.internal"
-      env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
-      env.URL = "https://xui-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
-      env.CIVIL_SERVICE_URL = "https://civil-service-civil-orchestrator-pr-${CHANGE_ID}.preview.platform.hmcts.net"
-      yarnBuilder.yarn('yarn-update')
-      yarnBuilder.yarn('install-dependencies')
+      }
+        env.IDAM_API_URL = "https://idam-api.aat.platform.hmcts.net"
+        env.CIVIL_ORCHESTRATOR_SERVICE_URL="https://civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+        env.CCD_DATA_STORE_URL = "https://ccd-data-store-api-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+        env.DM_STORE_URL = "http://dm-store-aat.service.core-compute-aat.internal"
+        env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
+        env.URL = "https://xui-civil-orchestrator-service-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+        env.CIVIL_SERVICE_URL = "https://civil-service-civil-orchestrator-pr-${CHANGE_ID}.preview.platform.hmcts.net"
+        yarnBuilder.yarn('yarn-update')
+        yarnBuilder.yarn('install-dependencies')
     }
 
     afterAlways('smoketest:preview') {

bin/import-ccd-definition.sh

@@ -8,16 +8,15 @@ params="$@"
 
 params="$1"
 branchName="$2"
+rm -rf ./civil-ccd-definition
 
-#Checkout specific branch pf  civil camunda bpmn definition
 git clone https://github.com/hmcts/civil-ccd-definition.git
 cd civil-ccd-definition
 
 echo "Switch to ${branchName} branch on civil-ccd-definition"
 git checkout ${branchName}
 cd ..
 
-#Copy ccd definition files  to civil-ccd-def which contians bpmn files
 cp -r ./civil-ccd-definition/ccd-definition .
 cp -r ./civil-ccd-definition/e2e .
 cp -r ./civil-ccd-definition/package.json .

bin/pull-latest-release-asset.sh

@@ -9,7 +9,7 @@ token=$(az keyvault secret show --vault-name infra-vault-nonprod --name hmcts-gi
 
 latestAssetId=$(curl -H "Authorization: token ${token}" \
   https://api.github.com/repos/hmcts/${repoName}/releases/latest \
-  | docker run --rm --interactive stedolan/jq ".assets[] | select(.name==\"${assetName}\") | .id")
+  | docker run --rm --interactive mikefarah/yq ".assets[] | select(.name==\"${assetName}\") | .id")
 
 curl -L \
   -H "Accept: application/octet-stream" \

bin/utils/ccd-import-definition.sh

@@ -12,15 +12,46 @@ uploadFilename="$(date +"%Y%m%d-%H%M%S")-${filename}"
 userToken=$(${dir}/idam-lease-user-token.sh ${CCD_CONFIGURER_IMPORTER_USERNAME:-ccd.docker.default@hmcts.net} ${CCD_CONFIGURER_IMPORTER_PASSWORD:-Password12!})
 serviceToken=$(${dir}/idam-lease-service-token.sh ccd_gw $(docker run --rm toolbelt/oathtool --totp -b ${CCD_API_GATEWAY_S2S_SECRET:-AAAAAAAAAAAAAAAC}))
 
-uploadResponse=$(curl --insecure --silent -w "\n%{http_code}" --show-error -X POST \
+version="n/a"
+newVersion="n/a"
+
+if [[ "${ENVIRONMENT}" == "preview" ]]; then
+  version=$(curl --insecure --silent --show-error -X GET \
+    ${CCD_DEFINITION_STORE_API_BASE_URL:-http://localhost:4451}/api/data/case-type/CIVIL/version \
+    -H "Authorization: Bearer ${userToken}" \
+    -H "ServiceAuthorization: Bearer ${serviceToken}" || echo 'bypass-if-error')
+
+  echo "Current version is ${version}"
+fi
+
+uploadResponse=$(curl --insecure --silent -w "\n%{http_code}"  --show-error --max-time 60  -X POST \
   ${CCD_DEFINITION_STORE_API_BASE_URL:-http://localhost:4451}/import \
   -H "Authorization: Bearer ${userToken}" \
   -H "ServiceAuthorization: Bearer ${serviceToken}" \
-  -F "file=@${filepath};filename=${uploadFilename}")
+  -F "file=@${filepath};filename=${uploadFilename}" || echo 'bypass-if-error')
 
 upload_http_code=$(echo "$uploadResponse" | tail -n1)
 upload_response_content=$(echo "$uploadResponse" | sed '$d')
 
+if [ "${ENVIRONMENT}" == "preview" ] && [ "${upload_http_code}" != "201" ]; then
+  echo "Bypassing audit check as on preview - will wait 45s and then verify the version has changed"
+  sleep 45
+
+  newVersion=$(curl --insecure --silent --show-error -X GET \
+    ${CCD_DEFINITION_STORE_API_BASE_URL:-http://localhost:4451}/api/data/case-type/CIVIL/version \
+    -H "Authorization: Bearer ${userToken}" \
+    -H "ServiceAuthorization: Bearer ${serviceToken}" || echo 'bypass-if-error')
+
+    echo "Current version is ${newVersion}"
+    if [[ "$newVersion" == "$version" ]]; then
+      echo "Version has not changed - the definition was not imported successfully"
+      exit 1
+    fi
+
+  echo "CCD definition version has changed, definition successfully uploaded"
+  exit 0
+fi
+
 if [[ "${upload_http_code}" == '504' ]]; then
   for try in {1..10}
   do

bin/utils/idam-lease-user-token.sh

@@ -11,9 +11,9 @@ IDAM_URL=${IDAM_STUB_LOCALHOST:-$IDAM_API_URL}
 clientSecret=${CCD_API_GATEWAY_IDAM_CLIENT_SECRET:-ccd_gateway_secret}
 redirectUri=${CCD_IDAM_REDIRECT_URL:-http://localhost:3451/oauth2redirect}
 if [ -z "$IDAM_STUB_LOCALHOST" ]; then
-  code=$(curl --insecure --fail --show-error --silent -X POST --user "${username}:${password}" "${IDAM_URL}/oauth2/authorize?redirect_uri=${redirectUri}&response_type=code&client_id=ccd_gateway" -d "" | docker run --rm --interactive stedolan/jq -r .code)
+  code=$(curl --insecure --fail --show-error --silent -X POST --user "${username}:${password}" "${IDAM_URL}/oauth2/authorize?redirect_uri=${redirectUri}&response_type=code&client_id=ccd_gateway" -d "" | docker run --rm --interactive mikefarah/yq -r .code)
 else
   code=stubbed-value
 fi
 
-curl --insecure --fail --show-error --silent -X POST -H "Content-Type: application/x-www-form-urlencoded" --user "ccd_gateway:${clientSecret}" "${IDAM_URL}/oauth2/token?code=${code}&redirect_uri=${redirectUri}&grant_type=authorization_code" -d "" | docker run --rm --interactive stedolan/jq -r .access_token
+curl --insecure --fail --show-error --silent -X POST -H "Content-Type: application/x-www-form-urlencoded" --user "ccd_gateway:${clientSecret}" "${IDAM_URL}/oauth2/token?code=${code}&redirect_uri=${redirectUri}&grant_type=authorization_code" -d "" | docker run --rm --interactive mikefarah/yq -r .access_token

charts/civil-orchestrator-service/values.aat.template.yaml

@@ -230,6 +230,8 @@ ccd:
         DEFINITION_STORE_DB_HOST: ${SERVICE_NAME}-postgresql
         DEFINITION_STORE_IDAM_KEY: ${CCD_DEFINITION_STORE_S2S_SECRET}
         IDAM_USER_URL: https://idam-web-public.aat.platform.hmcts.net
+        DEFINITION_STORE_TX_TIMEOUT_DEFAULT: 60
+        WELSH_TRANSLATION_ENABLED: false
       keyVaults: []
 
   postgresql:

charts/civil-orchestrator-service/values.preview.template.yaml

@@ -205,6 +205,8 @@ ccd:
         DEFINITION_STORE_DB_HOST: ${SERVICE_NAME}-postgresql
         DEFINITION_STORE_IDAM_KEY: ${CCD_DEFINITION_STORE_S2S_SECRET}
         IDAM_USER_URL: https://idam-web-public.aat.platform.hmcts.net
+        DEFINITION_STORE_TX_TIMEOUT_DEFAULT: 60
+        WELSH_TRANSLATION_ENABLED: false
       keyVaults: []
       ingressHost: ccd-definition-store-${SERVICE_FQDN}
 

config/owasp/suppressions.xml

@@ -20,6 +20,10 @@
     <cve>CVE-2023-41080</cve>
     <cve>CVE-2023-5072</cve>
     <cve>CVE-2024-22243</cve>
+    <cve>CVE-2024-29857</cve>
+    <cve>CVE-2024-30172</cve>
+    <cve>CVE-2024-30171</cve>
+    <cve>CVE-2024-22262</cve>
   </suppress>
   <!--End of temporary suppression section -->
 </suppressions>