Laa Crime Means Assessment

This microservice implements the create/update assessment and get old assessment business rules migrated from the legacy PL/SQL Assessments package. This is a Java based Spring Boot application hosted on MOJ Cloud Platform.

Contents

• Getting started
  • Developer setup
  • Decrypting docker-compose.override.yml
• Running locally
• Database
• CI/CD
• Documentation
  • CMA
  • High level design
  • Open API
• Application Monitoring and Logs
  • Error Reporting
• Mutation PI testing
• JSON Schema to POJO
• Further reading

Getting started

Developer setup

1. Go through with this Java Developer On-boarding Check List and complete all tasks.
2. Request a team member to be added to the repository.
3. Create a GPG (more detail further down on the page) key and create a PR. Someone from the team will approve the PR.
4. This is a document to outline the general guideline Developer Guidelines.
5. This project have its own dedicated Jira Scrum board, and you can access from here and project backlog

Obtaining environment variables for running locally

To run the app locally, you will need to download the appropriate environment variables from the team vault in 1Password. These environment variables are stored as a .env file, which docker-compose uses when starting up the service. If you don't see the team vault, speak to your tech lead to get access.

To begin with, make sure that you have the 1Password CLI installed:

op version

If the command is not found, follow the steps on the 1Password developer docs to get the CLI set-up.

Once you're ready to run the application:

./startup-local.sh

Decrypting values files

The values YAML files are encrypted using git-crypt.

To be able to view and/or edit these files, you will need to decrypt them first.

You will first need to create a GPG key. See Create a GPG Key for details on how to do this with GPGTools (GUI) or gpg (command line). You can install either from a terminal or just download the UI version.

brew update
brew install gpg
brew install git-crypt

Once you have done this, a team member who already has access can add your key by running git-crypt add-gpg-user USER_ID* and creating a pull request to this repo.

Once this has been merged you can decrypt your local copy of the repository by running git-crypt unlock.

*USER_ID can be your key ID, a full fingerprint, an email address, or anything else that uniquely identifies a public key to GPG (see "HOW TO SPECIFY A USER ID" in the gpg man page).

Running locally

Clone Repository

git clone git@github.com:ministryofjustice/laa-crime-means-assessment.git

cd crime-means-assessment

The project is build using Gradle. This also includes plugins for generating IntelliJ configuration.

Make sure tests all testes are passed by running following ‘gradle’ Command

./gradlew clean test

You will need to build the artifacts for the source code, using gradle.

./gradlew clean build

The apps should then startup cleanly if you run

./startup-local.sh

laa-crime-means-assessment application will be running on http://localhost:8080

Database

This application is run with PostgresSQL using docker compose. PostgresSQL is used solely for static data. For database changes, we are using liquibase and all the sql scripts stored in the directory (resources/db/changelog/).

All CRUD operations in the MAATDB are run via the MAAT-API

CI/CD

We have configured a CircleCI code pipelines. You can log in from here to access the pipeline.

To make any changes,create a branch and submit the PR. Once the PR is submitted the branch deployment is kicked off under the new branch name. On successful build, the image is pushed to AWS ECR and requires approval to deploy to dev.

Once the PR is merged with main, the build is automatically deployed to DEV. Deployment to higher environments requires approval.

Debugging Application

Please refer to the debugging manual here

Documentation

CMA

High level design

Open API

We have implemented the Open API standard (with Swagger 3). The web link provides a details Rest API with a schema definition. The link can only from local or from dev environment. The swagger link can be found from here

Application Monitoring and Logs

Prometheus

Thanos

AlertManager

Grafana

Kibana

Error Reporting

MOJ Sentry

sentry-spring-boot-starter

Mutation PI testing

Mutation testing providing test coverage for Java applications. Faults (or mutations) are automatically seeded into the code, then your tests are run. If your tests fail then the mutation is killed, if your tests pass then the mutation lived. Here are some of the key benefits for this type of testing.

• High coverage of testing
• New kinds of test scenarios
• Validate unit test scripts

Once we build the project then run the following command. This will generate a test report under build/reports/pitest/ We want to make sure that the Mutation Coverage for new classes are covered properly

./gradlew pitest

JSON Schema to POJO

Gradle plugin that converts json schema files into POJOs (Plain Old Java Objects). See Extended jsonschema2pojo Gradle plugin.

The generated POJO files can be found in crime-means-assessment/build/generated/sources/js2d, after each build, or by running the following command:

./gradlew clean generateJsonSchema2DataClass

Configuration

In the jsonSchema2Pojo section of crime-means-assessment/build.gradle file, there are a number of settings to that have been set and are documented inside that section.:

• source.setFrom: The location of the json schema files.
• targetPackage: what package the POJOs should belong to
• includeJsr303Annotations: JSR-303/349 annotations (for schema rules like minimum, maximum, etc)
• dateTimeType: What type to use instead of string

Further reading

• Diagrams for LAA and the common platform
• New Starter Guild
• Cloud Platform user guide
• Modernisation Platform Team Information