Skip to content

[backend] feat: adding spring actuator to collect metrics (#4438) #4585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
heditar wants to merge 6 commits into
base: release/current
Choose a base branch
from
Open

[backend] feat: adding spring actuator to collect metrics (#4438) #4585

heditar wants to merge 6 commits into from
+17 −0

Conversation

@heditar
Copy link
Contributor

@heditar heditar commented Dec 16, 2025

Proposed changes

  • Adding spring actuator to OpenAev, disabled by default but will be used in the test instances to collect metrics during performance tests

Testing Instructions

  1. Uncomment the configuration and call localhost:8080/actuator

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • [NA] I wrote test cases for the relevant uses case
  • [NA] I added/update the relevant documentation (either on github or on notion)
  • [NA] Where necessary I refactored code to improve the overall quality
  • [NA] For bug fix -> I implemented a test that covers the bug

@heditar heditar added the filigran team use to identify PR from the Filigran team label Dec 16, 2025
@heditar heditar changed the title [backend] feat: adding spring actuator to collect metrics [backend] feat: adding spring actuator to collect metrics (#4438) Dec 16, 2025
@Dimfacion
Copy link
Member

Dimfacion commented Dec 17, 2025

suggestion : I think we should add commented code in AppSecurityConfig.java that allows calls to /actuator/ so that it's easier for people to understand what they need to activate if they want the metrics working. Wdyt ?

@heditar
Copy link
Contributor Author

heditar commented Dec 29, 2025

suggestion : I think we should add commented code in AppSecurityConfig.java that allows calls to /actuator/ so that it's easier for people to understand what they need to activate if they want the metrics working. Wdyt ?

That is working for me as it is without any modification to AppSecurityConfig

@codecov
Copy link

codecov bot commented Dec 29, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 52.78%. Comparing base (5772942) to head (516e631).

Additional details and impacted files 
@@                  Coverage Diff                  @@
##             release/current    #4585      +/-   ##
=====================================================
+ Coverage              52.74%   52.78%   +0.04%     
- Complexity              4119     4122       +3     
=====================================================
  Files                    963      963              
  Lines                  28942    28944       +2     
  Branches                2152     2152              
=====================================================
+ Hits                   15265    15279      +14     
+ Misses                 12779    12769      -10     
+ Partials                 898      896       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@heditar
Copy link
Contributor Author

heditar commented Dec 29, 2025

suggestion : I think we should add commented code in AppSecurityConfig.java that allows calls to /actuator/ so that it's easier for people to understand what they need to activate if they want the metrics working. Wdyt ?

That is working for me as it is without any modification to AppSecurityConfig

I actually added the code in AppSecurityConfig to only allow metrics api to authenticated users

@SamuelHassine SamuelHassine requested a review from Copilot January 9, 2026 09:01
Copilot AI reviewed Jan 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds Spring Boot Actuator integration to OpenAEV for collecting metrics during performance testing. The actuator endpoints are disabled by default for security but can be enabled via configuration for test instances.

Key Changes:

  • Added Spring Boot Actuator and Micrometer Prometheus dependencies
  • Configured actuator endpoints (disabled by default, with commented example for enabling metrics/prometheus)
  • Secured actuator endpoints with authentication requirement

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
openaev-api/pom.xml Added spring-boot-starter-actuator and micrometer-registry-prometheus dependencies
openaev-api/src/main/resources/application.properties Added actuator configuration properties with endpoints disabled by default
openaev-api/src/main/java/io/openaev/config/AppSecurityConfig.java Added authentication requirement for /actuator/** endpoints

openaev-api/src/main/resources/application.properties
Comment on lines +390 to +391
management.endpoint.health.show-details=always
management.server.port=8080
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The management.server.port is set to 8080, which is likely the same port as the main application server. This will cause a port conflict when the actuator endpoints are enabled. Consider using a different port (e.g., 8081) for the management server or remove this property to use the same port as the main application without creating a separate management server.

Suggested change
management.endpoint.health.show-details=always
management.server.port=8080
management.endpoint.health.show-details=always

Copilot uses AI. Check for mistakes.
openaev-api/src/main/resources/application.properties
#remediation.detection.webservice.retry.waiting.milliseconds=


# Enable actuator -> disabled by default
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The empty value for management.endpoints.web.exposure.include could be unclear to users. Consider adding a comment explaining that an empty value disables all endpoints, or explicitly set it to 'none' for clarity.

Suggested change
# Enable actuator -> disabled by default
# Enable actuator -> disabled by default
# Leaving this value empty disables exposure of all actuator endpoints.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Dimfacion Dimfacion Dimfacion approved these changes

Assignees

No one assigned

Labels

filigran team use to identify PR from the Filigran team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@heditar @Dimfacion