Merge pull request #38 from pagopa/1.0.0-RC1

1.0.0-RC1

Author: alessio-cialini

.gitattributes

@@ -0,0 +1,9 @@
+#
+# https://help.github.com/articles/dealing-with-line-endings/
+#
+# Linux start script should use lf
+/gradlew        text eol=lf
+
+# These are Windows script files and should use crlf
+*.bat           text eol=crlf
+

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,37 @@
+<!--- Please always add a PR description as if nobody knows anything about the context these changes come from. -->
+<!--- Even if we are all from our internal team, we may not be on the same page. -->
+<!--- Write this PR as you were contributing to a public OSS project, where nobody knows you and you have to earn their trust. -->
+<!--- This will improve our projects in the long run! Thanks. -->
+
+#### List of Changes
+
+<!--- Describe your changes in detail -->
+
+#### Motivation and Context
+
+<!--- Why is this change required? What problem does it solve? -->
+
+#### How Has This Been Tested?
+
+<!--- Please describe in detail how you tested your changes. -->
+<!--- Include details of your testing environment, tests ran to see how -->
+<!--- your change affects other areas of the code, etc. -->
+
+#### Screenshots (if appropriate):
+
+#### Types of changes
+
+<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Breaking change (fix or feature that would cause existing functionality to not work as
+  expected)
+
+#### Checklist:
+
+<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
+<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
+
+- [ ] My change requires a change to the documentation.
+- [ ] I have updated the documentation accordingly.

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "gradle"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/pr_scan.yml

@@ -0,0 +1,101 @@
+name: Check Build and Anchore on PR
+
+on:
+  pull_request:
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+env:
+  DOCKERFILE: Dockerfile.test-only
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }}
+  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  PROJECT_KEY: 'pagopa_eng-lollipop-consumer-java-sdk'
+
+jobs:
+  pr_scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout project sources
+        uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
+        with:
+          fetch-depth: 0
+      - name: Setup Gradle
+        uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v1
+        with:
+          path: ~/.sonar-project.properties/cache
+          key: ${{ runner.os }}-sonar-project.properties
+          restore-keys: ${{ runner.os }}-sonar-project.properties
+      - name: Make gradlew executable
+        run: chmod +x ./gradlew
+      - name: Run build with Gradle Wrapper
+        run: ./gradlew build testCodeCoverageReport
+      - name: Add coverage to PR
+        id: jacoco
+        uses: madrapps/jacoco-report@7a334255fbce42f385d7567c25d986a9c62e2971
+        with:
+          paths: ${{ github.workspace }}/test-coverage/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml
+          token: ${{ secrets.GITHUB_TOKEN }}
+          min-coverage-overall: 40
+          min-coverage-changed-files: 60
+      - name: Build the Docker image
+        run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest
+      - name: Run the Anchore Grype scan action
+        uses: anchore/scan-action@d5aa5b6cb9414b0c7771438046ff5bcfa2854ed7
+        id: scan
+        with:
+          image: "localbuild/testimage:latest"
+          fail-build: true
+          severity-cutoff: "high"
+      - name: Upload Anchore Scan Report
+        uses: github/codeql-action/upload-sarif@9885f86fab4879632b7e44514f19148225dfbdcd
+        if: always()
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
+      - name: Run Sonar Scanner on Pull Request
+        if: ${{ github.event_name == 'pull_request' }}
+        run: ./gradlew sonar --info
+          -Dsonar.organization=pagopa
+          -Dsonar.projectKey=${{ env.PROJECT_KEY }}
+          -Dsonar.coverage.jacoco.xmlReportPaths=**/test-coverage/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml
+          -Dsonar.coverage.exclusions="**/config/*","**/*Mock*","**/model/**","**/entity/*","**/*Stub*","**/*Config*,**/*Exception*"
+          -Dsonar.cpd.exclusions="**/model/**,**/entity/**,**/simple/internal/**"
+          -Dsonar.host.url=https://sonarcloud.io
+          -Dsonar.java.libraries="**/*.jar"
+          -Dsonar.login=${{ env.SONAR_TOKEN }}
+          -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}
+          -Dsonar.pullrequest.branch=${{ github.head_ref }}
+          -Dsonar.pullrequest.base=${{ github.base_ref }}
+      - name: Run Sonar Scanner
+        if: ${{ github.event_name != 'pull_request' }}
+        run: ./gradlew sonar --info
+          -Dsonar.organization=pagopa
+          -Dsonar.projectKey=${{ env.PROJECT_KEY }}
+          -Dsonar.coverage.jacoco.xmlReportPaths=**/test-coverage/build/reports/jacoco/testCodeCoverageReport/testCodeCoverageReport.xml
+          -Dsonar.coverage.exclusions="**/config/*","**/*Mock*","**/model/**","**/entity/*","**/*Stub*","**/*Config*,**/*Exception*"
+          -Dsonar.cpd.exclusions="**/model/**,**/entity/**,**/simple/internal/**"
+          -Dsonar.host.url=https://sonarcloud.io
+          -Dsonar.java.libraries="**/*.jar"
+          -Dsonar.login=${{ env.SONAR_TOKEN }}
+          -Dsonar.branch.name=${{ github.head_ref }}
+      - name: Publish to Maven Local
+        run: ./gradlew publishToMavenLocal
+      - name: Build Spring Sample
+        working-directory: ./samples/spring
+        run: chmod +x ./gradlew && ./gradlew bootJar
+      - name: Run Docker compose with .env.dev
+        run: docker compose --env-file e2e/.env.dev up -d --build --wait
+      - name: Sleep for 30 seconds
+        run: sleep 30s
+        shell: bash
+      - name: Install node modules and execute e2e tests
+        working-directory: ./e2e
+        run: npm install && npm run execute-test
+      - name: Shutdown docker compose
+        run: docker compose down

.github/workflows/release.yaml

@@ -0,0 +1,75 @@
+name: Publish package to GitHub Packages
+on:
+  release:
+    types: [created]
+env:
+  DOCKERFILE: Dockerfile.test-only
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }}
+  SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
+        id: cache
+        with:
+          key: OpenJDK11U-jdk_x64_linux_hotspot_11.0.18_10.tar.gz
+          path: |
+            - ${{ runner.temp }}/jdkfile.tar.gz
+            - ${{ runner.temp }}/jdkfile.sha256
+      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3
+      # jdkfile version hash was locally computed and checked against https://github.com/paketo-buildpacks/adoptium/releases
+      - if: steps.cache.outputs.cache-hit != 'true'
+        run: |
+          echo "4a29efda1d702b8ff38e554cf932051f40ec70006caed5c4857a8cbc7a0b7db7  ${{ runner.temp }}/jdkfile.tar.gz" >> ${{ runner.temp }}/jdkfile.sha256
+          echo {{ runner.temp }}/jdkfile.sha256
+          curl -L "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.18%2B10/OpenJDK11U-jdk_x64_linux_hotspot_11.0.18_10.tar.gz" -o "${{ runner.temp }}/jdkfile.tar.gz"
+          sha256sum --check --status "${{ runner.temp }}/jdkfile.sha256"
+      - uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
+        with:
+          distribution: "jdkfile"
+          jdkFile: "${{ runner.temp }}/jdkfile.tar.gz"
+          java-version: "11"
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@e6e38bacfdf1a337459f332974bb2327a31aaf4b
+      - name: Make gradlew executable
+        run: chmod +x ./gradlew
+      - name: Publish package
+        uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
+        with:
+          arguments: publish
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Make spring sample gradlew executable
+        run: chmod +x ./gradlew
+        working-directory: ./samples/spring
+      - name: Run build with Gradle Wrapper on Spring Sample
+        run: ./gradlew bootJar
+        working-directory: ./samples/spring
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+      - name: Build and push Docker image
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          secrets: |
+            "GITHUB_ACTOR=${{ secrets.GITHUB_ACTOR }}"
+            "GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}"

.gitignore

@@ -0,0 +1,12 @@
+# Ignore Gradle project-specific cache directory
+.gradle
+
+# Ignore IntelliJ
+.idea
+
+# Ignore Gradle build output directory
+build
+
+# Ignore newman node modules and test reports
+e2e/newman
+e2e/node_modules

.pre-commit-config.yaml

@@ -0,0 +1,24 @@
+# 1. `pip install pre-commit`
+# 2. `pre-commit install`
+repos:
+  - repo: https://github.com/jguttman94/pre-commit-gradle
+    rev: v0.2.1
+    hooks:
+      - id: gradle-task
+        name: update-verification-metadata-sha256
+        args: [ '-w', '--write-verification-metadata sha256 help']
+      - id: gradle-spotless
+        args: [ '-w']
+      - id: gradle-check
+        args: [ '-w' ]
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.2.0
+    hooks:
+      - id: trailing-whitespace
+      - id: check-yaml
+      - id: check-added-large-files
+      - id: check-merge-conflict
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.16.1
+    hooks:
+      - id: gitleaks

CODEOWNERS

@@ -0,0 +1,3 @@
+# see https://help.github.com/en/articles/about-code-owners#example-of-a-codeowners-file
+
+* @pagopa/pagopa-tech

Dockerfile

@@ -0,0 +1,18 @@
+FROM eclipse-temurin:11-jdk-alpine as build
+
+WORKDIR /build
+COPY ./samples/spring .
+
+FROM eclipse-temurin:11-jdk-alpine as runtime
+
+WORKDIR /app
+COPY --from=build /build/build/libs/*.jar /app/app.jar
+COPY --from=build /build/build/resources/main/application.properties /app/application.properties
+
+RUN apk --update --no-cache add curl
+
+RUN addgroup -S appuser && adduser -S appuser -G appuser
+USER appuser
+
+EXPOSE 8080
+ENTRYPOINT [ "java","-jar","/app/app.jar", "/app/application.properties" ]

Dockerfile.test-only

@@ -0,0 +1,10 @@
+FROM amazoncorretto:11
+
+RUN yum update -y --security
+RUN mkdir /app
+
+COPY core/build/libs/*.jar /app/
+COPY http-verifier/build/libs/*.jar /app/
+COPY redis-storage/build/libs/*.jar /app/
+COPY identity-service-rest-client-native/build/libs/*.jar /app/
+COPY assertion-rest-client-native/build/libs/*.jar /app/