Merge pull request #54 from InseeFr/develop

Develop
InseeFr · Apr 8, 2024 · 51dfcad · 51dfcad
2 parents 37c1cea + 5a2a68e
commit 51dfcad
Show file tree

Hide file tree

Showing 198 changed files with 4,941 additions and 5,500 deletions.
diff --git a/.github/workflows/ci-rc.yml b/.github/workflows/ci-rc.yml
@@ -0,0 +1,89 @@
+name: ci-rc
+on:
+  push:
+    branches: [develop]
+  pull_request:
+    branches: [develop]
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          distribution: temurin
+          java-version: 21
+      - name: Build with Maven
+        run: mvn -B clean package
+      - name: Upload jar
+        uses: actions/upload-artifact@v3
+        with:
+          name: jar
+          path: target/*.jar
+
+  get_version:
+    needs: build
+    if: |
+      github.event_name == 'push'
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{steps.version.outputs.version}}
+    steps:
+      - name: Checkout current branch
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref }}
+      - name: Get current version
+        id: version
+        run: echo "version=$(mvn -f pom.xml help:evaluate -Dexpression=project.version -q -DforceStdout)" >> "$GITHUB_OUTPUT"
+      - run: echo ${{steps.version.outputs.version}}
+
+  release:
+    needs: get_version
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout current branch
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref }}
+      - uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{needs.get_version.outputs.version}}-rc
+          target_commitish: ${{ github.head_ref || github.ref }}
+          name: Release ${{needs.get_version.outputs.version}}-rc
+          draft: false
+          generate_release_notes: true
+          prerelease: false
+
+
+  docker:
+    needs: get_version
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.ref }}
+      - name: Download jar
+        id: download
+        uses: actions/download-artifact@v3
+        with:
+          name: jar
+          path: target
+      - uses: docker/setup-qemu-action@v2
+      - uses: docker/setup-buildx-action@v2
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - uses: docker/build-push-action@v4
+        with:
+          platforms: linux/amd64,linux/arm64
+          context: .
+          push: true
+          tags: |
+            inseefr/platine-management-back-office:${{ needs.get_version.outputs.version }}-rc
+            inseefr/platine-management-back-office:latest
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -10,11 +10,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up JDK 17
+      - name: Set up JDK 21
         uses: actions/setup-java@v3
         with:
           distribution: temurin
-          java-version: 17
+          java-version: 21
       - name: Build with Maven
         run: mvn -B clean package
       - name: Upload jar

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
@@ -0,0 +1,39 @@
+name: Sonar Analysis
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+  pull_request:
+    types: [opened, synchronize, reopened]
+jobs:
+  build:
+    name: Build and analyze
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: 21
+          distribution: 'temurin'
+      - name: Cache SonarCloud packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+      - name: Cache Maven packages
+        uses: actions/cache@v3
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+      - name: Build and analyze
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: mvn clean verify -Pcoverage sonar:sonar -Dsonar.projectKey=InseeFr_Platine-Management-Back-Office --no-transfer-progress
diff --git a/.gitignore b/.gitignore
@@ -3,6 +3,7 @@ target/
 !.mvn/wrapper/maven-wrapper.jar
 !**/src/main/**/target/
 !**/src/test/**/target/
+*.log.*
 
 ### STS ###
 .apt_generated

diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,14 @@
-FROM eclipse-temurin:17.0.7_7-jre
-WORKDIR /application
-RUN rm -rf /application
-ADD target/*.jar /application/app.jar
-ENTRYPOINT ["java", "-jar",  "/application/app.jar"]
+FROM eclipse-temurin:21.0.2_13-jre-alpine
+
+WORKDIR /opt/app/
+COPY ./target/*.jar /opt/app/app.jar
+
+# Setup a non-root user context (security)
+RUN addgroup -g 1000 tomcatgroup
+RUN adduser -D -s / -u 1000 tomcatuser -G tomcatgroup
+RUN mkdir /opt/app/temp-files
+RUN chown -R 1000:1000 /opt/app
+
+USER 1000
+
+ENTRYPOINT ["java", "-jar",  "/opt/app/app.jar"]
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ REST API for communication between DB and Platine-Management UI and Platine-My-S
 
 For building and running the application you need:
 
-- JDK 11
+- JDK 21
 - Maven 3
 
 ## Install and excute unit tests
-Original file line number
+Diff line change
@@ Expand Up @@
     For building and running the application you need:
-    - JDK 11
+    - JDK 21
     - Maven 3
     ## Install and excute unit tests
@@ Expand Down @@