pagopa · antocalo · Nov 15, 2024 · Nov 11, 2024 · Nov 12, 2024 · Nov 14, 2024
@@ -0,0 +1,32 @@
+name: 📦 Snapshot docker
+
+on:
+  push:
+    branches-ignore:
+      - 'develop'
+      - 'uat'
+      - 'main'
+    paths-ignore:
+      - 'CODEOWNERS'
+      - '**.md'
+      - '.**'
+  workflow_dispatch:
+
+env:
+  CURRENT_BRANCH: ${{ github.event.inputs.branch || github.ref_name }}
+
+jobs:
+  payments-flow-docker-snapshot:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: 🔖 Checkout code
+        # https://github.com/actions/checkout/releases/tag/v4.2.1
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        with:
+          ref: ${{ env.CURRENT_BRANCH }}
+
+      - name: 📦 Run Snapshot Docker Build/Push & Trigger
+        # https://github.com/pagopa/github-actions-template/releases/tag/v1.19.0
+        uses: pagopa/github-actions-template/payments-flow-docker-snapshot@37569377fa759368a01c1e7f40700b4118d65d0c
+        with:
+          current_branch: ${{ github.ref_name }}
@@ -0,0 +1,29 @@
+name: 🚀 Flow release
+
+on:
+  push:
+    branches:
+      - develop
+      - uat
+      - main
+    paths-ignore:
+      - 'CODEOWNERS'
+      - '**.md'
+      - '.**'
+  workflow_dispatch:
+
+jobs:
+  payments-flow-release:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: 🔖 Checkout code
+        # https://github.com/actions/checkout/releases/tag/v4.2.1
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        with:
+          ref: ${{ github.ref_name }}
+
+      - name: 🚀 release + docker + azdo
+        # https://github.com/pagopa/github-actions-template/releases/tag/v1.19.1
+        uses: pagopa/github-actions-template/payments-flow-release@3ae6a4268ccff000194696b21e1124d9e8ddf997
+        with:
+          current_branch: ${{ github.ref_name }}
@@ -0,0 +1,19 @@
+{
+  "plugins": [
+    [
+      "@semantic-release/commit-analyzer",
+      {
+        "preset": "angular",
+        "releaseRules": [{ "type": "breaking", "release": "major" }]
+      }
+    ],
+    "@semantic-release/release-notes-generator",
+    [
+      "@semantic-release/github",
+      {
+        "successComment": false,
+        "failComment": false
+      }
+    ]
+  ]
+}
@@ -1,27 +1,156 @@
+# syntax=docker/dockerfile:1.4
+
+#
+# 🎯 Version Management
+#
+ARG CORRETTO_VERSION="17-alpine3.19"
+ARG CORRETTO_SHA="2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477"
+ARG GRADLE_VERSION="8.10.2"
+ARG GRADLE_DOWNLOAD_SHA256="31c55713e40233a8303827ceb42ca48a47267a0ad4bab9177123121e71524c26"
+ARG APPINSIGHTS_VERSION="3.5.2"
+
+# 🌍 Timezone Configuration
+ARG TZ="Europe/Rome"
+
+# 🔧 Build Configuration
+ARG GRADLE_OPTS="-Dorg.gradle.daemon=false \
+    -Dorg.gradle.parallel=true \
+    -Dorg.gradle.caching=true \
+    -Dorg.gradle.configureondemand=true \
+    -Dorg.gradle.jvmargs=-Xmx2g"
+
+# 👤 App Configuration
+ARG APP_USER="appuser"
+ARG APP_GROUP="appgroup"
+ARG APP_HOME="/app"
+ARG GRADLE_HOME="/opt/gradle"
+
+#
+# 📥 Base Setup Stage
+#
+FROM amazoncorretto:${CORRETTO_VERSION}@sha256:${CORRETTO_SHA} AS base
+ARG APP_USER
+ARG APP_GROUP
+
+# Install base packages
+RUN apk add --no-cache \
+    wget \
+    unzip \
+    bash \
+    shadow
+
+# Create Gradle user
+RUN groupadd --system --gid 1000 ${APP_GROUP} && \
+    useradd --system --gid ${APP_GROUP} --uid 1000 --shell /bin/bash --create-home ${APP_USER}
+
+#
+# 📦 Gradle Setup Stage
+#
+FROM base AS gradle-setup
+ARG GRADLE_VERSION
+ARG GRADLE_DOWNLOAD_SHA256
+ARG GRADLE_HOME
+ARG GRADLE_OPTS
+ARG APP_USER
+ARG APP_GROUP
+
+# Set environment variables for Gradle
+ENV GRADLE_OPTS="${GRADLE_OPTS}"
+ENV GRADLE_HOME="${GRADLE_HOME}"
+ENV PATH="${GRADLE_HOME}/bin:${PATH}"
+
+WORKDIR /tmp
+
+# Download and verify Gradle with progress bar
+RUN echo "Downloading Gradle ${GRADLE_VERSION}..." && \
+    wget --progress=bar:force --output-document=gradle.zip \
+        "https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-bin.zip" && \
+    echo "Verifying download..." && \
+    echo "${GRADLE_DOWNLOAD_SHA256}  gradle.zip" | sha256sum -c - && \
+    echo "Installing Gradle..." && \
+    unzip -q gradle.zip && \
+    mv "gradle-${GRADLE_VERSION}" "${GRADLE_HOME}" && \
+    ln -s "${GRADLE_HOME}/bin/gradle" /usr/bin/gradle && \
+    rm gradle.zip && \
+    # Setup Gradle user directories
+    mkdir -p /home/${APP_USER}/.gradle && \
+    chown --recursive ${APP_USER}:${APP_GROUP} /home/${APP_USER} && \
+    # Verify installation
+    echo "Verifying Gradle installation..." && \
+    gradle --version
+
+# Create Gradle volume
+VOLUME /home/${APP_USER}/.gradle
+
 #
-# Build
+# 📚 Dependencies Stage
 #
-FROM amazoncorretto:17-alpine3.19@sha256:2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477 AS buildtime
+FROM gradle-setup AS dependencies
 
 WORKDIR /build
-COPY . .
 
-RUN chmod +x ./gradlew
-RUN ./gradlew bootJar
+# Copy build configuration
+COPY --chown=${APP_USER}:${APP_GROUP} build.gradle.kts settings.gradle.kts ./
+COPY --chown=${APP_USER}:${APP_GROUP} gradle.lockfile ./
+COPY --chown=${APP_USER}:${APP_GROUP} openapi openapi/
+
+# Generate OpenAPI stubs and download dependencies
+RUN mkdir -p src/main/java && \
+    chown -R ${APP_USER}:${APP_GROUP} /build && \
+    chmod -R 775 /build
+
+USER ${APP_USER}
+
+RUN gradle openApiGenerate dependencies --no-daemon
 
 #
-# Docker RUNTIME
+# 🏗️ Build Stage
 #
-FROM amazoncorretto:17-alpine3.19@sha256:2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477 AS runtime
+FROM dependencies AS build
+
+# Copy source code
+COPY --chown=${APP_USER}:${APP_GROUP} src src/
+
+# Build application
+RUN gradle bootJar --no-daemon
+
+#
+# 🚀 Runtime Stage
+#
+FROM amazoncorretto:${CORRETTO_VERSION}@sha256:${CORRETTO_SHA} AS runtime
+ARG APP_USER
+ARG APP_GROUP
+ARG APP_HOME
+ARG APPINSIGHTS_VERSION
+ARG TZ
+
+WORKDIR ${APP_HOME}
+
+# Set timezone environment variable
+ENV TZ=${TZ}
+
+# 🛡️ Security Setup and Timezone
+RUN apk upgrade --no-cache && \
+    apk add --no-cache \
+        tini \
+        curl \
+        # Configure timezone + ENV=TZ
+        tzdata && \
+    # Create user and group
+    addgroup -S ${APP_GROUP} && \
+    adduser -S ${APP_USER} -G ${APP_GROUP}
 
-WORKDIR /app
+# 📦 Copy Artifacts
+COPY --from=build /build/build/libs/*.jar ${APP_HOME}/app.jar
+ADD --chmod=644 https://github.com/microsoft/ApplicationInsights-Java/releases/download/${APPINSIGHTS_VERSION}/applicationinsights-agent-${APPINSIGHTS_VERSION}.jar ${APP_HOME}/applicationinsights-agent.jar
 
-COPY --from=buildtime /build/build/libs/*.jar /app/app.jar
-# The agent is enabled at runtime via JAVA_TOOL_OPTIONS.
-ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.5.2/applicationinsights-agent-3.5.2.jar /app/applicationinsights-agent.jar
+# 📝 Set Permissions
+RUN chown -R ${APP_USER}:${APP_GROUP} ${APP_HOME}
 
-RUN chown -R nobody:nobody /app
+# 🔌 Container Configuration
 EXPOSE 8080
-USER 65534 # user nobody
+USER ${APP_USER}
 
-ENTRYPOINT ["java","-jar","/app/app.jar"]
+# 🎬 Startup Configuration
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD ["java", "-jar", "/app/app.jar"]
@@ -39,11 +39,13 @@ val wiremockVersion = "3.5.4"
 val findbugsVersion = "3.0.2"
 val bouncycastleVersion = "1.78.1"
 val hikariCPVersion = "5.1.0"
+val micrometerVersion = "1.3.5"
 
 dependencies {
 	implementation("org.springframework.boot:spring-boot-starter")
 	implementation("org.springframework.boot:spring-boot-starter-web")
 	implementation("org.springframework.boot:spring-boot-starter-actuator")
+	implementation("io.micrometer:micrometer-tracing-bridge-otel:$micrometerVersion")
 	implementation("org.springframework.boot:spring-boot-starter-data-redis")
 	implementation("org.springframework.boot:spring-boot-starter-data-mongodb")
 	implementation("org.springframework.boot:spring-boot-starter-data-jpa")

@@ -0,0 +1 @@
+0001
@@ -1,6 +1,7 @@
 # This is a Gradle generated file for dependency locking.
 # Manual edits can break the build and are not advised.
 # This file is expected to be part of source control.
+aopalliance:aopalliance:1.0=compileClasspath
 ch.qos.logback:logback-classic:1.4.14=compileClasspath
 ch.qos.logback:logback-core:1.4.14=compileClasspath
 com.auth0:java-jwt:4.4.0=compileClasspath
@@ -19,17 +20,31 @@ com.zaxxer:HikariCP:5.1.0=compileClasspath
 io.jsonwebtoken:jjwt-api:0.12.5=compileClasspath
 io.jsonwebtoken:jjwt:0.12.5=compileClasspath
 io.lettuce:lettuce-core:6.3.2.RELEASE=compileClasspath
+io.micrometer:context-propagation:1.1.1=compileClasspath
 io.micrometer:micrometer-commons:1.12.5=compileClasspath
 io.micrometer:micrometer-core:1.12.5=compileClasspath
 io.micrometer:micrometer-jakarta9:1.12.5=compileClasspath
 io.micrometer:micrometer-observation:1.12.5=compileClasspath
+io.micrometer:micrometer-tracing-bridge-otel:1.3.5=compileClasspath
+io.micrometer:micrometer-tracing:1.2.5=compileClasspath
 io.netty:netty-buffer:4.1.109.Final=compileClasspath
 io.netty:netty-codec:4.1.109.Final=compileClasspath
 io.netty:netty-common:4.1.109.Final=compileClasspath
 io.netty:netty-handler:4.1.109.Final=compileClasspath
 io.netty:netty-resolver:4.1.109.Final=compileClasspath
 io.netty:netty-transport-native-unix-common:4.1.109.Final=compileClasspath
 io.netty:netty-transport:4.1.109.Final=compileClasspath
+io.opentelemetry.instrumentation:opentelemetry-instrumentation-api-semconv:1.33.3-alpha=compileClasspath
+io.opentelemetry.instrumentation:opentelemetry-instrumentation-api:1.33.3=compileClasspath
+io.opentelemetry.semconv:opentelemetry-semconv:1.23.1-alpha=compileClasspath
+io.opentelemetry:opentelemetry-api:1.31.0=compileClasspath
+io.opentelemetry:opentelemetry-context:1.31.0=compileClasspath
+io.opentelemetry:opentelemetry-extension-trace-propagators:1.31.0=compileClasspath
+io.opentelemetry:opentelemetry-sdk-common:1.31.0=compileClasspath
+io.opentelemetry:opentelemetry-sdk-logs:1.31.0=compileClasspath
+io.opentelemetry:opentelemetry-sdk-metrics:1.31.0=compileClasspath
+io.opentelemetry:opentelemetry-sdk-trace:1.31.0=compileClasspath
+io.opentelemetry:opentelemetry-sdk:1.31.0=compileClasspath
 io.projectreactor:reactor-core:3.6.5=compileClasspath
 io.swagger.core.v3:swagger-annotations-jakarta:2.2.21=compileClasspath
 io.swagger.core.v3:swagger-core-jakarta:2.2.21=compileClasspath

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.7-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10.2-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################

@@ -0,0 +1,28 @@
+package it.gov.pagopa.payhub.auth.mapper;
+
+import it.gov.pagopa.payhub.auth.utils.Constants;
+import it.gov.pagopa.payhub.model.generated.UserInfo;
+import it.gov.pagopa.payhub.model.generated.UserOrganizationRoles;
+import org.springframework.stereotype.Service;
+
+import java.util.Collections;
+
+@Service
+public class A2ALegacyClaims2UserInfoMapper {
+
+	private static final String A2A_PREFIX = "A2A-";
+
+	public UserInfo map(String ipaCode) {
+		return UserInfo.builder()
+			.issuer(ipaCode)
+			.userId(A2A_PREFIX + ipaCode)
+			.name(ipaCode)
+			.familyName(ipaCode)
+			.fiscalCode(A2A_PREFIX + ipaCode)
+			.organizations(Collections.singletonList(UserOrganizationRoles.builder()
+				.organizationIpaCode(ipaCode)
+				.roles(Collections.singletonList(Constants.ROLE_ADMIN))
+				.build()))
+			.build();
+	}
+}