feat: P4ADEV-320-refactoring-accordingly-handbook

.devops/deploy-pipelines.yml

@@ -16,10 +16,10 @@ trigger:
   paths:
     include:
       - src/*
-      - build.gradle
+      - build.gradle.kts
       - helm/*
       - Dockerfile
-      - settings.gradle
+      - settings.gradle.kts
 
 pr: none
 
@@ -77,7 +77,7 @@ stages:
             inputs:
               targetType: 'inline'
               script: |
-                version=$(cat build.gradle | grep "version = '.*'" | cut -d"'" -f2)
+                version=$(cat build.gradle.kts | grep "version = '.*'" | cut -d"'" -f2)
                 echo "Building $version version"
                 echo "##vso[task.setvariable variable=appVersion;isOutput=true]$version"
               failOnStderr: true
@@ -143,6 +143,14 @@ stages:
                           "build/sourceVersion": "$(Build.SourceVersion)"' > buildMetadata.yaml
                   displayName: Writing build metadata
 
+                - task: Bash@3
+                  displayName: Lock Gradle Dependencies
+                  inputs:
+                    targetType: 'inline'
+                    script: |
+                      ./gradlew dependencies --write-locks
+                    failOnStderr: true
+
                 - task: HelmDeploy@0
                   displayName: Helm upgrade
                   inputs:

.devops/security-scan-pipelines.yml

@@ -0,0 +1,59 @@
+trigger:
+  branches:
+    include:
+      - develop
+      - uat
+      - main
+pr:
+  branches:
+    include:
+      - '*'
+
+schedules:
+  - cron: '0 7 * * *'
+    branches:
+      include:
+        - 'main'
+    always: true
+
+variables:
+  vmImageNameDefault: ubuntu-22.04
+  imageName: 'trivy-scan'
+  trivyVersion: '0.50.1'
+
+jobs:
+  - job: Build
+    pool:
+      vmImage: 'ubuntu-22.04'
+    steps:
+      - checkout: self
+        displayName: Checkout
+        fetchDepth: 1
+
+      - task: Docker@2
+        displayName: 'Build image'
+        inputs:
+          command: 'build'
+          repository: '$(imageName)'
+          buildContext: '.'
+          Dockerfile: 'Dockerfile'
+
+      - task: trivy@1
+        displayName: 'Security scan with trivy'
+        inputs:
+          severities: 'CRITICAL,HIGH'
+          version: 'v$(trivyVersion)'
+          docker: false
+          image: $(imageName):$(Build.BuildId)
+          options: --timeout 15m0s
+
+      - task: 'Bash@3'
+        displayName: 'Send message on Slack'
+        condition: and(failed(), ne(variables['Build.Reason'], 'PullRequest'))
+        inputs:
+          targetType: 'inline'
+          script: >
+            curl -X POST \
+              -H "Content-type: application/json" \
+              --data '{"text": "*Attention: The build has failed in pipeline $(System.DefinitionName)!*\nCheck the logs for more details $(System.CollectionUri)$(System.TeamProject)/_build/results?buildId=$(Build.BuildId) to view the build results."}' \
+              $(SLACK_WEBHOOK_URL)

build.gradle.kts

@@ -0,0 +1,131 @@
+plugins {
+	java
+	id("org.springframework.boot") version "3.2.5"
+	id("io.spring.dependency-management") version "1.1.4"
+	jacoco
+	id("org.sonarqube") version "5.0.0.4638"
+	id("com.github.ben-manes.versions") version "0.51.0"
+	id ("org.openapi.generator") version "7.5.0"
+}
+
+group = "it.gov.pagopa.payhub"
+version = "0.0.1"
+description = "p4pa-auth"
+
+java {
+	sourceCompatibility = JavaVersion.VERSION_17
+}
+
+configurations {
+	compileOnly {
+		extendsFrom(configurations.annotationProcessor.get())
+	}
+}
+
+
+repositories {
+	mavenCentral()
+}
+
+val springDocOpenApiVersion = "2.5.0"
+val janinoVersion = "3.1.12"
+val openApiToolsVersion = "0.2.6"
+val snakeYamlVersion = "2.0"
+val javaJwtVersion = "4.4.0"
+val jwksRsaVersion = "0.22.1"
+val nimbusJoseJwtVersion = "9.38-rc5"
+val jjwtVersion = "0.12.5"
+val wiremockVersion = "3.5.4"
+val findbugsVersion = "3.0.2"
+
+dependencies {
+	implementation("org.springframework.boot:spring-boot-starter")
+	implementation("org.springframework.boot:spring-boot-starter-web")
+	implementation("org.springframework.boot:spring-boot-starter-actuator")
+	implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:$springDocOpenApiVersion")
+	implementation("org.codehaus.janino:janino:$janinoVersion")
+	implementation("com.fasterxml.jackson.datatype:jackson-datatype-jsr310")
+	implementation("org.openapitools:jackson-databind-nullable:$openApiToolsVersion")
+	implementation("com.google.code.findbugs:jsr305:$findbugsVersion")
+
+	// Security fixes
+	implementation("org.yaml:snakeyaml:$snakeYamlVersion")
+
+	// validation token jwt
+	implementation("com.auth0:java-jwt:$javaJwtVersion")
+	implementation("com.auth0:jwks-rsa:$jwksRsaVersion")
+	implementation("com.nimbusds:nimbus-jose-jwt:$nimbusJoseJwtVersion")
+	implementation("io.jsonwebtoken:jjwt:$jjwtVersion")
+
+	compileOnly("org.projectlombok:lombok")
+	annotationProcessor("org.projectlombok:lombok")
+
+	//	Testing
+	testImplementation("org.springframework.boot:spring-boot-starter-test")
+	testImplementation("org.junit.jupiter:junit-jupiter-api")
+	testImplementation("org.junit.jupiter:junit-jupiter-engine")
+	testImplementation("org.mockito:mockito-core")
+	testImplementation ("org.projectlombok:lombok")
+	testImplementation ("org.wiremock:wiremock-standalone:$wiremockVersion")
+
+}
+
+tasks.withType<Test> {
+	useJUnitPlatform()
+	finalizedBy(tasks.jacocoTestReport)
+}
+
+tasks.jacocoTestReport {
+	dependsOn(tasks.test)
+	reports {
+		xml.required = true
+	}
+}
+
+val projectInfo = mapOf(
+		"artifactId" to project.name,
+		"version" to project.version
+)
+
+tasks {
+	val processResources by getting(ProcessResources::class) {
+		filesMatching("**/application.yml") {
+			expand(projectInfo)
+		}
+	}
+}
+
+configurations {
+	compileClasspath {
+		resolutionStrategy.activateDependencyLocking()
+	}
+}
+
+tasks.compileJava {
+	dependsOn("openApiGenerate")
+}
+
+configure<SourceSetContainer> {
+	named("main") {
+		java.srcDir("$projectDir/build/generated/src/main/java")
+	}
+}
+
+springBoot {
+	mainClass.value("it.gov.pagopa.payhub.auth.PayhubAuthApplication")
+}
+
+openApiGenerate {
+	generatorName.set("spring")
+	inputSpec.set("$rootDir/openapi/p4pa-auth.openapi.yaml")
+	outputDir.set("$projectDir/build/generated")
+	apiPackage.set("it.gov.pagopa.payhub.controller.generated")
+	modelPackage.set("it.gov.pagopa.payhub.model.generated")
+	configOptions.set(mapOf(
+			"dateLibrary" to "java8",
+			"requestMappingMode" to "api_interface",
+			"useSpringBoot3" to "true",
+			"interfaceOnly" to "true",
+			"useTags" to "true"
+	))
+}

gradle.lockfile

@@ -0,0 +1,66 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+ch.qos.logback:logback-classic:1.4.14=compileClasspath
+ch.qos.logback:logback-core:1.4.14=compileClasspath
+com.auth0:java-jwt:4.4.0=compileClasspath
+com.auth0:jwks-rsa:0.22.1=compileClasspath
+com.fasterxml.jackson.core:jackson-annotations:2.15.4=compileClasspath
+com.fasterxml.jackson.core:jackson-core:2.15.4=compileClasspath
+com.fasterxml.jackson.core:jackson-databind:2.15.4=compileClasspath
+com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.15.4=compileClasspath
+com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.15.4=compileClasspath
+com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.15.4=compileClasspath
+com.fasterxml.jackson.module:jackson-module-parameter-names:2.15.4=compileClasspath
+com.fasterxml.jackson:jackson-bom:2.15.4=compileClasspath
+com.google.code.findbugs:jsr305:3.0.2=compileClasspath
+com.nimbusds:nimbus-jose-jwt:9.38-rc5=compileClasspath
+io.jsonwebtoken:jjwt-api:0.12.5=compileClasspath
+io.jsonwebtoken:jjwt:0.12.5=compileClasspath
+io.micrometer:micrometer-commons:1.12.5=compileClasspath
+io.micrometer:micrometer-core:1.12.5=compileClasspath
+io.micrometer:micrometer-jakarta9:1.12.5=compileClasspath
+io.micrometer:micrometer-observation:1.12.5=compileClasspath
+io.swagger.core.v3:swagger-annotations-jakarta:2.2.21=compileClasspath
+io.swagger.core.v3:swagger-core-jakarta:2.2.21=compileClasspath
+io.swagger.core.v3:swagger-models-jakarta:2.2.21=compileClasspath
+jakarta.activation:jakarta.activation-api:2.1.3=compileClasspath
+jakarta.annotation:jakarta.annotation-api:2.1.1=compileClasspath
+jakarta.validation:jakarta.validation-api:3.0.2=compileClasspath
+jakarta.xml.bind:jakarta.xml.bind-api:4.0.2=compileClasspath
+org.apache.commons:commons-lang3:3.13.0=compileClasspath
+org.apache.logging.log4j:log4j-api:2.21.1=compileClasspath
+org.apache.logging.log4j:log4j-to-slf4j:2.21.1=compileClasspath
+org.apache.tomcat.embed:tomcat-embed-core:10.1.20=compileClasspath
+org.apache.tomcat.embed:tomcat-embed-el:10.1.20=compileClasspath
+org.apache.tomcat.embed:tomcat-embed-websocket:10.1.20=compileClasspath
+org.codehaus.janino:commons-compiler:3.1.12=compileClasspath
+org.codehaus.janino:janino:3.1.12=compileClasspath
+org.openapitools:jackson-databind-nullable:0.2.6=compileClasspath
+org.projectlombok:lombok:1.18.32=compileClasspath
+org.slf4j:jul-to-slf4j:2.0.13=compileClasspath
+org.slf4j:slf4j-api:2.0.13=compileClasspath
+org.springdoc:springdoc-openapi-starter-common:2.5.0=compileClasspath
+org.springdoc:springdoc-openapi-starter-webmvc-api:2.5.0=compileClasspath
+org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0=compileClasspath
+org.springframework.boot:spring-boot-actuator-autoconfigure:3.2.5=compileClasspath
+org.springframework.boot:spring-boot-actuator:3.2.5=compileClasspath
+org.springframework.boot:spring-boot-autoconfigure:3.2.5=compileClasspath
+org.springframework.boot:spring-boot-starter-actuator:3.2.5=compileClasspath
+org.springframework.boot:spring-boot-starter-json:3.2.5=compileClasspath
+org.springframework.boot:spring-boot-starter-logging:3.2.5=compileClasspath
+org.springframework.boot:spring-boot-starter-tomcat:3.2.5=compileClasspath
+org.springframework.boot:spring-boot-starter-web:3.2.5=compileClasspath
+org.springframework.boot:spring-boot-starter:3.2.5=compileClasspath
+org.springframework.boot:spring-boot:3.2.5=compileClasspath
+org.springframework:spring-aop:6.1.6=compileClasspath
+org.springframework:spring-beans:6.1.6=compileClasspath
+org.springframework:spring-context:6.1.6=compileClasspath
+org.springframework:spring-core:6.1.6=compileClasspath
+org.springframework:spring-expression:6.1.6=compileClasspath
+org.springframework:spring-jcl:6.1.6=compileClasspath
+org.springframework:spring-web:6.1.6=compileClasspath
+org.springframework:spring-webmvc:6.1.6=compileClasspath
+org.webjars:swagger-ui:5.13.0=compileClasspath
+org.yaml:snakeyaml:2.0=compileClasspath
+empty=