From e795e81904af8233bfe4765295cd372d2e4aef28 Mon Sep 17 00:00:00 2001 From: umbcoppolabottazzi Date: Fri, 3 May 2024 10:25:49 +0200 Subject: [PATCH 1/8] feat: init codereview pipeline --- .devops/code-review-pipelines.yml | 54 ++++++++++++++++++++++++++++++- gradlew | 0 2 files changed, 53 insertions(+), 1 deletion(-) mode change 100644 => 100755 gradlew diff --git a/.devops/code-review-pipelines.yml b/.devops/code-review-pipelines.yml index dd603f1a..d848fad0 100644 --- a/.devops/code-review-pipelines.yml +++ b/.devops/code-review-pipelines.yml @@ -1 +1,53 @@ -trigger: none # Disable CI triggers. \ No newline at end of file +pr: + - dev + - uat + - main + +pool: + vmImage: ubuntu-22.04 + +steps: + - checkout: self + displayName: Checkout + fetchDepth: 1 + + - task: SonarCloudPrepare@1 + displayName: 'Prepare SonarCloud analysis configuration' + inputs: + SonarCloud: '$(SONARCLOUD_SERVICE_CONN)' + organization: '$(SONARCLOUD_ORG)' + scannerMode: Other + extraProperties: | + sonar.projectKey=$(SONARCLOUD_PROJECT_KEY) + sonar.projectName=$(SONARCLOUD_PROJECT_NAME) + sonar.exclusions='**/enums/**, **/model/**, **/dto/**, **/*Constant*, **/*Config.java, **/*Scheduler.java, **/*Application.java, **/src/test/**, **/Dummy*.java' + + - task: Gradle@3 + inputs: + workingDirectory: './' + gradleWrapperFile: './gradlew' + tasks: 'clean build jacocoTestReport' + publishJUnitResults: true + testResultsFiles: '**/TEST-*.xml' + javaHomeOption: 'JDKVersion' + jdkVersionOption: '1.11' + sonarQubeRunAnalysis: false + + - bash: xmlReportPaths=$(find "$(pwd)" -path '*jacoco.xml' | sed 's/.*/&/' | tr '\n' ','); echo "##vso[task.setvariable variable=xmlReportPaths]$xmlReportPaths" + displayName: finding jacoco.xml + + - task: Gradle@3 + inputs: + workingDirectory: './' + gradleWrapperFile: './gradlew' + tasks: "sonar" + options: '-Dsonar.coverage.jacoco.xmlReportPaths=$(xmlReportPaths) -Dorg.gradle.jvmargs=-Xmx4096M' + publishJUnitResults: false + javaHomeOption: 'JDKVersion' + jdkVersionOption: '1.17' + sonarQubeRunAnalysis: false + sqGradlePluginVersionChoice: 'build' + + - task: SonarCloudPublish@1 + inputs: + pollingTimeoutSec: '300' \ No newline at end of file diff --git a/gradlew b/gradlew old mode 100644 new mode 100755 From bd743422e9b37a9392c67b4948cff48b6e16b526 Mon Sep 17 00:00:00 2001 From: LarissaASLeite Date: Fri, 3 May 2024 12:32:13 +0200 Subject: [PATCH 2/8] P4ADEV-262 fix app insight --- Dockerfile | 2 +- build.gradle | 1 + helm/values-dev.yaml | 2 +- helm/values-prod.yaml | 2 +- helm/values-uat.yaml | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 145ccfd1..4280231e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,4 +20,4 @@ COPY --from=buildtime /build/build/libs/*.jar /app/app.jar # The agent is enabled at runtime via JAVA_TOOL_OPTIONS. ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.5.2/applicationinsights-agent-3.5.2.jar /app/applicationinsights-agent.jar -ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar /app/app.jar"] +ENTRYPOINT ["java","-jar","/app/app.jar"] diff --git a/build.gradle b/build.gradle index 9413cf18..758fb161 100644 --- a/build.gradle +++ b/build.gradle @@ -53,6 +53,7 @@ dependencies { implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0' implementation 'org.codehaus.janino:janino:3.1.12' + implementation 'org.springframework.boot:spring-boot-gradle-plugin:3.2.5' // Security fixes implementation 'org.yaml:snakeyaml:2.0' diff --git a/helm/values-dev.yaml b/helm/values-dev.yaml index 504eff27..f076caa6 100644 --- a/helm/values-dev.yaml +++ b/helm/values-dev.yaml @@ -29,7 +29,7 @@ microservice-chart: envConfig: ENV: "DEV" - JAVA_OPTS: "-Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" + JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" keyvault: diff --git a/helm/values-prod.yaml b/helm/values-prod.yaml index 172dc94a..b6c979f4 100644 --- a/helm/values-prod.yaml +++ b/helm/values-prod.yaml @@ -29,7 +29,7 @@ microservice-chart: envConfig: ENV: "PROD" - JAVA_OPTS: "-Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" + JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" keyvault: diff --git a/helm/values-uat.yaml b/helm/values-uat.yaml index ed3f2cf0..1868d52c 100644 --- a/helm/values-uat.yaml +++ b/helm/values-uat.yaml @@ -29,7 +29,7 @@ microservice-chart: envConfig: ENV: "UAT" - JAVA_OPTS: "-Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" + JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" keyvault: From ccf4956d6bb90290a69f632de68c6a7a06f10d51 Mon Sep 17 00:00:00 2001 From: LarissaASLeite Date: Fri, 3 May 2024 12:47:17 +0200 Subject: [PATCH 3/8] P4ADEV-262 fix code-review --- .devops/code-review-pipelines.yml | 2 +- build.gradle | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.devops/code-review-pipelines.yml b/.devops/code-review-pipelines.yml index d848fad0..50425038 100644 --- a/.devops/code-review-pipelines.yml +++ b/.devops/code-review-pipelines.yml @@ -30,7 +30,7 @@ steps: publishJUnitResults: true testResultsFiles: '**/TEST-*.xml' javaHomeOption: 'JDKVersion' - jdkVersionOption: '1.11' + jdkVersionOption: '1.17' sonarQubeRunAnalysis: false - bash: xmlReportPaths=$(find "$(pwd)" -path '*jacoco.xml' | sed 's/.*/&/' | tr '\n' ','); echo "##vso[task.setvariable variable=xmlReportPaths]$xmlReportPaths" diff --git a/build.gradle b/build.gradle index 758fb161..9413cf18 100644 --- a/build.gradle +++ b/build.gradle @@ -53,7 +53,6 @@ dependencies { implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0' implementation 'org.codehaus.janino:janino:3.1.12' - implementation 'org.springframework.boot:spring-boot-gradle-plugin:3.2.5' // Security fixes implementation 'org.yaml:snakeyaml:2.0' From c18c37e4a0a57c39e8c8e6207bb0394496ca8909 Mon Sep 17 00:00:00 2001 From: LarissaASLeite Date: Fri, 3 May 2024 15:17:27 +0200 Subject: [PATCH 4/8] P4ADEV-262 fix --- Dockerfile | 7 +++++++ helm/values.yaml | 3 +++ 2 files changed, 10 insertions(+) diff --git a/Dockerfile b/Dockerfile index 4280231e..c16a7fbc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,10 +14,17 @@ RUN ./gradlew bootJar # FROM amazoncorretto:17-alpine3.19@sha256:2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477 AS runtime +RUN useradd --uid 10000 runner + +VOLUME /tmp WORKDIR /app COPY --from=buildtime /build/build/libs/*.jar /app/app.jar # The agent is enabled at runtime via JAVA_TOOL_OPTIONS. ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.5.2/applicationinsights-agent-3.5.2.jar /app/applicationinsights-agent.jar +RUN chown -R runner:runner /app + +USER 10000 + ENTRYPOINT ["java","-jar","/app/app.jar"] diff --git a/helm/values.yaml b/helm/values.yaml index 81e5aad2..31ca2c44 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -44,6 +44,9 @@ microservice-chart: securityContext: allowPrivilegeEscalation: false + runAsNonRoot: true + runAsUser: 10000 + runAsGroup: 10000 externalConfigMapFiles: create: true From 946e5538397a44f9897b4d6ad2f4ee8b932fb075 Mon Sep 17 00:00:00 2001 From: LarissaASLeite Date: Fri, 3 May 2024 15:22:13 +0200 Subject: [PATCH 5/8] P4ADEV-262 fix --- Dockerfile | 7 +++---- helm/values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index c16a7fbc..4c3fd85f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,17 +14,16 @@ RUN ./gradlew bootJar # FROM amazoncorretto:17-alpine3.19@sha256:2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477 AS runtime -RUN useradd --uid 10000 runner - VOLUME /tmp WORKDIR /app COPY --from=buildtime /build/build/libs/*.jar /app/app.jar # The agent is enabled at runtime via JAVA_TOOL_OPTIONS. ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.5.2/applicationinsights-agent-3.5.2.jar /app/applicationinsights-agent.jar +RUN chown -R nobody:nobody /app -RUN chown -R runner:runner /app +EXPOSE 8080 -USER 10000 +USER 65534 # user nobody ENTRYPOINT ["java","-jar","/app/app.jar"] diff --git a/helm/values.yaml b/helm/values.yaml index 31ca2c44..02ef0956 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -45,8 +45,8 @@ microservice-chart: securityContext: allowPrivilegeEscalation: false runAsNonRoot: true - runAsUser: 10000 - runAsGroup: 10000 + runAsUser: 65534 + runAsGroup: 65534 externalConfigMapFiles: create: true From 10540b302e97f0f47dd13747e10dba2b8e1812b0 Mon Sep 17 00:00:00 2001 From: LarissaASLeite Date: Fri, 3 May 2024 15:38:37 +0200 Subject: [PATCH 6/8] P4ADEV-262 fix app insight --- helm/values-dev.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/values-dev.yaml b/helm/values-dev.yaml index f076caa6..0c18bd60 100644 --- a/helm/values-dev.yaml +++ b/helm/values-dev.yaml @@ -29,7 +29,7 @@ microservice-chart: envConfig: ENV: "DEV" - JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" + JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -Dio.netty.eventLoopThreads=100 -javaagent:/app/applicationinsights-agent.jar -Dapplicationinsights.configuration.file=/mnt/file-config-external/appinsights-config/applicationinsights.json -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" keyvault: From 436dab268a82f0ce4d6475453b7303d1fefcd203 Mon Sep 17 00:00:00 2001 From: LarissaASLeite Date: Fri, 3 May 2024 16:03:35 +0200 Subject: [PATCH 7/8] P4ADEV-262 rollback --- Dockerfile | 8 +------- helm/values-dev.yaml | 2 +- helm/values-prod.yaml | 2 +- helm/values-uat.yaml | 2 +- helm/values.yaml | 3 --- 5 files changed, 4 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4c3fd85f..145ccfd1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -14,16 +14,10 @@ RUN ./gradlew bootJar # FROM amazoncorretto:17-alpine3.19@sha256:2122cb140fa94053abce343fb854d24f4c62ba3c1ac701882dce12980396b477 AS runtime -VOLUME /tmp WORKDIR /app COPY --from=buildtime /build/build/libs/*.jar /app/app.jar # The agent is enabled at runtime via JAVA_TOOL_OPTIONS. ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.5.2/applicationinsights-agent-3.5.2.jar /app/applicationinsights-agent.jar -RUN chown -R nobody:nobody /app -EXPOSE 8080 - -USER 65534 # user nobody - -ENTRYPOINT ["java","-jar","/app/app.jar"] +ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -jar /app/app.jar"] diff --git a/helm/values-dev.yaml b/helm/values-dev.yaml index 0c18bd60..504eff27 100644 --- a/helm/values-dev.yaml +++ b/helm/values-dev.yaml @@ -29,7 +29,7 @@ microservice-chart: envConfig: ENV: "DEV" - JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -Dio.netty.eventLoopThreads=100 -javaagent:/app/applicationinsights-agent.jar -Dapplicationinsights.configuration.file=/mnt/file-config-external/appinsights-config/applicationinsights.json -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" + JAVA_OPTS: "-Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" keyvault: diff --git a/helm/values-prod.yaml b/helm/values-prod.yaml index b6c979f4..172dc94a 100644 --- a/helm/values-prod.yaml +++ b/helm/values-prod.yaml @@ -29,7 +29,7 @@ microservice-chart: envConfig: ENV: "PROD" - JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" + JAVA_OPTS: "-Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" keyvault: diff --git a/helm/values-uat.yaml b/helm/values-uat.yaml index 1868d52c..ed3f2cf0 100644 --- a/helm/values-uat.yaml +++ b/helm/values-uat.yaml @@ -29,7 +29,7 @@ microservice-chart: envConfig: ENV: "UAT" - JAVA_TOOL_OPTIONS: "-Xms128m -Xmx4g -Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" + JAVA_OPTS: "-Djava.util.concurrent.ForkJoinPool.common.parallelism=7 -agentlib:jdwp=transport=dt_socket,server=y,address=8001,suspend=n -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=3002 -Dcom.sun.management.jmxremote.rmi.port=3003 -Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false" keyvault: diff --git a/helm/values.yaml b/helm/values.yaml index 02ef0956..81e5aad2 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -44,9 +44,6 @@ microservice-chart: securityContext: allowPrivilegeEscalation: false - runAsNonRoot: true - runAsUser: 65534 - runAsGroup: 65534 externalConfigMapFiles: create: true From e1ff9b456a6c79eb81376571ff0c56bd432c7f4f Mon Sep 17 00:00:00 2001 From: LarissaASLeite Date: Fri, 3 May 2024 16:31:00 +0200 Subject: [PATCH 8/8] P4ADEV-262 code review --- .devops/code-review-pipelines.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devops/code-review-pipelines.yml b/.devops/code-review-pipelines.yml index 50425038..9c534411 100644 --- a/.devops/code-review-pipelines.yml +++ b/.devops/code-review-pipelines.yml @@ -1,5 +1,5 @@ pr: - - dev + - develop - uat - main