Merge pull request #99 from InseeFr/develop

feat: modularization and add questioning communications
InseeFr · Jan 8, 2025 · 7bb7dbb · 7bb7dbb
2 parents bb15118 + 38df44c
commit 7bb7dbb
Show file tree

Hide file tree

Showing 338 changed files with 3,408 additions and 2,682 deletions.
diff --git a/.github/workflows/ci-rc.yml b/.github/workflows/ci-rc.yml
@@ -9,14 +9,14 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up JDK 21
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: 21
       - name: Build with Maven
-        run: mvn -B clean package
+        run: mvn -B clean package --no-transfer-progress
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/[email protected]
         with:
@@ -26,10 +26,10 @@ jobs:
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
       - name: Upload jar
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: jar
-          path: target/*.jar
+          name: app-jar
+          path: platine-management-api/target/*.jar
 
   get_version:
     needs: build
@@ -40,7 +40,7 @@ jobs:
       version: ${{steps.version.outputs.version}}
     steps:
       - name: Checkout current branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
       - name: Get current version
@@ -53,7 +53,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout current branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
       - uses: softprops/action-gh-release@v1
@@ -72,15 +72,15 @@ jobs:
     needs: get_version
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
       - name: Download jar
         id: download
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
-          name: jar
-          path: target
+          name: app-jar
+          path: platine-management-api/target
       - uses: docker/setup-qemu-action@v2
       - uses: docker/setup-buildx-action@v2
       - uses: docker/login-action@v2
@@ -90,7 +90,7 @@ jobs:
       - uses: docker/build-push-action@v4
         with:
           platforms: linux/amd64,linux/arm64
-          context: .
+          context: platine-management-api
           push: true
           tags: |
             inseefr/platine-management-back-office:${{ needs.get_version.outputs.version }}-rc

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,19 +9,19 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up JDK 21
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           distribution: temurin
           java-version: 21
       - name: Build with Maven
-        run: mvn -B clean package
+        run: mvn -B clean package --no-transfer-progress
       - name: Upload jar
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: jar
-          path: target/*.jar
+          name: app-jar
+          path: platine-management-api/target/*.jar
 
   get_version:
     needs: build
@@ -32,7 +32,7 @@ jobs:
       version: ${{steps.version.outputs.version}}
     steps:
       - name: Checkout current branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
       - name: Get current version
@@ -45,7 +45,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout current branch
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
       - uses: softprops/action-gh-release@v1
@@ -62,15 +62,15 @@ jobs:
     needs: get_version
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           ref: ${{ github.ref }}
       - name: Download jar
         id: download
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
-          name: jar
-          path: target
+          name: app-jar
+          path: platine-management-api/target
       - uses: docker/setup-qemu-action@v2
       - uses: docker/setup-buildx-action@v2
       - uses: docker/login-action@v2
@@ -80,7 +80,7 @@ jobs:
       - uses: docker/build-push-action@v4
         with:
           platforms: linux/amd64,linux/arm64
-          context: .
+          context: platine-management-api
           push: true
           tags: |
             inseefr/platine-management-back-office:${{ needs.get_version.outputs.version }}

diff --git a/.github/workflows/sonar.yml b/.github/workflows/sonar.yml
@@ -12,11 +12,11 @@ jobs:
     name: Build and analyze
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Set up JDK 21
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: 21
           distribution: 'temurin'

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -12,19 +12,21 @@ jobs:
     name: Build and analyze
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Set up JDK 21
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: 21
           distribution: 'temurin'
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/[email protected]
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
         with:
           format: 'table'
           scan-type: 'repo'
           exit-code: '1'
           vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
+          severity: 'CRITICAL,HIGH'
diff --git a/.gitignore b/.gitignore
@@ -33,4 +33,9 @@ build/
 
 ### VS Code ###
 .vscode/
-src/main/resources/application-*.properties
+
+logs
+**/.flattened-pom.xml
+**/src/main/resources/application-*.yaml
+**/src/main/resources/application-*.yml
+**/src/main/resources/application-*.properties
diff --git a/Dockerfile b/Dockerfile
diff --git a/docs/MDD Platine.pdf b/docs/MDD Platine.pdf
diff --git a/docs/di_pg_sicpilbo_dv03 - MDD.png b/docs/di_pg_sicpilbo_dv03 - MDD.png
diff --git a/docs/metadata.jpg b/docs/metadata.jpg
diff --git a/docs/questioning.jpg b/docs/questioning.jpg
diff --git a/docs/user.jpg b/docs/user.jpg
diff --git a/docs/view.jpg b/docs/view.jpg
diff --git a/platine-management-api/Dockerfile b/platine-management-api/Dockerfile
@@ -0,0 +1,20 @@
+FROM eclipse-temurin:21.0.4_7-jre-alpine
+
+ENV PATH_TO_JAR=/opt/app/app.jar
+WORKDIR /opt/app/
+COPY ./target/*.jar $PATH_TO_JAR
+
+ENV JAVA_TOOL_OPTIONS_DEFAULT \
+    -XX:MaxRAMPercentage=75
+
+# Setup a non-root user context (security)
+RUN addgroup -g 1000 tomcatgroup
+RUN adduser -D -s / -u 1000 tomcatuser -G tomcatgroup
+RUN mkdir /opt/app/temp-files
+RUN chown -R 1000:1000 /opt/app
+
+USER 1000
+
+ENTRYPOINT [ "/bin/sh", "-c", \
+    "export JAVA_TOOL_OPTIONS=\"$JAVA_TOOL_OPTIONS_DEFAULT $JAVA_TOOL_OPTIONS\"; \
+    exec java -jar $PATH_TO_JAR" ]