Skip to content

Commit

Permalink
Merge pull request #363 from pagopa/develop
Browse files Browse the repository at this point in the history
feat: [RTD-1983] update spring boot 3 (#362)
  • Loading branch information
and-mora authored Sep 25, 2023
2 parents 9b9940a + 48920d6 commit e1471c7
Show file tree
Hide file tree
Showing 59 changed files with 856 additions and 795 deletions.
1 change: 1 addition & 0 deletions .devops/code-review-pipelines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ steps:
goals: 'clean org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report org.jacoco:jacoco-maven-plugin:report-aggregate'
publishJUnitResults: false
javaHomeOption: 'JDKVersion'
jdkVersionOption: 1.17
mavenVersionOption: 'Default'
mavenAuthenticateFeed: false
effectivePomSkip: false
Expand Down
74 changes: 58 additions & 16 deletions .github/workflows/anchor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,21 +31,63 @@ jobs:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
runs-on: ubuntu-latest
environment: dev
steps:
- name: Checkout the code
uses: actions/checkout@v3
- name: Build the Docker image
run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
uses: anchore/scan-action@v3
with:
image: "localbuild/testimage:latest"
fail-build: true
severity-cutoff: "high"
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: results.sarif
- name: Checkout the code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 #v3.6.0
- name: Build the Docker image
run: docker build . --file ${{ env.DOCKERFILE }} --tag localbuild/testimage:latest
- name: Run the Anchore scan action itself with GitHub Advanced Security code scanning integration enabled
id: scan
uses: anchore/scan-action@24fd7c9060f3c96848dd1929fac8d796fb5ae4b4 #v3.3.6
with:
image: "localbuild/testimage:latest"
fail-build: true
severity-cutoff: "high"
- name: Upload Anchore Scan Report
uses: github/codeql-action/upload-sarif@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e #v2.20.0
if: always()
with:
sarif_file: ${{ steps.scan.outputs.sarif }}
- name: Inspect action SARIF report
if: always()
run: cat ${{ steps.scan.outputs.sarif }}
- name: CVE Description escaped extraction and print
if: always()
run: |
SCAN_RESULTS=$(jq -r '.runs[0].tool.driver.rules | map(.shortDescription.text) | join("\\n")' ${{ steps.scan.outputs.sarif }})
echo "SCAN_RESULTS=$SCAN_RESULTS" >> $GITHUB_ENV
echo "CVE_CRITICAL=$(echo $SCAN_RESULTS | grep -o critical | wc -l)" >> $GITHUB_ENV
echo "CVE_HIGH=$(echo $SCAN_RESULTS | grep -o high | wc -l)" >> $GITHUB_ENV
echo "CVE_MEDIUM=$(echo $SCAN_RESULTS | grep -o medium | wc -l)" >> $GITHUB_ENV
echo -e $SCAN_RESULTS
- name: Send notification to Slack
id: slack
if: always() && github.event_name == 'schedule' && steps.scan.outcome == 'failure'
uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 #v1.24.0
with:
payload: |
{
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "[ ${{ github.event.repository.name }} ]"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": " `CRITICAL` : *${{ env.CVE_CRITICAL }}*\n\n`HIGH` : *${{ env.CVE_HIGH }}*\n\n`MEDIUM` : *${{ env.CVE_MEDIUM }}*\n\n<https://github.com/${{ github.repository }}/security/code-scanning |See details on GitHub>""
}
}
]
}
env:
SLACK_WEBHOOK_URL: ${{ secrets.CVE_SCAN_SLACK_WEBHOOK }}
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
FROM maven:3.8.6-jdk-11-slim as buildtime
FROM maven:3.9.4-amazoncorretto-17-al2023@sha256:c668a2ee8a376c82977408f57970a996f5d6d3d5f017149d02d396eed2c850b3 AS buildtime

WORKDIR /build
COPY . .

RUN mvn clean package

FROM amazoncorretto:11 as runtime
FROM amazoncorretto:17.0.8-alpine3.18@sha256:34650d7c653af234dad21cd2d89d2f0dbdb1bad54041014932e51b3492e0dec5 AS runtime

WORKDIR /app

Expand Down
5 changes: 3 additions & 2 deletions acceptance_tests/ingestion_big_files/script_ingestion.bash
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,7 @@ then
exit 2
fi

exit 0

rm -rf cstar-cli
rm -rf workdir

exit 0
Original file line number Diff line number Diff line change
Expand Up @@ -51,4 +51,7 @@ else
exit 2
fi

rm -rf cstar-cli
rm -rf workdir

exit 0
4 changes: 2 additions & 2 deletions api/batch/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,11 @@
<parent>
<artifactId>rtd-ms-transaction-filter-api</artifactId>
<groupId>it.gov.pagopa.rtd.ms.transaction_filter.api</groupId>
<version>2.0.3</version>
<version>2.1.0</version>
</parent>

<artifactId>rtd-ms-transaction-filter-api-batch</artifactId>
<version>2.0.3</version>
<version>2.1.0</version>

<dependencies>
<dependency>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
package it.gov.pagopa.rtd.transaction_filter.batch;


import it.gov.pagopa.rtd.transaction_filter.batch.step.PanReaderStep;
import it.gov.pagopa.rtd.transaction_filter.batch.step.TransactionFilterStep;
import it.gov.pagopa.rtd.transaction_filter.service.StoreService;
import java.util.Date;
import lombok.Data;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.batch.core.Job;
import org.springframework.batch.core.JobExecution;
import org.springframework.batch.core.JobParametersBuilder;
import org.springframework.batch.core.launch.JobLauncher;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.io.Resource;
import org.springframework.core.io.support.PathMatchingResourcePatternResolver;
import org.springframework.stereotype.Component;

@Slf4j
@RequiredArgsConstructor
@Component
@Data
public class BatchExecutor {

private final Job job;
private final JobLauncher jobLauncher;
private final TransactionFilterStep transactionFilterStep;
private final PanReaderStep panReaderStep;
private final StoreService storeService;
@Value("${batchConfiguration.TransactionFilterBatch.hpanListRecovery.enabled}")
private Boolean hpanListRecoveryEnabled;
private final PathMatchingResourcePatternResolver resolver;


/**
*
* @return Method to start the execution of the transaction filter job
* @param startDate starting date for the batch job execution
*/
@SneakyThrows
public JobExecution execute(Date startDate) {
Resource[] transactionResources = resolver.getResources(transactionFilterStep.getTransactionDirectoryPath() + "/*.csv");
transactionResources = TransactionFilterStep.filterValidFilenames(transactionResources);

String hpanPath = panReaderStep.getHpanDirectoryPath();
Resource[] hpanResources = resolver.getResources(hpanPath);

JobExecution execution = null;

/*
The jobLauncher run method is called only if, based on the configured properties, a matching transaction
resource is found, and either the remote pan list recovery is enabled, or a pan list file is available locally
on the configured path
*/
if (transactionResources.length == 0) {
log.info("No transaction file has been found on configured path: {}", transactionFilterStep.getTransactionDirectoryPath());
}

if (Boolean.FALSE.equals(hpanListRecoveryEnabled) && hpanResources.length == 0) {
log.info("No hpan file has been found on configured path: {}", hpanPath);
}

if (transactionResources.length > 0 &&
(hpanListRecoveryEnabled || hpanResources.length > 0)) {

log.info("Found {} {}. Starting filtering process",
transactionResources.length, (transactionResources.length > 1 ? "resources" : "resource")
);

execution = jobLauncher.run(job,
new JobParametersBuilder()
.addDate("startDateTime", startDate)
.toJobParameters());
clearStoreService();

}

return execution;
}

public void clearStoreService() {
storeService.clearAll();
}

}
Loading

0 comments on commit e1471c7

Please sign in to comment.