[EC-150] Add PR GitHub pipeline (#395)

.dockerignore

@@ -0,0 +1,117 @@
+**/.dockerignore
+**/.git
+**/bin
+**/docker-compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md
+
+**/.idea
+.idea
+**/.mvn
+.mvn
+
+**/target
+
+# Created by .ignore support plugin (hsz.mobi)
+### Maven template
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+.mvn/wrapper/maven-wrapper.jar
+### Java template
+# Compiled class file
+*.class
+
+# Log file
+*.log
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+### JetBrains template
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# User-specific stuff
+.idea/**/workspace.xml
+.idea/**/tasks.xml
+.idea/**/usage.statistics.xml
+.idea/**/dictionaries
+.idea/**/shelf
+
+# Sensitive or high-churn files
+.idea/**/dataSources/
+.idea/**/dataSources.ids
+.idea/**/dataSources.local.xml
+.idea/**/sqlDataSources.xml
+.idea/**/dynamic.xml
+.idea/**/uiDesigner.xml
+.idea/**/dbnavigator.xml
+
+# Gradle
+.idea/**/gradle.xml
+.idea/**/libraries
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# .idea/modules.xml
+# .idea/*.iml
+# .idea/modules
+
+# CMake
+cmake-build-*/
+
+# Mongo Explorer plugin
+.idea/**/mongoSettings.xml
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Cursive Clojure plugin
+.idea/replstate.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+# Editor-based Rest Client
+.idea/httpRequests

.github/workflows/call_code_review.yml

@@ -0,0 +1,62 @@
+on:
+  workflow_call:
+    inputs:
+      pr_number:
+        type: string
+        required: true
+      module:
+        type: string
+        required: true
+      source_branch:
+        type: string
+        required: true
+      target_branch:
+        type: string
+        required: true
+      sonar_key:
+        type: string
+        required: true
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+jobs:
+  code_review:
+    name: 'Build & Analysis'
+    runs-on: ubuntu-20.04
+    permissions:
+      packages: read
+
+    steps:
+
+      - name: Setup Maven Action
+        uses: s4u/setup-maven-action@fa2c7e4517ed008b1f73e7e0195a9eecf5582cd4
+        with:
+          checkout-fetch-depth: 0
+          java-version: 17
+          java-distribution: 'temurin'
+          maven-version: '3.9.5'
+          cache-enabled: true
+
+      - name: Build
+        run: |
+          mvn -f ./pom.xml \
+            -B \
+            clean org.jacoco:jacoco-maven-plugin:prepare-agent \
+            verify org.jacoco:jacoco-maven-plugin:report org.jacoco:jacoco-maven-plugin:report-aggregate
+
+      - name: Analyze
+        run: |
+          xmlReportPaths=$(find "$(pwd)" -path '*jacoco.xml' | sed 's/.*/&/' | tr '\n' ',');
+
+          mvn -f pom.xml -B verify sonar:sonar \
+            -Dsonar.coverage.jacoco.xmlReportPaths=$xmlReportPaths \
+            -Dsonar.organization=pagopa \
+            -Dsonar.projectKey=${{ inputs.sonar_key }} \
+            -Dsonar.token=${{ secrets.SONAR_TOKEN }} \
+            -Dsonar.pullrequest.key=${{ inputs.pr_number }} \
+            -Dsonar.pullrequest.branch=${{ inputs.source_branch }} \
+            -Dsonar.pullrequest.base=refs/remotes/origin/${{ inputs.target_branch }} \
+            -Dsonar.exclusions='**/enums/**, **/model/**, **/constant/**, **/*Constant*, **/*Config.java, **/*Scheduler.java, **/*Application.java, **/src/test/**, **/Dummy*.java'
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/pr_ms.yml

@@ -4,22 +4,57 @@ on:
   workflow_dispatch:
 
   pull_request:
-    branches:
-      - main
-      - releases/**
     types:
       - opened
       - synchronize
+      - reopened
       - ready_for_review
     paths:
-      - './core/**'
-      - './infra/container_apps/ms-core'
+      - '!./.devops/**'
+      - '!./.github/**'
+      - '!./.identity/**'
+      - '!./helm/**'
+      - '!**.md'
+      - '!./.**ignore'
+      - '!./infra/**'
+      - '!./.terraform-version'
+      - '!./CODEOWNERS'
 
 jobs:
+
   code_review:
+    uses: ./.github/workflows/call_code_review.yml
     name: Core Code Review
+    secrets: inherit
+    if: ${{ github.head_ref == 'main' || startsWith(github.head_ref, 'releases/') }}
+    with:
+      pr_number: ${{ github.event.pull_request.number }}
+      source_branch: ${{ github.head_ref }}
+      target_branch: ${{ github.base_ref }}
+      sonar_key: 'pagopa_selfcare-ms-core'
+      module: 'selc-ms-core'
+
+  build_docker:
+    name: 'Build Docker image'
     runs-on: ubuntu-20.04
+    permissions:
+      packages: write
+
     steps:
-
-      - run: |
-          hello world
+
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
+        name: Checkout
+
+      - name: Setup Docker buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      - name: Build Image
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 #v5.1.0
+        with:
+          context: .
+          file: ./Dockerfile
+          push: false
+          secrets: |
+            GH_TOKEN=${{ secrets.READ_PACKAGES_TOKEN }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=min

Dockerfile

@@ -1,6 +1,20 @@
-FROM maven@sha256:dcfe7934d3780beda6e1f0f641bc7db3fa9b8818899981f6eddae052c78394c7
+FROM maven:3-eclipse-temurin-17 AS builder
+
+COPY . .
+
+RUN mvn clean package -DskipTests=true
+
+FROM openjdk:17-jdk AS runtime
+
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
+
+WORKDIR /app
+
+COPY --from=builder ./target/*.jar ./app.jar
+
 ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.1.1/applicationinsights-agent-3.1.1.jar /applicationinsights-agent.jar
-VOLUME /tmp
-COPY target/*.jar app.jar
-ENTRYPOINT ["java","-jar","app.jar"]
 
+EXPOSE 8080
+USER 1001
+
+ENTRYPOINT ["java", "-jar", "app.jar"]

Dockerfile.old

@@ -0,0 +1,5 @@
+FROM maven@sha256:dcfe7934d3780beda6e1f0f641bc7db3fa9b8818899981f6eddae052c78394c7
+ADD https://github.com/microsoft/ApplicationInsights-Java/releases/download/3.1.1/applicationinsights-agent-3.1.1.jar /applicationinsights-agent.jar
+VOLUME /tmp
+COPY target/*.jar app.jar
+ENTRYPOINT ["java","-jar","app.jar"]

pom.xml

@@ -26,6 +26,7 @@
         <selc-commons.version>2.5.1</selc-commons.version>
         <httpclient5.version>5.2.1</httpclient5.version>
         <httpcore5.version>5.2.1</httpcore5.version>
+        <sonar.host.url>https://sonarcloud.io/</sonar.host.url>
     </properties>
 
     <dependencyManagement>