OPHJOD-1207: Create project structure

.editorconfig

@@ -0,0 +1,14 @@
+root = true
+
+[*]
+charset = utf-8
+indent_size = 2
+ij_continuation_indent_size = 4
+end_of_line = lf
+indent_style = space
+max_line_length = 100
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{bat,cmd}]
+end_of_line = crlf

.github/CODEOWNERS

@@ -0,0 +1 @@
+/.github/ @Opetushallitus/jod-kehittajat

.github/pull_request_template.md

@@ -0,0 +1,4 @@
+### Description
+
+### Related JIRA ticket
+https://jira.eduuni.fi/browse/OPHJOD-

.github/snyk_pull_request_template.yaml

@@ -0,0 +1,2 @@
+title: 'OPHJOD-851: Upgrade {{ package_name }} from {{ package_from }} to {{ package_to }}'
+commitMessage: 'OPHJOD-851: Upgrade {{ package_name }} from {{ package_from }} to {{ package_to }}'

.github/workflows/build.yml

@@ -0,0 +1,154 @@
+name: build
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+jobs:
+  build:
+    permissions:
+      checks: write
+      contents: read
+      pull-requests: read
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: corretto
+          java-version: 21
+
+      - uses: gradle/actions/setup-gradle@v3
+
+      - name: Build with Gradle
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew --no-daemon clean build sonar cyclonedxBom
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: application
+          path: |
+            build/libs/jod-ohjaaja-*.jar
+            !build/libs/*-plain.jar
+
+      - uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: reports
+          path: build/reports/
+
+  docs:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-java@v4
+        with:
+          distribution: corretto
+          java-version: 21
+
+      - uses: gradle/actions/setup-gradle@v3
+
+      - name: Generate documentation
+        run: ./gradlew --no-daemon generateOpenApiDocs generateSchemaDocs
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: openapi
+          path: build/openapi/openapi.json
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: database-schema-diagrams
+          path: build/schemaspy/diagrams
+
+  package:
+    needs: build
+    permissions:
+      id-token: write
+      contents: read
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.short-tag.outputs.tag }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: application
+          path: build/libs
+
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.JOD_UTIL_AWS_ROLE_ARN }}
+          aws-region: eu-west-1
+
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-qemu-action@v3
+
+      - uses: docker/metadata-action@v5
+        id: docker-meta
+        with:
+          images: "${{ secrets.JOD_ECR }}/oph/jod-ohjaaja"
+          tags: |
+            type=sha
+
+      - name: Output short tag
+        id: short-tag
+        run: |
+          echo "Short tag: ${DOCKER_METADATA_OUTPUT_TAGS##*:}"
+          echo "tag=${DOCKER_METADATA_OUTPUT_TAGS##*:}" >> $GITHUB_OUTPUT
+
+      - name: Login to ECR
+        id: ecr-login
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.JOD_ECR }}
+
+      - name: Build and push image
+        uses: docker/build-push-action@v6
+        id: docker-build
+        with:
+          pull: true
+          push: "${{ github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch' }}"
+          platforms: linux/arm64,linux/amd64
+          tags: ${{ steps.docker-meta.outputs.tags }}
+          labels: ${{ steps.docker-meta.outputs.labels }}
+          file: docker/Dockerfile
+          context: .
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+#  deploy-dev:
+#    if: github.ref == 'refs/heads/main' || github.event_name == 'workflow_dispatch'
+#    needs: package
+#    uses: ./.github/workflows/deploy.yml
+#    permissions:
+#      id-token: write
+#    secrets: inherit
+#    with:
+#      environment: dev
+#      tag: ${{ needs.package.outputs.tag }}
+#
+#  deploy-test:
+#    if: github.ref == 'refs/heads/main'
+#    needs:
+#      - package
+#      - deploy-dev
+#    uses: ./.github/workflows/deploy.yml
+#    permissions:
+#      id-token: write
+#    secrets: inherit
+#    with:
+#      environment: test
+#      tag: ${{ needs.package.outputs.tag }}

.github/workflows/dependency-submission.yml

@@ -0,0 +1,25 @@
+name: dependency-submission
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+
+jobs:
+  dependency-submission:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'corretto'
+          java-version: 21
+      - name: Generate and submit dependency graph
+        uses: gradle/actions/dependency-submission@v4
+        with:
+          dependency-graph-include-configurations: '(compileClasspath|runtimeClasspath)'

.github/workflows/deploy.yml

@@ -0,0 +1,90 @@
+name: deploy
+on:
+  workflow_call:
+    inputs:
+      environment:
+        type: string
+        description: 'Environment to deploy to'
+        required: true
+      tag:
+        type: string
+        description: 'Image tag to deploy'
+        required: true
+  workflow_dispatch:
+    inputs:
+      environment:
+        type: choice
+        description: 'Environment to deploy to'
+        required: true
+        default: 'dev'
+        options:
+          - dev
+          - test
+      tag:
+        type: string
+        description: 'Image tag to deploy'
+        required: true
+
+jobs:
+  deploy:
+    permissions:
+      id-token: write
+    runs-on: ubuntu-latest
+    environment: ${{ inputs.environment }}
+    concurrency:
+      group: deploy-${{ inputs.environment }}
+    steps:
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.JOD_AWS_DEPLOY_ROLE_ARN }}
+          aws-region: eu-west-1
+
+      - name: Download task definition
+        run: >
+          aws ecs describe-task-definition
+          --task-definition ${{ vars.JOD_ECS_TASKDEF }}
+          --query taskDefinition > raw-task-definition.json
+
+      - name: Remove ignored properties from task definition
+        run: >
+          jq 'del(.compatibilities,
+          .taskDefinitionArn,
+          .requiresAttributes,
+          .revision,
+          .status,
+          .registeredAt,
+          .deregisteredAt,
+          .registeredBy)'
+          raw-task-definition.json > task-definition.json
+
+      - uses: aws-actions/amazon-ecs-render-task-definition@v1
+        id: render-task-def
+        with:
+          task-definition: task-definition.json
+          container-name: ${{ vars.JOD_ECS_APP_CONTAINER }}
+          image: ${{ secrets.JOD_ECR }}/oph/jod-ohjaaja:${{ inputs.tag }}
+
+      - name: Deploy ECS Service
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+        id: ecs-deploy
+        with:
+          task-definition: ${{ steps.render-task-def.outputs.task-definition }}
+          service: ${{ secrets.JOD_ECS_SERVICE }}
+          cluster: ${{ secrets.JOD_ECS_CLUSTER }}
+          wait-for-service-stability: true
+
+      - name: Ensure that deploy worked
+        run: |
+          CURRENT_TASK_DEF_ARN=$(aws ecs describe-services --cluster ${{ secrets.JOD_ECS_CLUSTER }} --services ${{ secrets.JOD_ECS_SERVICE }} --query services[0].deployments[0].taskDefinition --output text)
+          NEW_TASK_DEF_ARN=${{ steps.ecs-deploy.outputs.task-definition-arn }}
+          if [ "$CURRENT_TASK_DEF_ARN" != "$NEW_TASK_DEF_ARN" ]; then
+            echo "Deployment was rolled back"
+            exit 1
+          fi
+
+      - name: Update image tag parameter
+        env:
+          TAG: ${{ inputs.tag }}
+        run: >
+          aws ssm put-parameter --overwrite --type String
+          --name ${{ vars.JOD_IMAGE_TAG_PARAM }} --value "${TAG##*:}"

README.md

@@ -13,3 +13,18 @@ Licensed under the European Union Public Licence EUPL-1.2 or later.
 
 ---
 
+## Getting Started
+
+The backend application is a Spring Boot 3 application that requires Java 21 and uses Gradle
+as a build tool.
+
+* Install a OpenJDK 21 distribution (e.g. [Eclipse Temurin™](https://adoptium.net/temurin/releases/)).
+* Clone the repository.
+* Run the application with `./gradlew bootRun`.
+
+## Development
+
+* Build and test application with `./gradlew build`
+* Code style is enforced using Spotless and Checkstyle (based on Google Java Style).
+  * You can format the code with `./gradlew spotlessApply`.
+  * If using IntelliJ IDEA, the Checkstyle-IDEA and google-java-format plugins are recommended.