Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat : initial commit of jooq-jpa integration #1613

Merged
merged 4 commits into from
Jan 5, 2025
Merged

feat : initial commit of jooq-jpa integration #1613

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0c30b08
feat : initial commit of jooq-jpa integration
rajadilipkolli Jan 5, 2025
81bbe24
feat : implement code review comments
rajadilipkolli Jan 5, 2025
b4d725c
implement code review comments
rajadilipkolli Jan 5, 2025
486b1ba
implement code review comments
rajadilipkolli Jan 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .github/labeler.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@
- changed-files:
- any-glob-to-any-file:
- jpa/boot-hibernate2ndlevelcache-sample/**/*
"component: jpa-jooq":
- changed-files:
- any-glob-to-any-file:
- jpa/boot-jpa-jooq-sample/**/*
"component: jpa-lock":
- changed-files:
- any-glob-to-any-file:
Expand Down Expand Up @@ -145,6 +149,7 @@
- jpa/boot-data-envers/pom.xml
- jpa/boot-data-multipledatasources/pom.xml
- jpa/boot-hibernate2ndlevelcache-sample/pom.xml
- jpa/boot-jpa-jooq-sample/pom.xml
- jpa/boot-data-jpa-locks/pom.xml
- jpa/boot-read-replica-postgresql/pom.xml
- jpa/keyset-pagination/blaze-persistence/pom.xml
Expand Down
39 changes: 39 additions & 0 deletions .github/workflows/boot-jpa-jooq-sample.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: boot-jpa-jooq-sample

on:
push:
paths:
- "jpa/boot-jpa-jooq-sample/**"
branches: [main]
pull_request:
paths:
- "jpa/boot-jpa-jooq-sample/**"
types:
- opened
- synchronize
- reopened

jobs:
build:
name: Run Unit & Integration Tests
runs-on: ubuntu-latest
defaults:
run:
working-directory: "jpa/boot-jpa-jooq-sample"
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis

- name: Set up JDK 21
uses: actions/[email protected]
with:
java-version: 21
distribution: "temurin"
cache: "maven"

- name: Grant execute permission for mvnw
run: chmod +x mvnw

- name: Build and analyze
run: ./mvnw clean verify
1 change: 1 addition & 0 deletions SUMMARY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
* [multiple datasources using Spring Boot](jpa/boot-data-multipledatasources/README.md),
* [spring-boot-hibernate2ndlevelcache-sample](jpa/boot-hibernate2ndlevelcache-sample/README.md)
* [JNDI in embedded Tomcat](jpa/boot-jndi-sample/README.md)
* [JPA Jooq Marriage](jpa/boot-jpa-jooq-sample/README.md)
* [JPA locks implementation](jpa/boot-jpa-locks/README.md)
* [read-replica-with-spring-boot](jpa/boot-read-replica-postgresql/README.md)
* [KeySet Pagination Using Blaze](jpa/keyset-pagination/blaze-persistence/README.md)
Expand Down
19 changes: 19 additions & 0 deletions jpa/boot-jpa-jooq-sample/.mvn/wrapper/maven-wrapper.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
wrapperVersion=3.3.2
distributionType=only-script
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip
14 changes: 14 additions & 0 deletions jpa/boot-jpa-jooq-sample/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
FROM eclipse-temurin:21.0.5_11-jre-alpine as builder
WORKDIR application
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Use absolute paths for WORKDIR

Using relative paths in WORKDIR can lead to inconsistencies. Use absolute paths instead.

-WORKDIR application
+WORKDIR /app

Also applies to: 9-9

🧰 Tools
🪛 Hadolint (2.12.0)

[error] 2-2: Use absolute WORKDIR

(DL3000)

ARG JAR_FILE=target/boot-jpa-jooq-0.0.1-SNAPSHOT.jar
COPY ${JAR_FILE} application.jar
RUN java -Djarmode=layertools -jar application.jar extract

# the second stage of our build will copy the extracted layers
FROM eclipse-temurin:21.0.5_11-jre-alpine
WORKDIR application
COPY --from=builder application/dependencies/ ./
COPY --from=builder application/spring-boot-loader/ ./
COPY --from=builder application/snapshot-dependencies/ ./
COPY --from=builder application/application/ ./
ENTRYPOINT ["java", "org.springframework.boot.loader.launch.JarLauncher"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Enhance container security and monitoring

The Dockerfile could be improved with security best practices and monitoring capabilities.

Add the following configurations:

  1. Create a non-root user:
 FROM eclipse-temurin:21.0.5_11-jre-alpine
+RUN addgroup -S spring && adduser -S spring -G spring
 WORKDIR /app
 COPY --from=builder application/dependencies/ ./
 COPY --from=builder application/spring-boot-loader/ ./
 COPY --from=builder application/snapshot-dependencies/ ./
 COPY --from=builder application/application/ ./
+USER spring:spring
 ENTRYPOINT ["java", "org.springframework.boot.loader.launch.JarLauncher"]
  1. Add HEALTHCHECK instruction:
HEALTHCHECK --interval=30s --timeout=3s \
  CMD wget --quiet --tries=1 --spider http://localhost:8080/actuator/health || exit 1
🧰 Tools
🪛 Hadolint (2.12.0)

[error] 9-9: Use absolute WORKDIR

(DL3000)

36 changes: 36 additions & 0 deletions jpa/boot-jpa-jooq-sample/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# boot-jpa-jooq-sample


### Format code

This project uses Spotless to maintain consistent code formatting. Run the following command to format all files:

```shell
./mvnw spotless:apply
```

### Run tests

```shell
./mvnw clean verify
```

### Run locally

```shell
docker-compose -f docker/docker-compose.yml up -d
./mvnw spring-boot:run -Dspring-boot.run.profiles=local
```

### Using Testcontainers at Development Time
You can run `TestJpaJooqApplication.java` from your IDE directly.
You can also run the application using Maven as follows:

```shell
./mvnw spring-boot:test-run
```


### Useful Links
* Swagger UI: http://localhost:8080/swagger-ui.html
* Actuator Endpoint: http://localhost:8080/actuator
17 changes: 17 additions & 0 deletions jpa/boot-jpa-jooq-sample/docker/docker-compose-app.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
version: '3.8'
services:

boot-jpa-jooq-sample:
build: ..
ports:
- "18080:8080"
- "18787:8787"
Comment on lines +7 to +8
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Debug port should not be exposed in docker-compose-app.yml

Based on the project documentation and configuration files, I can confirm that docker-compose-app.yml is used for running the application in a containerized environment, while docker-compose.yml is used for local development. The exposed debug port (8787) in docker-compose-app.yml is a security concern as:

  1. The README.md clearly shows this is not meant for development purposes, as it describes separate ways to run the application locally
  2. The docker-compose.yml file is explicitly mentioned for local development setup
  3. The docker-compose-app.yml has restart: always policy, suggesting it's meant for deployment rather than development

Recommendations:

  • Remove the debug port exposure from docker-compose-app.yml
  • If debug capability is needed, create a separate docker-compose-debug.yml or use Docker Compose profiles
🔗 Analysis chain

Verify debug port exposure in production

Port 8787 appears to be exposed for Java debugging. While useful during development, exposing debug ports in production could pose security risks.

Consider using Docker Compose profiles to conditionally expose the debug port:

    ports:
      - "18080:8080"
-      - "18787:8787"
+      - target: 8787
+        published: 18787
+        protocol: tcp
+        mode: host
+        condition: service.profiles=["debug"]

Let me verify if this is a production configuration by checking for any existing Docker Compose profiles or environment-specific configurations.

Let me check the project's documentation and related configuration files to understand if this is meant for development or production use.

🏁 Scripts executed

The following scripts were executed for the analysis:

Error: No shell scripts found

Script:

#!/bin/bash
# Check for Docker Compose files and their content
fd -e yml -e yaml docker-compose

Length of output: 4023

Script:

#!/bin/bash
# Search for any environment-specific configuration files
fd -e yml -e yaml -e env -e properties | grep -i "prod\|dev\|stage"

Length of output: 154

Script:

#!/bin/bash
# Look for documentation about deployment configurations
fd README -t f

Length of output: 1599

Script:

#!/bin/bash
# Check the content of the docker-compose file
cat jpa/boot-jpa-jooq-sample/docker/docker-compose-app.yml

Length of output: 560

Script:

#!/bin/bash
# Check the project's README for deployment information
cat jpa/boot-jpa-jooq-sample/README.md

Length of output: 1366

Script:

#!/bin/bash
# Check if there's a separate docker-compose file for development
cat jpa/boot-jpa-jooq-sample/docker/docker-compose.yml

Length of output: 1315

Script:

#!/bin/bash
# Check for any Spring profiles configuration
find jpa/boot-jpa-jooq-sample/src -type f -name "application*.yml" -o -name "application*.properties" | xargs cat

Length of output: 1605

restart: always
depends_on:
- postgresqldb
rajadilipkolli marked this conversation as resolved.
Show resolved Hide resolved
environment:
- SPRING_PROFILES_ACTIVE=docker
- SPRING_DATASOURCE_DRIVER_CLASS_NAME=org.postgresql.Driver
- SPRING_DATASOURCE_URL=jdbc:postgresql://postgresqldb:5432/appdb
- SPRING_DATASOURCE_USERNAME=appuser
- SPRING_DATASOURCE_PASSWORD=secret
rajadilipkolli marked this conversation as resolved.
Show resolved Hide resolved
48 changes: 48 additions & 0 deletions jpa/boot-jpa-jooq-sample/docker/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
version: '3.8'
services:

postgresqldb:
image: postgres:17.2-alpine
hostname: postgresqldb
extra_hosts: [ 'host.docker.internal:host-gateway' ]
environment:
- POSTGRES_USER=appuser
- POSTGRES_PASSWORD=secret
- POSTGRES_DB=appdb
Comment on lines +9 to +11
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Use environment variables for sensitive credentials

Avoid hardcoding database credentials and pgAdmin credentials in the compose file. Consider using environment variables or a .env file.

    environment:
-      - POSTGRES_USER=appuser
-      - POSTGRES_PASSWORD=secret
-      - POSTGRES_DB=appdb
+      - POSTGRES_USER=${DB_USER:-appuser}
+      - POSTGRES_PASSWORD=${DB_PASSWORD:-secret}
+      - POSTGRES_DB=${DB_NAME:-appdb}

    # ... pgAdmin service
    environment:
-      - [email protected]
-      - PGADMIN_DEFAULT_PASSWORD=admin
+      - PGADMIN_DEFAULT_EMAIL=${PGADMIN_EMAIL:[email protected]}
+      - PGADMIN_DEFAULT_PASSWORD=${PGADMIN_PASSWORD:-admin}

Also applies to: 26-27

healthcheck:
test: ["CMD-SHELL", "pg_isready -U appuser -d appdb"]
interval: 10s
timeout: 5s
retries: 5
ports:
- "5432:5432"
networks:
- demo-network

pgadmin:
image: dpage/pgadmin4
extra_hosts: [ 'host.docker.internal:host-gateway' ]
environment:
- [email protected]
- PGADMIN_DEFAULT_PASSWORD=admin
- PGADMIN_CONFIG_SERVER_MODE=False
- PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED=False
ports:
- "5050:80"
depends_on:
postgresqldb:
condition: service_started
volumes:
- ./docker_pgadmin_servers.json:/pgadmin4/servers.json
entrypoint:
- "/bin/sh"
- "-c"
- "/bin/echo 'postgresqldb:5432:*:appuser:secret' > /tmp/pgpassfile && chmod 600 /tmp/pgpassfile && /entrypoint.sh"
restart: unless-stopped
networks:
- demo-network


networks:
demo-network:
driver: bridge
14 changes: 14 additions & 0 deletions jpa/boot-jpa-jooq-sample/docker/docker_pgadmin_servers.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"Servers": {
"1": {
"Name": "Docker Compose DB",
"Group": "Servers",
"Port": 5432,
"Username": "appuser",
"Host": "postgresqldb",
"SSLMode": "prefer",
"MaintenanceDB": "appdb",
"PassFile": "/tmp/pgpassfile"
}
}
}
Loading
Loading