fix: New post-merge workflow. (#46)

.github/workflows/post-merge.yml

@@ -0,0 +1,279 @@
+name: Post-merge workflow
+
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - main
+
+jobs:
+  post_merge:
+    if: github.event.pull_request.merged == true
+
+    runs-on: ubuntu-latest
+
+    environment: dev-cd
+
+    permissions:
+      id-token: write
+
+    #outputs:
+    #  new_release_published: ${{ steps.semantic.outputs.new_release_published }}
+    #  new_release_version: ${{ steps.semantic.outputs.new_release_version }}
+
+    steps:
+      #
+      # Checkout the source code.
+      #
+      - name: Checkout the source code
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab
+        with:
+          token: ${{ secrets.GIT_PAT }}
+          fetch-depth: 0
+
+      #
+      # Calculate of the new version (dry-run).
+      #
+      - name: Calculate of the new version (dry-run)
+        uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d
+        id: semantic
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          semantic_version: 19
+          branch: main
+          extra_plugins: |
+            @semantic-release/[email protected]
+            @semantic-release/[email protected]
+          dry_run: true
+
+      #
+      # Cache JDK.
+      #
+      - name: Cache JDK
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
+        id: cache-jdk
+        with:
+          key: OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz
+          path: |
+            ${{ runner.temp }}/jdk_setup.tar.gz
+            ${{ runner.temp }}/jdk_setup.sha256
+      
+      #
+      # Download JDK and verify its hash.
+      #
+      - name: Download JDK and verify its hash
+        if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-jdk.outputs.cache-hit != 'true'
+        run: |
+          echo "e9458b38e97358850902c2936a1bb5f35f6cffc59da9fcd28c63eab8dbbfbc3b  ${{ runner.temp }}/jdk_setup.tar.gz" >> ${{ runner.temp }}/jdk_setup.sha256
+          curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.7%2B7/OpenJDK17U-jdk_x64_linux_hotspot_17.0.7_7.tar.gz" -o "${{ runner.temp }}/jdk_setup.tar.gz"
+          sha256sum --check --status "${{ runner.temp }}/jdk_setup.sha256"
+
+      #
+      # Setup JDK.
+      #
+      - name: Setup JDK
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2
+        with:
+          distribution: "jdkfile"
+          jdkFile: "${{ runner.temp }}/jdk_setup.tar.gz"
+          java-version: "17"
+          cache: maven
+
+      #
+      # Cache Maven.
+      #
+      - name: Cache Maven
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8
+        id: cache-maven
+        with:
+          key: apache-maven-3.9.2-bin.tar.gz
+          path: |
+            ${{ runner.temp }}/maven_setup.tar.gz
+            ${{ runner.temp }}/maven_setup.sha256
+
+      #
+      # Download Maven and verify its hash.
+      #
+      - name: Download Maven and verify its hash
+        if: steps.semantic.outputs.new_release_published == 'true' && steps.cache-maven.outputs.cache-hit != 'true'
+        run: |
+          echo "809ef3220c6d179195c06c324cb9a6d34d8ecba566c5cfd8eb83167bc034117d  ${{ runner.temp }}/maven_setup.tar.gz" >> ${{ runner.temp }}/maven_setup.sha256
+          curl -L "https://dlcdn.apache.org/maven/maven-3/3.9.2/binaries/apache-maven-3.9.2-bin.tar.gz" -o "${{ runner.temp }}/maven_setup.tar.gz"
+          sha256sum --check --status "${{ runner.temp }}/maven_setup.sha256"
+
+      #
+      # Setup Maven.
+      #
+      - name: Setup Maven
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: |
+          mkdir ${{ runner.temp }}/maven
+          tar -xvf ${{ runner.temp }}/maven_setup.tar.gz -C ${{ runner.temp }}/maven --strip-components=1
+          echo "<settings><servers><server><id>github</id><username>${{ secrets.GIT_USER }}</username><password>${{ secrets.GIT_PAT }}</password></server></servers></settings>" >> ${{ runner.temp }}/settings.xml
+
+      #
+      # Update of pom.xml with the new version + "-RC".
+      #
+      - name: Update of pom.xml with the new version + "-RC"
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: ${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }}-RC -s ${{ runner.temp }}/settings.xml --no-transfer-progress
+
+      #
+      # Execute unit-test + Calculate test coverage + SCA with Sonar.
+      #
+      - name: Execute unit-test + Calculate test coverage + SCA with Sonar
+        if: steps.semantic.outputs.new_release_published == 'true'
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ${{ runner.temp }}/maven/bin/mvn verify -Pvalidate -s ${{ runner.temp }}/settings.xml --no-transfer-progress
+
+      #
+      # Build native executable.
+      #
+      - name: Build native executable
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:05baf3fd2173f6f25ad35216b6b066c35fbfb97f06daba75efb5b22bc0a85b9c -s ${{ runner.temp }}/settings.xml --no-transfer-progress
+
+      #
+      # Build Docker image.
+      #
+      - name: Build Docker image
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC .
+
+      #
+      # Push Docker image.
+      #
+      - name: Push Docker image
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          docker push -a ghcr.io/${{ github.repository }}
+
+      #
+      # Login to Azure.
+      #
+      - name: Login to Azure
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      #
+      # Update Container App.
+      #
+      - name: Update Container App
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105
+        with:
+          inlineScript: |
+            az config set extension.use_dynamic_install=yes_without_prompt
+            az containerapp update -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --image ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}-RC
+
+      #
+      # Install Node.
+      #
+      - name: Install Node
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c
+        with:
+          node-version: "18.16.0"
+
+      #
+      # Install Newman.
+      #
+      - name: Install Newman
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: npm install -g newman
+
+      #
+      # Run Postman collection.
+      #
+      - name: Run Postman collection
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: newman run src/test/postman/mil-auth.postman_collection.json -e src/test/postman/dev.postman_environment.json
+
+      # -----------------------------------------------------------------------
+      # "-RC" removal.
+      # -----------------------------------------------------------------------
+
+      #
+      # Update of pom.xml with the new version.
+      #
+      - name: Update of pom.xml with the new version
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: |
+          ${{ runner.temp }}/maven/bin/mvn versions:set -DnewVersion=${{ steps.semantic.outputs.new_release_version }} -s ${{ runner.temp }}/settings.xml --no-transfer-progress
+          git config user.name "GitHub Workflow"
+          git config user.email "<>"
+          git add pom.xml
+          git commit -m "pom.xml updated with new version ${{ steps.semantic.outputs.new_release_version }}"
+          git push origin main
+      
+      #
+      # Calculation of the new version (again) with tagging + releasing + etc.
+      #
+      - name: Calculation of the new version (w/o dry_run)
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: cycjimmy/semantic-release-action@8e58d20d0f6c8773181f43eb74d6a05e3099571d
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          semantic_version: 19
+          branch: main
+          extra_plugins: |
+            @semantic-release/[email protected]
+            @semantic-release/[email protected]
+          dry_run: false
+
+      #
+      # Build native executable.
+      #
+      - name: Build native executable
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: ${{ runner.temp }}/maven/bin/mvn clean package -Pnative -Dmaven.test.skip=true -Dquarkus.native.container-build=true -Dquarkus.native.builder-image=quay.io/quarkus/ubi-quarkus-mandrel-builder-image@sha256:05baf3fd2173f6f25ad35216b6b066c35fbfb97f06daba75efb5b22bc0a85b9c -s ${{ runner.temp }}/settings.xml --no-transfer-progress
+
+      #
+      # Build Docker image.
+      #
+      - name: Build Docker image
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: docker build -f src/main/docker/Dockerfile.native-micro -t ghcr.io/${{ github.repository }}:latest -t ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }} .
+
+      #
+      # Push Docker image.
+      #
+      - name: Push Docker image
+        if: steps.semantic.outputs.new_release_published == 'true'
+        run: |
+          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+          docker push -a ghcr.io/${{ github.repository }}
+
+      #
+      # Login to Azure.
+      #
+      - name: Login to Azure
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2
+        with:
+          client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+
+      #
+      # Update Container App.
+      #
+      - name: Update Container App
+        if: steps.semantic.outputs.new_release_published == 'true'
+        uses: azure/CLI@fa0f960f00db49b95fdb54328a767aee31e80105
+        with:
+          inlineScript: |
+            az config set extension.use_dynamic_install=yes_without_prompt
+            az containerapp update -n ${{ secrets.AZURE_CONTAINER_APP_NAME }} -g ${{ secrets.AZURE_RESOURCE_GROUP_NAME }} --image ghcr.io/${{ github.repository }}:${{ steps.semantic.outputs.new_release_version }}

.github/workflows/release.yml

@@ -1,11 +1,12 @@
 name: Release a new version
 
 on:
-  pull_request:
-    types:
-      - closed
-    branches:
-      - main
+  workflow_dispatch:
+  #pull_request:
+  #  types:
+  #    - closed
+  #  branches:
+  #    - main
 
 jobs:
   release:

.releaserc.json

@@ -3,7 +3,7 @@
 		"main"
 	],
 	"ci": false,
-	"tagFormat": "${version}-RC",
+	"tagFormat": "${version}",
 	"plugins": [
 		[
 			"@semantic-release/commit-analyzer",

src/main/java/it/pagopa/swclient/mil/auth/bean/RoleEnum.java

@@ -18,20 +18,20 @@ public enum RoleEnum {
 	INSTITUTION_PORTAL("InstitutionPortal"),
 	SERVICE_LIST_REQUESTER("ServiceListRequester"),
 	SLAVE_POS("SlavePos");
-	
+
 	/*
 	 * String value.
 	 */
 	private final String string;
-	
+
 	/**
 	 * 
 	 * @param string
 	 */
 	private RoleEnum(String string) {
 		this.string = string;
 	}
-	
+
 	/**
 	 * 
 	 */
@@ -40,7 +40,7 @@ private RoleEnum(String string) {
 	public String toString() {
 		return string;
 	}
-	
+
 	/**
 	 * 
 	 * @param string

src/main/java/it/pagopa/swclient/mil/auth/resource/JwksResource.java

@@ -8,13 +8,11 @@
 import static it.pagopa.swclient.mil.auth.ErrorCode.ERROR_SEARCHING_FOR_KEYS;
 
 import java.time.Instant;
-import java.util.Date;
 import java.util.List;
 import java.util.OptionalLong;
 
 import io.quarkus.logging.Log;
 import io.smallrye.mutiny.Uni;
-import it.pagopa.swclient.mil.auth.bean.PublicKey;
 import it.pagopa.swclient.mil.auth.service.KeyFinder;
 import it.pagopa.swclient.mil.bean.Errors;
 import jakarta.inject.Inject;
@@ -74,17 +72,17 @@ public Uni<Response> get() {
 				 */
 				OptionalLong minExp = l.getKeys().stream()
 					.map(k -> k.getExp())
-					.mapToLong(e->e)
+					.mapToLong(e -> e)
 					.min();
-				
+
 				long maxAge = 0;
 				if (minExp.isPresent()) {
 					/*
 					 * To be sure that will not be cached keys that will expire in a while, subtract SKEW.
 					 */
 					maxAge = (minExp.getAsLong() - SKEW - Instant.now().toEpochMilli()) / 1000; // seconds
 				}
-				
+
 				CacheControl cacheControl = new CacheControl();
 				if (maxAge > 0) {
 					cacheControl.setMaxAge((int) maxAge);

src/main/java/it/pagopa/swclient/mil/auth/service/ClientVerifier.java

@@ -39,7 +39,7 @@ public class ClientVerifier {
 	 */
 	@RestClient
 	AuthDataRepository repository;
-	
+
 	/**
 	 * 
 	 * @param clientId