Skip to content

Feat/testing the full image before publishing (issue #82) #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
TatjanaTrajkovic wants to merge 30 commits into from
Closed

Feat/testing the full image before publishing (issue #82) #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
f416823
Create CI pipeline and mvn wrapper (#3)
fmazmz Feb 6, 2026
2bb8152
add docker release workflow for publishing docker image to ghcr (#8)
fmazmz Feb 6, 2026
b86eb38
create initial DockerFile (#9)
fmazmz Feb 6, 2026
1f93012
Feature/tcp serversocket #4 (#10)
met4lk1tty Feb 6, 2026
70db6c7
chore: Update POM to Java 25 and rename artifactId/groupId (#11)
met4lk1tty Feb 6, 2026
bf031de
feature/HTTPparser (#12)
LinusWestling Feb 7, 2026
06d3f0c
feature/ServerLogging (#22)
addee1 Feb 10, 2026
68b5341
update POM with pitest (#26)
met4lk1tty Feb 10, 2026
e0c324c
Add basic HTTP response support (#24)
addee1 Feb 10, 2026
019e4c4
Fix PiTest by defining argLine and removing invalid Mockito javaagent…
met4lk1tty Feb 10, 2026
7815c6b
Rename SocketServer to Server Move HTTP request handling logic to a d…
johanbriger Feb 11, 2026
b0d7583
Add testing for ServerLogging.java. Configure ServerLogging.java for …
bamsemats Feb 11, 2026
446b5e9
feature/FilterPlugin (#17)
LinusWestling Feb 11, 2026
410ff28
Introduce ADR structure and first ADR - Add ADR README explaining the…
annikaholmqvist94 Feb 11, 2026
d6080ff
feat: make HttpResponse mutable and implement NotFoundPlugin default …
LinusWestling Feb 12, 2026
d9fa188
Implement static file handler (foundation for #18) (#36)
annikaholmqvist94 Feb 12, 2026
57f52cb
bump pom version for release (#57)
fmazmz Feb 12, 2026
b088497
Create release tag v1.0.0-beta (#58)
fmazmz Feb 12, 2026
1ac03c5
Adds unit tests to HttpParser (#42)
simonforsberg Feb 12, 2026
418f1ad
add application properties and a ConfigLoader to load set configurati…
fmazmz Feb 12, 2026
ef181c0
Feature/global filter (#51)
met4lk1tty Feb 12, 2026
fb5ae28
Add IP filter to request pipeline (#59)
HerrKanin Feb 13, 2026
0d42601
Update websit to include nav bar, readme site and load content from r…
bamsemats Feb 13, 2026
9823160
docs: centralize documentation into root README and remove package-le…
addee1 Feb 13, 2026
b716a70
Update to fix yaml error in pom and README.md content (#65)
bamsemats Feb 14, 2026
48d88db
Feature/routing separate from plugin (#68)
bamsemats Feb 17, 2026
af32a5d
feat: add filter scope annotations (@Global, @Route) (#67)
met4lk1tty Feb 17, 2026
bce5cad
add testcontainers dependency to pom.xml
TatjanaTrajkovic Feb 17, 2026
1ff6a8f
adds 2 simple integration tests usiing Testcontainers to AppIT.java
TatjanaTrajkovic Feb 17, 2026
6893cee
changes from *.jar to app.jar in JAR path in Dockerfile to avoid copy…
TatjanaTrajkovic Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .editorconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
root = true

[*]
charset = utf-8
end_of_line = lf
indent_style = space
indent_size = 4
insert_final_newline = true
trim_trailing_whitespace = true

[*.yml]
indent_size = 2

[*.yaml]
indent_size = 2
27 changes: 27 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: CI Pipeline
on:
push:
branches:
- main

pull_request:

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v5

- name: Setup Java 25
uses: actions/setup-java@v5.2.0
with:
distribution: 'temurin'
java-version: '25'
cache: 'maven'

- name: Run tests
run: ./mvnw -B test
Comment on lines +23 to +24
Copy link

@coderabbitai coderabbitai bot Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Integration tests are never executed in CI — add a verify step.

The pipeline runs ./mvnw -B test, which only invokes the Surefire unit-test phase. AppIT (the PR's core deliverable) is bound to the Failsafe integration-test phase and only runs during ./mvnw verify. As-is, the entire integration test suite is silently skipped in CI.

🔧 Proposed fix 
-      - name: Run tests
-        run: ./mvnw -B test
+      - name: Run unit tests
+        run: ./mvnw -B test
+
+      - name: Run integration tests
+        run: ./mvnw -B verify -DskipTests -Dfailsafe.useFile=false

Or, collapse both into a single verify invocation (Surefire runs automatically as part of verify):

-      - name: Run tests
-        run: ./mvnw -B test
+      - name: Build and verify
+        run: ./mvnw -B verify -Dfailsafe.useFile=false
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Run tests
run: ./mvnw -B test
- name: Run unit tests
run: ./mvnw -B test
- name: Run integration tests
run: ./mvnw -B verify -DskipTests -Dfailsafe.useFile=false
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ci.yml around lines 23 - 24, The CI job step named "Run
tests" currently executes "./mvnw -B test" which only runs Surefire/unit tests
and skips Failsafe-bound integration tests (e.g., AppIT); update the step to run
"./mvnw -B verify" instead (or add a separate step invoking "./mvnw -B verify")
so the integration-test and verify phases (Failsafe) are executed in CI,
ensuring AppIT runs; modify the step that currently uses "./mvnw -B test"
accordingly.


- name: Run spotless checks
run: ./mvnw -B spotless:check
47 changes: 47 additions & 0 deletions .github/workflows/docker-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
name: Publish Docker Image
on:
push:
tags:
- 'v*'

jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write

steps:
- name: Checkout repo
uses: actions/checkout@v6.0.2

- name: Setup QEMU
uses: docker/setup-qemu-action@v3

- name: Setup Docker BuildX
uses: docker/setup-buildx-action@v3

- name: Login to GHCR
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Extract Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/${{ github.repository_owner }}/project-webserver-juv25d
tags: type=ref,event=tag
labels: org.opencontainers.image.source=${{ github.repository }}

- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: .
push: true
platforms: linux/amd64,linux/arm64
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
Comment on lines +39 to +46
Copy link

@coderabbitai coderabbitai bot Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Integration tests are never executed before the image is published.

The stated goal of this PR is "testing the full image before publishing," yet the release workflow contains no step that runs mvn verify (or mvnw verify) to execute the AppIT Testcontainers suite. As written, the Docker image is built and pushed with -DskipTests (from the Dockerfile's build stage) and zero post-build verification.

At a minimum, a step like the following should precede the push:

- name: Run integration tests
  run: ./mvnw verify -Dfailsafe.useFile=false

Alternatively, gate the tag-triggered release on a passing CI run that already executes AppIT.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/docker-release.yml around lines 39 - 46, The workflow
currently builds and pushes the Docker image in the "Build and push Docker
image" step (docker/build-push-action@v6) without running integration tests; add
a step immediately before the push that runs the Maven integration suite (e.g.,
name it "Run integration tests" and run ./mvnw verify -Dfailsafe.useFile=false)
so AppIT/Testcontainers execute against the built image (or run the verify
against the project before tagging/pushing), ensuring the push only occurs after
mvnw verify succeeds.


1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,3 @@
target/
/.idea/
/META-INF
3 changes: 3 additions & 0 deletions .mvn/wrapper/maven-wrapper.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
wrapperVersion=3.3.4
distributionType=only-script
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.7/apache-maven-3.8.7-bin.zip
17 changes: 17 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
FROM maven:3.9-eclipse-temurin-25 AS build

WORKDIR /app

COPY pom.xml pom.xml
RUN mvn dependency:go-offline -B

COPY src ./src
RUN mvn clean package -DskipTests

FROM eclipse-temurin:25-jre-alpine

WORKDIR /app

# might need to update this later when we have our explicit class names
COPY --from=build /app/target/app.jar app.jar
ENTRYPOINT ["java", "-jar", "app.jar"]
Comment on lines +11 to +17
Copy link

@coderabbitai coderabbitai bot Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Container runs as root — add a non-root USER.

Trivy (DS-0002) flags this correctly. The final stage has no USER directive, so the JVM process runs as root inside the container.

🔒 Proposed fix 
 FROM eclipse-temurin:25-jre-alpine
 
 WORKDIR /app
 
-# might need to update this later when we have our explicit class names
 COPY --from=build /app/target/app.jar app.jar
+
+RUN addgroup -S appgroup && adduser -S appuser -G appgroup
+USER appuser
+
 ENTRYPOINT ["java", "-jar", "app.jar"]

The diff above also removes the stale comment on Line 15 — the JAR path is already explicit, so the comment no longer applies.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 11 - 17, The image currently runs the JVM as root
because the final Dockerfile stage lacks a non-root USER; create a dedicated
unprivileged user, set ownership of WORKDIR and app.jar to that user, and add a
USER directive before the ENTRYPOINT so the container launches the Java process
as that user (refer to WORKDIR, app.jar, and ENTRYPOINT in the Dockerfile to
locate where to set ownership and add USER). Ensure the created user's
home/permissions allow running the JVM and that any file operations use that
user's UID/GID to avoid running as root.

Loading