ARC-1238: Add a HealthCheck for our ehealthid-relying-party (#20)

* ARC-1238: Added health endpoint

* ARC-1238: Unrelated cleanup :)

* ARC-1238: Review findings

.github/workflows/latest.yml

@@ -0,0 +1,38 @@
+name: Build and Publish the latest and greatest Application Image
+
+on:
+  push:
+    branches:
+      - main
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: 21
+          distribution: 'temurin'
+          cache: 'maven'
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - id: buildx
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and push Image
+        run: |
+          make dist RELEASE_TAG=latest
+    permissions:
+      contents: read
+      packages: write

.github/workflows/release.yml

@@ -1,4 +1,4 @@
-name: Build and Publish Application Image
+name: Build and Publish a tagged Application Image
 
 on:
   push:
@@ -10,9 +10,10 @@ env:
 
 jobs:
   deploy:
-    env:
-      DOCKER_REPO: 'europe-docker.pkg.dev/oviva-pkg/ovi/'
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
     steps:
       - uses: actions/checkout@v4
       - name: Setup Java
@@ -27,12 +28,6 @@ jobs:
           echo "parsing version from ref '$GITHUB_REF'"
           VERSION=$(echo "$GITHUB_REF" | sed -e 's|.*/ehealthid-relying-party/v\(.*\)|\1|g')
           echo "version=$VERSION" >> $GITHUB_OUTPUT
-      - name: Update Version
-        env:
-          VERSION: ${{ steps.version.outputs.version }}
-        run: |
-          echo "updating version to '$VERSION'"
-          make update-version "VERSION=$VERSION"
       - name: Log in to the Container registry
         uses: docker/login-action@v2
         with:
@@ -44,11 +39,14 @@ jobs:
       - id: buildx
         name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
+      - name: Update Version
+        env:
+          VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          echo "updating version to '$VERSION'"
+          make update-version "VERSION=$VERSION"
       - name: Build and push Image
         env:
           VERSION: ${{ steps.version.outputs.version }}
         run: |
-          make dist RELEASE_TAG=v$VERSION
-    permissions:
-      contents: read
-      packages: write
+          make dist RELEASE_TAG=v$VERSION

Dockerfile

@@ -4,26 +4,50 @@ LABEL org.opencontainers.image.source="https://github.com/oviva-ag/ehealthid-rel
 
 ARG JAVA_PACKAGE=java-21-openjdk-headless
 ARG RUN_JAVA_VERSION=1.3.8
+ARG OTEL_AGENT_VERSION=v1.32.1
 
 ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en'
 
 # Install java and the run-java script
 # Also set up permissions for user `1001`
-RUN microdnf -y install ca-certificates ${JAVA_PACKAGE} \
-    && microdnf -y update \
-    && microdnf clean all \
-    && mkdir /deployments \
-    && chown 1001 /deployments \
-    && chmod "g+rwX" /deployments \
-    && chown 1001:root /deployments \
-    && curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh \
-    && chown 1001 /deployments/run-java.sh \
-    && chmod 540 /deployments/run-java.sh \
-    && echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/conf/security/java.security \
-    && echo "securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN,DRBG:SUN" >> /etc/alternatives/jre/conf/security/java.security
+RUN <<EOF
+microdnf -y update
+microdnf -y install ca-certificates ${JAVA_PACKAGE}
+microdnf clean all
+mkdir /deployments
+chown 1001 /deployments
+chmod "g+rwX" /deployments
+chown 1001:root /deployments
+curl https://repo1.maven.org/maven2/io/fabric8/run-java-sh/${RUN_JAVA_VERSION}/run-java-sh-${RUN_JAVA_VERSION}-sh.sh -o /deployments/run-java.sh
+chown 1001 /deployments/run-java.sh
+chmod 540 /deployments/run-java.sh
+curl "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/${OTEL_AGENT_VERSION}/opentelemetry-javaagent.jar" -o opentelemetry-javaagent.jar -L
+echo "securerandom.source=file:/dev/urandom" >> /etc/alternatives/jre/conf/security/java.security
+echo "securerandom.strongAlgorithms=NativePRNGNonBlocking:SUN,DRBG:SUN" >> /etc/alternatives/jre/conf/security/java.security
+EOF
+
+# Configure the JAVA_OPTIONS, you can add -XshowSettings:vm to also display the heap size.
+ENV JAVA_OPTIONS="-javaagent:/opentelemetry-javaagent.jar -Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
+
+# Configure OpenTelemetry
+ENV OTEL_JAVAAGENT_DEBUG=false
+ENV OTEL_JAVAAGENT_ENABLED=false
+ENV OTEL_METRICS_EXPORTER=none
+ENV OTEL_LOGS_EXPORTER=none
+ENV OTEL_TRACES_EXPORTER=otlp
+ENV OTEL_EXPORTER_OTLP_TRACES_PROTOCOL=grpc
+
+## Allowlist instrumented components for faster startup
+ENV OTEL_INSTRUMENTATION_COMMON_DEFAULT_ENABLED=false
+ENV OTEL_INSTRUMENTATION_JAVA_HTTP_CLIENT_ENABLED=true
+ENV OTEL_INSTRUMENTATION_JAXRS_ENABLED=true
+ENV OTEL_INSTRUMENTATION_UNDERTOW_ENABLED=true
 
 COPY --chown=1001 ehealthid-rp/target/ehealthid-rp-jar-with-dependencies.jar /deployments/
 
 USER 1001
 
+# The default port, configurable though.
+EXPOSE 1234
+
 ENTRYPOINT [ "/deployments/run-java.sh" ]

README.md

@@ -3,7 +3,6 @@
 
 # TODO
 In order of priority:
-- [ ] Health endpoint - sanity check whether Jakarta ws is up should be enough. I.e. `/health`
 - [ ] Continuous Deployment
 - [ ] Helm chart (externally)
 - [ ] Internationalization (ResourceBundles) for templates (en & de)

ehealthid-rp/pom.xml

@@ -141,20 +141,27 @@
       <scope>test</scope>
     </dependency>
 
-    <dependency>
-      <groupId>org.jsoup</groupId>
-      <artifactId>jsoup</artifactId>
-      <version>1.17.2</version>
-      <scope>test</scope>
-    </dependency>
-
   </dependencies>
 
   <build>
     <finalName>${project.artifactId}</finalName>
     <plugins>
       <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+        <executions>
+          <execution>
+            <phase>package</phase>
+            <goals>
+              <goal>copy-dependencies</goal>
+            </goals>
+            <configuration>
+              <includeScope>compile</includeScope>
+              <outputDirectory>${project.build.directory}/lib</outputDirectory>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
         <artifactId>maven-assembly-plugin</artifactId>
 
         <configuration>

ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/ws/App.java

@@ -44,7 +44,8 @@ public Set<Object> getSingletons() {
         new AuthEndpoint(
             config.baseUri(), config.relyingParty(), sessionRepo, tokenIssuer, authenticationFlow),
         new OpenIdEndpoint(config.baseUri(), config.relyingParty(), keyStore),
-        new JacksonJsonProvider(configureObjectMapper()));
+        new JacksonJsonProvider(configureObjectMapper()),
+        new HealthEndpoint());
   }
 
   @Override

ehealthid-rp/src/main/java/com/oviva/ehealthid/relyingparty/ws/HealthEndpoint.java

@@ -0,0 +1,19 @@
+package com.oviva.ehealthid.relyingparty.ws;
+
+import jakarta.ws.rs.GET;
+import jakarta.ws.rs.Path;
+import jakarta.ws.rs.core.MediaType;
+import jakarta.ws.rs.core.Response;
+
+@Path("/health")
+public class HealthEndpoint {
+
+  private static final String STATUS_UP = "{\"status\":\"UP\"}";
+
+  @GET
+  public Response get() {
+    // For now if this endpoint is reachable then the service is up. There is no hard dependency
+    // that could be down.
+    return Response.ok(STATUS_UP).type(MediaType.APPLICATION_JSON_TYPE).build();
+  }
+}

ehealthid-rp/src/test/java/com/oviva/ehealthid/relyingparty/ws/HealthEndpointTest.java

@@ -0,0 +1,20 @@
+package com.oviva.ehealthid.relyingparty.ws;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import jakarta.ws.rs.core.Response.Status;
+import org.junit.jupiter.api.Test;
+
+class HealthEndpointTest {
+
+  @Test
+  void get() {
+    var sut = new HealthEndpoint();
+
+    // when
+    var res = sut.get();
+
+    // then
+    assertEquals(Status.OK.getStatusCode(), res.getStatus());
+  }
+}

pom.xml

@@ -72,6 +72,12 @@
         <groupId>com.github.spotbugs</groupId>
         <artifactId>spotbugs-annotations</artifactId>
         <version>4.8.3</version>
+        <exclusions>
+          <exclusion>
+            <groupId>com.google.code.findbugs</groupId>
+            <artifactId>jsr305</artifactId>
+          </exclusion>
+        </exclusions>
       </dependency>
       <dependency>
         <groupId>jakarta.platform</groupId>
@@ -305,6 +311,10 @@
           <artifactId>maven-site-plugin</artifactId>
           <version>3.12.1</version>
         </plugin>
+        <plugin>
+          <artifactId>maven-dependency-plugin</artifactId>
+          <version>3.6.1</version>
+        </plugin>
       </plugins>
     </pluginManagement>
     <plugins>
@@ -330,6 +340,11 @@
                 <banDuplicatePomDependencyVersions/>
                 <banDependencyManagementScope/>
                 <banCircularDependencies/>
+                <bannedDependencies>
+                  <excludes>
+                    <exclude>com.google.code.findbugs:jsr305</exclude>
+                  </excludes>
+                </bannedDependencies>
               </rules>
             </configuration>
           </execution>