Modernization: migrate the app to azure#25
Open
rujche wants to merge 6 commits into
Open
Conversation
…Tests: 1/1 passed - Upgrade spring-boot-starter-parent from 2.7.18 to 3.5.3 - Update java.version / compiler source+target from 8 to 21 - Migrate javax.persistence.* -> jakarta.persistence.* - Migrate javax.validation.constraints.* -> jakarta.validation.constraints.* - Update Dockerfile: maven:3.9.6-eclipse-temurin-8 -> 21, eclipse-temurin:8-jre -> 21-jre - Spring Framework auto-upgraded 5.x -> 6.x via BOM - Hibernate auto-upgraded 5.x -> 6.x via BOM (Jakarta EE 10)
- Replace Oracle JDBC driver (ojdbc8) with PostgreSQL driver - Add spring-cloud-azure-starter-jdbc-postgresql for managed identity support - Add spring-cloud-azure-dependencies BOM (v5.22.0) for Spring Boot 3.x - Update application.properties with Azure PostgreSQL managed identity config - Update application-docker.properties for local PostgreSQL container - Replace Oracle container with PostgreSQL 16 in docker-compose.yml - Remove Oracle-specific columnDefinitions from Photo entity - Convert Oracle SQL to PostgreSQL in PhotoRepository: - ROWNUM top-N -> LIMIT - Nested ROWNUM pagination -> ROW_NUMBER() window function - NVL() -> COALESCE() - Uppercase identifiers -> lowercase identifiers - Add modernization summary report Addresses: Oracle database found assessment issue
…ed Identity for PostgreSQL - Updated application-docker.properties to remove hardcoded password and configure Azure Managed Identity authentication for Azure Database for PostgreSQL - pom.xml already had spring-cloud-azure-dependencies BOM (v5.22.0) and spring-cloud-azure-starter-jdbc-postgresql dependency - application.properties was already migrated to managed identity in prior work - Both application.properties and application-docker.properties now use passwordless authentication with environment-variable-based Azure PostgreSQL JDBC URLs - Addresses assessment issue: 'Password found in configuration file'
- Upgrade Spring Boot parent: 3.5.3 -> 3.5.14 Fixes Spring Framework (6.2.8->6.2.18), Thymeleaf (3.1.3->3.1.5), Logback (1.5.18->1.5.32), Jackson (2.19.1->2.21.2), AssertJ, Reactor Netty (1.2.7->1.2.17), Spring Boot itself - Add property override: tomcat.version=10.1.55 (was 10.1.54) Fixes 13 Apache Tomcat CVEs (critical/high/medium/low) - Add property override: netty.version=4.1.134.Final (was 4.1.132) Fixes 9 Netty CVEs (high/medium/low) - Add property override: postgresql.version=42.7.11 (was 42.7.10) Fixes GHSA-98qh-xjc8-98pq (PBKDF2 CPU exhaustion DoS) - Add dependencyManagement: nimbus-jose-jwt 10.0.1 -> 10.0.2 Fixes GHSA-xwmg-2g98-w7v9 (DoS via deeply nested JSON) - Upgrade commons-io: 2.11.0 -> 2.14.0 Fixes GHSA-78wr-2p64-hpwj (XmlStreamReader DoS) Result: 0 vulnerabilities across 153 dependencies (was 58) Build: mvn clean verify passes with all tests green Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Add Bicep IaC files (infra/main.bicep, infra/modules/resources.bicep) provisioning: Resource Group, ACR, Container Apps Environment, Container App, PostgreSQL v17 Flexible Server, User-Assigned Managed Identity, Log Analytics Workspace - Add deploy scripts (infra/deploy.ps1, infra/deploy.sh) with post-provisioning Service Connector for passwordless MI → PostgreSQL - Docker image built via az acr build and pushed to azacra7gtzdzjcrgy2.azurecr.io/photo-album:latest - Container App running with Managed Identity (passwordless) auth - Application URL: https://azcaa7gtzdzjcrgy2.agreeablecoast-b37cabbd.centralus.azurecontainerapps.io - Add deployment plan, progress, and summary for task 005
All 5 modernization tasks completed successfully: - 001: Spring Boot 3.5.3 / Java 21 upgrade - 002: Oracle → PostgreSQL migration - 003: Managed Identity for PostgreSQL - 004: CVE remediation (58 vulnerabilities fixed) - 005: Deployed to Azure Container Apps Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automated modernization by GitHub Copilot agent