Application readiness assessment for Azure migration

[Copilot]

Runs AppCAT static analysis on the PhotoAlbum-Java Spring Boot application and generates a structured migration readiness report with supporting architecture documentation.

Assessment output (report-20260521055101)

• report.json — raw AppCAT findings (migration issues, rule hits, metadata)
• report.html — self-contained interactive HTML with donut charts and expandable issue rows
• report.md — GitHub-readable summary with issue inventory and codebase insights

Architecture fact files (facts/)

Six supplementary documents captured alongside the AppCAT data:

File	Covers
architecture-diagram.md	Spring Boot 2.7 layer diagram + component relationships
dependency-map.md	10 declared deps; Java 8 + Spring Boot 2.7 EOL risks flagged
api-service-contracts.md	5 HTTP endpoints; no auth/TLS anywhere in the stack
data-architecture.md	Single Photo entity with Oracle BLOB storage; EXIF PII exposure noted
configuration-inventory.md	3 runtime profiles; DB credentials committed in plain-text
business-workflows.md	5 workflows (upload, browse, detail, serve, delete) with validation rules

assessment-overview.md provides a linked index to all six documents.

Key findings surfaced

• Spring Boot 2.7 (EOL Aug 2023) + Java 8 baseline — Spring Boot 3 migration requires minimum Java 17 and javax → jakarta namespace migration
• Oracle lock-in: ROWNUM, TO_CHAR, NVL, analytical functions in native queries throughout PhotoRepository
• ddl-auto=create drops and recreates the photos table (including all BLOBs) on every restart
• No authentication, no Spring Security, no CSRF protection — all endpoints publicly accessible

Original prompt

Task: Assess the application

Run core assessment

Use the 'assessment' skill to analyze the application and generate the assessment report.
This skill runs AppCAT (Azure Migrate application and code assessment) to detect migration issues.

Architecture analysis

Use the 'architecture-diagram' skill to generate the architecture diagram.
Use the 'dependency-map' skill to generate the dependency map.
Use the 'api-service-contracts' skill to generate the API and service communication contracts.
Use the 'data-architecture' skill to generate the data architecture documentation.
Use the 'configuration-inventory' skill to generate the configuration inventory.
Use the 'business-workflows' skill to generate the business workflow documentation.

For Java or .NET project, copy the architecture-diagram.md, dependency-map.md, api-service-contracts.md, data-architecture.md, configuration-inventory.md, and business-workflows.md under the {{ASSESSMENT_OUTPUT_PATH}}/engines directory into a facts/ subdirectory of the versioned report directory, that is, {{ASSESSMENT_OUTPUT_PATH}}/reports/report-{reportId}/facts/.

After copying, generate an assessment-overview.md in that same facts directory ({{ASSESSMENT_OUTPUT_PATH}}/reports/report-{reportId}/facts/). This file should be a navigation entry point that lists all the supplementary documents that were successfully copied, with links and brief descriptions. Only include documents that actually exist in the directory.

Report generation

After all assessment skills have completed and the report data is available, generate human-readable report files:

1. Use the 'generate-report-html' skill to generate report.html in the versioned report directory (.github/modernize/assessment/reports/report-{reportId}/).
2. Use the 'generate-report-md' skill to generate report.md in the same versioned report directory.

These skills include Python scripts that read the existing report.json (or js-assessment-report.md for JavaScript/TypeScript projects) and the facts/ subdirectory to produce the rendered reports. Run them only AFTER all other skills listed above have fully completed (or were not applicable and therefore skipped) — the report data and fact files must all be written before generating the reports.

Commit and PR instructions

ONLY stage files under .github/modernize/assessment/reports/ (the versioned report directory):

git add -f .github/modernize/assessment/reports

For JavaScript/TypeScript projects, also run:

git add -f .github/modernize/assessment/js-assessment-report.md

Then remove any files that were added by previous setup commits and should NOT appear in the PR:

git rm -rf .github/skills .github/modernize/ccacontext 2>/dev/null || true
git reset HEAD -- .github/modernize/assessment/engines .github/modernize/appcat .github/modernize/appmod .github/copilot 2>/dev/null || true

IMPORTANT: The .github/skills deletions are INTENTIONAL — these files were added in a setup commit before your session started and MUST be removed from the PR. Do NOT revert, restore, or undo these deletions. The final staged state should show .github/skills files as D (deleted) — this is correct and expected.

Do NOT run git add ., git add -A, or git add on any broad paths like .github/modernize. Only the versioned report directory under reports/ should be committed.

When creating the PR, propose a proper title, but DO NOT contain any tool/tech stack on it, e.g. 'Assessing project with AppCAT' is not good as AppCAT is one of the assessing tool.

---

After the job is complete, clean the context by following the steps below silently, without any output to the execution summary:

• Running the cleanup script will remove the skills and context files added for this job from the repository.

.github/modernize/ccacontext/cleanup.sh

• Remove the ccacontext folder .github/modernize/ccacontext from the repository as it's no longer needed.
• Make sure the changes in the folder '.github/modernize' and its subfolders are force committed

This pull request contains changes made by the Modernization Cloud Agent.