Deep Project Optimization: Build, Security, Code Quality, Docker, CI/CD

.editorconfig

@@ -0,0 +1,24 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{yml,yaml}]
+indent_size = 2
+
+[*.{json,xml}]
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.gradle]
+indent_size = 4
+
+[Dockerfile]
+indent_size = 4

.env.example

@@ -0,0 +1,25 @@
+# Database
+DB_URL=jdbc:mysql://127.0.0.1:3306/wallet_db?allowMultiQueries=true&useSSL=false&characterEncoding=UTF-8&autoReconnect=true
+DB_USERNAME=root
+DB_PASSWORD=your_secure_password
+
+# RabbitMQ
+RABBITMQ_HOST=127.0.0.1
+RABBITMQ_PORT=5672
+RABBITMQ_USERNAME=guest
+RABBITMQ_PASSWORD=guest
+
+# XXL-Job
+XXL_JOB_ADMIN_ADDRESSES=http://127.0.0.1:8099/xxl-job-admin
+XXL_JOB_PORT=9999
+XXL_JOB_ACCESS_TOKEN=your_access_token
+
+# HSM Keystore
+KEYSTORE_DIR=/data/keystores
+KEYSTORE_PASSWORD=your_keystore_password
+
+# Encryption
+WALLET_CRYPTO_PUSH_KEY=your_32_char_encryption_key_here
+
+# Logging
+LOG_LEVEL=INFO

.github/workflows/ci.yml

@@ -0,0 +1,75 @@
+name: CI
+
+on:
+  push:
+    branches: [ master, develop ]
+  pull_request:
+    branches: [ master ]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    name: Build & Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v3
+        with:
+          cache-read-only: ${{ github.ref != 'refs/heads/master' }}
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      - name: Build
+        run: ./gradlew build -x test --no-daemon
+
+      - name: Run tests
+        run: ./gradlew test --no-daemon
+        continue-on-error: true
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-artifacts
+          path: |
+            wallet-webapi/build/libs/*.jar
+            wallet-task/build/libs/*.jar
+            wallet-hsm/build/libs/*.jar
+          retention-days: 7
+
+  docker:
+    name: Docker Build
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.ref == 'refs/heads/master'
+
+    strategy:
+      matrix:
+        service: [wallet-webapi, wallet-task, wallet-hsm]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./${{ matrix.service }}/Dockerfile
+          push: false
+          tags: ${{ matrix.service }}:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.gitignore

@@ -1,20 +1,41 @@
+# Gradle
 .gradle/
 build/
+!gradle/wrapper/gradle-wrapper.jar
+
+# IDE
 .settings/
 .project
 .classpath
-*.class
-.idea
+.idea/
 *.iml
-.gradle
-/local.properties
-.DS_Store
-/build
+*.iws
+*.ipr
+
+# Compiled
+*.class
+out/
 /*/out/
-out
-/wallets
-/task-logs
 
-shell
-nginx
-docker
+# OS
+.DS_Store
+Thumbs.db
+
+# Local config
+/local.properties
+*.env
+!.env.example
+
+# Application data
+/wallets/
+/task-logs/
+/logs/
+
+# Docker local
+shell/
+nginx/
+
+# Secrets - never commit
+*.p12
+*.jks
+*.keystore

.gitlab-ci.yml

@@ -1,5 +1,6 @@
 variables:
   DOCKER_DRIVER: overlay2
+  GRADLE_OPTS: "-Dorg.gradle.daemon=false"
 
 stages:
   - build
@@ -9,62 +10,85 @@ cache:
   key: ${CI_BUILD_STAGE}
   paths:
     - .gradle
+    - build
 
-build for all:
-  image: openjdk:8-jdk-alpine
+build:
+  image: eclipse-temurin:17-jdk-alpine
   tags:
     - wallet-dev
   stage: build
   script:
-    - pwd
-    - ./gradlew wallet-webapi:bootRepackage
-    - ./gradlew wallet-task:bootRepackage
-    - ./gradlew wallet-hsm:bootRepackage
+    - chmod +x ./gradlew
+    - ./gradlew wallet-webapi:bootJar --no-daemon -x test
+    - ./gradlew wallet-task:bootJar --no-daemon -x test
+    - ./gradlew wallet-hsm:bootJar --no-daemon -x test
   artifacts:
     paths:
       - wallet-webapi/build/libs/*.jar
       - wallet-hsm/build/libs/*.jar
       - wallet-task/build/libs/*.jar
-    expire_in: 20min
+    expire_in: 1 hour
 
-deploy for cl-webapi:
-  image: gitlab/dind:latest
+deploy wallet-webapi:
+  image: docker:latest
+  services:
+    - docker:dind
   tags:
     - wallet-dev
   stage: deploy
   script:
-    - docker stop -f wallet-webapi ||true
-    - docker rm -f wallet-webapi ||true
-    - docker rmi wallet-webapi ||true
-    - docker build -t wallet-webapi wallet-webapi/.
-    - docker run -d --name wallet-webapi -p 10001:10001 -v /etc/localtime:/etc/localtime cl-webapi
+    - docker stop wallet-webapi || true
+    - docker rm wallet-webapi || true
+    - docker rmi wallet-webapi || true
+    - docker build -t wallet-webapi -f wallet-webapi/Dockerfile .
+    - docker run -d --name wallet-webapi
+      --restart unless-stopped
+      -p 10001:10001
+      -v /etc/localtime:/etc/localtime:ro
+      --env-file /etc/wallet/webapi.env
+      wallet-webapi
   when: manual
 
-deploy for cl-task:
-  image: gitlab/dind:latest
+deploy wallet-task:
+  image: docker:latest
+  services:
+    - docker:dind
   tags:
     - wallet-dev
   stage: deploy
   script:
-    - docker stop -f wallet-task ||true
-    - docker rm -f wallet-task ||true
-    - docker rmi wallet-task ||true
-    - docker build -t wallet-task wallet-task/.
-    - docker run -d --name wallet-task -p 10033:10033 -v /etc/localtime:/etc/localtime wallet-task
+    - docker stop wallet-task || true
+    - docker rm wallet-task || true
+    - docker rmi wallet-task || true
+    - docker build -t wallet-task -f wallet-task/Dockerfile .
+    - docker run -d --name wallet-task
+      --restart unless-stopped
+      -p 10033:10033
+      -v /etc/localtime:/etc/localtime:ro
+      --env-file /etc/wallet/task.env
+      wallet-task
   when: manual
 
-deploy for cl-hsm:
-  image: gitlab/dind:latest
+deploy wallet-hsm:
+  image: docker:latest
+  services:
+    - docker:dind
   tags:
     - wallet-dev
   stage: deploy
   script:
-    - docker stop -f wallet-hsm ||true
-    - docker rm -f wallet-hsm ||true
-    - docker rmi wallet-hsm ||true
-    - docker build -t wallet-hsm wallet-hsm/.
-    - docker run -d --name wallet-hsm -p 10888:10888 -v /etc/localtime:/etc/localtime -v /mnt/wallets:/mnt/wallets cl-hsm
+    - docker stop wallet-hsm || true
+    - docker rm wallet-hsm || true
+    - docker rmi wallet-hsm || true
+    - docker build -t wallet-hsm -f wallet-hsm/Dockerfile .
+    - docker run -d --name wallet-hsm
+      --restart unless-stopped
+      -p 10888:10888
+      -v /etc/localtime:/etc/localtime:ro
+      -v /mnt/wallets:/data/keystores
+      --env-file /etc/wallet/hsm.env
+      wallet-hsm
   when: manual
 
 after_script:
-  - echo "End CI"
+  - echo "End CI"