chore(core): init repository

.github/dependabot.yml

@@ -0,0 +1,60 @@
+---
+version: 2
+updates:
+  # Maven dependencies
+  - package-ecosystem: "maven"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "05:00"
+    open-pull-requests-limit: 10
+    groups:
+      # Group all patch and minor updates together, individual PRs for major updates
+      all-minor-and-patch-updates:
+        patterns:
+          - "*"
+        update-types:
+          - "patch"
+          - "minor"
+    pull-request-branch-name:
+      separator: "-"
+
+  # Docker dependencies
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "05:00"
+    open-pull-requests-limit: 5
+    pull-request-branch-name:
+      separator: "-"
+
+  # GitHub Actions dependencies
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "05:00"
+    open-pull-requests-limit: 5
+    groups:
+      # Group all minor and patch updates together
+      all-minor-and-patch-updates:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+    pull-request-branch-name:
+      separator: "-"
+
+  - package-ecosystem: "uv"
+    directory: "/docs"
+    schedule:
+      interval: "monthly"
+      day: "monday"
+      time: "05:00"
+    open-pull-requests-limit: 5
+    pull-request-branch-name:
+      separator: "-"

.github/pull_request_template.md

@@ -0,0 +1,86 @@
+# PR Description
+
+<!--
+Expected Format of the title of the PR:
+
+- type: feat, fix, docs, style, refactor, perf, test, chore, build, ci, revert
+- scopes: core, api, service, ui, database, config, security, auth, logging, metrics, deps, deps-dev
+- short summary: written in present tense ("change" not "changed" or "changes"), not capitalized, no period at the end
+-->
+
+## What this PR Provides
+
+- Describe in short sentences the goal of the PR. Use lists.
+- If the PR is linked to an ADR, please provide the link.
+
+## Fixes
+
+<!--
+Use this section to reference the related issue (GitHub issue number).
+
+Examples:
+- fixes #123
+- fixes #123, fixes #456
+-->
+
+## Review
+
+<!--
+These check boxes should not be checked by the PR author but by the reviewer
+has to check them.
+Please delete the useless checkboxes :)
+-->
+
+The reviewer **must** double-check these points:
+
+- [ ] The reviewer has tested the feature
+- [ ] The reviewer has reviewed the implementation of the feature
+- [ ] The documentation has been updated
+- [ ] The feature implementation respects the Technical Doc / ADR previously produced
+- [ ] The Pull Request title has a `!` after the type/scope to identify the breaking
+    change in the release note and ensure we will release a major version.
+
+## How to test
+
+<!--
+Copy/paste the "test" section of the Jira or Github Issue here
+-->
+
+Please **refer** (copy/paste) the test section **from the User Story**. This should include
+
+- The initial state: what should be the status of the system before testing
+   (for example, ensure the data xxx exists in idp-back to be able to test the feature)
+- What and how to test: steps to perform to test the feature
+   (for example, go to page xxx, fill the xxx field and click the 'send' button)
+- Expected results: what should be observed for success or failure
+   (for example, there is a link in the database between component X and component Y.
+   You can retrieve the information with a `GET` request to the API)
+
+## Breaking changes (if any)
+
+<!--
+Explain here if you have any breaking change in the UX or in the API contract.
+If you don't introduce any breaking change, feel free to remove this section.
+-->
+
+- Data loss / modification
+- API JSON schema modification (existing resource / behavior)
+- Behavior modification of a component
+- Others
+- N/A
+
+### Context of the Breaking Change
+
+<!--
+Explain here more about the breaking change you introduced.
+-->
+
+For example: we redefined the component types list in the DPAC referential
+
+### Result of the Breaking Change
+
+<!--
+Explain more about the impact of the breaking change
+-->
+
+For example: your component of type xxx will migrate to the type yyy

.github/scripts/check_navigation.sh

@@ -0,0 +1,71 @@
+#!/bin/bash
+# Check for 'none' placeholders in Zensical navigation
+
+set -e
+
+SITE_DIR="${1:-docs/site}"
+SRC_DIR="${2:-docs/src}"
+EXIT_CODE=0
+declare -A broken_refs
+
+echo "🔍 Checking for broken navigation links in ${SITE_DIR}..."
+
+# Find files with 'none' placeholders in navigation
+while IFS= read -r file; do
+    if [ -n "$file" ]; then
+        # Get line numbers where 'none' appears in md-ellipsis context
+        line_nums=$(grep -n "^\s*none\s*$" "$file" | cut -d: -f1 2>/dev/null || true)
+
+        for line_num in $line_nums; do
+            # Check if this 'none' is within md-ellipsis span (check nearby lines)
+            # Ensure we don't use negative line numbers
+            start_line=$((line_num > 3 ? line_num - 3 : 1))
+            end_line=$((line_num + 3))
+
+            if sed -n "${start_line},${end_line}p" "$file" | grep -q "md-ellipsis"; then
+                # Extract the href to find the source markdown file
+                # Look up to 10 lines before, but not before line 1
+                href_start=$((line_num > 10 ? line_num - 10 : 1))
+                href=$(sed -n "${href_start},${line_num}p" "$file" | grep -oP 'href="\K[^"]+' | tail -1 2>/dev/null || true)
+
+                if [[ $href == *.md ]]; then
+                    # Store the reference
+                    broken_refs["$href"]=1
+                fi
+
+                EXIT_CODE=1
+            fi
+        done
+    fi
+done < <(find "$SITE_DIR" -name "*.html" -type f)
+
+if [ $EXIT_CODE -eq 0 ]; then
+    echo "✅ No broken navigation links found"
+else
+    echo ""
+    echo "📝 Markdown files referenced in broken navigation links:"
+    echo ""
+
+    # Show unique markdown file references
+    for ref in $(printf '%s\n' "${!broken_refs[@]}" | sort -u); do
+        # Extract just the filename for clarity
+        filename=$(basename "$ref")
+
+        # Try to find it in the source directory
+        found_files=$(find "$SRC_DIR" -name "$filename" 2>/dev/null || true)
+
+        if [ -n "$found_files" ]; then
+            echo "$found_files" | while read -r found; do
+                echo "   ❌ $found"
+            done
+        else
+            echo "   ⚠️  $filename (referenced as: $ref, not found in $SRC_DIR)"
+        fi
+    done | sort -u
+
+    echo ""
+    echo "💡 Fix: Add 'title: Your Title' in YAML frontmatter"
+    echo "        (at the top of the file between --- markers)"
+fi
+
+exit $EXIT_CODE

.github/scripts/extract_specs.sh

@@ -0,0 +1,74 @@
+#!/bin/bash
+set -euo pipefail
+
+# Define environment variables (passed by GitHub Actions)
+# These default to the values defined in the workflow's 'env' block
+API_PORT=${API_PORT:-8080}
+SPEC_URL_PATH=${SPEC_URL_PATH:-/v3/api-docs/internal}
+MAIN_SWAGGER="$PWD/docs/src/static/swagger.yaml"
+
+# Save the current branch name (the PR branch)
+PR_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+# Fetch and checkout the main branch to get the reference
+git fetch origin main
+git checkout origin/main
+# 1. Check if the static swagger file exists on the 'main' branch
+if [ -f "$MAIN_SWAGGER" ]; then
+    # If it exists, copy it as the reference spec
+    cp "$MAIN_SWAGGER" "specs/static-swagger-main.yaml"
+else
+    printf --  "Static swagger missing in main, extracting from main JAR\n"
+    # Build the project on the 'main' branch to get the JAR
+    mvn clean package -B
+
+    JAR_PATH=$(find target -maxdepth 1 -name "*.jar" | head -n 1)
+    if [ -z "$JAR_PATH" ]; then
+        printf --  "::error:: No JAR found in target/ folder.\n"
+        exit 1
+    fi
+
+    # Start the application in the background (&)
+    java -jar "$JAR_PATH" --server.port="$API_PORT" &
+    MAIN_PID=$!
+
+    # --- START OF RELIABLE POLLING LOGIC ---
+    MAX_ATTEMPTS=20  # Maximum number of attempts
+    SLEEP_TIME=3     # Wait time (in seconds) between attempts
+    ATTEMPT=0        # Initial attempt counter
+    API_URL="http://localhost:$API_PORT$SPEC_URL_PATH"
+
+    printf -- "Waiting for API endpoint (%s) to be reachable...\n" "$API_URL"
+
+    while [ "$ATTEMPT" -lt "$MAX_ATTEMPTS" ]; do
+        # Use curl with --fail and --silent to check for a successful connection (HTTP 2xx response)
+        if curl --fail --silent -o /dev/null "$API_URL"; then
+            printf -- "API is up after %d seconds.\n" "$((ATTEMPT * SLEEP_TIME))"
+            break # Exit the loop because the API is ready
+        fi
+        printf -- "Attempt %d/%d failed. Waiting %d seconds...\n" "$((ATTEMPT + 1))" "$MAX_ATTEMPTS" "$SLEEP_TIME"
+        sleep "$SLEEP_TIME"
+        ATTEMPT=$((ATTEMPT + 1))
+    done
+    # Check if the maximum number of attempts was reached (timeout)
+    if [ "$ATTEMPT" -eq "$MAX_ATTEMPTS" ]; then
+        printf --  "::error:: Application failed to start and expose Swagger endpoint after %d attempts.\n" "$MAX_ATTEMPTS"
+        printf -- "Swagger endpoint unreachable. Dumping logs:\n"
+        pgrep -a java || printf -- "No Java process found\n"
+        kill "$MAIN_PID"
+        exit 1 # Fail the job
+    fi
+    # --- END OF RELIABLE POLLING LOGIC ---
+
+    printf -- "Downloading specification from running application...\n"
+    if ! curl -f "$API_URL" > "specs/static-swagger-main.yaml"; then
+        printf -- "::error:: Failed to download OpenAPI specification after successful startup check.\n"
+        kill "$MAIN_PID"
+        exit 1
+    fi
+
+    kill "$MAIN_PID"
+    printf --  "Reference swagger successfully generated and saved as static-swagger-main.yaml\n"
+fi
+
+# Return to the original PR branch
+git checkout "$PR_BRANCH"

.github/scripts/summarize_owasp.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SUMMARY_FILE="${GITHUB_STEP_SUMMARY:-/dev/stdout}"
+
+echo "### OWASP Dependency Check Summary" >> "$SUMMARY_FILE"
+
+SARIF_REPORT=""
+if [ -f "$PWD/target/security-reports/dependency-check-report.sarif" ]; then
+  SARIF_REPORT="$PWD/target/security-reports/dependency-check-report.sarif"
+elif [ -f "$PWD/target/dependency-check-report.sarif" ]; then
+  SARIF_REPORT="$PWD/target/dependency-check-report.sarif"
+fi
+
+if [ -n "$SARIF_REPORT" ]; then
+  echo "| Vulnerability | CVSS | Package |" >> "$SUMMARY_FILE"
+  echo "|:--|:--:|:--|" >> "$SUMMARY_FILE"
+
+  if command -v jq >/dev/null 2>&1; then
+    VULN_COUNT=$(jq '.runs[].results | length' "$SARIF_REPORT" | awk '{s+=$1} END {print s}')
+    if [ "$VULN_COUNT" -gt 0 ]; then
+      jq -r '.runs[].results[] | [.ruleId, (.properties.cvssScore // "N/A"), (.message.text | split("\n")[0])] | @tsv' "$SARIF_REPORT" |
+      while IFS=$'\t' read -r ruleId cvss message; do
+        printf "| %s | %s | %s |\n" "$ruleId" "$cvss" "$message" >> "$SUMMARY_FILE"
+      done
+      echo "| **Total** | **$VULN_COUNT** |  |" >> "$SUMMARY_FILE"
+      echo "::error:: OWASP Dependency Check found $VULN_COUNT vulnerabilities"
+      exit 1
+    else
+      echo "| OK | 0 | No vulnerabilities found |" >> "$SUMMARY_FILE"
+    fi
+  else
+    echo "::warning:: jq not found — unable to parse SARIF details"
+  fi
+else
+  echo "::warning:: OWASP report missing"
+fi