Added options to mount nexus secrets

.devcontainer/server/Dockerfile

@@ -0,0 +1,147 @@
+FROM debian:trixie
+
+RUN groupadd debian \
+      --gid 1000 \
+    && useradd debian \
+      --uid 1000 \
+      --gid debian \
+      --shell /bin/bash \
+      --create-home
+
+RUN apt-get update \
+    && apt-get -y install --no-install-recommends \
+    ca-certificates \
+    curl \
+    dirmngr \
+    git \
+    gnupg \
+    gpg \
+    gpg-agent \
+    libatomic1 \
+    nano \
+    python3 \
+    unzip \
+    vim-tiny \
+    wget \
+    xz-utils \
+    && apt-get auto-remove -y \
+    && apt-get clean -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && echo 'export PS1="\e[01;32m\u\e[m:\e[01;34m\w\e[m\$ "' >> /home/debian/.bashrc
+
+ENV JAVA_HOME=/opt/java/openjdk
+COPY --from=eclipse-temurin:21 $JAVA_HOME $JAVA_HOME
+ENV PATH="${JAVA_HOME}/bin:${PATH}"
+
+ENV MAVEN_HOME=/opt/maven
+ENV PATH=$MAVEN_HOME/bin:$PATH
+
+ARG MAVEN_VERSION=3.9.11
+ARG BASE_URL=https://dlcdn.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
+
+RUN mkdir -p $MAVEN_HOME \
+ && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+ && tar -xzf /tmp/apache-maven.tar.gz -C $MAVEN_HOME --strip-components=1 \
+ && rm -f /tmp/apache-maven.tar.gz
+
+ARG NODE_VERSION=22.21.1
+RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \
+    && case "${dpkgArch##*-}" in \
+      amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \
+      ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \
+      s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \
+      arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \
+      armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \
+      i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \
+      *) echo "unsupported architecture"; exit 1 ;; \
+    esac \
+    && set -ex \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
+    # gpg keys listed at https://github.com/nodejs/node#release-keys
+    && for key in \
+      5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \
+      DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
+      CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
+      8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
+      890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
+      C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
+      108F52B48DB57BB0CC439B2997B01419BD92F80A \
+      A363A499291CBBC940DD62E41F10027AF002F8B0 \
+    ; do \
+      gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" || \
+      gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ; \
+    done \
+    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
+    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
+    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
+    && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
+    && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
+    && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
+    # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451
+    && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \
+    && npm install -g npm \
+    && npm install -g @anthropic-ai/claude-code \
+    # smoke tests
+    && node --version \
+    && npm --version \
+    && rm -rf /tmp/*
+
+ARG BUN_VERSION=1.3.1
+RUN arch="$(dpkg --print-architecture)" \
+    && case "${arch##*-}" in \
+      amd64) build="x64-baseline";; \
+      arm64) build="aarch64";; \
+      *) echo "error: unsupported architecture: $arch"; exit 1 ;; \
+    esac \
+    && version="$BUN_VERSION" \
+    && case "$version" in \
+      latest | canary | bun-v*) tag="$version"; ;; \
+      v*)                       tag="bun-$version"; ;; \
+      *)                        tag="bun-v$version"; ;; \
+    esac \
+    && case "$tag" in \
+      latest) release="latest/download"; ;; \
+      *)      release="download/$tag"; ;; \
+    esac \
+    && curl "https://github.com/oven-sh/bun/releases/$release/bun-linux-$build.zip" \
+      -fsSLO \
+      --compressed \
+      --retry 5 \
+      || (echo "error: failed to download: $tag" && exit 1) \
+    && for key in \
+      "F3DCC08A8572C0749B3E18888EAB4D40A7B22B59" \
+    ; do \
+      gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+      || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
+    done \
+    && curl "https://github.com/oven-sh/bun/releases/$release/SHASUMS256.txt.asc" \
+      -fsSLO \
+      --compressed \
+      --retry 5 \
+    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+      || (echo "error: failed to verify: $tag" && exit 1) \
+    && grep " bun-linux-$build.zip\$" SHASUMS256.txt | sha256sum -c - \
+      || (echo "error: failed to verify: $tag" && exit 1) \
+    && unzip "bun-linux-$build.zip" \
+    && mv "bun-linux-$build/bun" /usr/local/bin/bun \
+    && rm -f "bun-linux-$build.zip" SHASUMS256.txt.asc SHASUMS256.txt \
+    && chmod +x /usr/local/bin/bun
+
+ARG NEXUS_REPO=https://rm.vilanet.fr/repository/raw
+RUN --mount=type=secret,id=nexus_login,target=/tmp/nexus_login \
+    --mount=type=secret,id=nexus_pwd,target=/tmp/nexus_pwd \
+    curl -Lo /tmp/jetbrains.zip -u$(cat /tmp/nexus_login):$(cat /tmp/nexus_pwd) ${NEXUS_REPO}/jetbrains.zip
+
+# Set the default user
+USER debian
+
+RUN mkdir -p /home/debian/.local/share \
+ && unzip -d /home/debian/.local/share /tmp/jetbrains.zip
+
+#ENV IDEA_VM_OPTIONS=/home/debian/.local/share/jetbrains/vmoptions/idea.vmoptions
+
+# Set the working directory
+WORKDIR /home/debian

.devcontainer/server/devcontainer.json

@@ -0,0 +1,22 @@
+{
+  "name": "slot-server",
+  "build": {
+    "dockerfile": "Dockerfile",
+    "options": [
+      "--secret", "id=nexus_login,src=/tmp/nexus_login",
+      "--secret", "id=nexus_pwd,src=/tmp/nexus_pwd"
+    ]
+  },
+  "containerEnv": {
+    "GIT_REPO_URL": "https://scm.vilanet.fr/kriss/slot"
+  },
+  "customizations": {
+    "jetbrains": {
+      "backend": "IntelliJ"
+    }
+  },
+  "forwardPorts": [8080],
+  "workspaceFolder": "/workspace",
+  "//": "workspaceMount: source=jb_devcontainer_sources_f31d2e11122d7a0f1e78fb3337cc2916,target=/workspace,type=volume",
+  "//": "postCreateCommand: if [ ! -d .git ]; then git clone $GIT_REPO_URL .; fi"
+}

.devcontainer/ui/Dockerfile

@@ -0,0 +1,147 @@
+FROM debian:trixie
+
+RUN groupadd debian \
+      --gid 1000 \
+    && useradd debian \
+      --uid 1000 \
+      --gid debian \
+      --shell /bin/bash \
+      --create-home
+
+RUN apt-get update \
+    && apt-get -y install --no-install-recommends \
+    ca-certificates \
+    curl \
+    dirmngr \
+    git \
+    gnupg \
+    gpg \
+    gpg-agent \
+    libatomic1 \
+    nano \
+    python3 \
+    unzip \
+    vim-tiny \
+    wget \
+    xz-utils \
+    && apt-get auto-remove -y \
+    && apt-get clean -y \
+    && rm -rf /var/lib/apt/lists/* \
+    && echo 'export PS1="\e[01;32m\u\e[m:\e[01;34m\w\e[m\$ "' >> /home/debian/.bashrc
+
+ENV JAVA_HOME=/opt/java/openjdk
+COPY --from=eclipse-temurin:21 $JAVA_HOME $JAVA_HOME
+ENV PATH="${JAVA_HOME}/bin:${PATH}"
+
+ENV MAVEN_HOME=/opt/maven
+ENV PATH=$MAVEN_HOME/bin:$PATH
+
+ARG MAVEN_VERSION=3.9.11
+ARG BASE_URL=https://dlcdn.apache.org/maven/maven-3/${MAVEN_VERSION}/binaries
+
+RUN mkdir -p $MAVEN_HOME \
+ && curl -fsSL -o /tmp/apache-maven.tar.gz ${BASE_URL}/apache-maven-${MAVEN_VERSION}-bin.tar.gz \
+ && tar -xzf /tmp/apache-maven.tar.gz -C $MAVEN_HOME --strip-components=1 \
+ && rm -f /tmp/apache-maven.tar.gz
+
+ARG NODE_VERSION=22.21.1
+RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \
+    && case "${dpkgArch##*-}" in \
+      amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \
+      ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \
+      s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \
+      arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \
+      armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \
+      i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \
+      *) echo "unsupported architecture"; exit 1 ;; \
+    esac \
+    && set -ex \
+    # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150
+    && export GNUPGHOME="$(mktemp -d)" \
+    # gpg keys listed at https://github.com/nodejs/node#release-keys
+    && for key in \
+      5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \
+      DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \
+      CC68F5A3106FF448322E48ED27F5E38D5B0A215F \
+      8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
+      890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \
+      C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
+      108F52B48DB57BB0CC439B2997B01419BD92F80A \
+      A363A499291CBBC940DD62E41F10027AF002F8B0 \
+    ; do \
+      gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" || \
+      gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ; \
+    done \
+    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \
+    && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \
+    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+    && gpgconf --kill all \
+    && rm -rf "$GNUPGHOME" \
+    && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
+    && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
+    && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \
+    # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451
+    && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \
+    && npm install -g npm \
+    && npm install -g @anthropic-ai/claude-code \
+    # smoke tests
+    && node --version \
+    && npm --version \
+    && rm -rf /tmp/*
+
+ARG BUN_VERSION=1.3.1
+RUN arch="$(dpkg --print-architecture)" \
+    && case "${arch##*-}" in \
+      amd64) build="x64-baseline";; \
+      arm64) build="aarch64";; \
+      *) echo "error: unsupported architecture: $arch"; exit 1 ;; \
+    esac \
+    && version="$BUN_VERSION" \
+    && case "$version" in \
+      latest | canary | bun-v*) tag="$version"; ;; \
+      v*)                       tag="bun-$version"; ;; \
+      *)                        tag="bun-v$version"; ;; \
+    esac \
+    && case "$tag" in \
+      latest) release="latest/download"; ;; \
+      *)      release="download/$tag"; ;; \
+    esac \
+    && curl "https://github.com/oven-sh/bun/releases/$release/bun-linux-$build.zip" \
+      -fsSLO \
+      --compressed \
+      --retry 5 \
+      || (echo "error: failed to download: $tag" && exit 1) \
+    && for key in \
+      "F3DCC08A8572C0749B3E18888EAB4D40A7B22B59" \
+    ; do \
+      gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+      || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
+    done \
+    && curl "https://github.com/oven-sh/bun/releases/$release/SHASUMS256.txt.asc" \
+      -fsSLO \
+      --compressed \
+      --retry 5 \
+    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+      || (echo "error: failed to verify: $tag" && exit 1) \
+    && grep " bun-linux-$build.zip\$" SHASUMS256.txt | sha256sum -c - \
+      || (echo "error: failed to verify: $tag" && exit 1) \
+    && unzip "bun-linux-$build.zip" \
+    && mv "bun-linux-$build/bun" /usr/local/bin/bun \
+    && rm -f "bun-linux-$build.zip" SHASUMS256.txt.asc SHASUMS256.txt \
+    && chmod +x /usr/local/bin/bun
+
+ARG NEXUS_REPO=https://rm.vilanet.fr/repository/raw
+RUN --mount=type=secret,id=nexus_login,target=/tmp/nexus_login \
+    --mount=type=secret,id=nexus_pwd,target=/tmp/nexus_pwd \
+    curl -Lo /tmp/jetbrains.zip -u$(cat /tmp/nexus_login):$(cat /tmp/nexus_pwd) ${NEXUS_REPO}/jetbrains.zip
+
+# Set the default user
+USER debian
+
+RUN mkdir -p /home/debian/.local/share \
+ && unzip -d /home/debian/.local/share /tmp/jetbrains.zip
+
+#ENV IDEA_VM_OPTIONS=/home/debian/.local/share/jetbrains/vmoptions/idea.vmoptions
+
+# Set the working directory
+WORKDIR /home/debian

.devcontainer/ui/devcontainer.json

@@ -0,0 +1,22 @@
+{
+  "name": "slot-ui",
+  "build": {
+    "dockerfile": "Dockerfile",
+    "options": [
+      "--secret", "id=nexus_login,src=/tmp/nexus_login",
+      "--secret", "id=nexus_pwd,src=/tmp/nexus_pwd"
+    ]
+  },
+  "containerEnv": {
+    "GIT_REPO_URL": "https://scm.vilanet.fr/kriss/slot"
+  },
+  "customizations": {
+    "jetbrains": {
+      "backend": "WebStorm"
+    }
+  },
+  "forwardPorts": [5173],
+  "workspaceFolder": "/workspace",
+  "//": "workspaceMount: source=jb_devcontainer_sources_f31d2e11122d7a0f1e78fb3337cc2916,target=/workspace,type=volume",
+  "//": "postCreateCommand: if [ ! -d .git ]; then git clone $GIT_REPO_URL .; fi"
+}

.devcontainer/ui/docker-entrypoint.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then
+  set -- /usr/local/bin/bun "$@"
+fi
+
+exec "$@"

server/.devcontainer/devcontainer.json

@@ -1,16 +0,0 @@
-{
-  "name": "OpenJDK21",
-  "image": "mcr.microsoft.com/openjdk/jdk:21-ubuntu",
-  "features": {
-    "ghcr.io/devcontainers/features/java:1": {
-      "installMaven": "true"
-    },
-    "ghcr.io/devcontainers/features/git:1": {}
-  },
-  "customizations": {
-    "jetbrains": {
-      "backend": "IntelliJ"
-    }
-  },
-  "workspaceFolder": "/workspace"
-}

server/CLAUDE.md

@@ -0,0 +1,33 @@
+# General information
+
+This project will be used by following kind of users :
+- program managers:
+they manage a program, which encompasses all activities allowing to reach a company objective. there are different kind of programs:
+  - strategic customer program: in this case, the program represents all the go-to-market activities for this customer (from pre-sales to maintenance)
+  - business program: in this case, objectives will allow to address new market shares or ensure business continuity on existing market shares. some examples: support new languages, implement country regulatory new rules, ...
+  - technical program: in this case, objectives are usually transversal and benefits for all products and solutions of the company. some examples: ability to deploy on public cloud, going from monolith to micro-services architecture, ...
+  - other transversal activities like innovation can also be run through a program
+- product managers:
+they manage one or several products, defining the feature set for each.
+they design features to match needs expressed by customers in the pipe, as well as needs that should arise from future customers, based on market analysis.
+they also decide if a given customer request has to be processed as a custom or through a product feature. 
+- business owners:
+they decide strategy and priorities in case of unability to address all needs with current budget
+- engineering managers:
+they manage a set of agile teams in charge of developing the features.
+they run an organization which is based on SAFe principles, meaning scope is committed through program increments of 3 months. 
+
+Objective of this project is to provide a UI that would :
+- help program managers and product managers to record their needs in term of new features or customs to implement in a product, based on priorities, expected start and end dates, ...  
+- help business owners to see when these needs will be fulfilled and let them change constraints like priority,  
+This component is server-side.
+Its aim is to provide API that would be used by UI whenever a core business logic has to be executed.
+Core business logic is around computing start and end dates for each
+
+# Technical constraints
+
+UI written in React, using ShadCN UI
+Backend written in Java, using Quarkus
+
+# Features definition
+

server/MyApp.md

@@ -0,0 +1,64 @@
+# MyApp
+
+My standards for an App
+
+### Documentation
+- Dev: Backstage (security, alerting, CI/CD, configuration, observability, infra)
+- Project: Hugo
+
+### Observability
+- Otel
+- Observability as a code (dashboard => grafana.json, alerts => alerts.yaml)
+- Prometheus exporters for applicative metrics
+- UI batched logs to server endpoint
+- Thanos (long-lived + consolidation)
+- Zabbix
+
+### Quality
+- PACT (backend-backend)
+- squashtest.com
+- Selenium/Cypress
+- Code coverage (Sonar + Cobertura)
+- Code security (Gitlab SAST/DAST ?)
+- Code maturity (Sonar + OpenSSF ?)
+- Test reports (AllureReport)
+
+### Packaging
+- Docker
+- Helm
+
+### Database
+- PostgreSQL / Mongo
+- Migration (liquidbase, flyway)
+
+### Configuration
+- X-Context approach (override conf by request)
+- Simple vs. profile parameters
+- Multi-tenancy ?
+
+### Technical
+- Redis (create async request API endpoint)
+- Websocket UI - server
+
+### Auth
+- Dex
+
+### Backend
+- Quarkus
+
+### UI
+- React
+- Shadcn UI
+- TailwindCSS
+
+### Build
+- Maven
+- Gitea/Gitlab actions
+- Devcontainer
+- Devfile
+
+### API
+- OpenAPI swagger
+- Apicurio (lint)
+- Smartbear
+- High level protocol (at least for homogeneous error management)

server/notes.txt

@@ -1,3 +1,5 @@
+To be moved to CLAUDE.md
+
 initiative 1..n engagement 1..n epic 1..n feature 1..n story
 
 initiative
@@ -14,3 +16,18 @@ epic
 feature (au sens tuleap, utile pour eXtreme quotation)
 
 story (au sens tuleap)
+
+capacity management with PMP standards (LoE, discrete, apportioned + MyNFR cut) + activity tracker (préparation engagement, follow-up post-engagement)
+
+flags for product vs custom
+
+ARR/IRR
+ARR = accounting rate of return / annual recurring revenue = annual predicted net profit / initial investment
+IRR = internal rate of return
+
+features:
+- capacity/scope long-term
+- capacity/scope PI term
+- suivi engagement (risk, event, deps, done vs planned)
+- burn-up
+- EVM (ACT, BAC, ...)

ui/.devcontainer/Dockerfile

@@ -1,15 +0,0 @@
-ARG VARIANT=latest
-FROM oven/bun:${VARIANT}
-
-RUN apt-get update \
-    && apt-get -y install --no-install-recommends \
-    ca-certificates \
-    git \
-    nano \
-    vim-tiny \
-    && apt-get auto-remove -y \
-    && apt-get clean -y \
-    && chsh -s $(which bash) bun \
-    && echo 'export PS1="\e[01;32m\u\e[m:\e[01;34m\w\e[m\$ "' >> /home/bun/.bashrc
-
-USER bun

ui/.devcontainer/devcontainer.json

@@ -1,19 +0,0 @@
-{
-  "name": "Bun",
-  "build": {
-    "dockerfile": "Dockerfile",
-    "args": {
-      "VARIANT": "latest"
-    }
-  },
-  "containerEnv": {
-    "GIT_REPO_URL": "https://scm.vilanet.fr/kriss/slot"
-  },
-  "customizations": {
-    "jetbrains": {}
-  },
-  "forwardPorts": [5173],
-  "workspaceMount": "source=slot_sources,target=/workspace,type=volume",
-  "workspaceFolder": "/workspace",
-  "postCreateCommand": "if [ ! -d .git ]; then git clone $GIT_REPO_URL .; fi"
-}