feat: distributed tracing with OpenTelemetry + Jaeger

.env.example

@@ -0,0 +1,14 @@
+# Copy this file to .env and fill in real values.
+# The .env file is excluded from version control.
+
+# Database
+DB_NAME=jobtracker
+DB_USERNAME=jobtracker
+DB_PASSWORD=change_me
+DB_ROOT_PASSWORD=change_me_root
+
+# JWT
+JWT_SECRET=replace_with_a_256_bit_random_string
+
+# Tracing (1.0 = 100 %; lower for production)
+TRACING_SAMPLING_PROBABILITY=1.0

.gitignore

@@ -28,3 +28,6 @@ target/
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
 replay_pid*
+
+# Environment variables – never commit secrets
+.env

Dockerfile

@@ -1,21 +1,18 @@
 # ============================================================
 # Stage 1: Build
 # ============================================================
-FROM eclipse-temurin:21-jdk-alpine AS build
-
-# Install Maven
-RUN apk add --no-cache maven
+FROM maven:3.9-eclipse-temurin-21 AS build
 
 WORKDIR /workspace
 
 # Copy POM first to cache dependency layer
-COPY backend/pom.xml .
+COPY pom.xml .
 
 # Download dependencies (cached unless pom.xml changes)
 RUN mvn dependency:go-offline -B --no-transfer-progress
 
 # Copy source code and build the fat JAR, skipping tests
-COPY backend/src src
+COPY src src
 RUN mvn package -DskipTests -B --no-transfer-progress
 
 # ============================================================
@@ -29,10 +26,7 @@ RUN addgroup -S appgroup && adduser -S appuser -G appgroup
 WORKDIR /app
 
 # Copy the built JAR from the build stage
-COPY --from=build /workspace/target/*.jar app.jar
-
-# Ensure the app directory is owned by the non-root user
-RUN chown -R appuser:appgroup /app
+COPY --from=build --chown=appuser:appgroup /workspace/target/*.jar app.jar
 
 USER appuser
 

backend/src/test/java/com/jobtracker/JobTrackerApplicationTests.java

@@ -0,0 +1,26 @@
+package com.jobtracker;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.TestPropertySource;
+
+@SpringBootTest
+@TestPropertySource(properties = {
+        "spring.datasource.url=jdbc:h2:mem:testdb;MODE=MySQL;DB_CLOSE_DELAY=-1",
+        "spring.datasource.driver-class-name=org.h2.Driver",
+        "spring.datasource.username=sa",
+        "spring.datasource.password=",
+        "spring.jpa.hibernate.ddl-auto=create-drop",
+        "spring.flyway.enabled=false",
+        "jwt.secret=TestSecretKeyThatIsAtLeast256BitsLongForTestingPurposesOnly",
+        "jwt.access-token-expiration-ms=900000",
+        "jwt.refresh-token-expiration-ms=604800000",
+        "cors.allowed-origins=http://localhost:3000",
+        "management.tracing.sampling.probability=0.0"
+})
+class JobTrackerApplicationTests {
+
+    @Test
+    void contextLoads() {
+    }
+}

docker-compose.yml

@@ -11,15 +11,18 @@ services:
     ports:
       - "8080:8080"
     environment:
-      SPRING_DATASOURCE_URL: jdbc:mariadb://mariadb:3306/jobtracker?createDatabaseIfNotExist=true&characterEncoding=UTF-8&useUnicode=true
-      SPRING_DATASOURCE_USERNAME: root
-      SPRING_DATASOURCE_PASSWORD: root
-      # WARNING: Replace this secret before any production use. This value is for development only.
-      JWT_SECRET: ChangeThisToAVeryLongSecretKeyForJWTTokensInDevelopment
-      CORS_ALLOWED_ORIGINS: "http://localhost:3000,http://localhost:5173"
+      DB_URL: jdbc:mariadb://mariadb:3306/${DB_NAME:-jobtracker}?createDatabaseIfNotExist=true&characterEncoding=UTF-8&useUnicode=true
+      DB_USERNAME: ${DB_USERNAME:-jobtracker}
+      DB_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD is required}
+      JWT_SECRET: ${JWT_SECRET:?JWT_SECRET is required}
+      CORS_ALLOWED_ORIGINS: ${CORS_ALLOWED_ORIGINS:-"http://localhost:3000,http://localhost:5173"}
+      OTEL_EXPORTER_OTLP_ENDPOINT: http://jaeger:4317
+      TRACING_SAMPLING_PROBABILITY: ${TRACING_SAMPLING_PROBABILITY:-1.0}
     depends_on:
       mariadb:
         condition: service_healthy
+      jaeger:
+        condition: service_started
     healthcheck:
       test: ["CMD", "wget", "-qO-", "http://localhost:8081/actuator/health"]
       interval: 30s
@@ -37,8 +40,10 @@ services:
     ports:
       - "3306:3306"
     environment:
-      MARIADB_ROOT_PASSWORD: root
-      MARIADB_DATABASE: jobtracker
+      MARIADB_ROOT_PASSWORD: ${DB_ROOT_PASSWORD:?DB_ROOT_PASSWORD is required}
+      MARIADB_DATABASE: ${DB_NAME:-jobtracker}
+      MARIADB_USER: ${DB_USERNAME:-jobtracker}
+      MARIADB_PASSWORD: ${DB_PASSWORD:?DB_PASSWORD is required}
     volumes:
       - mariadb_data:/var/lib/mysql
     healthcheck:
@@ -51,6 +56,20 @@ services:
       - job-tracker-net
     restart: unless-stopped
 
+  # ── Jaeger (distributed tracing) ─────────────────────────
+  jaeger:
+    image: jaegertracing/all-in-one:1.57.0
+    container_name: job-tracker-jaeger
+    ports:
+      - "16686:16686"   # Jaeger UI
+      - "4317:4317"     # OTLP gRPC receiver
+      - "4318:4318"     # OTLP HTTP receiver
+    environment:
+      - COLLECTOR_OTLP_ENABLED=true
+    networks:
+      - job-tracker-net
+    restart: unless-stopped
+
   # ── Prometheus ────────────────────────────────────────────
   prometheus:
     image: prom/prometheus:v2.54.1
@@ -82,8 +101,8 @@ services:
     ports:
       - "3000:3000"
     environment:
-      GF_SECURITY_ADMIN_USER: admin
-      GF_SECURITY_ADMIN_PASSWORD: admin
+      GF_SECURITY_ADMIN_USER: ${GRAFANA_ADMIN_USER:-admin}
+      GF_SECURITY_ADMIN_PASSWORD: ${GRAFANA_ADMIN_PASSWORD:-admin}
     volumes:
       - grafana_data:/var/lib/grafana
       - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources:ro
@@ -104,3 +123,4 @@ volumes:
 networks:
   job-tracker-net:
     driver: bridge
+