base-springboot-api-kotlin
Base Spring Boot API - Kotlin
A comprehensive Spring Boot API template built with Kotlin, following SOLID principles and best practices.
๐ Features
- Kotlin - Modern, concise language with null safety
- Spring Boot 3.x - Latest Spring Boot with native compilation support
- Oracle Database - Enterprise-grade database with containerized development
- OAuth2 Resource Server - JWT-based authentication and authorization
- OpenAPI/Swagger - Interactive API documentation
- JDBCTemplate - Direct SQL access with manual mapping
- Flyway - Database migrations and versioning
- Kotest - Kotlin-native testing framework
- TestContainers - Integration testing with real database
- JaCoCo - Code coverage analysis and reporting
- Allure - Advanced test reporting with coverage integration
- Maven - Dependency management and build automation
- SOLID Principles - Clean architecture implementation
๐๏ธ Architecture
Layered Architecture Pattern
API Controllers โ Facades โ Repositories
- Controllers: Handle HTTP requests/responses, validation, and routing
- Facades: Business logic orchestration, transaction management, and service coordination
- Repositories: Data access layer with pure SQL operations
Project Structure
src/main/kotlin/
โโโ controller/ # REST endpoints (@RestController)
โโโ facade/ # Business logic layer (@Service, @Transactional)
โโโ service/ # External service integrations
โโโ repository/ # Data access layer (@Repository)
โโโ model/ # Entity classes (plain data classes)
โโโ dto/ # Data Transfer Objects with OpenAPI schemas
โโโ config/ # Configuration classes (@Configuration)
โโโ exception/ # Custom exceptions and handlers
๐ ๏ธ Technology Stack
| Component | Technology | Version |
|---|---|---|
| Language | Kotlin | 1.9.24 |
| Framework | Spring Boot | 3.3.2 |
| Build Tool | Maven | 3.9.x |
| Database | Oracle Database | 23ai |
| Connection Pool | HikariCP | Built-in |
| Migration | Flyway | 10.15.2 |
| Documentation | SpringDoc OpenAPI | 2.6.0 |
| Security | Spring Security OAuth2 | Built-in |
| Testing | Kotest + MockK | 5.9.1 |
| Containers | TestContainers | 1.19.8 |
๐ฆ Getting Started
Prerequisites
- Java 21+
- Maven 3.6+
- Docker/Podman (for Oracle Database)
- Git
1. Clone the Repository
git clone https://github.com/norvaldb/base-springboot-api-kotlin.git
cd base-springboot-api-kotlin
2. Start Oracle Database (Podman)
# Pull Oracle XE image
podman pull container-registry.oracle.com/database/express:latest
# Run Oracle XE container
podman run -d \
--name oracle-xe \
-p 1521:1521 \
-e ORACLE_PWD=password123 \
-e ORACLE_CHARACTERSET=AL32UTF8 \
container-registry.oracle.com/database/express:latest
# Wait for database to be ready (2-3 minutes)
podman logs -f oracle-xe
3. Configure Environment Variables
export DB_USERNAME=dev_user
export DB_PASSWORD=dev_password
export DB_SCHEMA=DEV_SCHEMA
export JWT_ISSUER_URI=https://your-oauth2-provider.com
4. Run Database Migrations
# Create database schema and user (connect as system)
sqlplus system/password123@localhost:1521/XEPDB1
# In SQL*Plus:
CREATE USER dev_user IDENTIFIED BY dev_password;
GRANT DBA TO dev_user;
CREATE SCHEMA AUTHORIZATION dev_user;
# Run Flyway migrations
mvn flyway:migrate
5. Build and Run
# Build the application with automatic reports
mvn clean install
# Run tests only
mvn test
# Run integration tests
mvn verify
# Generate code coverage report (manual)
mvn jacoco:report
# Generate Allure report (manual)
mvn allure:report
# Start the application
mvn spring-boot:run
๐ Code Coverage & Reporting
Automatic Report Generation
Both JaCoCo coverage and Allure test reports are automatically generated during mvn install:
# Single command generates everything
mvn clean install
Generated Reports:
- JaCoCo Coverage:
target/site/jacoco/index.html - Allure Test Report:
target/allure-report/index.html
Manual Report Generation
Manual Report Generation
For individual report generation (optional):
# Generate coverage report only
mvn jacoco:report
# Generate Allure report only
mvn allure:report
# Serve interactive Allure report
mvn allure:serve
Allure Test Reports
Allure Test Reports
# Serve interactive Allure report
mvn allure:serve
Coverage Reports Location:
- JaCoCo HTML:
target/site/jacoco/index.html - JaCoCo XML:
target/site/jacoco/jacoco.xml(for CI/CD) - Allure Report:
target/allure-report/index.html
Performance Optimizations:
- Kotest autoscan disabled for faster test startup
- Reports generated automatically during build lifecycle
Coverage Thresholds:
- Coverage enforcement is available but currently disabled
- Uncomment the
jacoco-checkexecution inpom.xmlto enable - Default thresholds: Instruction 70%, Branch 60%
6. Access the Application
- API Base URL: http://localhost:8080
- Swagger UI: http://localhost:8080/swagger-ui.html
- API Docs: http://localhost:8080/v3/api-docs
- Health Check: http://localhost:8080/actuator/health
๐ API Documentation
The API is fully documented using OpenAPI 3.0 specification. Visit the Swagger UI at http://localhost:8080/swagger-ui.html for interactive documentation.
Authentication
The API uses OAuth2 JWT Bearer tokens for authentication:
Authorization: Bearer <your-jwt-token>
Example Endpoints
GET /api/users/{id}- Get user by IDPOST /api/users- Create new userGET /actuator/health- Health check
๐งช Testing
Unit Tests with Kotest
# Run unit tests
mvn test
Integration Tests with TestContainers
# Run integration tests (includes TestContainers)
mvn verify
Allure Report
This project is configured to produce Allure results for both unit and integration tests.
- Results directory:
target/allure-results - Generate static report:
mvn allure:report(output intarget/site/allure-maven/index.html) - Serve report locally:
mvn allure:serve
Notes:
- Kotest integrates with Allure via
AllureTestReporter. Seesrc/test/kotlin/ProjectConfig.kt. - The Allure Maven plugin is not bound to the lifecycle; run the goals above after
mvn testormvn verify.
Security Scanning with OWASP Dependency Check
# Run OWASP dependency vulnerability scan
mvn org.owasp:dependency-check-maven:check
# Generate report without failing build
mvn org.owasp:dependency-check-maven:check -DfailBuildOnCVSS=11
Generated Reports:
- HTML Report:
target/dependency-check-report.html - JSON Report:
target/dependency-check-report.json - XML Report:
target/dependency-check-report.xml
Configuration:
- Fail Threshold: CVSS score โฅ 7.0
- Suppressions:
owasp-suppressions.xml(false positive management) - Test Dependencies: Excluded from scanning for performance
- NVD API: Configure
NVD_API_KEYenvironment variable for faster updates
Setting up NVD API Key:
- Get a free API key from NVD
- Local Development: Set environment variable
export NVD_API_KEY=your-key-here - GitHub Actions: Add
NVD_API_KEYas a repository secret in Settings โ Secrets and variables โ Actions
Example Test Structure
class UserFacadeTest : FunSpec({
val userRepository = mockk<UserRepository>()
val userFacade = UserFacadeImpl(userRepository)
test("should find user by id") {
// Given
val userId = 1L
val user = User(id = userId, email = "test@example.com")
every { userRepository.findById(userId) } returns user
// When
val result = userFacade.findById(userId)
// Then
result shouldNotBe null
result?.id shouldBe userId
result?.email shouldBe "test@example.com"
}
})
๏ฟฝ GitHub Actions CI/CD
Automated Testing & Reporting
This project includes comprehensive GitHub Actions workflows for automated testing and reporting:
Available Workflows
1. CI Pipeline (ci.yml)
Triggers: Push to main/develop, Pull Requests to main
Features:
- โ Runs all tests (unit + integration)
- โ Generates JaCoCo coverage reports
- โ Creates Allure test reports with history
- โ Posts coverage comments on PRs
- โ Uploads reports to GitHub Pages
- โ Codecov integration
- โ OWASP dependency scanning
- โ Artifact uploads with retention
2. Test Reports Only (test-reports.yml)
Triggers: Push to main/develop, Pull Requests to main
Features:
- โ Lightweight testing workflow
- โ JaCoCo coverage analysis
- โ Allure report generation
- โ Test result summaries
- โ Downloadable artifacts
Accessing Reports
JaCoCo Coverage Reports:
- PR Comments: Automatic coverage reports on pull requests
- Artifacts: Download from Actions โ Workflow Run โ Artifacts
- Codecov: Available at https://codecov.io/gh/norvaldb/base-springboot-api-kotlin
Allure Test Reports:
- Artifacts: Download from Actions โ Workflow Run โ Artifacts
- GitHub Pages: https://norvaldb.github.io/base-springboot-api-kotlin (if enabled)
Setting up GitHub Pages (Optional)
To enable automatic deployment of test reports to GitHub Pages:
- Go to Repository Settings โ Pages
- Source: Deploy from a branch
- Branch:
gh-pages - Folder:
/(root)
The CI pipeline will automatically deploy Allure reports with test history to your GitHub Pages site.
Coverage Requirements
The workflows enforce coverage thresholds:
- Overall Coverage: 80% minimum
- Changed Files: 80% minimum
Failed coverage checks will be reported in PR comments and workflow status.
๏ฟฝ๐๏ธ Database
Oracle Database Setup
The application uses Oracle Database 23ai with the following configuration:
- Connection:
jdbc:oracle:thin:@localhost:1521:XEPDB1 - Schema: Configurable via
DB_SCHEMAenvironment variable - Connection Pool: HikariCP with optimized settings
Flyway Migrations
Database migrations are located in src/main/resources/db/migration/:
db/migration/
โโโ V1__Create_users_table.sql
โโโ V2__Add_user_indexes.sql
โโโ V3__Create_audit_tables.sql
Example Migration
-- V1__Create_users_table.sql
CREATE TABLE users (
user_id NUMBER GENERATED BY DEFAULT AS IDENTITY PRIMARY KEY,
email VARCHAR2(255) NOT NULL UNIQUE,
status VARCHAR2(50) DEFAULT 'ACTIVE',
created_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
updated_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE INDEX idx_users_email ON users(email);
CREATE INDEX idx_users_status ON users(status);
๐ง Configuration
Application Profiles
- dev - Development profile with debug logging
- test - Testing profile with TestContainers
- prod - Production profile with optimized settings
Environment Variables
| Variable | Description | Default |
|---|---|---|
DB_USERNAME |
Database username | dev_user |
DB_PASSWORD |
Database password | dev_password |
DB_SCHEMA |
Database schema | DEV_SCHEMA |
JWT_ISSUER_URI |
OAuth2 JWT issuer | https://your-oauth2-provider.com |
CORS_ALLOWED_ORIGINS |
CORS allowed origins | http://localhost:3000 |
๐ Development Guidelines
This project follows the comprehensive Copilot instructions located in .github/copilot-instructions.md. Key principles:
SOLID Principles
- Single Responsibility: Each class has one clear purpose
- Open/Closed: Extensible through interfaces
- Liskov Substitution: Proper inheritance hierarchies
- Interface Segregation: Focused, specific interfaces
- Dependency Inversion: Depend on abstractions
Code Standards
- Use data classes for DTOs and entities
- Prefer
valovervar - Leverage Kotlin null safety
- Use constructor injection
- Follow REST conventions
- Comprehensive error handling
Security
- OAuth2 JWT validation
- Role-based access control
- Method-level security
- CORS configuration
- Security headers
๐ณ Docker Support
Development with Podman
# Start Oracle Database
podman run -d \
--name oracle-xe \
-p 1521:1521 \
-e ORACLE_PWD=password123 \
container-registry.oracle.com/database/express:latest
Application Container (Future)
FROM openjdk:21-jdk-slim
COPY target/base-springboot-api-kotlin-*.jar app.jar
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "/app.jar"]
๐ค Contributing
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Follow the coding standards in
.github/copilot-instructions.md - Add tests for new functionality
- Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
๐ License
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
๐ Support
For questions and support:
- Create an Issue
- Check the Copilot Instructions
- Review the API Documentation
Built with โค๏ธ using Kotlin and Spring Boot