Merge the gateway, workflow level changes for central instance and update indexer custom decorator, pdf service flyway version upgrade

[vinothrallapalli-eGov]

Summary by CodeRabbit

• New Features

  • Added support for configuring database SSL connections and state-level tenant IDs via environment variables in the PDF service.
  • Enhanced gateway and workflow services to support multi-tenant and central instance environments, including new header constants and improved tenant ID handling.

• Bug Fixes

  • Improved robustness in handling tenant IDs without dots in central instance environments to prevent errors.

• Refactor

  • Updated method signatures and logic for user and topic name resolution to be tenant-aware and utilize utility classes.
  • Standardized request header enrichment and tenant ID propagation in gateway filters and helpers.

• Chores

  • Upgraded Flyway migration Docker image to a newer version and updated migration scripts for multi-schema support and stricter migration checks.

• Tests

  • Updated and enhanced tests to align with new method signatures and improved mock data realism.

[coderabbitai]

Walkthrough

This update spans workflow automation, core service logic, gateway enhancements, and PDF service configuration. It modifies the GitHub Actions build workflow, introduces tenant-aware logic and central instance handling in workflow and gateway modules, revises database migration scripts for multi-schema support, and adds SSL and environment-based configuration to the PDF service.

Changes

File(s) / Group	Change Summary
.github/workflows/build.yaml	Updated workflow triggers, added service options, switched Docker Hub login to use variables, hardcoded Dockerfile path, and adjusted formatting.
core-services/egov-indexer/src/main/java/org/egov/infra/indexer/custom/bpa/BPACustomDecorator.java	Switched from copying RequestInfo to wrapping it in RequestInfoWrapper for service requests.
core-services/egov-workflow-v2/src/main/java/org/egov/wf/producer/Producer.java .../ProducerTest.java	Refactored topic name resolution to use MultiStateInstanceUtil; updated tests to mock and verify this utility.
core-services/egov-workflow-v2/src/main/java/org/egov/wf/service/EnrichmentService.java .../EnrichmentServiceTest.java	Made user enrichment tenant-aware, added input checks, reorganized error handling; updated tests for new method signature and improved mock data realism.
core-services/egov-workflow-v2/src/main/java/org/egov/wf/service/UserService.java .../UserServiceTest.java	Added tenantId parameter to searchUser method; updated tests to match new signature.
core-services/egov-workflow-v2/src/main/java/org/egov/wf/util/WorkflowUtil.java	Simplified schema placeholder replacement to use tenantId directly.
core-services/egov-workflow-v2/src/main/resources/db/migrate.sh	Changed Flyway migration to loop over multiple schemas from env var, adding debug output.
core-services/egov-workflow-v2/src/main/java/org/egov/wf/repository/V1/BusinessServiceRepositoryV1.java	Added a newline at end of file.
core-services/gateway/src/main/java/com/example/gateway/constants/GatewayConstants.java	Added constants for pass-through gateway header name and value.
core-services/gateway/src/main/java/com/example/gateway/filters/pre/RequestEnrichmentFilter.java	Injected MultiStateInstanceUtil, added correlation ID and tenant header logic, refactored header addition.
core-services/gateway/src/main/java/com/example/gateway/filters/pre/helpers/AuthCheckFilterHelper.java	Injected CommonUtils and MultiStateInstanceUtil, added tenant ID validation and MDC population for central instances.
core-services/gateway/src/main/java/com/example/gateway/filters/pre/helpers/RequestEnrichmentFilterHelper.java	Code formatting improvements, clarified header mutation, added import.
core-services/gateway/src/main/java/com/example/gateway/utils/CommonUtils.java	Added new method getLowLevelTenatFromSet for tenant ID extraction.
core-services/libraries/services-common/src/main/java/org/egov/common/utils/MultiStateInstanceUtil.java	Improved tenantId parsing for central instances, handling IDs without dots safely.
core-services/pdf-service/migration/Dockerfile	Upgraded Flyway base image version and switched from CMD to ENTRYPOINT.
core-services/pdf-service/migration/migrate.sh	Removed ignoreMissingMigrations option from Flyway command.
core-services/pdf-service/src/EnvironmentVariables.js	Added DB_SSL config, made STATE_LEVEL_TENANT_ID environment-based, added newline.
core-services/pdf-service/src/queries.js	Added conditional SSL support for PostgreSQL connections based on environment variable.

Sequence Diagram(s)

Loading

sequenceDiagram
    participant Gateway as Gateway
    participant MultiStateInstanceUtil as MultiStateInstanceUtil
    participant CommonUtils as CommonUtils
    participant WorkflowService as WorkflowService
    participant UserService as UserService

    Gateway->>MultiStateInstanceUtil: Check if central instance
    alt Central Instance
        Gateway->>CommonUtils: Validate and set tenant ID
        Gateway->>Gateway: Add tenant ID header and correlation ID
    else Non-central
        Gateway->>Gateway: Add correlation ID only
    end
    Gateway->>WorkflowService: Forward request with headers
    WorkflowService->>UserService: Search user with tenant ID
    UserService-->>WorkflowService: Return user map

Possibly related PRs

• #718: Modifies .github/workflows/build.yaml for enhanced workflow triggers and Docker build logic.
• #735: Also updates build workflow service options, overlapping with this PR’s workflow input changes.
• #757: Related to Dockerfile path handling in the build workflow, which this PR now hardcodes.

Suggested reviewers

• GhanshyamRawat-eGov
• nikhilmulinti
• talele08

Poem

A rabbit hops through code so wide,
With tenants, headers, workflows tied.
Central or state, the logic flows,
Correlation IDs and SSL now grows.
Migrations loop, containers start,
Multi-tenant dreams—a bunny’s art!
🐇✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1248cc5 and 7fb3ee2.

📒 Files selected for processing (1)

• .github/workflows/build.yaml (7 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/build.yaml

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 21

🔭 Outside diff range comments (2)

core-services/gateway/src/main/java/com/example/gateway/filters/pre/helpers/RequestEnrichmentFilterHelper.java (1)

97-103: Same issue in other header methods.

Similar to addCorrelationIdHeader, both addUserInfoHeader and addPassThroughGatewayHeader create mutated requests but don't apply them to the exchange.

Apply the mutated requests to their respective exchanges to ensure headers are actually added.

Also applies to: 114-116

core-services/egov-workflow-v2/src/test/java/org/egov/wf/service/EnrichmentServiceTest.java (1)

126-144: Incomplete test method lacks assertions.

The EnrichProcessRequest() method sets up test data but doesn't invoke the service method or make any assertions. This test will always pass regardless of the actual functionality.

 void EnrichProcessRequest() {
     when(this.workflowUtil.getAuditDetails((String) any(), (Boolean) any())).thenReturn(new AuditDetails());
     when(this.userService.searchUser(anyString(), (RequestInfo) any(), (java.util.List<String>) any())).thenReturn(new HashMap<>());
 
     RequestInfo requestInfo = new RequestInfo();
     requestInfo.setUserInfo(new User());
 
     ProcessStateAndAction processStateAndAction = new ProcessStateAndAction();
     processStateAndAction.setAction(new Action());
     processStateAndAction.setCurrentState(new State());
     processStateAndAction.setProcessInstanceFromDb(new ProcessInstance());
     processStateAndAction.setProcessInstanceFromRequest(new ProcessInstance());
     processStateAndAction.setResultantState(new State());
 
     ArrayList<ProcessStateAndAction> processStateAndActionList = new ArrayList<>();
     processStateAndActionList.add(processStateAndAction);
+
+    // Add the actual method call and assertions
+    this.enrichmentService.enrichProcessRequest(requestInfo, processStateAndActionList);
+    verify(this.userService).searchUser(anyString(), (RequestInfo) any(), (java.util.List<String>) any());
 }

🧹 Nitpick comments (51)

core-services/pdf-service/src/queries.js (1)

15-15: Consider the security implications of rejectUnauthorized: false.

The SSL configuration uses rejectUnauthorized: false, which disables certificate validation. While this is common for development or self-signed certificates, it reduces security by making the connection vulnerable to man-in-the-middle attacks.

Consider making this configurable or documenting when this setting is appropriate.

-const sslConfig = ssl ? { rejectUnauthorized: false } : false;
+const sslConfig = ssl ? { 
+  rejectUnauthorized: process.env.DB_SSL_REJECT_UNAUTHORIZED !== 'false' 
+} : false;

core-services/egov-url-shortening/src/main/resources/application.properties (1)

68-76: Correct HTTP ignore URL patterns for metrics endpoint
The ignore-urls list contains /egov-url-shortening/promethus, which appears to be a typo. Update to /prometheus to properly exclude the metrics endpoint from tracing.

- otel.instrumentation.http.server.ignore-urls=/egov-url-shortening/health,/egov-url-shortening/promethus
+ otel.instrumentation.http.server.ignore-urls=/egov-url-shortening/health,/egov-url-shortening/prometheus

core-services/egov-workflow-v2/src/main/resources/application.properties (1)

80-81: Central instance flag consistency
The new is.environment.central.instance=true flag is introduced. Ensure this flag is documented and consistently consumed in application logic across services.

Consider centralizing environment flags in a shared properties or profile to avoid duplication and drift.

.github/DISCUSSION_TEMPLATE/sandbox.yml (1)

8-9: Remove trailing spaces for YAML lint compliance
Lines 8, 9, and 32 contain trailing whitespace, causing linter errors. Please trim them to satisfy YAMLlint.

- 8|        Use this form to raise a query, request, or report a bug you've come across in our Sandbox. 
+ 8|        Use this form to raise a query, request, or report a bug you've come across in our Sandbox.
- 9|        
+ 9|
- 32|    validations:
+ 32|    validations:

Also applies to: 32-32

core-services/egov-accesscontrol/CHANGELOG.md (1)

8-8: Standardize changelog bullet capitalization and casing
The bullet "- added variables in application.properties required for opentelemetry" should start with "Added" and use proper "OpenTelemetry" casing for consistency.

- added variables in application.properties required for opentelemetry
+ Added variables in application.properties required for OpenTelemetry

core-services/egov-mdms-service/CHANGELOG.md (1)

8-8: Standardize changelog bullet capitalization and casing
The bullet "- added variables in application.properties required for opentelemetry" should start with "Added" and use proper "OpenTelemetry" casing for consistency.

- added variables in application.properties required for opentelemetry
+ Added variables in application.properties required for OpenTelemetry

core-services/egov-location/CHANGELOG.md (1)

8-8: Standardize changelog bullet capitalization and casing
The bullet "- added variables in application.properties required for opentelemetry" should start with "Added" and use proper "OpenTelemetry" casing for consistency.

- added variables in application.properties required for opentelemetry
+ Added variables in application.properties required for OpenTelemetry

core-services/egov-localization/CHANGELOG.md (1)

7-7: Standardize changelog bullet capitalization and casing
The bullet "- added variables in application.properties required for opentelemetry" should start with "Added" and use proper "OpenTelemetry" casing for consistency.

- added variables in application.properties required for opentelemetry
+ Added variables in application.properties required for OpenTelemetry

core-services/audit-service/CHANGELOG.md (1)

6-6: Standardize changelog bullet capitalization and casing
The bullet "- added variables in application.properties required for opentelemetry" should start with "Added" and use proper "OpenTelemetry" casing for consistency.

- added variables in application.properties required for opentelemetry
+ Added variables in application.properties required for OpenTelemetry

core-services/egov-indexer/CHANGELOG.md (1)

6-8: Normalize changelog bullet style

Capitalize the "added" bullet to "Added" to match the style of other entries.

core-services/egov-persister/CHANGELOG.md (1)

5-7: Normalize changelog bullet style

Capitalize the "added" bullet to "Added" to match the style of other entries.

core-services/egov-filestore/CHANGELOG.md (1)

4-6: Normalize changelog bullet style

Capitalize the "added" bullet to "Added" to match the style of other entries.

core-services/egov-user-event/CHANGELOG.md (1)

4-6: Normalize changelog bullet style

Capitalize the "added" bullet to "Added" to match the style of other entries.

core-services/egov-notification-sms/CHANGELOG.md (1)

5-7: Normalize changelog bullet style

Capitalize the "added" bullet to "Added" to match the style of other entries.

core-services/gateway/CHANGELOG.MD (1)

4-6: Changelog entry style consistency
Capitalize the bullet (“- Added variables…” instead of “- added variables…”) to match other entries, and verify that the Maven POM for the gateway service has been bumped to version 2.9.1.

core-services/mdms-v2/CHANGELOG.md (1)

6-9: Changelog entry style consistency
Capitalize the bullet (“- Added variables…” instead of “- added variables…”) to match the file's existing formatting, and confirm that mdms-v2’s POM has been updated to 2.9.1.

core-services/egov-otp/CHANGELOG.md (1)

4-7: Changelog entry style consistency
Use “- Added variables…” (capital “A”) for the second bullet, and ensure the OTP service’s pom.xml version matches 2.9.1.

core-services/egov-notification-mail/CHANGELOG.md (1)

4-7: Changelog entry style consistency
Change “- added variables…” to “- Added variables…” for consistency, and verify the notification-mail module’s POM is on 2.9.1.

core-services/egov-enc-service/CHANGELOG.md (1)

6-9: Changelog entry style consistency
Capitalize “- Added variables…” in the second bullet, and confirm that the enc-service POM reflects version 2.9.1.

core-services/tenant/pom.xml (2)

24-41: Centralize OpenTelemetry BOM imports
The new <dependencyManagement> block standardizes OpenTelemetry BOM versions. To reduce duplication and ease future updates, consider moving these imports into the parent/root POM.

---

88-88: Upgrade tracer dependency to 2.9.1-SNAPSHOT
Verify that org.egov.services:tracer v2.9.1-SNAPSHOT remains API-compatible with existing code paths and workflows. Before GA, replace the SNAPSHOT with a stable release.

core-services/egov-filestore/pom.xml (2)

25-42: Import OpenTelemetry BOMs
This dependencyManagement section ensures consistent OTEL dependency versions. Consider moving it to a shared parent POM to avoid repeating the same block in multiple modules.

---

52-52: Update tracer dependency version
Ensure the new org.egov.services:tracer v2.9.1-SNAPSHOT is tested for compatibility. Prefer using a non-SNAPSHOT release for production.

core-services/egov-idgen/pom.xml (2)

23-40: Import OpenTelemetry BOMs
Adding BOM imports centralizes OTEL dependency management. To streamline maintenance, you might extract this block to the parent POM.

---

88-88: Bump tracer dependency to 2.9.1-SNAPSHOT
Verify backwards compatibility with existing instrumentation and consider switching to a released version instead of a SNAPSHOT.

core-services/egov-notification-mail/pom.xml (2)

22-39: Add OpenTelemetry BOM imports
Standardizes OTEL versions via dependencyManagement. Consider centralizing this in the root POM for DRYness.

---

81-81: Upgrade tracer dependency version
Ensure org.egov.services:tracer v2.9.1-SNAPSHOT is tested and stable; switch to a non-SNAPSHOT release before production rollout.

core-services/egov-localization/pom.xml (2)

22-39: Inject OpenTelemetry BOM imports
The new BOM block centralizes OTEL dependency versions. For easier maintenance, move it into the parent POM.

---

90-90: Update tracer dependency to 2.9.1-SNAPSHOT
Validate compatibility of the new tracer and plan to replace SNAPSHOT with a stable release.

core-services/egov-indexer/pom.xml (1)

25-42: Import OpenTelemetry BOMs for centralized OTel dependency management.
Good to centralize OTel versions; consider moving these imports into a shared parent POM to eliminate duplication across modules.

core-services/egov-location/pom.xml (1)

22-39: Add OpenTelemetry BOM imports for consistent OTel versioning.
These BOM entries should ideally reside in a common parent to prevent repeated definitions.

core-services/egov-otp/pom.xml (1)

25-42: Introduce OpenTelemetry BOM imports for dependency management.
Consider relocating these BOM imports to the parent POM for DRY.

core-services/egov-persister/pom.xml (1)

24-41: Import OpenTelemetry BOMs for centralized version control.
To reduce duplication, move these BOM sections to a shared parent module.

core-services/egov-enc-service/pom.xml (1)

21-38: Add OpenTelemetry BOMs under dependencyManagement.
These definitions could be centralized in the parent POM to avoid repetition.

core-services/egov-url-shortening/pom.xml (1)

26-43: Add OpenTelemetry BOM dependencyManagement
Centralizing OpenTelemetry versions via BOMs improves consistency. Consider moving this block into a parent POM if all services share it.

core-services/egov-user-event/pom.xml (1)

31-48: Introduce OpenTelemetry BOM dependencyManagement
Great to have centralized version control for OTEL artifacts. For ease of maintenance, evaluate lifting this into a shared parent POM.

core-services/audit-service/src/main/resources/application.properties (1)

66-75: Refine timezone and metrics-path configurations

1. The id.timezone=IST value is ambiguous; prefer an IANA identifier like Asia/Kolkata for consistency across environments.
2. The HTTP ignore URL /audit-service/promethus appears misspelled; confirm and correct to /audit-service/prometheus.

core-services/egov-mdms-service/src/main/resources/application.properties (1)

11-20: Fix metrics ignore-URLs typo
The property otel.instrumentation.http.server.ignore-urls=/egov-mdms-service/health,/egov-mdms-service/promethus should include the correct /prometheus endpoint.

core-services/service-request/src/main/resources/application.properties (1)

54-62: ```shell
#!/bin/bash
set -e

Search for Flyway references in the codebase

rg -n "flyway" -C2

Verify if the typo appears elsewhere

rg -n "promethus" -C2

</blockquote></details>
<details>
<summary>core-services/egov-workflow-v2/src/main/java/org/egov/wf/util/WorkflowUtil.java (1)</summary><blockquote>

`496-498`: **Clean up commented code.**

The logic change to use `tenantId` directly instead of `centralInstanceUtil.getStateLevelTenant(tenantId)` aligns with the improved tenant ID handling mentioned in the AI summary. However, consider removing the commented code for better code hygiene.



```diff
-            // String multiInstanceSchema = centralInstanceUtil.getStateLevelTenant(tenantId);
             try {
                 finalQuery = centralInstanceUtil.replaceSchemaPlaceholder(query, tenantId);

core-services/egov-indexer/src/main/java/org/egov/infra/indexer/custom/bpa/BPACustomDecorator.java (2)

201-204: Clean refactoring to use RequestInfoWrapper.

The change from creating and copying a RequestInfo object to using RequestInfoWrapper is a good refactoring that avoids potential issues with BeanUtils.copyProperties and makes the code more explicit.

Consider removing the commented code for better readability:

-//		RequestInfo bpaRequestInfo = new RequestInfo();
-//		BeanUtils.copyProperties(requestInfo, bpaRequestInfo);
 		RequestInfoWrapper bpaRequestInfo = new RequestInfoWrapper();
 		bpaRequestInfo.setRequestInfo(requestInfo);

---

434-437: Consistent RequestInfoWrapper usage.

Good consistency in applying the same RequestInfoWrapper pattern as used in the fetchPermitNumber method.

Consider removing the commented code here as well:

-//		RequestInfo bpaRequestInfo = new RequestInfo();
-//		BeanUtils.copyProperties(requestInfo, bpaRequestInfo);
 		RequestInfoWrapper bpaRequestInfo = new RequestInfoWrapper();
 		bpaRequestInfo.setRequestInfo(requestInfo);

core-services/libraries/tracer/src/main/java/org/egov/tracer/validators/HTMLValidator.java (1)

1-23: Review null handling and validation strictness.

The HTML validator implementation is generally sound, but consider these improvements:

1. Null handling: Returning true for null values delegates null validation to other annotations. Consider if this aligns with your validation strategy.

2. Safelist choice: Safelist.basic() allows basic HTML tags (b, em, i, strong, u, etc.). Verify this matches your security requirements - you might need Safelist.none() for stricter validation.

3. Error messaging: Consider providing custom error messages through the ConstraintValidatorContext.

If stricter validation is needed, consider this approach:

 @Override
 public boolean isValid(String s, ConstraintValidatorContext constraintValidatorContext) {
-    if (s == null) return true; // handle null case based on your requirements
-    return Jsoup.isValid(s, Safelist.basic());
+    if (s == null) return true; // Use @NotNull separately if null validation needed
+    boolean isValid = Jsoup.isValid(s, Safelist.basic());
+    if (!isValid) {
+        constraintValidatorContext.disableDefaultConstraintViolation();
+        constraintValidatorContext.buildConstraintViolationWithTemplate(
+            "Input contains unsafe HTML content").addConstraintViolation();
+    }
+    return isValid;
 }

core-services/egov-indexer/src/main/resources/application.properties (1)

128-129: Evaluate detailed tracing config
tracer.detailed.tracing.enabled=true may be redundant given OTEL settings. Consider consolidating under otel.* namespace or removing deprecated properties.

core-services/egov-workflow-v2/src/test/java/org/egov/wf/producer/ProducerTest.java (1)

44-44: Consider removing unused mock setup.

The tests still mock workflowConfig.getIsEnvironmentCentralInstance() on lines 38, 50, and 62, but these calls are no longer verified since the logic has been moved to MultiStateInstanceUtil. Consider removing these mock setups if they're not used by the actual implementation.

-        when(workflowConfig.getIsEnvironmentCentralInstance()).thenReturn(true);

Apply similar changes to lines 50 and 62 unless the Producer implementation still uses these method calls.

Also applies to: 56-56, 68-68

core-services/libraries/tracer/src/main/java/org/egov/tracer/config/TracerConfiguration.java (1)

61-74: Consider removing commented code after OpenTelemetry migration is complete.

The commented Noop tracer bean suggests this is part of a transition from OpenTracing to OpenTelemetry. Consider removing this commented code once the migration is fully complete and tested.

-//    /**
-//     * Disable open tracing by injecting a Noop
-//     *
-//     * @return Noop tracer
-//     */
-//    @Bean
-//    @ConditionalOnProperty(
-//            name = {"tracer.opentracing.enabled"},
-//            havingValue = "false",
-//            matchIfMissing = true
-//    )
-//    public io.opentracing.Tracer tracer() {
-//        return NoopTracerFactory.create();
-//    }

build/maven-java8/Dockerfile (2)

12-12: Consider the implications of skipping tests.

While -DskipTests speeds up builds, ensure this aligns with your CI/CD strategy. Consider running tests in a separate pipeline stage for production deployments.

---

16-16: Consider using a more secure base image.

Alpine images are lightweight but openjdk:8-jdk-alpine is quite old. Consider upgrading to a more recent OpenJDK version or using distroless images for better security.

-FROM openjdk:8-jdk-alpine AS runtime
+FROM openjdk:17-jre-alpine AS runtime

core-services/gateway/src/main/java/com/example/gateway/filters/pre/helpers/AuthCheckFilterHelper.java (1)

56-56: Potential typo in method name.

The method name getLowLevelTenatFromSet appears to have a typo - should it be getLowLevelTenantFromSet?

#!/bin/bash
# Verify the correct method name in CommonUtils
ast-grep --pattern 'getLowLevelTenatFromSet($_)'

.github/workflows/build.yaml (2)

135-137: Simplify and secure tag generation logic.

The complex tag generation logic with grep and sort could be error-prone and might not handle edge cases properly.

Consider using a more robust tagging strategy:

-            LATEST_TAG=$(echo "$EXISTING_TAGS" | grep "^${BRANCH}-${COMMIT_HASH}" || true | sort -V | tail -n 1)
-            NEXT_TAG="${LATEST_TAG:-${BRANCH}-${COMMIT_HASH}}"
+            # Use semantic versioning or timestamp-based tags
+            TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+            NEXT_TAG="${BRANCH}-${COMMIT_HASH}-${TIMESTAMP}"

---

146-154: Verify multi-architecture build performance.

Building for multiple architectures (amd64, arm64) significantly increases build time. Consider if both architectures are actually needed for your deployment targets.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3b238aa and 1248cc5.

📒 Files selected for processing (96)

• .github/DISCUSSION_TEMPLATE/sandbox.yml (1 hunks)
• .github/workflows/build.yaml (1 hunks)
• build/build-config.yml (1 hunks)
• build/maven-java8/Dockerfile (1 hunks)
• build/maven/Dockerfile (1 hunks)
• core-services/audit-service/CHANGELOG.md (1 hunks)
• core-services/audit-service/pom.xml (2 hunks)
• core-services/audit-service/src/main/resources/application.properties (2 hunks)
• core-services/boundary-service/pom.xml (3 hunks)
• core-services/boundary-service/src/main/resources/application.properties (2 hunks)
• core-services/egov-accesscontrol/CHANGELOG.md (1 hunks)
• core-services/egov-accesscontrol/pom.xml (3 hunks)
• core-services/egov-accesscontrol/src/main/resources/application.properties (2 hunks)
• core-services/egov-accesscontrol/src/main/resources/db/Dockerfile (0 hunks)
• core-services/egov-enc-service/CHANGELOG.md (1 hunks)
• core-services/egov-enc-service/pom.xml (3 hunks)
• core-services/egov-enc-service/src/main/resources/application.properties (2 hunks)
• core-services/egov-filestore/CHANGELOG.md (1 hunks)
• core-services/egov-filestore/pom.xml (3 hunks)
• core-services/egov-filestore/src/main/resources/application.properties (2 hunks)
• core-services/egov-idgen/CHANGELOG.md (1 hunks)
• core-services/egov-idgen/pom.xml (3 hunks)
• core-services/egov-idgen/src/main/resources/application.properties (2 hunks)
• core-services/egov-indexer/CHANGELOG.md (1 hunks)
• core-services/egov-indexer/pom.xml (3 hunks)
• core-services/egov-indexer/src/main/java/org/egov/infra/indexer/custom/bpa/BPACustomDecorator.java (2 hunks)
• core-services/egov-indexer/src/main/resources/application.properties (2 hunks)
• core-services/egov-localization/CHANGELOG.md (1 hunks)
• core-services/egov-localization/pom.xml (3 hunks)
• core-services/egov-localization/src/main/resources/application.properties (2 hunks)
• core-services/egov-location/CHANGELOG.md (1 hunks)
• core-services/egov-location/pom.xml (3 hunks)
• core-services/egov-location/src/main/resources/application.properties (2 hunks)
• core-services/egov-mdms-service/CHANGELOG.md (1 hunks)
• core-services/egov-mdms-service/pom.xml (3 hunks)
• core-services/egov-mdms-service/src/main/resources/application.properties (1 hunks)
• core-services/egov-notification-mail/CHANGELOG.md (1 hunks)
• core-services/egov-notification-mail/pom.xml (3 hunks)
• core-services/egov-notification-mail/src/main/resources/application.properties (2 hunks)
• core-services/egov-notification-sms/CHANGELOG.md (1 hunks)
• core-services/egov-notification-sms/pom.xml (4 hunks)
• core-services/egov-notification-sms/src/main/resources/application.properties (2 hunks)
• core-services/egov-otp/CHANGELOG.md (1 hunks)
• core-services/egov-otp/pom.xml (3 hunks)
• core-services/egov-otp/src/test/resources/application.properties (1 hunks)
• core-services/egov-persister/CHANGELOG.md (1 hunks)
• core-services/egov-persister/pom.xml (3 hunks)
• core-services/egov-persister/src/main/resources/application.properties (2 hunks)
• core-services/egov-pg-service/CHANGELOG.md (1 hunks)
• core-services/egov-pg-service/pom.xml (2 hunks)
• core-services/egov-pg-service/src/main/resources/application.properties (2 hunks)
• core-services/egov-url-shortening/CHANGELOG.md (1 hunks)
• core-services/egov-url-shortening/pom.xml (3 hunks)
• core-services/egov-url-shortening/src/main/resources/application.properties (2 hunks)
• core-services/egov-user-event/CHANGELOG.md (1 hunks)
• core-services/egov-user-event/pom.xml (3 hunks)
• core-services/egov-user-event/src/main/resources/application.properties (2 hunks)
• core-services/egov-workflow-v2/CHANGELOG.md (1 hunks)
• core-services/egov-workflow-v2/pom.xml (3 hunks)
• core-services/egov-workflow-v2/src/main/java/org/egov/wf/producer/Producer.java (2 hunks)
• core-services/egov-workflow-v2/src/main/java/org/egov/wf/repository/EscalationRepository.java (3 hunks)
• core-services/egov-workflow-v2/src/main/java/org/egov/wf/repository/V1/BusinessServiceRepositoryV1.java (1 hunks)
• core-services/egov-workflow-v2/src/main/java/org/egov/wf/service/EnrichmentService.java (3 hunks)
• core-services/egov-workflow-v2/src/main/java/org/egov/wf/service/UserService.java (1 hunks)
• core-services/egov-workflow-v2/src/main/java/org/egov/wf/util/WorkflowUtil.java (1 hunks)
• core-services/egov-workflow-v2/src/main/resources/application.properties (2 hunks)
• core-services/egov-workflow-v2/src/main/resources/db/migrate.sh (1 hunks)
• core-services/egov-workflow-v2/src/test/java/org/egov/wf/producer/ProducerTest.java (5 hunks)
• core-services/egov-workflow-v2/src/test/java/org/egov/wf/repository/EscalationRepositoryTest.java (2 hunks)
• core-services/egov-workflow-v2/src/test/java/org/egov/wf/service/EnrichmentServiceTest.java (27 hunks)
• core-services/egov-workflow-v2/src/test/java/org/egov/wf/service/UserServiceTest.java (3 hunks)
• core-services/gateway/CHANGELOG.MD (1 hunks)
• core-services/gateway/pom.xml (4 hunks)
• core-services/gateway/src/main/java/com/example/gateway/constants/GatewayConstants.java (1 hunks)
• core-services/gateway/src/main/java/com/example/gateway/filters/pre/RequestEnrichmentFilter.java (3 hunks)
• core-services/gateway/src/main/java/com/example/gateway/filters/pre/helpers/AuthCheckFilterHelper.java (3 hunks)
• core-services/gateway/src/main/java/com/example/gateway/filters/pre/helpers/RequestEnrichmentFilterHelper.java (5 hunks)
• core-services/gateway/src/main/java/com/example/gateway/utils/CommonUtils.java (1 hunks)
• core-services/gateway/src/main/resources/application.properties (2 hunks)
• core-services/libraries/services-common/src/main/java/org/egov/common/utils/MultiStateInstanceUtil.java (2 hunks)
• core-services/libraries/tracer/pom.xml (3 hunks)
• core-services/libraries/tracer/src/main/java/org/egov/tracer/annotations/CustomSafeHtml.java (1 hunks)
• core-services/libraries/tracer/src/main/java/org/egov/tracer/config/TracerConfiguration.java (3 hunks)
• core-services/libraries/tracer/src/main/java/org/egov/tracer/validators/HTMLValidator.java (1 hunks)
• core-services/mdms-v2/CHANGELOG.md (1 hunks)
• core-services/mdms-v2/pom.xml (3 hunks)
• core-services/mdms-v2/src/main/resources/application.properties (2 hunks)
• core-services/pdf-service/migration/Dockerfile (2 hunks)
• core-services/pdf-service/migration/migrate.sh (1 hunks)
• core-services/pdf-service/src/EnvironmentVariables.js (2 hunks)
• core-services/pdf-service/src/queries.js (1 hunks)
• core-services/service-request/CHANGELOG.md (1 hunks)
• core-services/service-request/pom.xml (3 hunks)
• core-services/service-request/src/main/resources/application.properties (2 hunks)
• core-services/tenant/pom.xml (2 hunks)
• core-services/tenant/src/main/resources/application.properties (2 hunks)

💤 Files with no reviewable changes (1)

• core-services/egov-accesscontrol/src/main/resources/db/Dockerfile

🧰 Additional context used

🧠 Learnings (1)

core-services/libraries/services-common/src/main/java/org/egov/common/utils/MultiStateInstanceUtil.java (1)

Learnt from: holashchand
PR: egovernments/Digit-Core#739
File: core-services/mdms-v2/src/main/java/org/egov/infra/mdms/repository/impl/SchemaDefinitionDbRepositoryImpl.java:70-77
Timestamp: 2025-05-22T11:05:57.893Z
Learning: In the MDMS V2 service, tenant ID validation is performed in the MultiStateInstanceUtil.replaceSchemaPlaceholder method, which checks that the tenant ID contains a dot and has sufficient length for schema extraction in a central instance environment.

🪛 actionlint (1.7.7)

.github/workflows/build.yaml

87-87: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

90-90: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

93-93: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

101-101: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🪛 markdownlint-cli2 (0.17.2)

core-services/egov-idgen/CHANGELOG.md

15-15: Multiple headings with the same content
null

(MD024, no-duplicate-heading)

🪛 YAMLlint (1.37.1)

.github/DISCUSSION_TEMPLATE/sandbox.yml

[error] 8-8: trailing spaces

(trailing-spaces)

---

[error] 9-9: trailing spaces

(trailing-spaces)

---

[error] 32-32: trailing spaces

(trailing-spaces)

🔇 Additional comments (140)

core-services/pdf-service/migration/migrate.sh (1)

3-3: Verify that removing -ignoreMissingMigrations=true won't break existing deployments.

The removal of this flag makes migrations stricter by ensuring all migrations in the sequence are present. This is generally a good practice for maintaining migration integrity, but could cause failures if there are actual missing migrations in existing environments.

#!/bin/bash
# Description: Check if there are any references to missing migrations or migration gaps in the codebase
# Expected: No issues found, or proper handling of migration gaps

# Search for any documentation or comments about missing migrations
rg -i "missing.*migration|migration.*missing|migration.*gap" --type-add 'docs:*.md,*.txt,*.rst' -t docs

# Search for any flyway configuration that might reference missing migrations
rg -i "ignoreMissingMigrations|missing.*migration" --type-add 'config:*.properties,*.yml,*.yaml,*.conf' -t config

# Check migration files for any gaps or unusual patterns
fd -e sql . core-services/pdf-service/migration/ddl | head -20

core-services/pdf-service/migration/Dockerfile (2)

1-1: Major Flyway version upgrade looks good.

The upgrade from 4.1.2 to 10.7.1 is a significant jump that brings many improvements, security fixes, and feature updates. This aligns well with the removal of -ignoreMissingMigrations=true in the migration script.

---

11-11: Good practice using ENTRYPOINT over CMD.

Using ENTRYPOINT instead of CMD is more appropriate for containers that execute a specific script, as it prevents the command from being easily overridden.

core-services/pdf-service/src/queries.js (1)

12-16: SSL configuration implementation looks correct.

The implementation properly handles string-to-boolean conversion for the DB_SSL environment variable and integrates well with the environment configuration.

core-services/egov-workflow-v2/src/main/resources/db/migrate.sh (2)

2-6: Good debug logging for troubleshooting multi-schema migrations.

The debug echo statements will be helpful for troubleshooting migration issues across different schemas.

---

8-20: Excellent implementation of multi-schema migration support.

The implementation demonstrates several good practices:

• Uses portable tr command for shell compatibility instead of bash-specific features
• Properly constructs schema-specific database URLs using currentSchema parameter
• Runs migrations separately for each schema, which is appropriate for multi-tenant architectures
• Maintains all original Flyway parameters including the stricter migration settings

This aligns well with the central instance architecture mentioned in the PR objectives.

core-services/pdf-service/src/EnvironmentVariables.js (3)

26-26: Good security practice defaulting DB_SSL to true.

Defaulting SSL to enabled is a secure-by-default approach that aligns with security best practices.

---

39-39: Consistent ES6 module export.

The export default statement is the appropriate ES6 module syntax and maintains consistency with modern JavaScript practices.

---

37-37: Verify the STATE_LEVEL_TENANT_ID default value change won't break existing deployments.

The default value changed from "in.stateb" to "pg". While making this configurable is good for multi-tenant support, ensure this default change won't break existing deployments that rely on the previous hardcoded value.

#!/bin/bash
# Description: Check for any hardcoded references to the old STATE_LEVEL_TENANT_ID value
# Expected: Either no references found or proper handling of the change

# Search for hardcoded references to the old default value
rg -i "in\.stateb" --type-add 'js:*.js,*.ts,*.jsx,*.tsx' -A 3 -B 3

# Search for any configuration or documentation mentioning state level tenant ID
rg -i "state.*level.*tenant|tenant.*state.*level" --type-add 'docs:*.md,*.txt,*.rst' -t docs -A 2 -B 2

core-services/egov-enc-service/src/main/resources/application.properties (1)

7-12: ```shell
#!/bin/bash

Check for any OpenTelemetry JDBC instrumentation dependency in all pom.xml files

find . -name "pom.xml" -exec grep -H "opentelemetry" {} ;

</details>
<details>
<summary>core-services/egov-url-shortening/src/main/resources/application.properties (1)</summary>

`11-11`: Let’s check the tracer POM for the OTEL JDBC instrumentation dependency:


```shell
#!/bin/bash
# Look for JDBC instrumentation in tracer’s pom.xml
rg -n "io.opentelemetry.instrumentation.jdbc" -g core-services/libraries/tracer/pom.xml
rg -n "opentelemetry-jdbc" -g core-services/libraries/tracer/pom.xml

core-services/egov-workflow-v2/src/main/resources/application.properties (1)

7-7: Let’s confirm whether the BOM actually includes the JDBC module by searching for “jdbc” and the full artifact tag:

#!/bin/bash
BOM_URL="https://repo1.maven.org/maven2/io/opentelemetry/instrumentation/opentelemetry-instrumentation-bom-alpha/2.1.0-alpha/opentelemetry-instrumentation-bom-alpha-2.1.0-alpha.pom"

echo "Searching for JDBC artifactId in BOM..."
curl -s "$BOM_URL" | grep -n "<artifactId>opentelemetry-instrumentation-jdbc</artifactId>"

echo -e "\nSearching for any ‘jdbc’ references in BOM..."
curl -s "$BOM_URL" | grep -n "jdbc"

core-services/egov-workflow-v2/src/main/java/org/egov/wf/repository/V1/BusinessServiceRepositoryV1.java (1)

225-225: No functional changes detected
Only a newline was added at the end of the file. Approved.

core-services/service-request/CHANGELOG.md (2)

4-6: Document new 2.9.1 release entry
The changelog correctly captures the tracer upgrade and the addition of OpenTelemetry configuration variables.

---

14-15: Confirm MDMS-client upgrade entry
The 2.9.0 section accurately reflects the MDMS-client version bump.

core-services/egov-url-shortening/CHANGELOG.md (1)

6-8: Add 2.9.1 changelog entry
This correctly notes the tracer bump and OpenTelemetry property additions.

core-services/egov-pg-service/CHANGELOG.md (1)

6-8: Add 2.9.1 changelog entry
Entry accurately describes the tracer upgrade and new OpenTelemetry properties.

core-services/egov-workflow-v2/CHANGELOG.md (1)

9-11: Add 2.9.1 changelog entry
The new version header and bullets are consistent with other modules' OpenTelemetry updates.

core-services/egov-filestore/pom.xml (1)

15-15: Increment project version to 2.9.1-SNAPSHOT
Version bump aligns with the coordinated release across core services.

core-services/egov-idgen/pom.xml (1)

13-13: Increment project version to 2.9.1-SNAPSHOT
Matches the versioning scheme used by other core services in this PR.

core-services/egov-notification-mail/pom.xml (1)

12-12: Increment project version to 2.9.1-SNAPSHOT
Consistent version update with other modules.

core-services/egov-localization/pom.xml (1)

12-12: Increment project version to 2.9.1-SNAPSHOT
Aligns with the coordinated version bump across services.

core-services/egov-workflow-v2/pom.xml (3)

7-7: Confirm version consistency with parent and downstream modules.

Project version bumped to 2.9.1-SNAPSHOT. Ensure this aligns with your release plan and that all dependent modules reference the same version.

---

28-45: Validate OpenTelemetry BOM import.

Imported opentelemetry-bom:1.35.0 and opentelemetry-instrumentation-bom-alpha:2.1.0-alpha. Verify compatibility across modules and avoid conflicting transitive dependencies.

---

68-68: Sync tracer dependency version with project version.

Updated org.egov.services:tracer to 2.9.1-SNAPSHOT—ensure the corresponding artifact is published and matches this version.

core-services/egov-mdms-service/pom.xml (3)

12-12: Bump project version to 2.9.1-SNAPSHOT.

Confirm the version increment aligns with the release plan and is consistent across all egov-mdms modules.

---

22-39: Import OpenTelemetry BOMs for centralized tracing.

Adding the same BOMs as other core-services—ensure no version drift or overlap with existing dependencies.

---

73-73: Update tracer dependency to match service version.

org.egov.services:tracer updated to 2.9.1-SNAPSHOT—verify that this snapshot is available in your artifacts repository.

build/build-config.yml (1)

477-483: Verify keycloak-spi build configuration.

New job for core-services/keycloak-spi added. Confirm that:

• The core-services/keycloak-spi/Dockerfile path exists.
• image-name: "keycloak" is the intended naming (consider using keycloak-spi for clarity).
• This service is included in the GitHub Actions workflow.

core-services/mdms-v2/pom.xml (3)

14-14: Increment project version to 1.3.3-SNAPSHOT.

Ensure downstream consumers and release documentation reflect this bump.

---

25-42: Centralize OpenTelemetry dependency management.

Imported BOMs for opentelemetry; verify alignment with other modules and absence of conflicting versions.

---

61-61: Align tracer dependency with version bump.

org.egov.services:tracer set to 2.9.1-SNAPSHOT—confirm availability in your snapshot repository.

core-services/egov-workflow-v2/src/test/java/org/egov/wf/repository/EscalationRepositoryTest.java (1)

14-14: Import of WorkflowUtil is correct.

WorkflowUtil added as a dependency—ensure it's used or stubbed in tests to avoid unused import warnings.

core-services/egov-indexer/pom.xml (2)

13-13: Bump project version to 2.9.1-SNAPSHOT.
Version increment is consistent with the overall release.

---

53-53: Update tracer dependency to 2.9.1-SNAPSHOT.
Verify that this snapshot is available in the configured Nexus repository ahead of the release.

core-services/egov-location/pom.xml (2)

12-12: Bump project version to 2.9.1-SNAPSHOT.
Alignment with the other core services is correct.

---

75-75: Upgrade tracer dependency to 2.9.1-SNAPSHOT.
Please confirm the snapshot is published and resolvable via CI.

core-services/egov-otp/pom.xml (2)

13-13: Bump project version to 2.9.1-SNAPSHOT.
Matches the coordinated service version updates.

---

117-117: Update tracer dependency to 2.9.1-SNAPSHOT.
Ensure the tracer snapshot is published before merging.

core-services/egov-persister/pom.xml (2)

12-12: Bump project version to 2.9.1-SNAPSHOT.
Version bump is correct and consistent.

---

88-88: Upgrade tracer dependency to 2.9.1-SNAPSHOT.
Verify availability of this snapshot in your artifact repository.

core-services/egov-enc-service/pom.xml (2)

12-12: Bump project version to 2.9.1-SNAPSHOT.
Aligned with the multi-service version rollout.

---

70-70: Update tracer dependency to 2.9.1-SNAPSHOT.
Confirm the new tracer version is published and accessible.

core-services/egov-url-shortening/pom.xml (2)

5-5: Version bumped to 2.9.1-SNAPSHOT
Confirmed the module version aligns with the overall release plan.

---

71-71: Update tracer dependency to 2.9.1-SNAPSHOT
Matches the new service version—ensure all modules referencing org.egov.services:tracer have been updated similarly.

core-services/egov-localization/src/main/resources/application.properties (1)

15-15: Enable OpenTelemetry JDBC driver
Make sure the OpenTelemetry JDBC driver artifact is on the classpath (either via your tracer dependency or an explicit io.opentelemetry.instrumentation:opentelemetry-jdbc dependency).

core-services/egov-otp/src/test/resources/application.properties (1)

5-5: Enable OpenTelemetry JDBC driver in tests
Verify the test classpath includes the instrumentation driver jar to avoid runtime failures during test startup.

core-services/egov-notification-mail/src/main/resources/application.properties (1)

5-5: Switch to OpenTelemetry JDBC driver
Ensure that your build includes the instrumentation driver dependency; otherwise DB connections will fail.

core-services/egov-user-event/pom.xml (2)

9-9: Version bumped to 1.2.1_beta-SNAPSHOT
Check that downstream services and documentation reflect this new beta version.

---

79-79: Update tracer dependency to 2.9.1-SNAPSHOT
Consistent with other modules—ensure no legacy references remain.

core-services/gateway/src/main/resources/application.properties (1)

6-6: Confirm OpenTelemetry JDBC driver integration
Switching to io.opentelemetry.instrumentation.jdbc.OpenTelemetryDriver requires the corresponding OpenTelemetry JDBC instrumentation dependency on the classpath. Ensure that the gateway’s Maven POM includes the instrumentation driver and that no fallback to the original driver is needed.

core-services/audit-service/src/main/resources/application.properties (1)

7-7: Approve: OpenTelemetry JDBC driver switch
Replacing the standard driver with the OpenTelemetry instrumentation driver is consistent with the service-wide tracing strategy.

core-services/boundary-service/pom.xml (3)

7-7: Verify version bump for boundary-service
Project version updated to 1.0.1. Ensure downstream modules and CI pipelines are aligned with this new version.

---

34-51: Approve: Centralized OpenTelemetry BOM imports
Adding opentelemetry-bom and opentelemetry-instrumentation-bom-alpha under <dependencyManagement> is correct for consistent tracing dependency versions across the module.

---

91-91: Approve: tracer dependency version update
Updating org.egov.services:tracer to 2.9.1-SNAPSHOT aligns with the BOM and other core services.

core-services/egov-mdms-service/src/main/resources/application.properties (1)

4-4: Approve: OpenTelemetry JDBC driver usage
Switching the datasource driver to the OpenTelemetry instrumentation driver matches the observability rollout in other services.

core-services/service-request/pom.xml (3)

7-7: Approve: service-request version update
Bumping the version to 2.9.1-SNAPSHOT is consistent with the platform-wide release.

---

26-43: Approve: OpenTelemetry BOM management
Importing opentelemetry-bom and opentelemetry-instrumentation-bom-alpha ensures unified dependency versions for tracing across the service-request module.

---

89-90: Approve: tracer dependency alignment
Updating the tracer dependency to 2.9.1-SNAPSHOT aligns with the project and BOM versions.

core-services/libraries/tracer/src/main/java/org/egov/tracer/annotations/CustomSafeHtml.java (1)

1-19: Annotation definition looks correct.
The CustomSafeHtml constraint interface properly declares message, groups, and payload, and points to HTMLValidator for runtime validation.

core-services/egov-accesscontrol/pom.xml (3)

8-8: Version bump is accurate.
Updating project version to 2.9.1-SNAPSHOT aligns with the tracer library update.

---

28-45: Dependency management for OpenTelemetry BOMs added.
The <dependencyManagement> section correctly imports opentelemetry-bom:1.35.0 and opentelemetry-instrumentation-bom-alpha:2.1.0-alpha.

---

56-56: Tracer dependency version updated.
Switching org.egov.services:tracer to 2.9.1-SNAPSHOT ensures consistency with the project version.

core-services/service-request/src/main/resources/application.properties (2)

7-7: Replace JDBC driver with OpenTelemetry driver.
Setting spring.datasource.driver-class-name to OpenTelemetryDriver enables tracing of database calls.

---

53-53: New egov.max.string.input.size property added.
The default max string length of 8192 seems reasonable.

core-services/gateway/pom.xml (4)

13-13: Gateway version bumped correctly.
Version updated from 1.0.0-SNAPSHOT to 1.0.1-SNAPSHOT.

---

23-40: Imported OpenTelemetry BOMs via dependencyManagement.
Centralizing OTEL dependencies with the BOMs is consistent with other modules.

---

74-74: Verify alignment of services-common version.
You updated tracer to 2.9.1-SNAPSHOT but left services-common at 2.9.0-SNAPSHOT—please ensure this mismatch is intentional.

---

85-89: Added Apache HttpClient dependency.
Including httpclient:4.5.14 complements the Gateway’s HTTP needs.

core-services/egov-notification-sms/pom.xml (4)

7-7: Project version updated to 2.9.1-SNAPSHOT.
This aligns with the platform-wide tracer upgrade.

---

26-43: DependencyManagement for OpenTelemetry BOMs added.
Importing OTEL BOMs here standardizes instrumentation across services.

---

91-91: Tracer dependency bumped to 2.9.1-SNAPSHOT.
Ensures this module uses the latest tracer library.

---

107-107: enc-client version updated to 2.9.1.
Matches other modules’ upgrades and avoids runtime mismatches.

core-services/egov-pg-service/pom.xml (3)

12-12: Version increment looks good.

The project version has been appropriately incremented from 2.9.0-SNAPSHOT to 2.9.1-SNAPSHOT, which aligns with the broader service updates mentioned in the PR summary.

---

92-92: Tracer dependency version alignment is correct.

The tracer dependency version has been properly updated to 2.9.1-SNAPSHOT to match the project version increment.

---

18-35: Verify OpenTelemetry BOM versions are current and secure.

The OpenTelemetry dependency management configuration looks correct for enabling distributed tracing. However, please verify that these versions are current and free from known vulnerabilities.

What are the latest stable versions of OpenTelemetry BOM (opentelemetry-bom) and OpenTelemetry Instrumentation BOM Alpha (opentelemetry-instrumentation-bom-alpha)?

core-services/audit-service/pom.xml (3)

12-12: Consistent version increment across services.

The version increment to 2.9.1-SNAPSHOT is consistent with the platform-wide update for OpenTelemetry integration.

---

18-35: OpenTelemetry BOM configuration is consistent.

The dependency management section correctly imports the same OpenTelemetry BOMs as other services, ensuring version consistency across the platform.

---

73-73: Tracer dependency properly aligned.

The tracer dependency version update maintains consistency with the project version and other services in the platform.

core-services/egov-notification-sms/src/main/resources/application.properties (2)

34-34: JDBC driver change enables database tracing.

The switch to io.opentelemetry.instrumentation.jdbc.OpenTelemetryDriver will automatically instrument database calls for distributed tracing. Ensure that the underlying PostgreSQL driver is still accessible through the classpath.

---

94-102: OpenTelemetry configuration looks comprehensive.

The tracing configuration is well-structured:

• OTLP exporter for trace data
• Appropriate service naming
• Logs/metrics disabled (traces only)
• Kafka instrumentation with experimental attributes
• Health/metrics endpoints excluded from tracing

core-services/egov-idgen/src/main/resources/application.properties (2)

4-4: Consistent JDBC driver instrumentation.

The OpenTelemetry JDBC driver change aligns with the platform-wide tracing integration and will provide visibility into database operations.

---

30-38: Standard OpenTelemetry configuration implemented.

The tracing configuration follows the established pattern across services with appropriate service naming (egov-idgen) and consistent endpoint configuration.

core-services/egov-workflow-v2/src/test/java/org/egov/wf/service/UserServiceTest.java (1)

55-55: Test methods properly updated for new searchUser signature.

All test invocations of searchUser have been consistently updated to include the tenantId parameter ("dev") as the first argument, reflecting the API signature change. The test logic remains intact while accommodating the tenant-aware user search functionality.

Also applies to: 69-69, 98-98

core-services/egov-workflow-v2/src/main/java/org/egov/wf/repository/EscalationRepository.java (3)

5-5: Good integration of WorkflowUtil dependency.

The addition of WorkflowUtil import supports the tenant-aware schema handling enhancement.

---

25-25: Proper dependency injection implementation.

The WorkflowUtil is correctly injected via constructor, following Spring's dependency injection best practices.

Also applies to: 28-32

---

44-44: Effective schema placeholder replacement.

The query is properly processed through util.replaceSchemaPlaceholder before execution, ensuring correct tenant-aware schema resolution in database operations.

core-services/egov-persister/src/main/resources/application.properties (2)

1-1: OpenTelemetry JDBC driver integration looks good.

The switch to io.opentelemetry.instrumentation.jdbc.OpenTelemetryDriver enables database operation tracing as part of the broader observability enhancement.

---

58-67: Verify OpenTelemetry configuration settings.

The OpenTelemetry configuration appears comprehensive, but please verify that the Jaeger collector endpoint http://jaeger-collector.tracing:4318 is correct for your environment.

What is the correct endpoint format for OpenTelemetry OTLP exporter with Jaeger collector?

core-services/gateway/src/main/java/com/example/gateway/constants/GatewayConstants.java (1)

38-40: LGTM! Well-defined header constants.

The new constants follow proper HTTP header naming conventions and align with the existing code structure. These will help maintain consistency across the gateway filters for pass-through functionality.

core-services/egov-workflow-v2/src/main/java/org/egov/wf/service/UserService.java (2)

51-51: Proper tenant ID assignment.

The tenant ID is correctly set on the UserSearchRequest, ensuring tenant-aware user searches.

---

47-47: Verify all callers have been updated for the new method signature.

The addition of the tenantId parameter correctly implements tenant-aware user searching. However, ensure that all existing callers of this method have been updated to provide the tenant ID parameter.

#!/bin/bash
# Description: Find all callers of searchUser method to verify they've been updated for the new signature
# Expected: All calls should now include tenantId parameter

echo "Searching for calls to searchUser method..."
rg -A 3 -B 1 "searchUser\(" --type java

echo -e "\nSearching for UserService bean usage..."
rg -A 5 -B 2 "userService\.searchUser" --type java

core-services/egov-user-event/src/main/resources/application.properties (2)

74-82: Comprehensive OpenTelemetry configuration.

The OpenTelemetry configuration is well-structured:

• OTLP exporter properly configured with Jaeger endpoint
• Service name clearly identifies the component
• Unnecessary exporters (logs/metrics) disabled for performance
• Kafka instrumentation enabled with experimental attributes
• Health endpoints properly excluded from tracing

#!/bin/bash
# Description: Verify Jaeger collector endpoint is accessible
# Expected: HTTP 200 or appropriate response from the endpoint

echo "Testing Jaeger collector endpoint accessibility..."
curl -I http://jaeger-collector.tracing:4318/v1/traces 2>/dev/null || echo "Endpoint not accessible from current environment"

echo -e "\nNote: This endpoint should be accessible from the application's runtime environment"

---

2-2: Verify OpenTelemetry JDBC driver compatibility.

The migration from PostgreSQL driver to OpenTelemetry JDBC driver is correct for enabling database tracing. Ensure that the OpenTelemetry JDBC driver is compatible with your PostgreSQL version and doesn't introduce performance overhead.

What is the latest version of OpenTelemetry JDBC instrumentation and its compatibility with PostgreSQL?

core-services/tenant/src/main/resources/application.properties (1)

33-41: Consistent OpenTelemetry configuration.

The OpenTelemetry configuration matches the pattern used in other services, which is good for consistency. The service name "tenant-management" properly identifies this component in traces.

core-services/egov-pg-service/src/main/resources/application.properties (1)

8-8: Enabling OpenTelemetry JDBC driver
Switching to io.opentelemetry.instrumentation.jdbc.OpenTelemetryDriver is correct for distributed tracing. Ensure your connection pool and Flyway migrations support this driver.

core-services/egov-filestore/src/main/resources/application.properties (1)

7-7: Enable OpenTelemetry JDBC driver
Updating to the OpenTelemetry driver is correct for tracing DB interactions. Confirm that JPA and Hibernate work seamlessly with this driver.

core-services/boundary-service/src/main/resources/application.properties (2)

8-8: Apply OpenTelemetry JDBC driver
Replacing the standard driver with OpenTelemetryDriver is correct. Validate that Flyway migrations and data source validation still function as expected.

---

94-95: New pagination ceiling configuration
boundary.max.default.limit=300 was introduced. Ensure this property is consumed by your pagination logic; otherwise document or remove it.

core-services/egov-accesscontrol/src/main/resources/application.properties (1)

1-1: Switch to OpenTelemetry JDBC driver
Correctly updated to io.opentelemetry.instrumentation.jdbc.OpenTelemetryDriver. Confirm no regressions in MDMS or Flyway connectivity.

core-services/egov-indexer/src/main/resources/application.properties (2)

11-11: Enable OpenTelemetry JDBC driver
Switching to the instrumentation driver is correct for capturing DB spans. Verify credentials and pool settings remain valid.

---

130-138: ```shell
#!/bin/bash

Verify typo and actual endpoint configuration in the egov-indexer module

Search for the typo 'promethus' across the repo

rg -n 'promethus'

Search for correct spelling 'prometheus' across the repo

rg -n 'prometheus'

Check if a custom Actuator base-path or context-path is set

rg -n 'management.endpoints.web.base-path' core-services/egov-indexer/src/main/resources/application.properties || true
rg -n 'server.servlet.context-path' core-services/egov-indexer/src/main/resources/application.properties || true

</details>
<details>
<summary>core-services/egov-workflow-v2/src/test/java/org/egov/wf/producer/ProducerTest.java (1)</summary>

`27-28`: **LGTM! Proper mock setup for new dependency.**

The addition of `MultiStateInstanceUtil` mock bean aligns with the refactored logic where topic name determination has been delegated to this utility class.

</details>
<details>
<summary>core-services/egov-location/src/main/resources/application.properties (1)</summary>

`56-66`: **Excellent OpenTelemetry configuration setup!**

The OpenTelemetry properties are well-configured with appropriate settings for:
- OTLP exporter with HTTP/protobuf protocol
- Service name identification
- Selective instrumentation (Kafka enabled, logs/metrics disabled)
- Proper endpoint configuration for Jaeger collector

</details>
<details>
<summary>core-services/gateway/src/main/java/com/example/gateway/filters/pre/RequestEnrichmentFilter.java (2)</summary>

`29-29`: **LGTM! Proper dependency injection for multi-state support.**

The injection of `MultiStateInstanceUtil` enables the filter to handle environment-specific logic correctly, and the constructor properly initializes the dependency.



Also applies to: 31-31, 34-34

---

`52-72`: **Excellent header enrichment implementation!**

The `addCorrelationIdHeader` method properly:
- Creates a mutated request with necessary headers
- Conditionally adds tenant ID for central instances
- Correctly applies the mutated request to the exchange
- Returns the updated exchange

This is the correct pattern for modifying requests in Spring Cloud Gateway.

</details>
<details>
<summary>core-services/libraries/tracer/pom.xml (3)</summary>

`29-46`: **Excellent dependency management with OpenTelemetry BOMs!**

The addition of `dependencyManagement` with OpenTelemetry BOMs ensures consistent versioning across all OpenTelemetry dependencies. This is a best practice for maintaining compatibility.

---

`96-100`: **Good addition of jsoup for HTML validation.**

The jsoup dependency at version 1.17.2 supports the HTML validation features mentioned in the AI summary. The version is recent and secure.

---

`107-145`: **Comprehensive OpenTelemetry integration!**

The migration from OpenTracing/Jaeger to OpenTelemetry is well-executed with:
- Proper Spring Boot starter integration
- Kafka instrumentation support
- OTLP exporter for Jaeger compatibility
- JDBC instrumentation for database tracing
- Micrometer bridges for metrics integration

This modernizes the tracing stack significantly.

</details>
<details>
<summary>core-services/mdms-v2/src/main/resources/application.properties (2)</summary>

`9-9`: **Verify JDBC driver compatibility and performance impact.**

The switch from the standard PostgreSQL JDBC driver to the OpenTelemetry instrumented driver enables automatic database tracing but may introduce performance overhead and potential compatibility issues.



Verify that the OpenTelemetry JDBC driver is compatible with your current PostgreSQL version and Spring Boot configuration:

```shell
#!/bin/bash
# Check if the OpenTelemetry JDBC driver version is compatible
echo "Checking OpenTelemetry JDBC instrumentation compatibility..."

# Search for any database-related configuration or custom connection handling
rg -A 5 -B 5 "spring\.datasource" --type properties

# Look for any custom JDBC configuration or connection pool settings
rg -A 10 "DataSource|Connection" --type java

# Check for any database-related tests that might be affected
fd -e java | xargs rg -l "DataSource|Connection.*Test" 

---

42-50: Verify OpenTelemetry configuration and endpoint availability.

The OpenTelemetry configuration looks comprehensive, but the hardcoded Jaeger collector endpoint and ignored URLs need verification.

Verify the OpenTelemetry configuration:

What are the recommended OpenTelemetry configuration properties for Spring Boot applications in production?

Also verify that the ignored endpoints match your actual health and metrics endpoints:

#!/bin/bash
# Check if the ignored endpoints exist in the application
echo "Verifying ignored HTTP endpoints..."

# Search for health endpoint configurations
rg -A 5 -B 5 "/health|/prometheus" --type properties --type java

# Check if there are any custom health or metrics endpoints
rg -A 5 "health|prometheus|metrics" --type java

core-services/libraries/services-common/src/main/java/org/egov/common/utils/MultiStateInstanceUtil.java (3)

54-54: LGTM! Improved defensive programming.

Good addition of the environment check to avoid unnecessary processing when not in a central instance.

---

60-64: Excellent defensive programming for tenant ID parsing.

The addition of the dot-check prevents ArrayIndexOutOfBoundsException when tenant IDs don't contain dots, making the utility more robust for various tenant ID formats.

---

136-140: Consistent error handling improvement.

The same defensive pattern applied to topic name generation maintains consistency with the schema placeholder logic and prevents potential array access errors.

core-services/libraries/tracer/src/main/java/org/egov/tracer/config/TracerConfiguration.java (2)

7-7: LGTM! Modern Spring Boot practice.

Adding RestTemplateBuilder import supports the updated bean configuration following Spring Boot best practices.

---

30-39: Excellent modernization of RestTemplate configuration.

The refactored method using RestTemplateBuilder follows Spring Boot best practices and maintains the same functionality while being more maintainable and testable.

core-services/egov-workflow-v2/src/main/java/org/egov/wf/producer/Producer.java (3)

4-4: LGTM! Good dependency addition for centralized utility.

Adding the MultiStateInstanceUtil import supports the refactoring to use centralized multi-state logic.

---

20-21: Excellent dependency injection setup.

Proper autowiring of the MultiStateInstanceUtil follows Spring best practices and enables the centralized topic name resolution.

---

23-25: Outstanding refactoring to centralize multi-state logic.

Replacing the inline tenant ID processing with a call to centralInstanceUtil.getStateSpecificTopicName() improves:

• Code maintainability and reusability
• Consistency across services
• Testability through mocking

This change aligns perfectly with the defensive programming improvements made to MultiStateInstanceUtil.

build/maven/Dockerfile (4)

1-1: Excellent move to official Maven image.

Switching from a custom egovio image to the official maven:3.9.6-amazoncorretto-17 image improves:

• Security through official image maintenance
• Reliability and consistency
• Reduced maintenance overhead

---

14-14: Good modernization to official multi-architecture base image.

Using the official amazoncorretto:17-alpine image supports multi-architecture builds and follows Docker best practices.

---

22-22: Smart addition of line ending normalization.

The dos2unix command prevents potential issues with Windows line endings in the start script, which is especially important in CI/CD environments.

---

25-25: Useful architecture verification for multi-arch builds.

The uname -m command helps verify the container architecture, which is valuable for debugging multi-architecture builds mentioned in the GitHub Actions workflow.

build/maven-java8/Dockerfile (2)

2-2: Good modernization with official base images.

The switch to maven:3.9.6-amazoncorretto-8-debian is a solid improvement over custom base images, providing better security and maintenance.

---

25-26: ```shell
#!/bin/bash

Locate and display the first 50 lines of start.sh for security review

start_file=$(find . -type f -name start.sh | head -n1)
if [[ -z "$start_file" ]]; then
echo "start.sh not found"
exit 1
fi
sed -n '1,50p' "$start_file"

</details>
<details>
<summary>core-services/gateway/src/main/java/com/example/gateway/filters/pre/helpers/AuthCheckFilterHelper.java (3)</summary>

`3-9`: **LGTM! Clean dependency additions.**

The new imports for `CommonUtils` and `MultiStateInstanceUtil` are properly organized and necessary for the multi-tenant functionality.

---

`36-41`: **Constructor injection follows best practices.**

The updated constructor properly injects the new dependencies, maintaining good dependency injection patterns.

---

`50-59`: **Verify thread safety of MDC operations.**

The conditional tenant ID validation and MDC operations look correct, but ensure that MDC cleanup is handled properly in reactive contexts to prevent memory leaks and cross-request contamination.


```shell
#!/bin/bash
# Check if MDC is properly cleaned up in other parts of the gateway
rg -A 5 -B 5 "MDC\.(clear|remove)" --type java

core-services/egov-workflow-v2/src/main/java/org/egov/wf/service/EnrichmentService.java (4)

131-134: Good defensive programming with early returns.

Adding early returns for empty collections prevents unnecessary processing and potential null pointer exceptions.

---

190-193: Consistent tenant-aware improvements.

The same improvements applied to enrichUsersFromSearch method maintain consistency and follow the same pattern as enrichUsers.

Also applies to: 201-201

---

136-142: Verify tenant ID selection logic.

The logic preferring database instance tenant ID over request tenant ID seems reasonable, but ensure this aligns with your business requirements.

#!/bin/bash
# Check if this tenant ID selection logic is consistent across the codebase
rg -A 3 -B 3 "processInstanceFromDb.*getTenantId" --type java

---

159-159: Confirm updated method signature compatibility.

The userService.searchUser method now takes tenantId as the first parameter. Ensure all callers have been updated accordingly.

#!/bin/bash
# Verify all calls to searchUser method have been updated
ast-grep --pattern 'userService.searchUser($$$)'

core-services/egov-workflow-v2/src/test/java/org/egov/wf/service/EnrichmentServiceTest.java (8)

7-9: LGTM: Import additions support the method signature changes.

The new imports for Mockito argument matchers (anyString, eq, anyBoolean) are correctly added to support the updated searchUser method calls throughout the test file.

---

18-18: LGTM: Additional imports for enhanced test data.

The Collections and Map imports support the improved test methods that use more realistic data structures.

Also applies to: 21-21

---

66-85: LGTM: Well-designed helper methods improve test data realism.

The getMockedProcessInstance() and getMockedProcessStateAndActionList() helper methods provide consistent, realistic mock data with proper tenantId setup. This enhances test maintainability and reduces code duplication.

---

111-121: LGTM: Enhanced test with proper UUID setup and specific verifications.

The test improvements include setting a UUID on the User object and using specific argument matchers (eq("dev"), eq("some-uuid")) for more precise verification. This makes the test more realistic and robust.

---

469-469: LGTM: Consistent use of helper methods improves test maintainability.

The tests now use getMockedProcessStateAndActionList() helper method, which provides consistent mock data and makes the tests more maintainable.

Also applies to: 500-500

---

697-706: LGTM: Enhanced test with realistic user data and Map usage.

The enrichUsersFromSearch test has been improved with proper UUID setup and uses a Map for the return value, making it more realistic than the previous HashMap approach.

---

588-588: Good use of specific tenantId verification.

The test properly sets tenantId on the ProcessInstance and verifies the searchUser call with the specific tenantId value using eq("dev"). This ensures the correct tenantId is passed to the service.

Also applies to: 614-614

---

91-91: ```bash
#!/bin/bash

Show lines around 91 and 98 in EnrichmentServiceTest.java

sed -n '80,110p' core-services/egov-workflow-v2/src/test/java/org/egov/wf/service/EnrichmentServiceTest.java

</details>

</blockquote></details>

</details>

<!-- This is an auto-generated comment by CodeRabbit for review status -->

[coderabbitai]

⚠️ Potential issue

Typo in HTTP ignore URL and validate endpoint patterns
/egov-enc-service/promethus is likely misspelled and should be /prometheus. Without the correct path, the metrics endpoint won't be excluded from tracing.

Apply this diff:

- otel.instrumentation.http.server.ignore-urls=/egov-enc-service/health,/egov-enc-service/promethus
+ otel.instrumentation.http.server.ignore-urls=/egov-enc-service/health,/egov-enc-service/prometheus

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	otel.traces.exporter=otlp
	otel.service.name=egov-enc-service
	otel.logs.exporter=none
	otel.metrics.exporter=none
	otel.exporter.otlp.endpoint=http://jaeger-collector.tracing:4318
	otel.exporter.otlp.protocol=http/protobuf
	otel.instrumentation.kafka.enabled=true
	otel.instrumentation.kafka.experimental-span-attributes=true
	otel.instrumentation.http.server.ignore-urls=/egov-enc-service/health,/egov-enc-service/promethus
	otel.traces.exporter=otlp
	otel.service.name=egov-enc-service
	otel.logs.exporter=none
	otel.metrics.exporter=none
	otel.exporter.otlp.endpoint=http://jaeger-collector.tracing:4318
	otel.exporter.otlp.protocol=http/protobuf
	otel.instrumentation.kafka.enabled=true
	otel.instrumentation.kafka.experimental-span-attributes=true
	otel.instrumentation.http.server.ignore-urls=/egov-enc-service/health,/egov-enc-service/prometheus

🤖 Prompt for AI Agents

In core-services/egov-enc-service/src/main/resources/application.properties
around lines 58 to 66, correct the typo in the
otel.instrumentation.http.server.ignore-urls property by changing
"/egov-enc-service/promethus" to "/egov-enc-service/prometheus" to properly
exclude the metrics endpoint from tracing. Also, review the endpoint patterns to
ensure they match the actual service paths for accurate tracing exclusion.

[coderabbitai]

⚠️ Potential issue

Typo in property key
hsahids.min.length is misspelled. It should match the hashids.salt property:

- hsahids.min.length=3
+ hashids.min.length=3

🤖 Prompt for AI Agents

In core-services/egov-url-shortening/src/main/resources/application.properties
at line 67, correct the typo in the property key from "hsahids.min.length" to
"hashids.min.length" so it matches the correct prefix used in related properties
like "hashids.salt".

[coderabbitai]

⚠️ Potential issue

Typo in HTTP ignore-urls and metrics endpoint exclusion
The list includes /egov-workflow-v2/promethus. Correct it to /prometheus so that the metrics endpoint is properly excluded from tracing:

- otel.instrumentation.http.server.ignore-urls=/egov-workflow-v2/health,/egov-workflow-v2/promethus
+ otel.instrumentation.http.server.ignore-urls=/egov-workflow-v2/health,/egov-workflow-v2/prometheus

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	otel.traces.exporter=otlp
	otel.service.name=egov-workflow-v2
	otel.logs.exporter=none
	otel.metrics.exporter=none
	otel.exporter.otlp.endpoint=http://jaeger-collector.tracing:4318
	otel.exporter.otlp.protocol=http/protobuf
	otel.instrumentation.kafka.enabled=true
	otel.instrumentation.kafka.experimental-span-attributes=true
	otel.instrumentation.http.server.ignore-urls=/egov-workflow-v2/health,/egov-workflow-v2/promethus
	otel.traces.exporter=otlp
	otel.service.name=egov-workflow-v2
	otel.logs.exporter=none
	otel.metrics.exporter=none
	otel.exporter.otlp.endpoint=http://jaeger-collector.tracing:4318
	otel.exporter.otlp.protocol=http/protobuf
	otel.instrumentation.kafka.enabled=true
	otel.instrumentation.kafka.experimental-span-attributes=true
	otel.instrumentation.http.server.ignore-urls=/egov-workflow-v2/health,/egov-workflow-v2/prometheus

🤖 Prompt for AI Agents

In core-services/egov-workflow-v2/src/main/resources/application.properties
around lines 82 to 90, there is a typo in the
otel.instrumentation.http.server.ignore-urls property where
"/egov-workflow-v2/promethus" should be corrected to
"/egov-workflow-v2/prometheus" to properly exclude the metrics endpoint from
tracing. Update the URL string to fix the spelling mistake.

[coderabbitai]

⚠️ Potential issue

Duplicate 2.9.1 entry detected
The version 2.9.1 - 2025-05-21 block appears twice. Retain a single entry to avoid confusion.

🤖 Prompt for AI Agents

In core-services/egov-idgen/CHANGELOG.md around lines 4 to 7, there are
duplicate entries for version 2.9.1 dated 2025-05-21. Remove one of the
duplicate 2.9.1 entries entirely to keep only a single, clear changelog entry
for that version.

[coderabbitai]

⚠️ Potential issue

Remove duplicated changelog block
Proposed diff to delete the repeated version entry:

-core-services/egov-idgen/CHANGELOG.md
@@
-## 2.9.1 - 2025-05-21
-- Upgraded tracer version from 2.9.0 to 2.9.1
-- added variables in application.properties required for opentelemetry

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	## 2.9.1 - 2025-05-21
	- Upgraded tracer version from 2.9.0 to 2.9.1
	- added variables in application.properties required for opentelemetry
	@@ core-services/egov-idgen/CHANGELOG.md
	-## 2.9.1 - 2025-05-21
	- Upgraded tracer version from 2.9.0 to 2.9.1
	- added variables in application.properties required for opentelemetry

🧰 Tools

🪛 markdownlint-cli2 (0.17.2)

15-15: Multiple headings with the same content
null

(MD024, no-duplicate-heading)

🤖 Prompt for AI Agents

In core-services/egov-idgen/CHANGELOG.md around lines 15 to 18, there is a
duplicated changelog block for version 2.9.1. Remove the repeated block entirely
to avoid redundancy and keep the changelog clean and accurate.

[coderabbitai]

⚠️ Potential issue

Fix duplicate driver class configuration.

There are conflicting driver class configurations:

• Line 2: io.opentelemetry.instrumentation.jdbc.OpenTelemetryDriver
• Line 5: org.postgresql.Driver

This will cause configuration conflicts. Remove the duplicate entry on line 5.

-spring.datasource.driver-class-name=org.postgresql.Driver

Also applies to: 5-5

🤖 Prompt for AI Agents

In core-services/egov-location/src/main/resources/application.properties at line
5, there is a duplicate and conflicting driver class configuration with line 2.
Remove the driver class configuration on line 5 (`org.postgresql.Driver`) to
resolve the conflict and keep only the OpenTelemetry driver on line 2.

[coderabbitai]

⚠️ Potential issue

Potential bug: Mutated request not applied to exchange.

The method creates a mutated ServerHttpRequest but doesn't apply it to the exchange. This means the headers won't actually be added to the request.

Consider updating the exchange with the mutated request:

    private void addCorrelationIdHeader(ServerWebExchange exchange) {
        String correlationId = (String) exchange.getAttributes().get(CORRELATION_ID_KEY);
        String TenantId = (String) exchange.getAttributes().get(TENANTID_MDC);
        ServerHttpRequest mutatedRequest = exchange.getRequest()
                .mutate()
                .headers(httpHeaders -> {
                    httpHeaders.add(CORRELATION_ID_HEADER_NAME, correlationId);
                    // Conditional header addition
                    if (centralInstanceUtil.getIsEnvironmentCentralInstance()) {
                        httpHeaders.add(REQUEST_TENANT_ID_KEY, TenantId);
                    }
                })
                .build();
+       // Apply the mutated request to the exchange
+       exchange.mutate().request(mutatedRequest).build();
    }

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In
core-services/gateway/src/main/java/com/example/gateway/filters/pre/helpers/RequestEnrichmentFilterHelper.java
around lines 82 to 92, the mutated ServerHttpRequest with added headers is
created but not set back into the exchange, so the changes won't take effect.
Fix this by creating a new ServerWebExchange using
exchange.mutate().request(mutatedRequest).build() and return or use this updated
exchange downstream to ensure the headers are applied.

[coderabbitai]

⚠️ Potential issue

Update all outdated action versions.

Multiple actions need version updates for compatibility and security.

-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3

-        uses: actions/cache@v3
+        uses: actions/cache@v4

-        uses: docker/login-action@v2
+        uses: docker/login-action@v3

Also applies to: 93-93, 101-101

🧰 Tools

🪛 actionlint (1.7.7)

90-90: the runner of "docker/setup-buildx-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

In .github/workflows/build.yaml at lines 90, 93, and 101, the GitHub Actions
versions are outdated. Update the versions of all actions used at these lines to
their latest stable releases to ensure compatibility and security. Check the
official repositories or marketplace for the most recent version tags and
replace the current ones accordingly.

[coderabbitai]

⚠️ Potential issue

Update outdated GitHub Actions versions.

The static analysis correctly identified outdated action versions that may cause compatibility issues.

-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uses: actions/checkout@v3
	uses: actions/checkout@v4

🧰 Tools

🪛 actionlint (1.7.7)

87-87: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

In .github/workflows/build.yaml at line 87, the GitHub Action 'actions/checkout'
is using an outdated version 'v3'. Update the version to the latest stable
release by changing 'actions/checkout@v3' to the current recommended version,
such as 'actions/checkout@v4', to ensure compatibility and leverage
improvements.

[coderabbitai]

🛠️ Refactor suggestion

Avoid exposing Docker credentials in logs.

The Docker Hub authentication uses credentials directly in curl commands, which could expose them in logs.

-          TOKEN=$(curl -s -X POST "https://hub.docker.com/v2/users/login/" \
-            -H "Content-Type: application/json" \
-            -d "{\"username\": \"$DOCKER_USERNAME\", \"password\": \"$DOCKER_PASSWORD\"}" \
-            | jq -r .token)
+          # Use a more secure method to avoid credential exposure
+          echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+          # Then use Docker Hub API with proper authentication

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents

In .github/workflows/build.yaml around lines 115 to 118, the Docker Hub login
uses curl with username and password directly in the command, risking exposure
of credentials in logs. To fix this, use GitHub Actions secrets to store
DOCKER_USERNAME and DOCKER_PASSWORD securely, and ensure the curl command does
not print these values by avoiding echoing or logging the full command. Use
environment variables and mask secrets in the workflow to prevent credential
exposure.