Implement Spring Boot 3.5 migration with Entity architecture

Major architectural modernization to Spring Boot 3.5 with comprehensive
infrastructure upgrades and Entity-based domain model integration.

## Framework Migration
- Upgrade to Spring Boot 3.5.0 with Java 21 runtime
- Modernize Spring Security 6.5 with OAuth2 Resource Server
- Migrate from javax.* to jakarta.* namespace
- Update all dependencies to Spring Boot 3.5 compatible versions

## Infrastructure Modernization
- Add GitHub Actions CI/CD pipeline replacing CircleCI
- Implement TestContainers for integration testing
- Add JaCoCo code coverage and OWASP security scanning
- Configure multi-profile Maven build (dev, test, prod)

## Domain Model Architecture
- Migrate from legacy domain classes to Entity classes
- Update imports from domain.legacy to domain.usage Entity types
- Fix ResourceValidationFilter to use AuthorizationEntity/SubscriptionEntity
- Update customer controllers to use Entity architecture
- Resolve Entity vs Legacy type compatibility issues

## Security Configuration
- Implement modern OAuth2 Resource Server for opaque tokens
- Configure ESPI-compliant authorization with scope-based access
- Add JWT decoder configuration for token validation
- Update security rules for Entity-based architecture

## Application Structure
- Create modern DataCustodianApplication with Entity scanning
- Add comprehensive web configuration with CORS support
- Implement modern controller architecture with Entity types
- Add version endpoint with build information

## Development Experience
- Add Maven wrapper for consistent builds
- Configure SDKMAN for Java version management
- Add comprehensive OWASP security suppressions
- Include development settings and configuration examples

## Testing Infrastructure
- Add TestContainers for MySQL and PostgreSQL
- Configure Cucumber for behavior-driven testing
- Add comprehensive test resource configuration
- Enable parallel test execution with proper isolation

This migration establishes the foundation for modern Spring Boot 3.5
development while maintaining ESPI standard compliance and OAuth2
security requirements.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: dfcoffin

OpenESPI-GreenButton-Workspace/OpenESPI-DataCustodian-java/.claude/settings.local.json

@@ -0,0 +1,8 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(grep:*)"
+    ],
+    "deny": []
+  }
+}

OpenESPI-GreenButton-Workspace/OpenESPI-DataCustodian-java/.github/workflows/ci.yml

@@ -0,0 +1,236 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [ main, develop, feature/spring-boot-3.5-architectural-modernization ]
+  pull_request:
+    branches: [ main ]
+
+env:
+  JAVA_VERSION: '21'
+  MAVEN_OPTS: -Xmx3200m
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    
+    services:
+      mysql:
+        image: mysql:8.0
+        env:
+          MYSQL_ROOT_PASSWORD: rootpw
+          MYSQL_DATABASE: testdb
+        ports:
+          - 3306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=5
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    
+    - name: Set up JDK ${{ env.JAVA_VERSION }}
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVA_VERSION }}
+        distribution: 'temurin'
+    
+    - name: Cache Maven dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+    
+    - name: Install OpenESPI-Common dependency
+      run: |
+        cd ../OpenESPI-Common-java
+        mvn clean install -DskipTests
+        cd ../OpenESPI-DataCustodian-java
+    
+    - name: Compile project
+      run: mvn clean compile -P dev-mysql
+    
+    - name: Run security scan
+      run: mvn org.owasp:dependency-check-maven:check -DfailBuildOnCVSS=7 -P dev-mysql
+      continue-on-error: false
+    
+    - name: Run unit tests
+      run: mvn test -P dev-mysql
+      env:
+        SPRING_PROFILES_ACTIVE: test
+    
+    - name: Run integration tests
+      run: mvn verify -P testcontainers-mysql
+      env:
+        SPRING_PROFILES_ACTIVE: testcontainers-mysql
+    
+    - name: Upload test reports
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: test-reports
+        path: |
+          target/surefire-reports/
+          target/failsafe-reports/
+          target/cucumber-reports/
+          target/site/jacoco/
+        retention-days: 30
+    
+    - name: Upload OWASP report
+      uses: actions/upload-artifact@v4
+      if: always()
+      with:
+        name: owasp-report
+        path: target/dependency-check-report.html
+        retention-days: 30
+
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    needs: test
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Set up JDK ${{ env.JAVA_VERSION }}
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVA_VERSION }}
+        distribution: 'temurin'
+    
+    - name: Cache Maven dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+    
+    - name: Install OpenESPI-Common dependency
+      run: |
+        cd ../OpenESPI-Common-java
+        mvn clean install -DskipTests
+        cd ../OpenESPI-DataCustodian-java
+    
+    - name: Build JAR
+      run: mvn clean package -P dev-mysql -DskipTests
+    
+    - name: Upload JAR artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: datacustodian-jar
+        path: target/OpenESPI-DataCustodian.jar
+        retention-days: 30
+
+  code-quality:
+    name: Code Quality
+    runs-on: ubuntu-latest
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    
+    - name: Set up JDK ${{ env.JAVA_VERSION }}
+      uses: actions/setup-java@v4
+      with:
+        java-version: ${{ env.JAVA_VERSION }}
+        distribution: 'temurin'
+    
+    - name: Cache Maven dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+    
+    - name: Install OpenESPI-Common dependency
+      run: |
+        cd ../OpenESPI-Common-java
+        mvn clean install -DskipTests
+        cd ../OpenESPI-DataCustodian-java
+    
+    - name: Run SonarCloud analysis
+      if: env.SONAR_TOKEN != ''
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      run: |
+        mvn clean compile test jacoco:report -P dev-mysql
+        mvn sonar:sonar \
+          -Dsonar.projectKey=GreenButtonAlliance_OpenESPI-DataCustodian-java \
+          -Dsonar.organization=greenbuttonalliance \
+          -Dsonar.host.url=https://sonarcloud.io \
+          -Dsonar.token=$SONAR_TOKEN
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    needs: build
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        scan-type: 'fs'
+        scan-ref: '.'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+    
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v3
+      if: always()
+      with:
+        sarif_file: 'trivy-results.sarif'
+    
+    - name: Run TruffleHog OSS
+      uses: trufflesecurity/trufflehog@main
+      with:
+        path: ./
+        base: main
+        head: HEAD
+        extra_args: --debug --only-verified
+
+  docker:
+    name: Docker Build
+    runs-on: ubuntu-latest
+    needs: build
+    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Download JAR artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: datacustodian-jar
+        path: target/
+    
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    
+    - name: Build Docker image
+      uses: docker/build-push-action@v5
+      with:
+        context: .
+        file: ./Dockerfile
+        platforms: linux/amd64,linux/arm64
+        push: false
+        tags: |
+          greenbuttonalliance/openespi-datacustodian:latest
+          greenbuttonalliance/openespi-datacustodian:${{ github.sha }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max

OpenESPI-GreenButton-Workspace/OpenESPI-DataCustodian-java/.gitignore

@@ -0,0 +1,147 @@
+######################
+# Project Specific
+######################
+/build/www/**
+/src/test/javascript/coverage/
+/src/test/javascript/PhantomJS*/
+
+######################
+# Node
+######################
+/node/
+node_tmp/
+node_modules/
+npm-debug.log.*
+
+######################
+# SASS
+######################
+.sass-cache/
+
+######################
+# Eclipse
+######################
+*.pydevproject
+.project
+.metadata
+tmp/
+tmp/**/*
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.classpath
+.settings/
+.loadpath
+.factorypath
+/src/main/resources/rebel.xml
+
+# External tool builders
+.externalToolBuilders/**
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# CDT-specific
+.cproject
+
+# PDT-specific
+.buildpath
+
+######################
+# Intellij
+######################
+.idea/
+*.iml
+*.iws
+*.ipr
+*.ids
+*.orig
+
+######################
+# Visual Studio Code
+######################
+.vscode/
+
+######################
+# Maven
+######################
+/log/
+/target/
+
+######################
+# Gradle
+######################
+.gradle/
+/build/
+
+######################
+# Package Files
+######################
+*.jar
+*.war
+*.ear
+*.db
+
+######################
+# Windows
+######################
+# Windows image file caches
+Thumbs.db
+
+# Folder config file
+Desktop.ini
+
+######################
+# Mac OSX
+######################
+.DS_Store
+.svn
+
+# Thumbnails
+._*
+
+# Files that might appear on external disk
+.Spotlight-V100
+.Trashes
+
+######################
+# Directories
+######################
+/bin/
+/deploy/
+
+######################
+# Logs
+######################
+*.log
+
+######################
+# Others
+######################
+*.class
+*.*~
+*~
+.merge_file*
+
+######################
+# Gradle Wrapper
+######################
+!gradle/wrapper/gradle-wrapper.jar
+
+######################
+# Maven Wrapper
+######################
+!.mvn/wrapper/maven-wrapper.jar
+
+######################
+# ESLint
+######################
+.eslintcache
+
+######################
+# attach_pid
+######################
+.attach_pid*
+