Jérémy Gallet

Business flow management project for processing commercial and technical data

Within an agile team of about fifteen people, including 7 developers, I worked on

a hexagonal architecture with advanced back-end processing implemented under

Quarkus, native integration, and strong flow security:

Components:

- Backend (REST API, technical and functional modules)

- Data processing (conversion, validation, transformation)

Tasks performed:

- Quarkus Backend (Java 17):

- Native execution setup via GraalVM and Docker, complete configuration

with resource-config.json / reflection-config.json

- SSL/TLS security with custom truststore, generated via keytool and injected via environment

variables

- File management (MinIO and Amazon S3)

- GraphQL calls

- PostgreSQL database setup

- Integration of external libraries

- Flow processing:

- Reading and mapping CSV/JSON files via Apache Commons CSV and Jackson

- Use of Flyway for schema migration management

- MapStruct for DTO/Entity mapping

- Payload validation via Jakarta JSON/POJO annotations

- DCT update with flow transformation

- SFTP connection:

- Use of JSch and SSHJ libraries for secure connection and file transfers via SSH/SFTP

- Automated tests:

- Integration tests with TestContainers (launching minio Docker image)

- Tests with @SpringBootTest, @QuarkusTest, and @WebMvcTest

- JUnit 5 unit tests

- Monitoring & Security:

- Application monitoring with Datadog and log4j2

- Integration of OWASP Dependency Check in GitLab CI

- Tools & best practices:

- GitLab CI with continuous integration

- Agile methodology, code reviews, and systematic documentation

- Application of clean code principles, rigorous review, and high test coverage (>= 80%)

KPI/RQI calculation project (oil/gas reservoir quality index) (Full-Remote)

Within an agile team of 7 people, including 5 developers, I performed:

Components:

- Frontend

- Backend (5-module application with REST controllers)

- Engine (10-module remote application)

Tasks performed on Backend and Engine:

- Backend:

- Implementation of REST endpoints (GET/POST/DELETE) with:

- Calls to Azure Functions for Engine interactions

- Calls to Apache DAGs to Engine

- File management via Azure Blob Storage (upload/download)

- CRUD operations with MongoDB and Spring Data JPA

- Development of unit and integration tests:

- Integration tests on Azure Blob Storage using TestContainers

- Simulation of Azure Functions with WireMock

- Exhaustive testing of REST controllers, including verification of database updates

Engine:

- Development of services for processing EPC/H5 files (representing a 3D oil/gas grid/reservoir)

- Analysis and calculation of KPIs

- Implementation of various functional rules

- Integration of the "fesapi" library for reading and writing EPC/H5 files

- Development of unit and integration tests

Maven configuration for code coverage with JaCoCo and Surefire, integration with SonarQube

Clean code:

- Setup of unit/integration tests

- Systematic GitHub Pull Requests (clean code)

- Regular "Rebase" to stay updated with the team's code progress

- Frequent library version upgrades

- Verification of compliance with SonarQube rules

"From Scratch" creation of a multi-module Spring Boot 3.1 application

Contributing my expertise to the entire team, mainly in how to:

- Cover code / write tests

- Combat regressions

- Code as cleanly as possible, refactoring, simplification, naming variables/methods in strict adherence to standards

- Raise awareness of the need to:

maintain a stable "main" branch

- Thoroughly test one's code manually and automatically

Setup of:

- GitHub Action for automatic SonarQube analysis triggering

- GitHub Action for manual triggering of automatic versioning and deployment (tag + release) (Maven, GitHub Actions/App)

- Azure Blob Storage for cloud data storage (+ UT/IT)

- Azure Functions (with OAuth2 authentication)

- Apache Airflow (with OAuth2 authentication)

Application call volume: 40 calls/second or 1 million calls/day

Within an agile team of 7 people, including 4 developers, I performed systematic pair-programming (positive points => exchange of viewpoints/mutual learning):

- Migration Java 8 => Java 17 and Spring Boot 2.6.3

- Setup of a Gateway via Spring Cloud Gateway

- Initialization of microservices in reactive programming (Spring WebFlux)

- Setup of a Client/Server code generator with "Open Api Specification" + Swagger 3

- UI development via Thymeleaf

- Setup of resilience via circuit breakers (Resilience4j)

- Setup of Feature flipping (FF4J)

- Setup of a Cron (Spring)

- XML frame comparison (XMLUnit)

- Java code generation from XSD files (JAXB Generator)

- Use of template engine (MustacheJS/EJS)

- Setup of performance tests (Gatling/K6)

- Setup of automated API tests (Karate)

- Setup of unit/integration tests

- Setup of architecture tests (ArchUnit)

- Frequent library version upgrades to avoid "Security Hotspots" detected by SonarQube

- Code correction to avoid "Security Vulnerabilities" detected by SonarQube

- Detection/Correction of "Top Ten Owasp" via SonarQube

example: CSRF (execution of requests without the knowledge of a logged-in user), insecure APIs, XSS flaws, SQL injections)

- Setup of a "Vault" to securely store URLs, usernames, and passwords

- Setup of a "Spring Cloud Config Server" to retrieve data from the "Vault" for incorporation into application property files specific to each environment

- Production monitoring (Kibana, AppDynamics, Grafana)

Environment:

FRONT

- Thymeleaf

BACK

- Microservices architecture

- Java version: JDK 17 Oracle LTS

- Use of functional interfaces: Consumer/Supplier/Function

- Spring Boot

- Spring Boot Actuator

- Spring Cloud Config Server

- Spring Cloud OpenFeign

- Spring Cloud Gateway

- Spring WebFlux (reactive programming)

- Spring Data JPA

- Spring Security

- Data mapping via MapStruct

- Lombok

- Postman

DB

- DBMS: Mongo, PostgreSQL, Redis, Oracle, DB2

TESTS

- UT with Junit 5, AssertJ, Mockito

- IT with WireMock (mocking external APIs), H2 database

- Architecture tests with ArchUnit

- Karate (for automated API tests)

- Gatling/K6

- TDD methodology

DEVOPS

- Cloud Foundry PaaS (Platform-as-a-Service) hosting

- GitLab (Gitflow usage)

- Docker

- JFrog: binary repository manager

- Concourse (CI/CD using YAML files with YTT "Yaml Templating Tool")

- Amazon S3: Cloud data storage

MONITORING-ALERTING-LOG

- Kibana: log exploration, visualization

- Grafana: data visualization in graph format

- Canopsis: event centralization + propagation and alerts

- AppDynamics: Real-time observability of application interactions across different environments up to production

AGILE TOOLS

- Jira

- Confluence

- Microsoft Teams

- Mattermost

SECURITY

- SonarQube (Security Hotspots, Security Vulnerabilities, Top Ten Owasp)

- Vault

- Spring Cloud Config Server