Update the swagger json github workflow

[DurgaPrasad-54]

Summary by CodeRabbit

• New Features

  • API docs now list multiple environment server URLs (Dev / UAT / Demo) for clearer endpoints.

• Bug Fixes

  • CI now fails when fetched API JSON is invalid or contains no paths.
  • Improved shutdown sequence to reliably free stuck processes and ports.

• Chores

  • Non-interactive build mode; increased API polling attempts; full repo history fetched.
  • PR automation updated: action version, simplified branch naming, branch deletion enabled, standardized commit/PR titles.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

GitHub Actions workflow for generating/validating Swagger JSON was hardened and PR creation updated; OpenAPI config now adds Dev/UAT/Demo servers sourced from environment properties. (49 words)

Changes

Cohort / File(s)	Summary
Swagger Generation Workflow \.github/workflows/swagger-json.yml	Runs Maven in batch mode (mvn -B ...); increased Swagger wait loop (30→40); validates fetched Swagger JSON with jq and ensures non-empty paths; improved API shutdown (graceful group stop → kill → fuser port cleanup for 9090); actions/checkout fetch-depth: 0; create-pull-request bumped v6→v8; PR branch name simplified to auto/swagger-update; commit/PR title prefixed chore(docs): auto-update Common-API swagger; delete-branch: true added; minor PR body formatting.
OpenAPI Server Configuration src/main/java/com/iemr/common/config/SwaggerConfig.java, src/main/resources/application-swagger.properties	SwaggerConfig now injects Environment and reads API_DEV_URL, API_UAT_URL, API_DEMO_URL to add three Server entries (Dev/UAT/Demo) into the OpenAPI definition; application-swagger.properties adds the three URL properties (Dev/UAT/Demo) and preserves springdoc.swagger-ui.enabled=true.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 I nudged the workflow, waited tests to pass,
I parsed JSON tidy, then freed a stubborn mass.
I planted three servers where devs and demos run,
I named a branch and pruned it when I’m done.
A rabbit’s little hop — CI chores, neatly spun.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change—updating the Swagger JSON GitHub workflow with enhanced validation, error handling, and configuration improvements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[drtechie]

@DurgaPrasad-54 why does this say tm api in common?

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/swagger-json.yml:
- Around line 96-104: The workflow currently generates unique branches per run
via the create-pull-request step (uses: peter-evans/create-pull-request@v8)
using branch: auto/swagger-update-${{ github.run_id }}-${{ github.run_attempt
}}, which causes many stale PRs; change this to a fixed branch name (e.g.,
branch: auto/swagger-update) so the action will update/force-push the same
branch and keep a single PR open, retaining delete-branch: true for cleanup
after merge.

🧹 Nitpick comments (2)

.github/workflows/swagger-json.yml (2)

67-80: Misleading comments and unconditional sleep 5 before the PID check.

Two concerns:

1. Comment–code mismatch: The "Graceful shutdown" comment (Line 70) annotates the bare sleep 5, while the actual graceful signal (SIGTERM, Line 75) sits under the "Force kill" comment (Line 72). This will confuse future maintainers.

2. Process-group kill may be a no-op: kill -- -"$PID" treats $PID as a PGID. The $! captured on Line 36 is the Maven wrapper PID, which is not guaranteed to be a process-group leader in the Actions runner shell. If it isn't, both kill calls silently fail and only fuser on Line 80 actually cleans up — so the logic is safe, but the intermediate steps would be dead code.

3. Minor: The unconditional sleep 5 (Line 71) runs even when api_pid.txt doesn't exist. Move it inside the if block.

Proposed cleanup

       - name: Stop API
         if: always()
         run: |
-          # Graceful shutdown of the process group
-          sleep 5
-          # Force kill the process group if still running
           if [ -f api_pid.txt ]; then
-              PID=$(cat api_pid.txt)
-              kill -TERM -- -"$PID" 2>/dev/null || true
-              sleep 2
-              kill -9 -- -"$PID" 2>/dev/null || true
-            fi
-            # Fallback: kill any remaining java process on port 9090
-            fuser -k 9090/tcp 2>/dev/null || true
+            PID=$(cat api_pid.txt)
+            # Graceful SIGTERM, then wait
+            kill -TERM "$PID" 2>/dev/null || true
+            sleep 5
+            # Force SIGKILL if still running
+            kill -9 "$PID" 2>/dev/null || true
+            sleep 1
+          fi
+          # Fallback: kill anything still on port 9090
+          fuser -k 9090/tcp 2>/dev/null || true

---

30-36: Consider using setsid to guarantee a new process group for reliable group-kill in the Stop step.

The PID captured by $! on Line 36 may not be a process-group leader (relevant to the kill -- -"$PID" calls in the Stop step). If you want the process-group kill pattern to work reliably, launch with setsid:

-          mvn spring-boot:run \
+          setsid mvn spring-boot:run \
             -Dspring-boot.run.profiles=swagger \
             -Dspring-boot.run.arguments=--server.port=9090 \
             > app.log 2>&1 &

This ensures the Maven process is a session/group leader, making kill -- -"$PID" effective and cleaning up all child processes (including the forked Java process).

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details

{"name":"HttpError","status":401,"request":{"method":"PATCH","url":"https://api.github.com/repos/PSMRI/Common-API/issues/comments/3882249703","headers":{"accept":"application/vnd.github.v3+json","user-agent":"octokit.js/0.0.0-development octokit-core.js/7.0.6 Node.js/24","authorization":"token [REDACTED]","content-type":"application/json; charset=utf-8"},"body":{"body":"<!-- This is an auto-generated comment: summarize by coderabbit.ai -->\n<!-- This is an auto-generated comment: failure by coderabbit.ai -->\n\n> [!CAUTION]\n> ## Review failed\n> \n> An error occurred during the review process. Please try again later.\n\n<!-- end of auto-generated comment: failure by coderabbit.ai -->\n\n<!-- walkthrough_start -->\n\n<details>\n<summary>📝 Walkthrough</summary>\n\n## Walkthrough\n\nCI workflow for generating and publishing Swagger JSON updated: Maven runs in batch mode, Swagger fetch now validates JSON and requires non-empty paths, polling increased, API shutdown/port cleanup hardened, checkout fetches full history, PR action/version/branch/title/commit conventions changed, and created PRs delete the branch.\n\n## Changes\n\n|Cohort / File(s)|Summary|\n|---|---|\n|**Swagger Generation Workflow** <br> ` .github/workflows/swagger-json.yml`|Maven invoked with `-B`; swagger fetch loop increased (30→40); added `jq` JSON validation and non-empty `paths` check; improved shutdown (graceful process-group stop, kill fallback) and `fuser` port cleanup for 9090; `actions/checkout` set `fetch-depth: 0`; `create-pull-request` bumped v6→v8; PR branch simplified to `auto/swagger-update`; commit message/PR title now include `chore(docs): auto-update Common-API swagger`; `delete-branch: true` added; minor PR body formatting tweak.|\n\n## Estimated code review effort\n\n🎯 2 (Simple) | ⏱️ ~12 minutes\n\n## Poem\n\n> 🐇 I hopped through YAML, nibbling CI thread,  \n> Maven now hums while I polish the BED.  \n> JSON is tidy, no empty-path plight,  \n> Ports cleared, branches pruned, CI sleeps tight.  \n> A happy rabbit nibbles docs by moonlight.\n\n</details>\n\n<!-- walkthrough_end -->\n\n<!-- pre_merge_checks_walkthrough_start -->\n\n<details>\n<summary>🚥 Pre-merge checks | ✅ 3</summary>\n\n<details>\n<summary>✅ Passed checks (3 passed)</summary>\n\n|     Check name     | Status   | Explanation                                                                                                                                                                         |\n| :----------------: | :------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |\n|  Description Check | ✅ Passed | Check skipped - CodeRabbit’s high-level summary is enabled.                                                                                                                         |\n|     Title check    | ✅ Passed | The title clearly summarizes the main change: updating the swagger JSON GitHub workflow file with various improvements to build steps, validation, shutdown logic, and PR creation. |\n| Docstring Coverage | ✅ Passed | No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.                                                                          |\n\n</details>\n\n<sub>✏️ Tip: You can configure your own custom pre-merge checks in the settings.</sub>\n\n</details>\n\n<!-- pre_merge_checks_walkthrough_end -->\n\n<!-- finishing_touch_checkbox_start -->\n\n<details>\n<summary>✨ Finishing touches</summary>\n\n<details>\n<summary>🧪 Generate unit tests (beta)</summary>\n\n- [ ] <!-- {\"checkboxId\": \"f47ac10b-58cc-4372-a567-0e02b2c3d479\", \"radioGroupId\": \"utg-output-choice-group-3885331045\"} -->   Create PR with unit tests\n- [ ] <!-- {\"checkboxId\": \"07f1e7d6-8a8e-4e23-9900-8731c2c87f58\", \"radioGroupId\": \"utg-output-choice-group-3885331045\"} -->   Post copyable unit tests in a comment\n\n</details>\n\n</details>\n\n<!-- finishing_touch_checkbox_end -->\n\n<!-- tips_start -->\n\n---\n\nThanks for using [CodeRabbit](https://coderabbit.ai?utm_source=oss&utm_medium=github&utm_campaign=PSMRI/Common-API&utm_content=359)! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.\n\n<details>\n<summary>❤️ Share</summary>\n\n- [X](https://twitter.com/intent/tweet?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A&url=https%3A//coderabbit.ai)\n- [Mastodon](https://mastodon.social/share?text=I%20just%20used%20%40coderabbitai%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20the%20proprietary%20code.%20Check%20it%20out%3A%20https%3A%2F%2Fcoderabbit.ai)\n- [Reddit](https://www.reddit.com/submit?title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&text=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code.%20Check%20it%20out%3A%20https%3A//coderabbit.ai)\n- [LinkedIn](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fcoderabbit.ai&mini=true&title=Great%20tool%20for%20code%20review%20-%20CodeRabbit&summary=I%20just%20used%20CodeRabbit%20for%20my%20code%20review%2C%20and%20it%27s%20fantastic%21%20It%27s%20free%20for%20OSS%20and%20offers%20a%20free%20trial%20for%20proprietary%20code)\n\n</details>\n\n<sub>Comment `@coderabbitai help` to get the list of available commands and usage tips.</sub>\n\n<!-- tips_end -->\n\n<!-- internal state start -->\n\n\n<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEejqANiS4BVbrWolIuWE8QB3NEVJ8hifFhE6rDYApDu+BQA1gBmFvjuBgBy2MwClFwAzACsAJwGNgBKADJcsLi43IgcAPQ1QS6hGkzMNQAKAMoAsoUAkjUAwizMAWAAgm393NgWFjU5+TaIGZAAItgURGhtVIhotGDZACwGHfgbDE4CVBgMsFzM2hgG0GibJLiQ15h3D0+nuGo2Gq/G4ZAMhRIEngJHclBBBmKKhIFgRAwoJEc9GoXAATAAGXEANjAhLAAEZydB8dkOLiAOwcI5EgBaRn0xnAUDI9HwMRwBGIZGUNHoLTYGE4PD4ghEYkk0i+8iYSioqnUWh0HJMUDgqFQmAFhFI5CoooUrHYXCo7kgiFSjwo8jkClVKjUmm0ujAhk5pgMGgaIQENQi0TiCUQNQ8Xh8YD8AQ0smYFg4BgARJmDABibOQMa9IWmrF2h1veR8xiwTCkRDsyAAIWw8As9EQNG41uwGGQXTQUiw7mCX2od0gIyUkAAFGAGwBKcIIKzS6SUaEYIh2qLwbjQaS4RAAbirNcVMQoLEg6eYEiwDCshu4aAYUS8TjAq0Q293+8Q6ec+BXjeWCzowD5YE+L5vron7fnu7Z/hoBhQB0njeJQ4TaJ88T4J2KC3BiaDLPQ6givAATIOel6ZPiAGQEc+JIShaE+JAMQfGOEhoBY8AOOIARppAuiQL0/IABLQNAbSQAS+IADSQBgCSQFxPF8YqABSHQAPJJOEw5CAAjugGD0DE2ioig/LwBgqm8dONntpivL8ogLbsKWDCXIgiBzkhQlQGMtC0MgJAAB7cDxDDqFWohRGxkSKaMJDMNwuDyE+LjIDZziuJAqGxhhtD4AwqTsMe5kttl/IAF6UIBmWwIgTH5SEuDFe4WDxEEDBcGQ1a3IqEy9HabUdVgyyGdgZCXPpLjoJARBUJcMQzKNeDjfw/IuE4vAldIyBLec3AKTtWAxJElxgNuszVXa4izJAFDdhgNlEApmBmTZ3EWPIwJnv9fAEGxGK7ZEny5PikNWYpJB0HQLVjD0vTQB+JXIHccXnFK7G4HcYBKGlsB2h8dG0cDuNjqtj0IO2kSyC1bSFIwhH8RgXDYPYjiURezAqUSdESAAHFtLOYjQYDTLMYAYlN+7oPKibIZATNfDcY4YGgzBvVwbmpTxMQwmZvNGtGLGUGAnPqWAAAkADeduLcETTPRgAD69kAL6e3RaB4PgZuFRQltczQLVDKwMVsD50GfSrzPiLgVgc6HdB0TZ97YJOaAKLZ7DkZrFgnhuKL4JuvAkIbYXTnckQkFOxUML5XB+4KVuOJAEcjBg4yTHa5sUAucdMBQGKINwAS0G9ziWCQjPMwIijyDQYVStrSl8BdFCPBU0/7EIwK4BKuDHhXywUFIGMBDQkrz2L1AF/dJB4fsIWQEoVgS98tz3M4z1OMDVWDBWYFyQjmPMYwLA0DNAXZAwMdrv1EBYN4D8KKi3ChPCg5pErTAEFFSA+dxDSCMFOJSPBQhRRqBg8GaclD3hQWzDGA1SC0DnEYXMMAvBGHYXmPsr12LtkgAAMXcvmQusg6oUCMMUGyio7inloFwAA1JkIkNQKREgzFmZCPo/TclMqLVuxphRmjTuKK0T00C2ntKwcsSpXTKHVJ6LUuidQWm1rgD2IU3YYmhLCOgbt2xvE+ByAwbjcTkgYESNAQsjgMEyGgfERwVBEiJOSOJ9Ihb0myELXIOQGC4hiAIXIRxchpOfKIb0hg3EkCOAIBg5JnyZAYLQAQmR6T4iFpkbpwVaDkhiOSIW2RaB5NoJktA3SoloEqdqLkbEhYjKOHQBgmShZw3pHkzIMQxnZAYMyekuJsgCDWTkmJuIhadKONkKpej3HqC8YgHxUIYRwloG7HkNy3EVzdmwd4btMYvkeUErBNyDB2wMEJdMSAmYNniC+OgXd2BtHwE5Wg6YuDmVRCQOSEKryIFgOcVssKSpRCZuiti3Flg4shUgbSUhR68SUBgclmKqW4vTFPWghRuyrBKh0XAFA3qIAGK4F85KBXTWpVeTl3KMDmCTiQEVcVxX/ylRy3isrVjSGATuNmSqxUYspdi9lPEMBRDoL0Hy01ED8ooOSzMarkHtn1VESE9ooF/i4AAbVxUJcFQkA1XgBVEJIWsSD2q1YgHVaVH4uvTFKwN6Ygm4GBCqyVvqA3pgwcgzWbN7Uuq3DuME9AoBDCUIUd06hACYBMgBARBYBgCsFIIuNjHTyFQGQFQVhaAaHjRmyFE5w1cHTJ4Cgr0Nx9sDZCyI8AgiFxdaGtg9qlBRsFTGgI6YM2ewTZAf1U70zBsXUOq88rlzBsnfu5NqauASuNVOq82bMCoOZcOuAADZ5gUxBQX6pZbGCrqnAvKjwcryJLinPi08EExnQnwLSulIAAHF1BiVCOESIsR4i2kNsuIc80uKCvONlVKF4pDHzgYBAQzZWxPyqApOyEGAgKXxRtBIXUy7wAYB9AxQCQGJgvYmwd9rR3jqIPxzNGImAYENkQDYx7WV3v3TOud3EF1hvtYnKwm7A3bozXuxNh61PDt5U3AV08hj0rfGJyFV7PV/3TferNEUc3PvtUkQCq1biMISt2EiWAEGgZYWxdy5GCGqWwB3Ru7ZBUbgUBZ0gGh8rfm4NPSLpmYtMDi04YNvad2QrHvgCweAC72oAOqCpoO/dGaWiCUUSggjzisezjiQG5GLO0+bAz2OIRAMRl55Qy8oUguUx4EtbDl/tQFFDHpHW8ETVmrxKe+hYVTS7h2peizVrTAbPa4oALqOqIrgJmp7ptElyDEIkcNcjZEKUSBgAh8RoGyDEDZaz0nPlyKIAQOSzvHMxDEZkRIjmZCFgSNAkN8TkjoLkSGRJVFw1xAwC9HKqsbfM4NkgvRJSUELvyxw5K7Y7Z22EuZ3zfmkH+aKqIjyPmzIgEaN2T5/qBMBDQFnwTQV23TE6o7ftiJjFwJCPxryu7qCGN2XA6L8TE7cUYxnfOSDs7Z7Tn0QA== -->\n\n<!-- internal state end -->"},"request":{"retryCount":1}},"response":{"url":"https://api.github.com/repos/PSMRI/Common-API/issues/comments/3882249703","status":401,"headers":{"access-control-allow-origin":"*","access-control-expose-headers":"ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset","connection":"close","content-security-policy":"default-src 'none'","content-type":"application/json; charset=utf-8","date":"Wed, 11 Feb 2026 15:52:38 GMT","referrer-policy":"origin-when-cross-origin, strict-origin-when-cross-origin","server":"github.com","strict-transport-security":"max-age=31536000; includeSubdomains; preload","vary":"Accept-Encoding, Accept, X-Requested-With","x-content-type-options":"nosniff","x-frame-options":"deny","x-github-media-type":"github.v3; format=json","x-github-request-id":"08D4:12FA91:4C400D4:14C090C4:698CA5C6","x-xss-protection":"0"},"data":{"message":"Bad credentials","documentation_url":"https://docs.github.com/rest","status":"401"}}}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/main/java/com/iemr/common/config/SwaggerConfig.java`:
- Around line 23-25: The SwaggerConfig currently adds Server entries with
hardcoded internal default URLs via System.getenv().getOrDefault(...) for
API_DEV_URL, API_UAT_URL and API_DEMO_URL which exposes internal hostnames when
env vars are missing; update the logic in SwaggerConfig where the new
io.swagger.v3.oas.models.servers.Server() instances are created (the three
Server(...) url(...) calls) so that if the environment variable is unset you
either (a) use a safe default like "http://localhost" or (b) skip adding that
Server entry entirely — choose one approach consistently and implement it by
checking System.getenv("API_*_URL") for null/empty before constructing/adding
the Server or by changing getOrDefault(...) to a safe localhost value.

🧹 Nitpick comments (2)

src/main/java/com/iemr/common/config/SwaggerConfig.java (2)

22-26: Prefer @Value injection over raw System.getenv() for Spring configuration.

Using System.getenv() bypasses Spring's property resolution, meaning these values can't be overridden via application.properties, profiles, or test configurations. Spring's @Value with ${ENV_VAR:default} syntax resolves environment variables, system properties, and config files uniformly.

♻️ Suggested refactor

Inject the URLs as constructor/field parameters:

`@Configuration`
public class SwaggerConfig {

    `@Value`("${API_DEV_URL:https://amritwprdev.piramalswasthya.org}")
    private String devUrl;

    `@Value`("${API_UAT_URL:https://uatamrit.piramalswasthya.org}")
    private String uatUrl;

    `@Value`("${API_DEMO_URL:https://amritdemo.piramalswasthya.org}")
    private String demoUrl;

    `@Bean`
    public OpenAPI customOpenAPI() {
        return new OpenAPI()
            .info(new Info().title("Common API").version("version")
                .description("A microservice for the creation and management of beneficiaries."))
            .addSecurityItem(new SecurityRequirement().addList("my security"))
            .components(new Components().addSecuritySchemes("my security",
                new SecurityScheme().name("my security").type(SecurityScheme.Type.HTTP).scheme("bearer")))
            .servers(java.util.Arrays.asList(
                new io.swagger.v3.oas.models.servers.Server().url(devUrl).description("Dev"),
                new io.swagger.v3.oas.models.servers.Server().url(uatUrl).description("UAT"),
                new io.swagger.v3.oas.models.servers.Server().url(demoUrl).description("Demo")
            ));
    }
}

---

22-26: Inline fully-qualified class names — consider adding imports instead.

java.util.Arrays and io.swagger.v3.oas.models.servers.Server are used with their FQCNs inline. Adding them as imports at the top of the file would improve readability and consistency with the existing import style.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Hardcoded default URLs expose internal infrastructure in the OpenAPI spec.

When the environment variables are unset (e.g., local development, CI), the Swagger UI will display and allow "Try it out" requests against real Dev/UAT/Demo servers. Consider whether these defaults should instead point to http://localhost or be left empty to avoid accidental requests to live environments and leaking internal hostnames.

🤖 Prompt for AI Agents

In `@src/main/java/com/iemr/common/config/SwaggerConfig.java` around lines 23 -
25, The SwaggerConfig currently adds Server entries with hardcoded internal
default URLs via System.getenv().getOrDefault(...) for API_DEV_URL, API_UAT_URL
and API_DEMO_URL which exposes internal hostnames when env vars are missing;
update the logic in SwaggerConfig where the new
io.swagger.v3.oas.models.servers.Server() instances are created (the three
Server(...) url(...) calls) so that if the environment variable is unset you
either (a) use a safe default like "http://localhost" or (b) skip adding that
Server entry entirely — choose one approach consistently and implement it by
checking System.getenv("API_*_URL") for null/empty before constructing/adding
the Server or by changing getOrDefault(...) to a safe localhost value.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud