diff --git a/.editorconfig b/.editorconfig
index 7b938fe92..1a76854ef 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -3,7 +3,7 @@ root = true
# Unix-style newlines with a newline ending every file
[*]
end_of_line = lf
-insert_final_newline = true
+#insert_final_newline = true
# Matches multiple files with brace expansion notation
# Set default charset
diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml
new file mode 100644
index 000000000..81f6ce73e
--- /dev/null
+++ b/.github/workflows/ci-pipeline.yml
@@ -0,0 +1,179 @@
+name: u34 ci-pipeline
+run-name: u34 ci-pipeline run on ${{ github.event_name }} event
+on:
+ schedule:
+ - cron: '0 0 * * 1,4' # on Monday (1) and Thursday (4)
+ pull_request:
+# types: [opened, reopened]
+# branches:
+# - 'main'
+# paths:
+# - 'app/**'
+# - 'Dockerfile'
+# - 'requirements.txt'
+
+env:
+ IMAGE_TAG: metodil/my-hello-app
+
+jobs:
+
+ editorconfig:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: editorconfig-checker/action-editorconfig-checker@main
+ - run: editorconfig-checker
+
+ markdown-link-check:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@master
+ - uses: gaurav-nelson/github-action-markdown-link-check@v1
+
+ lint-black:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - uses: psf/black@stable
+ with:
+ options: "--check --verbose"
+# src: "."
+
+ lint-unit-tests:
+ runs-on: ubuntu-latest
+ needs: [ editorconfig, markdown-link-check, lint-black ]
+ steps:
+ - name: Check out code
+ uses: actions/checkout@v4
+ - name: Set up Python
+ uses: actions/setup-python@v5
+ with:
+ python-version: '3.11.8'
+ cache: 'pip'
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install -r requirements.txt
+ pip install pytest pytest-cov flake8 pylint
+ - name: Run flake8 linting
+ run: flake8 app/
+ - name: Analysing the code with pylint
+ run: |
+ pylint --rcfile=.pylintrc $(git ls-files '*.py')
+ - name: Test with pytest
+ run: |
+ cd app
+ python -m unittest app_test.py
+
+ gitleaks-security:
+ runs-on: ubuntu-latest
+ needs: lint-unit-tests
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+ - uses: gitleaks/gitleaks-action@v2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ trivy-security:
+ runs-on: ubuntu-latest
+ needs: lint-unit-tests
+ steps:
+ - uses: actions/checkout@v4
+ - name: Run Trivy vulnerability scanner in repo mode
+ uses: aquasecurity/trivy-action@0.20.0
+ with:
+ scan-type: 'fs'
+ ignore-unfixed: true
+ format: 'sarif'
+ output: 'trivy-results.sarif'
+ severity: 'CRITICAL'
+ - name: Upload Trivy scan results to GitHub Security tab
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: 'trivy-results.sarif'
+# it is link in my github account
+# snyk-security:
+# runs-on: ubuntu-latest
+# needs: lint-unit-tests
+# steps:
+# - uses: actions/checkout@v4 #actions/checkout@master
+# - name: Run Snyk to check for vulnerabilities
+# uses: snyk/actions/node@master
+# continue-on-error: true # To make sure that SARIF upload gets called
+# env:
+# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+# with:
+# args: --sarif-file-output=snyk.sarif
+# - name: Upload result to GitHub Code Scanning
+# uses: github/codeql-action/upload-sarif@v2
+# with:
+# sarif_file: snyk.sarif
+ sonarcloud-security:
+ runs-on: ubuntu-latest
+ needs: lint-unit-tests
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ # Disabling shallow clone is recommended for improving relevancy of reporting
+ fetch-depth: 0
+ - name: SonarCloud Scan
+ uses: sonarsource/sonarcloud-github-action@v3.1.0 # Ex: v2.1.0, See the latest version at https://github.com/marketplace/actions/sonarcloud-scan
+ env:
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+ build-test:
+ name: Build image and test
+# description: Build Dockerfile, test container with trivy if ok push to registry
+ runs-on: ubuntu-latest
+ if: ${{ !cancelled() && !failure() }}
+ needs: [ gitleaks-security, trivy-security, sonarcloud-security ]
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+ - name: Build an image from Dockerfile
+ run: |
+ docker build -t ${{ env.IMAGE_TAG }}:${{ github.sha }} .
+ - name: Run Trivy vulnerability scanner
+ uses: aquasecurity/trivy-action@0.29.0
+ with:
+ image-ref: '${{ env.IMAGE_TAG }}:${{ github.sha }}'
+ format: 'sarif'
+ output: 'trivy-results-container.sarif'
+ - name: Upload Trivy scan results to GitHub Security tab
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: 'trivy-results-container.sarif'
+# if: always()
+# with:
+# sarif_file: 'trivy-results-container.sarif'
+
+ deploy:
+ name: Get credentials and push to Dockerhub
+# description: Get credentials from Hashi vault and push docker image to Dockerhub
+ runs-on: ubuntu-latest
+ if: ${{ !cancelled() && !failure() }}
+ needs: [ build-test ]
+ steps:
+ - name: Import Secrets from Hashi vault
+ id: import-secrets
+ uses: hashicorp/vault-action@v3
+ with:
+ url: https://vault.elcomp68.com:8200
+ token: ${{ secrets.HV_U34_TOKEN }}
+ caCertificate: ${{ secrets.VAULT_CA_CERT }}
+ secrets: |
+ kv/data/u34-ci dockerhub_username | DOCKERHUB_USERNAME ;
+ kv/data/u34-ci dockerhub_token | DOCKERHUB_TOKEN ;
+ - name: Login to Docker Hub
+ uses: docker/login-action@v3
+ with:
+ username: ${{ env.DOCKERHUB_USERNAME }}
+ password: ${{ env.DOCKERHUB_TOKEN }}
+
+ - name: Build and push
+ uses: docker/build-push-action@v6
+ with:
+ push: true
+ tags: '${{ env.IMAGE_TAG }}:${{ github.sha }}'
+ if: success() # Only push if get login is ok
diff --git a/.github/workflows/u34-hw.yml b/.github/workflows/u34-hw.yml
deleted file mode 100644
index 988fa21ab..000000000
--- a/.github/workflows/u34-hw.yml
+++ /dev/null
@@ -1,102 +0,0 @@
-name: u34 homework workflow
-run-name: u34 homework workflow run on ${{ github.event_name }} event
-on:
- pull_request:
- paths:
- - 'app/**'
- - 'Dockerfile'
- - 'requirements.txt'
-env:
- TEST_TAG: metodil/my-hello-app:test
- IMAGE_TAG: metodil/my-hello-app:latest
-jobs:
- trivy-test:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout code
- uses: actions/checkout@v4
-
- - name: Run Trivy vulnerability scanner in fs mode
- uses: aquasecurity/trivy-action@0.28.0
- with:
- scan-type: 'fs'
- scan-ref: 'app/'
- trivy-config: trivy.yaml
-
- lint-test:
- runs-on: ubuntu-latest
- steps:
- - name: Check out code
- uses: actions/checkout@v4
- - name: Set up Python
- uses: actions/setup-python@v5
- with:
- python-version: '3.x'
- - name: Install dependencies
- run: |
- python -m pip install --upgrade pip
- pip install flake8
- - name: Run flake8 linting
- run: flake8 app/
-
- unit-test:
- runs-on: ubuntu-latest
- steps:
- - name: Check out code
- uses: actions/checkout@v4
- - name: Set up Python
- uses: actions/setup-python@v5
- with:
- python-version: '3.x'
- - name: Install dependencies
- run: |
- python -m pip install --upgrade pip
- pip install -r requirements.txt
- - name: Test with pytest
- run: |
- pip install pytest pytest-cov
- cd app
- pytest app_test.py --doctest-modules --junitxml=junit/test-results.xml --cov=com --cov-report=xml --cov-report=html
-
- build-test-push:
- name: Build Dockerfile, test container with trivy if ok push to registry
- runs-on: ubuntu-latest
- steps:
- - name: Import Secrets from Hashi vault
- id: import-secrets
- uses: hashicorp/vault-action@v2
- with:
- url: https://vault.elcomp68.com:8200
- token: ${{ secrets.HV_U34_TOKEN }}
- caCertificate: ${{ secrets.VAULT_CA_CERT }}
- secrets: |
- kv/data/u34-ci dockerhub_username | DOCKERHUB_USERNAME ;
- kv/data/u34-ci dockerhub_token | DOCKERHUB_TOKEN ;
- - name: Login to Docker Hub
- uses: docker/login-action@v3
- with:
- username: ${{ env.DOCKERHUB_USERNAME }}
- password: ${{ env.DOCKERHUB_TOKEN }}
- - name: Set up QEMU
- uses: docker/setup-qemu-action@v3
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v3
- - name: Build and export to Docker
- uses: docker/build-push-action@v6
- with:
- load: true
- tags: ${{ env.TEST_TAG }}
- - name: Scan Docker image with Trivy
- uses: aquasecurity/trivy-action@0.28.0
- with:
- image-ref: ${{ env.TEST_TAG }} # Image to scan (can use a local build or a pre-pushed image)
- format: 'table' # Output format (can be 'table', 'json', 'template', etc.)
- severity: 'HIGH,CRITICAL' # Only show HIGH and CRITICAL vulnerabilities (optional)
- exit-code: '1' # Set exit code 1 if vulnerabilities are found (optional)
-
- - name: Build and push
- uses: docker/build-push-action@v6
- with:
- push: true
- tags: ${{ env.IMAGE_TAG }}
- if: success() # Only push if test is ok
\ No newline at end of file
diff --git a/.gitleaks.toml b/.gitleaks.toml
new file mode 100644
index 000000000..2e66bada4
--- /dev/null
+++ b/.gitleaks.toml
@@ -0,0 +1,14 @@
+# Title for the gitleaks configuration file.
+title = "Gitleaks title"
+
+# You can include an allowlist table for a single rule to reduce false positives or ignore commits
+# with known/rotated secrets
+[rules.allowlist]
+# note: (rule) regexTarget defaults to check the _Secret_ in the finding.
+# if regexTarget is not specified then _Secret_ will be used.
+# Acceptable values for regexTarget are "match" and "line"
+regexTarget = "match"
+regexes = [
+ '''sonar.organization''',
+ '''sonar.projectKey''',
+]
\ No newline at end of file
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 000000000..76aaf833c
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,18 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+ rev: v2.3.0
+ hooks:
+ - id: check-yaml
+ - id: end-of-file-fixer
+ - id: trailing-whitespace
+ - id: check-added-large-files
+ - id: check-json
+ - id: check-merge-conflict
+#- repo: https://github.com/psf/black
+# rev: 22.10.0
+# hooks:
+# - id: black
+- repo: https://github.com/gitleaks/gitleaks
+ rev: v8.18.0 # Specify the desired version of Gitleaks
+ hooks:
+ - id: gitleaks
diff --git a/.pylintrc b/.pylintrc
new file mode 100644
index 000000000..ff0d4e8ee
--- /dev/null
+++ b/.pylintrc
@@ -0,0 +1,8 @@
+[MASTER]
+disable=
+ C0114, # missing-module-docstring
+ C0115, # missing-class-docstring
+ C0116, # missing-function-docstring
+
+[MESSAGES CONTROL]
+disable=missing-docstring,empty-docstring
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 000000000..f7a1d44ed
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,23 @@
+## How to contribute Devops-programe
+
+#### **Did you find a bug?**
+
+* **Open up a GitHub issue if the bug is a security vulnerability**
+
+#### **Did you write a patch that fixes a bug?**
+
+* Open a new GitHub pull request with the patch.
+
+* Ensure the PR description clearly describes the problem and solution. Include the relevant issue number if applicable.
+
+#### **Do you intend to add a new feature or change an existing one?**
+
+* Suggest your change in the [my email](mailto:metodil@hotmail.com).
+
+#### **Do you have questions about the source code?**
+
+* Ask any question about how to use on [my email](mailto:metodil@hotmail.com).
+
+Thanks!
+
+Metodi Lichkov
diff --git a/README.md b/README.md
index d19dfd95a..7d8beb18e 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,79 @@
-# devops-programme
\ No newline at end of file
+# devops-programme
+
+
+## M1-4-2-CI-Practice - GitHub Actions Practice
+
+### Prerequisites
+
+- Organize your git repo to follow the guidelines provides in the presentation ✅ Ok
+
+### Task description
+
+Create a GitHub Actions pipeline that runs on commit to a feature branch (i.e. not `main`) and performs the following checks on our simple Flask app repository.
✅ workflow is created in **.github/workflow/ci-pipeline.yaml**
+
+- Check `.editorconfig` ✅ Ok - test in workflow **editorconfig**
+- Code Lint and style - use `pylint` and `black` to check for style/formatting/syntax errors
+ ✅ Ok - test in workflow **lint-black** and part in **lint-unit-tests**
+- Check makrdown files [markdownlint-cli](https://www.npmjs.com/package/cli-markdown) ✅ Ok - test in workflow **markdown-link-check**
+- Code Unittest - there's a simple unit test next to our app called `app_test.py`. Make sure our unittest passes (`python -m unittest` executed in the app directory) ✅ Ok - test in workflow last part of **lint-unit-tests**
+- Check for hardcoded secrets (`gitleaks`) - not just our app but the whole repository.
+ ✅ Ok - test in workflow **gitleaks-security**
+ ✅ Extra Trivy check repo(fs) - test in workflow **Trivy-security**
+- SAST - SonarCloud; Review code smells and security issues ✅ Ok - test in workflow **sonarcloud-security**
+- SCA - Snyk; review security issues ✅ Ok - **integrated** in my github account
+- Build a Docker image. Use Git commit SHA as an Image tag.
+- Scan the built image with `Trivy`.
+ ✅ Ok - job in workflow **build-test** using SHA in tag and test with Trivy
+- Push the built image to your Docker HUB account.
+ ✅ Ok - job in workflow **deploy** get credential from Hashi vault and push to my dockerhub account
+- (optional) Add CONTRIBUTORS guide. Follow [this](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors) document from GitHUb.
+ ✅ Ok - guide is **added** in root: **CONTRIBUTING.md**
+
+## Extra effort
+
+- Create a pre-commit hook that safeguards for the following
+ - hardcoded secrets (`gitleaks`)
+ - yamllint
+ - check-merge-conflict
+ - check-added-large-files
+***
+✅ Ok - my pre-commit using:
+> - id: check-yaml
+> - id: end-of-file-fixer
+> - id: trailing-whitespace
+> - id: check-added-large-files
+> - id: check-json
+> - id: check-merge-conflict
+> - id: gitleaks
+
+- Setup docker-compose with build and run a container ✅ Ok - created in **M1-4-2-CI-Practice/compose.yaml**
+- Try out GitHub Actions schedule trigger event - .
+✅ Ok - add to workflow
+```
+ schedule:
+ - cron: '0 0 * * 1,4' # on Monday (1) and Thursday (4)
+```
+
+***
+
+## M1-3-1 Configuration Management
+
+### Ansible Task
+
+Create an Ansible playbook that build, push and then run the Docker image for the Python
+application. Let your playbook has the following variables:
+
+* `image_name` - contains the name of your image without the tag, i.e. `vutoff/python-app`
+* `image_tag` - contains the tag you tagged your image with, i.e. `v0.2`
+* `listen_port` - contains the listening port you're binding your app to.
+
+Make sure that you set environment variable `PORT` when you define your container
+in the Ansible playbook that takes its value from `listen_port` variable.
+
+✅ playbook is created in homework/**M1-3-Ansible/u34-ansible-hw.yaml**,
+using **branch:** **ansible-practice-and-homework**
+
+extra playbooks in **M1-3-Ansible** :
+- u34-ansible-hw-with-ansible-vault.yaml : Secrets management with **Ansible secrets**
+- u34-ansible-hw-with-hashi-vault.yaml : Secrets management with **Hashi vault**
+- u34-ansible-hw-with-role-hashi-vault.yaml : Using **roles** in Ansible
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
new file mode 100644
index 000000000..e69de29bb
diff --git a/app/requirements.txt b/app/requirements.txt
new file mode 100644
index 000000000..bbfeb58d9
--- /dev/null
+++ b/app/requirements.txt
@@ -0,0 +1,8 @@
+blinker==1.6.3 ; python_version >= "3.10" and python_version < "4.0"
+click==8.1.7 ; python_version >= "3.10" and python_version < "4.0"
+colorama==0.4.6 ; python_version >= "3.10" and python_version < "4.0" and platform_system == "Windows"
+flask==3.0.0 ; python_version >= "3.10" and python_version < "4.0"
+itsdangerous==2.1.2 ; python_version >= "3.10" and python_version < "4.0"
+jinja2==3.1.4 ; python_version >= "3.10" and python_version < "4.0"
+markupsafe==2.1.3 ; python_version >= "3.10" and python_version < "4.0"
+werkzeug==3.0.6 ; python_version >= "3.10" and python_version < "4.0"
diff --git a/M1-3-Ansible/README.md b/homework/M1-3-Ansible/README.md
similarity index 100%
rename from M1-3-Ansible/README.md
rename to homework/M1-3-Ansible/README.md
diff --git a/M1-3-Ansible/dockerhub_pass.yml b/homework/M1-3-Ansible/dockerhub_pass.yml
similarity index 100%
rename from M1-3-Ansible/dockerhub_pass.yml
rename to homework/M1-3-Ansible/dockerhub_pass.yml
diff --git a/M1-3-Ansible/my-roles/get-dockerhub-credentials/README.md b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/README.md
similarity index 100%
rename from M1-3-Ansible/my-roles/get-dockerhub-credentials/README.md
rename to homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/README.md
diff --git a/M1-3-Ansible/my-roles/get-dockerhub-credentials/defaults/main.yml b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/defaults/main.yml
similarity index 100%
rename from M1-3-Ansible/my-roles/get-dockerhub-credentials/defaults/main.yml
rename to homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/defaults/main.yml
diff --git a/M1-3-Ansible/my-roles/get-dockerhub-credentials/handlers/main.yml b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/handlers/main.yml
similarity index 100%
rename from M1-3-Ansible/my-roles/get-dockerhub-credentials/handlers/main.yml
rename to homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/handlers/main.yml
diff --git a/M1-3-Ansible/my-roles/get-dockerhub-credentials/meta/main.yml b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/meta/main.yml
similarity index 99%
rename from M1-3-Ansible/my-roles/get-dockerhub-credentials/meta/main.yml
rename to homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/meta/main.yml
index 767ba5530..1d16de1c8 100644
--- a/M1-3-Ansible/my-roles/get-dockerhub-credentials/meta/main.yml
+++ b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/meta/main.yml
@@ -10,4 +10,3 @@ galaxy_info:
galaxy_tags: []
dependencies: []
-
diff --git a/M1-3-Ansible/my-roles/get-dockerhub-credentials/tasks/main.yml b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/tasks/main.yml
similarity index 100%
rename from M1-3-Ansible/my-roles/get-dockerhub-credentials/tasks/main.yml
rename to homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/tasks/main.yml
diff --git a/M1-3-Ansible/my-roles/run-container/tests/inventory b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/inventory
similarity index 90%
rename from M1-3-Ansible/my-roles/run-container/tests/inventory
rename to homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/inventory
index 878877b07..2fbb50c4a 100644
--- a/M1-3-Ansible/my-roles/run-container/tests/inventory
+++ b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/inventory
@@ -1,2 +1 @@
localhost
-
diff --git a/M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/test.yml b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/test.yml
similarity index 100%
rename from M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/test.yml
rename to homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/test.yml
diff --git a/M1-3-Ansible/my-roles/get-dockerhub-credentials/vars/main.yml b/homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/vars/main.yml
similarity index 100%
rename from M1-3-Ansible/my-roles/get-dockerhub-credentials/vars/main.yml
rename to homework/M1-3-Ansible/my-roles/get-dockerhub-credentials/vars/main.yml
diff --git a/M1-3-Ansible/my-roles/run-container/README.md b/homework/M1-3-Ansible/my-roles/run-container/README.md
similarity index 100%
rename from M1-3-Ansible/my-roles/run-container/README.md
rename to homework/M1-3-Ansible/my-roles/run-container/README.md
diff --git a/M1-3-Ansible/my-roles/run-container/defaults/main.yml b/homework/M1-3-Ansible/my-roles/run-container/defaults/main.yml
similarity index 84%
rename from M1-3-Ansible/my-roles/run-container/defaults/main.yml
rename to homework/M1-3-Ansible/my-roles/run-container/defaults/main.yml
index 6d503c1c0..ed0bd0f11 100644
--- a/M1-3-Ansible/my-roles/run-container/defaults/main.yml
+++ b/homework/M1-3-Ansible/my-roles/run-container/defaults/main.yml
@@ -2,4 +2,4 @@
# defaults file for run-container
image_name_r: "my-hello-world"
container_name_r: "my-hello-world-hw"
-listen_port_r: 5000
\ No newline at end of file
+listen_port_r: 5000
diff --git a/M1-3-Ansible/my-roles/run-container/handlers/main.yml b/homework/M1-3-Ansible/my-roles/run-container/handlers/main.yml
similarity index 100%
rename from M1-3-Ansible/my-roles/run-container/handlers/main.yml
rename to homework/M1-3-Ansible/my-roles/run-container/handlers/main.yml
diff --git a/M1-3-Ansible/my-roles/run-container/meta/main.yml b/homework/M1-3-Ansible/my-roles/run-container/meta/main.yml
similarity index 100%
rename from M1-3-Ansible/my-roles/run-container/meta/main.yml
rename to homework/M1-3-Ansible/my-roles/run-container/meta/main.yml
diff --git a/M1-3-Ansible/my-roles/run-container/tasks/main.yml b/homework/M1-3-Ansible/my-roles/run-container/tasks/main.yml
similarity index 99%
rename from M1-3-Ansible/my-roles/run-container/tasks/main.yml
rename to homework/M1-3-Ansible/my-roles/run-container/tasks/main.yml
index 9de1450d9..0376fe519 100644
--- a/M1-3-Ansible/my-roles/run-container/tasks/main.yml
+++ b/homework/M1-3-Ansible/my-roles/run-container/tasks/main.yml
@@ -11,4 +11,3 @@
image: "{{ image_name_r }}"
state: started
ports: "{{ listen_port_r }}"
-
diff --git a/M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/inventory b/homework/M1-3-Ansible/my-roles/run-container/tests/inventory
similarity index 90%
rename from M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/inventory
rename to homework/M1-3-Ansible/my-roles/run-container/tests/inventory
index 878877b07..2fbb50c4a 100644
--- a/M1-3-Ansible/my-roles/get-dockerhub-credentials/tests/inventory
+++ b/homework/M1-3-Ansible/my-roles/run-container/tests/inventory
@@ -1,2 +1 @@
localhost
-
diff --git a/M1-3-Ansible/my-roles/run-container/tests/test.yml b/homework/M1-3-Ansible/my-roles/run-container/tests/test.yml
similarity index 100%
rename from M1-3-Ansible/my-roles/run-container/tests/test.yml
rename to homework/M1-3-Ansible/my-roles/run-container/tests/test.yml
diff --git a/M1-3-Ansible/my-roles/run-container/vars/main.yml b/homework/M1-3-Ansible/my-roles/run-container/vars/main.yml
similarity index 97%
rename from M1-3-Ansible/my-roles/run-container/vars/main.yml
rename to homework/M1-3-Ansible/my-roles/run-container/vars/main.yml
index 85acec6d0..037aee7d3 100644
--- a/M1-3-Ansible/my-roles/run-container/vars/main.yml
+++ b/homework/M1-3-Ansible/my-roles/run-container/vars/main.yml
@@ -1,3 +1,2 @@
---
# vars file for run-container
-
diff --git a/M1-3-Ansible/playbook.yaml b/homework/M1-3-Ansible/playbook.yaml
similarity index 93%
rename from M1-3-Ansible/playbook.yaml
rename to homework/M1-3-Ansible/playbook.yaml
index e65a7b98a..0d6942561 100644
--- a/M1-3-Ansible/playbook.yaml
+++ b/homework/M1-3-Ansible/playbook.yaml
@@ -7,7 +7,7 @@
file:
path: "{{ folder_path }}"
state: directory
- mode: 0755
+ mode: 0770
- name: Get latest git version
git:
repo: git@github.com:Metodil/devops-programme
@@ -25,4 +25,4 @@
register: test_results
- name: Print test test_results
debug:
- var=test_results.stderr
\ No newline at end of file
+ var=test_results.stderr
diff --git a/M1-3-Ansible/u34-ansible-hw-with-ansible-vault.yaml b/homework/M1-3-Ansible/u34-ansible-hw-with-ansible-vault.yaml
similarity index 99%
rename from M1-3-Ansible/u34-ansible-hw-with-ansible-vault.yaml
rename to homework/M1-3-Ansible/u34-ansible-hw-with-ansible-vault.yaml
index 5f4c09d9e..e55a7c81c 100644
--- a/M1-3-Ansible/u34-ansible-hw-with-ansible-vault.yaml
+++ b/homework/M1-3-Ansible/u34-ansible-hw-with-ansible-vault.yaml
@@ -27,7 +27,7 @@
file:
path: "{{ app_folder }}"
state: directory
- mode: 0755
+ mode: 0770
- name: Get latest git version
git:
diff --git a/M1-3-Ansible/u34-ansible-hw-with-hashi-vault.yaml b/homework/M1-3-Ansible/u34-ansible-hw-with-hashi-vault.yaml
similarity index 99%
rename from M1-3-Ansible/u34-ansible-hw-with-hashi-vault.yaml
rename to homework/M1-3-Ansible/u34-ansible-hw-with-hashi-vault.yaml
index e812cd8b7..f41ec8834 100644
--- a/M1-3-Ansible/u34-ansible-hw-with-hashi-vault.yaml
+++ b/homework/M1-3-Ansible/u34-ansible-hw-with-hashi-vault.yaml
@@ -45,7 +45,7 @@
file:
path: "{{ app_folder }}"
state: directory
- mode: 0755
+ mode: 0770
- name: Get latest git version
git:
diff --git a/M1-3-Ansible/u34-ansible-hw-with-role-hashi-vault.yaml b/homework/M1-3-Ansible/u34-ansible-hw-with-role-hashi-vault.yaml
similarity index 97%
rename from M1-3-Ansible/u34-ansible-hw-with-role-hashi-vault.yaml
rename to homework/M1-3-Ansible/u34-ansible-hw-with-role-hashi-vault.yaml
index c03cf93ee..789dba4d8 100644
--- a/M1-3-Ansible/u34-ansible-hw-with-role-hashi-vault.yaml
+++ b/homework/M1-3-Ansible/u34-ansible-hw-with-role-hashi-vault.yaml
@@ -34,7 +34,7 @@
file:
path: "{{ app_folder }}"
state: directory
- mode: 0755
+ mode: 0770
- name: Get latest git version
git:
repo: git@github.com:{{ git_repo }}
@@ -71,4 +71,4 @@
vars:
container_name_r: "{{ container_name }}"
image_name_r: "{{ dockerhub_username }}/{{ image_name }}:{{ image_tag }}{{ ver_num.stdout }}-hashi-vault"
- listen_port_r: "{{ listen_port }}"
\ No newline at end of file
+ listen_port_r: "{{ listen_port }}"
diff --git a/M1-3-Ansible/u34-ansible-hw.yaml b/homework/M1-3-Ansible/u34-ansible-hw.yaml
similarity index 98%
rename from M1-3-Ansible/u34-ansible-hw.yaml
rename to homework/M1-3-Ansible/u34-ansible-hw.yaml
index e9ed2a663..a85619e3b 100644
--- a/M1-3-Ansible/u34-ansible-hw.yaml
+++ b/homework/M1-3-Ansible/u34-ansible-hw.yaml
@@ -25,7 +25,7 @@
file:
path: "{{ app_folder }}"
state: directory
- mode: 0755
+ mode: 0770
- name: Get latest git version
git:
diff --git a/M1-3-Ansible/ver_num b/homework/M1-3-Ansible/ver_num
similarity index 100%
rename from M1-3-Ansible/ver_num
rename to homework/M1-3-Ansible/ver_num
diff --git a/M1-4-2-CI-Practice/README.md b/homework/M1-4-2-CI-Practice/README.md
similarity index 99%
rename from M1-4-2-CI-Practice/README.md
rename to homework/M1-4-2-CI-Practice/README.md
index 761192ab9..891b695e9 100644
--- a/M1-4-2-CI-Practice/README.md
+++ b/homework/M1-4-2-CI-Practice/README.md
@@ -59,4 +59,3 @@ Create a GitHub Actions pipeline that runs on commit to a feature branch (i.e. n
- check-added-large-files
- Setup docker-compose with build and run a container
- Try out GitHub Actions schedule trigger event -
-
diff --git a/homework/M1-4-2-CI-Practice/compose.yaml b/homework/M1-4-2-CI-Practice/compose.yaml
new file mode 100644
index 000000000..d8e5570bf
--- /dev/null
+++ b/homework/M1-4-2-CI-Practice/compose.yaml
@@ -0,0 +1,6 @@
+services:
+ web:
+ container_name: my-hello-world-dc
+ build: .
+ ports:
+ - "5000:3000"
diff --git a/.github/workflows/first-workflow.yml b/homework/M1-4-2-CI-Practice/first-workflow.yml
similarity index 100%
rename from .github/workflows/first-workflow.yml
rename to homework/M1-4-2-CI-Practice/first-workflow.yml
diff --git a/.github/workflows/push.yml b/homework/M1-4-2-CI-Practice/push.yml
similarity index 97%
rename from .github/workflows/push.yml
rename to homework/M1-4-2-CI-Practice/push.yml
index 78e173aec..ef5074384 100644
--- a/.github/workflows/push.yml
+++ b/homework/M1-4-2-CI-Practice/push.yml
@@ -88,4 +88,4 @@ jobs:
run: |
pip install pytest pytest-cov
cd app
- pytest app_test.py --doctest-modules --junitxml=junit/test-results.xml --cov=com --cov-report=xml --cov-report=html
\ No newline at end of file
+ pytest app_test.py --doctest-modules --junitxml=junit/test-results.xml --cov=com --cov-report=xml --cov-report=html
diff --git a/requirements.txt b/requirements.txt
index d5327549c..bbfeb58d9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,7 +3,6 @@ click==8.1.7 ; python_version >= "3.10" and python_version < "4.0"
colorama==0.4.6 ; python_version >= "3.10" and python_version < "4.0" and platform_system == "Windows"
flask==3.0.0 ; python_version >= "3.10" and python_version < "4.0"
itsdangerous==2.1.2 ; python_version >= "3.10" and python_version < "4.0"
-jinja2==3.1.2 ; python_version >= "3.10" and python_version < "4.0"
+jinja2==3.1.4 ; python_version >= "3.10" and python_version < "4.0"
markupsafe==2.1.3 ; python_version >= "3.10" and python_version < "4.0"
-werkzeug==3.0.3 ; python_version >= "3.10" and python_version < "4.0"
-
+werkzeug==3.0.6 ; python_version >= "3.10" and python_version < "4.0"
diff --git a/sonar-project.properties b/sonar-project.properties
new file mode 100644
index 000000000..5a56b33df
--- /dev/null
+++ b/sonar-project.properties
@@ -0,0 +1,7 @@
+sonar.organization=metodil
+sonar.projectKey=Metodil_devops-programme
+
+
+# relative paths to source directories. More details and properties are described
+# in https://sonarcloud.io/documentation/project-administration/narrowing-the-focus/
+sonar.sources=.
\ No newline at end of file