vutoff · u34-georgi-telerik · Oct 16, 2024 · Oct 23, 2024 · Oct 23, 2024 · Oct 23, 2024
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,33 @@
+# EditorConfig is awesome: https://editorconfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# Matches multiple files with brace expansion notation
+# Set default charset
+[*.{js,py}]
+charset = utf-8
+
+# 4 space indentation
+[*.py]
+indent_style = space
+indent_size = 4
+
+# Tab indentation (no size specified)
+[Makefile]
+indent_style = tab
+
+# Indentation override for all JS under lib directory
+[lib/**.js]
+indent_style = space
+indent_size = 2
+
+# Matches the exact files either package.json or .travis.yml
+[{package.json,.travis.yml}]
+indent_style = space
+indent_size = 2
diff --git a/.github/workflows/ci-pipeline.yml b/.github/workflows/ci-pipeline.yml
@@ -0,0 +1,195 @@
+---
+name: GitHub Actions Homework Demo
+run-name: ${{ github.actor }} is testing out GitHub Actions
+on:
+  push:
+    branches:
+      - github-actions-practice
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v3
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+      - name: Install pre-commit
+        run: |
+          python -m pip install pre-commit
+          pre-commit install
+      - name: Run pre-commit
+        run: pre-commit run --all-files
+
+  editorconfig-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Check .editorconfig exists
+        run: |
+          if [ ! -f .editorconfig ]; then
+            echo ".editorconfig file not found in root directory"
+            exit 1
+          fi
+      - name: Install editorconfig-checker
+        run: |
+          npm install -g editorconfig-checker
+          editorconfig-checker
+
+  secrets-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Check for hardcoded secrets
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  markdown-check:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run markdown lint with npx
+        run: npx markdownlint-cli .
+
+  code-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+      - name: Install linting tools
+        run: pip install pylint flake8 flask
+      - name: Lint Python code
+        run: |
+          find . -name '*.py' | xargs pylint
+          flake8 .
+
+  unit-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Python
+        uses: actions/setup-python@v3
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+      - name: Run unit tests
+        run: |
+          cd app
+          python -m unittest discover -v
+
+  docker-build:
+    needs:
+      - pre-commit
+      - editorconfig-check
+      - secrets-check
+      - markdown-check
+      - code-lint
+      - unit-tests
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Build Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: false
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/u34:${{ github.sha }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/u34:latest
+
+  trivy:
+    needs: docker-build
+    runs-on: ubuntu-latest
+    outputs:
+      has_critical_vulnerabilities: ${{ steps.trivy.outputs.exit_code }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Scan Docker image with Trivy
+        uses: aquasecurity/trivy-action@master
+        continue-on-error: true
+        with:
+          image-ref: ${{ secrets.DOCKERHUB_USERNAME }}/u34:${{ github.sha }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          severity: 'CRITICAL'
+
+  snyk:
+    needs: docker-build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+
+  docker-compose:
+    needs: docker-build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Docker Compose
+        run: |
+          BASEURL="https://github.com/docker/compose/releases/latest/download"
+          FILENAME="docker-compose-$(uname -s)-$(uname -m)"
+          sudo curl -L "${BASEURL}/${FILENAME}" -o /usr/local/bin/docker-compose
+          sudo chmod +x /usr/local/bin/docker-compose
+      - name: Build and Run Container with Docker Compose
+        run: |
+          docker-compose up -d --build
+          docker-compose ps
+          docker-compose logs
+
+  push-to-docker:
+    needs:
+      - trivy
+      - snyk
+    runs-on: ubuntu-latest
+    if: ${{ needs.trivy.outputs.has_critical_vulnerabilities == '0' }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Login to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/u34:${{ github.sha }}
+            ${{ secrets.DOCKERHUB_USERNAME }}/u34:latest
+
+  sonarcloud:
+    needs: [push-to-docker]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
diff --git a/.markdownlint.json b/.markdownlint.json
@@ -0,0 +1,6 @@
+{
+    "default": true,
+    "MD013": {
+      "line_length": 120
+    }
+  }
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,20 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: check-merge-conflict
+      - id: check-added-large-files
+        args: ['--maxkb=500']
+      - id: detect-private-key
+
+  - repo: https://github.com/zricethezav/gitleaks
+    rev: v8.18.1
+    hooks:
+      - id: gitleaks
+
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.33.0
+    hooks:
+      - id: yamllint
+        args: [--format, parsable, --no-warnings]
diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+3.11.8
diff --git a/CONTRIBUTING b/CONTRIBUTING
@@ -0,0 +1,37 @@
+# Contributing to U34
+Thank you for your interest in contributing to U34! We welcome and appreciate all contributions, whether they are bug reports, feature requests, or code changes.
+
+Before you start, please take a moment to review the following guidelines to ensure a smooth and effective contribution process.
+
+## Code of Conduct
+
+By participating in this project, you agree to abide by the [Contributor Covenant Code of Conduct](https://www.contributor-covenant.org/version/2/1/code_of_conduct/). Please familiarize yourself with the code of conduct and ensure your contributions align with it.
+
+## How to Contribute
+
+There are several ways you can contribute to U34:
+
+1. **Report Bugs**: If you encounter any bugs or issues, please report them by [opening a new issue](https://github.com/u34-georgi-telerik/devops-programme/issues/new/choose) on the project's GitHub repository. Be sure to provide a clear and detailed description of the problem, including steps to reproduce the issue.
+
+2. **Suggest Features**: Have an idea for a new feature or an improvement to an existing one? [Open a new issue](https://github.com/u34-georgi-telerik/devops-programme/issues/new/choose) and describe your proposal. We'll be happy to discuss it with you.
+
+3. **Submit Code Changes**: If you'd like to contribute code changes, follow these steps:
+   - Fork the repository and create a new branch for your changes.
+   - Make your changes and ensure they align with the project's coding style and guidelines.
+   - Write tests for your changes, if applicable.
+   - Commit your changes and push them to your forked repository.
+   - [Open a pull request](https://github.com/u34-georgi-telerik/devops-programme/pulls) against the main branch of the original repository.
+
+4. **Provide Feedback**: Even if you don't have a specific bug report or feature request, we welcome any feedback or suggestions you may have about the project. You can [open a new issue](https://github.com/u34-georgi-telerik/devops-programme/issues/new/choose) or reach out to the project maintainers directly.
+
+## Development Environment Setup
+
+To set up your development environment, please follow these steps:
+
+1. Clone the repository: `git clone https://github.com/u34-georgi-telerik/devops-programme.git`
+2. Install the required dependencies: `pip install -r requirements.txt`
+3. Run the test suite: `pytest`
+
+If you have any questions or need further assistance, don't hesitate to [open an issue](https://github.com/u34-georgi-telerik/devops-programme/issues/new/choose) or reach out to the project maintainers.
+
+We look forward to your contributions and appreciate your involvement in making U34 even better!
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,14 @@
+FROM ubuntu:22.04
+RUN apt-get update && \
+    apt-get install -y \
+    python3 -y \
+    python3-pip -y && \
+    groupadd -g 1234 notroot && \
+    useradd -m -u 1234 -g notroot notroot
+USER notroot
+WORKDIR /app
+COPY requirements.txt .
+RUN pip install -r requirements.txt
+COPY app .
+EXPOSE 5000
+CMD ["python3", "app.py"]
diff --git a/README.md b/README.md
@@ -1 +1 @@
-# devops-programme
+# devops-programme
diff --git a/ansible/README.md b/ansible/README.md
@@ -0,0 +1,33 @@
+# Configuration Management with Ansible
+
+Create an Ansible playbook that build, push and then run the Docker image for the Python
+application. Let your playbook has the following variables:
+
+* `image_name` - contains the name of your image without the tag, i.e. `vutoff/python-app`
+* `image_tag` - contains the tag you tagged your image with, i.e. `v0.2`
+* `listen_port` - contains the listening port you're binding your app to.
+
+Make sure that you set environment variable `PORT` when you define your container
+in the Ansible playbook that takes its value from `listen_port` variable.
+
+Use Ansible modules. Do not shell out.
+
+## Requirements
+
+* Make sure you have Python installed. Any version above 3.8 would suffice.
+* The `requirements.txt` file in this directory contains the required Ansible version. Run
+
+```sh
+pip install -r requirements.txt
+```
+
+* Make sure that Docker is running on your local machine.
+
+## Mind the following
+
+* If you're running Docker Desktop, mind the location of the `docker.sock` file. The location of the socket file is
+  * Docker Desktop - `${HOME}/.docker/run/docker.sock`
+
+* If you're using one of the above, when you write your Ansible playbook you
+must specify the path to the docker socket with the parameter `docker_host`,
+i.e. `docker_host: "unix://{{ ansible_env.HOME }}/.rd/docker.sock"`.