Initial setup

.eslintignore

@@ -0,0 +1,3 @@
+node_modules
+dist
+coverage

.eslintrc.json

@@ -0,0 +1,26 @@
+{
+    "env": {
+      "browser": false,
+      "commonjs": true,
+      "es2021": true,
+      "node": true,
+      "jest": true
+    },
+    "extends": ["eslint:recommended", "plugin:prettier/recommended"],
+    "parserOptions": {
+      "ecmaVersion": "latest"
+    },
+    "rules": {
+      "semi": ["error", "always"],
+      "quotes": ["error", "double"],
+      "prettier/prettier": [
+        "error",
+        {
+          "singleQuote": false,
+          "semi": true,
+          "tabWidth": 2
+        }
+      ]
+    }
+  }
+

.github/workflows/ci-cd.yml

@@ -0,0 +1,65 @@
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [ "main", "develop" ]
+  pull_request:
+    branches: [ "main", "develop" ]
+
+jobs:
+  build-test-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v3
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18
+
+      - name: Install Dependencies
+        run: npm install
+
+      - name: Run ESLint
+        run: npm run lint
+
+      - name: Run Tests
+        run: npm test
+
+      - name: Dependency Audit
+        run: npm audit --audit-level=high
+
+      - name: Build Docker Image
+        run: docker build -t mydev:${{ github.sha }} .
+
+      - name: Trivy Scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: mydev:${{ github.sha }}
+
+      - name: Push to Docker Hub
+        run: |
+          echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
+
+          IMAGE_NAME=docker.io/${{ secrets.DOCKERHUB_USERNAME }}/mydev
+
+          docker tag mydev:${{ github.sha }} $IMAGE_NAME:${{ github.sha }}
+          docker push $IMAGE_NAME:${{ github.sha }}
+
+          docker tag mydev:${{ github.sha }} $IMAGE_NAME:latest
+          docker push $IMAGE_NAME:latest
+
+
+
+  deploy:
+    runs-on: ubuntu-latest
+    needs: build-test-scan
+    steps:
+      - name: Deploy to Staging
+        if: github.ref == 'refs/heads/develop'
+        run: echo "🚀 Deploying from Docker image to staging..."
+
+      - name: Deploy to Production
+        if: github.ref == 'refs/heads/main'
+        run: echo "🚀 Deploying from Docker image to production..."

.github/workflows/codeql.yml

@@ -0,0 +1,38 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main", "develop" ]
+  pull_request:
+    branches: [ "main", "develop" ]
+  schedule:
+    - cron: '0 3 * * 0' # Weekly scan
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/gitleaks.yml

@@ -0,0 +1,29 @@
+name: "Gitleaks Secret Scan"
+
+on:
+  push:
+    branches: [ "main", "develop" ]
+  pull_request:
+    branches: [ "main", "develop" ]
+
+jobs:
+  gitleaks:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout (full history for Gitleaks)
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0   
+
+      - name: Run Gitleaks
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          args: detect --redact --exit-code=1 --report-format=sarif --report-path=results.sarif
+
+      - name: Upload Gitleaks Report
+        uses: actions/upload-artifact@v3
+        with:
+          name: gitleaks-results
+          path: results.sarif

.gitignore

@@ -0,0 +1,13 @@
+node_modules/
+.DS_Store
+.env
+.env.local
+.env.development.local
+.env.test.local
+.env.production.local
+coverage/
+.nyc_output/
+.idea/
+.vscode/
+*.log
+npm-debug.log*

.husky/pre-commit

@@ -0,0 +1 @@
+npm test

.idx/dev.nix

@@ -0,0 +1,59 @@
+{ pkgs, ... }: {
+  channel = "stable-24.05";
+
+  packages = [
+     pkgs.go
+     pkgs.python311
+     pkgs.python311Packages.pip
+     pkgs.nodejs_20
+     pkgs.helm
+     pkgs.nodePackages.nodemon
+     pkgs.docker
+     pkgs.dig.dnsutils
+     pkgs.eksctl
+     pkgs.openssl_3_3.bin
+     pkgs.prometheus.cli 
+     pkgs.docker-client
+     pkgs.openssh
+     pkgs.k3s
+     pkgs.kubectl
+     pkgs.tenv
+     pkgs.docker-compose
+     pkgs.ansible
+     pkgs.sudo
+     pkgs.awscli
+     pkgs.busybox
+     pkgs.nano
+     pkgs.grafana
+  ];
+
+  env = {};
+
+  idx = {
+    extensions = [
+      # add more if needed
+    ];
+
+    previews = {
+      enable = true;
+      previews = {
+        auth-service = {
+          command = [ "npm" "start" ];
+          manager = "web";
+          env = {
+            PORT = "$PORT"; # IDX injects a random port, and passes it to your app
+          };
+        };
+      };
+    };
+
+    workspace = {
+      onCreate = {
+        setup-node = "npm install";
+      };
+      onStart = {
+        dev-preview = "npm run start";
+      };
+    };
+  };
+}

.prettierrc.json

@@ -0,0 +1,6 @@
+{
+  "singleQuote": false,
+  "semi": true,
+  "tabWidth": 2,
+  "trailingComma": "es5"
+}

Dockerfile

@@ -0,0 +1,7 @@
+FROM node:18-alpine
+WORKDIR /app
+COPY package*.json ./
+RUN npm install --only=production --ignore-scripts
+COPY . .
+EXPOSE 3000
+CMD ["npm", "start"]

README.md

@@ -1 +1 @@
-# FullStack_DevSec
+# FullStack_DevSec

lint-staged.config.js

@@ -0,0 +1,6 @@
+// lint-staged.config.js
+module.exports = {
+  "src/**/*.{js,jsx}": ["eslint --fix", "prettier --write"],
+  "tests/**/*.{js,jsx}": ["eslint --fix", "prettier --write"],
+  "*.json": ["prettier --write"],
+};