DevSecOps-Simplon-Training · ororck · Jun 4, 2026 · Jun 4, 2026 · Jun 4, 2026 · Jun 4, 2026
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1,14 @@
+# Syntaxe : <pattern de fichier>  <@utilisateur ou @org/équipe>
+
+# Par défaut : tout changement requiert une review de ces personnes
+*                          @<ororck>
+
+# Les workflows CI/CD ne peuvent être modifiés que par le lead DevOps
+.github/workflows/         @<ororck>
+
+# Le fichier de dépendances requiert une validation technique
+ressources/requirements.txt  @<ororck>
+
+# Les fichiers de sécurité requièrent une double validation
+.github/dependabot.yml     @<ororck>
+.github/CODEOWNERS         @<ororck>
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,26 @@
+# .github/dependabot.yml — configuration complète commentée
+version: 2
+
+updates:
+  # GitHub Actions : surveille les "uses: action/nom@version" dans les workflows
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"      # "daily" ou "monthly" aussi possible
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"            # les commits Dependabot auront le préfixe "ci:"
+
+  # pip : surveille requirements.txt dans /ressources
+  - package-ecosystem: "pip"
+    directory: "/ressources"
+    schedule:
+      interval: "weekly"
+    labels:
+      - "dependencies"
+      - "python"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "chore"         # les commits auront le préfixe "chore:"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,18 +1,58 @@
-name: CI
+name: CI — NexaCloud API
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [main]
   pull_request:
-    branches: [ "main" ]
+    branches: [main]
 
 jobs:
-  build:
+  test:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout code
+      - name: Checkout
         uses: actions/checkout@v4
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Install dependencies
+        run: pip install -r ressources/requirements.txt
+      - name: Launch tests
+        run: pytest ressources/ -v
+      # Ajouter la couverture de tests
+      - name: Tests avec couverture
+        run: pytest ressources/ -v --cov=ressources --cov-report=term-missing
+      # Uploader le rapport de couverture comme artefact téléchargeable
+      - name: Générer le rapport HTML
+        run: pytest ressources/ --cov=ressources --cov-report=html
+      - name: Upload du rapport
+        uses: actions/upload-artifact@v4
+        with:
+          name: rapport-couverture
+          path: htmlcov/
+      # Mettre en cache les dépendances pip (accélère les builds suivants)
+      - name: Cache pip
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('ressources/requirements.txt') }}
+
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Installer flake8
+        run: pip install flake8
 
-      - name: Example step
-        run: echo "Add your build/test steps here!"
+      - name: Lint with flake8
+        run: flake8 ressources/ --config ressources/.flake8
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -0,0 +1,76 @@
+# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
+# More GitHub Actions for Azure: https://github.com/Azure/actions
+# More info on Python, GitHub Actions, and Azure App Service: https://aka.ms/python-webapps-actions
+
+name: CI/CD — NexaCloud API
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  qualite:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Installer les dépendances
+        run: pip install -r ressources/requirements.txt
+
+      - name: Lint
+        run: flake8 ressources/ --config ressources/.flake8
+
+      - name: Tests avec couverture
+        run: pytest ressources/ -v --cov=ressources --cov-report=term-missing
+
+  staging:
+    runs-on: ubuntu-latest
+    needs: qualite
+    environment: staging
+    if: github.ref_name == 'main'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Installer les dépendances
+        run: pip install -r ressources/requirements.txt
+
+      - name: Déployer sur Azure App Service (staging)
+        uses: azure/webapps-deploy@v3
+        with:
+          app-name: "mohamed-saidi-api-16190"
+          publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
+          package: ressources/
+
+  production:
+    runs-on: ubuntu-latest
+    needs: staging
+    environment: production
+    if: github.ref_name == 'main'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Installer les dépendances
+        run: pip install -r ressources/requirements.txt
+
+      - name: Déployer sur Azure App Service (production)
+        uses: azure/webapps-deploy@v3
+        with:
+          app-name: "mohamed-saidi-api-16190"
+          publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }}
+          package: ressources/
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,30 @@
+name: Deploy
+
+on:
+  workflow_dispatch:
+
+jobs:
+  deploy-staging:
+    runs-on: ubuntu-latest
+    environment: staging          # utilise l'environnement staging
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4     
+      - name: Déploiement en staging
+        run: |
+          echo "✅ Déploiement en staging réussi"
+          echo "URL : https://staging.nexacloud.example.com"
+
+  deploy-production:
+    runs-on: ubuntu-latest
+    environment: production       
+    needs: deploy-staging
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Déploiement en production
+        run: |
+          echo "🚀 Déploiement en production réussi"
+          echo "URL : https://production.nexacloud.example.com"
diff --git a/.github/workflows/secrets.yml b/.github/workflows/secrets.yml
@@ -0,0 +1,25 @@
+name: Demo Secrets
+
+on:
+  workflow_dispatch:
+
+jobs:
+  demo:
+    runs-on: ubuntu-latest
+
+    env:
+      API_KEY: ${{ secrets.API_KEY }}   # injection du secret comme variable d'environnement
+
+    steps:
+      - name: Vérifier que le secret est défini
+        run: |
+          if [ -z "$API_KEY" ]; then
+            echo "❌ Le secret API_KEY n'est pas défini"
+            exit 1
+          fi
+          echo "✅ Le secret API_KEY est défini (${#API_KEY} caractères)"
+
+      - name: Simuler un appel API authentifié
+        run: |
+          echo "Appel à l'API avec Authorization: Bearer ***"
+          # En vrai : curl -H "Authorization: Bearer $API_KEY" https://api.example.com
diff --git a/.setup-hooks.sh b/.setup-hooks.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+# setup-hooks.sh — Installe les hooks locaux (à lancer une fois par développeur)
+
+set -e
+
+echo "=== Installation des hooks locaux NexaCloud ==="
+
+# 1. Installer pre-commit
+if ! command -v pre-commit &>/dev/null; then
+    echo "Installation de pre-commit..."
+    pip install pre-commit --quiet
+fi
+
+# 2. Activer les hooks pre-commit
+pre-commit install
+echo "✅ Hooks pre-commit activés"
+
+# 3. Installer le hook pre-push
+cat > .git/hooks/pre-push << 'EOF'
+#!/bin/bash
+echo "[pre-push] Lancement des tests..."
+cd ressources && pytest -q
+EXIT_CODE=$?
+cd ..
+[ $EXIT_CODE -ne 0 ] && echo "❌ Tests échoués — push bloqué" && exit 1
+echo "✅ Tests passés — push autorisé"
+EOF
+chmod +x .git/hooks/pre-push
+echo "✅ Hook pre-push installé"
+
+echo ""
+echo "=== Hooks installés avec succès ==="
+echo "  pre-commit : flake8 + trailing-whitespace + check-yaml"
+echo "  pre-push   : pytest"
diff --git a/notes.md b/notes.md
@@ -0,0 +1,2 @@
+# Mon TP GitHub Actions
+# Test TP GitHub Actions
diff --git a/ressources/__pycache__/app.cpython-312.pyc b/ressources/__pycache__/app.cpython-312.pyc
diff --git a/ressources/__pycache__/test_app.cpython-312-pytest-8.2.0.pyc b/ressources/__pycache__/test_app.cpython-312-pytest-8.2.0.pyc
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# Mon TP GitHub Actions
		# Test TP GitHub Actions