From cfe5c9233f79f86325e72bd617e5d1f81d6efe07 Mon Sep 17 00:00:00 2001 From: FannyMalinova Date: Mon, 18 Nov 2024 11:30:40 +0200 Subject: [PATCH 01/39] Replicating repo file structure according to the presentation diagram --- .editorconfig | 0 .github/workflows/ci-pipeline.yaml | 0 .gitignore | 3 +++ ansible/README.md | 0 ansible/playbook.yaml | 0 app/requirements.txt | 12 ++++++++++++ vars/credentials.yaml | 10 ++++++++++ 7 files changed, 25 insertions(+) create mode 100644 .editorconfig create mode 100644 .github/workflows/ci-pipeline.yaml create mode 100644 ansible/README.md create mode 100644 ansible/playbook.yaml create mode 100644 app/requirements.txt create mode 100644 vars/credentials.yaml diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 000000000..e69de29bb diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/.gitignore b/.gitignore index 2d201615e..4e9efd66e 100644 --- a/.gitignore +++ b/.gitignore @@ -159,3 +159,6 @@ cython_debug/ # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ + +#Credentials +vars/credentials.yaml \ No newline at end of file diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 000000000..e69de29bb diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/app/requirements.txt b/app/requirements.txt new file mode 100644 index 000000000..a1a99e359 --- /dev/null +++ b/app/requirements.txt @@ -0,0 +1,12 @@ +ansible==10.3.0 +ansible-compat==24.9.1 +ansible-core==2.17.5 +ansible-lint==24.9.2 +blinker==1.6.3 ; python_version >= "3.10" and python_version < "4.0" +click==8.1.7 ; python_version >= "3.10" and python_version < "4.0" +colorama==0.4.6 ; python_version >= "3.10" and python_version < "4.0" and platform_system == "Windows" +flask==3.0.0 ; python_version >= "3.10" and python_version < "4.0" +itsdangerous==2.1.2 ; python_version >= "3.10" and python_version < "4.0" +jinja2==3.1.2 ; python_version >= "3.10" and python_version < "4.0" +markupsafe==2.1.3 ; python_version >= "3.10" and python_version < "4.0" +werkzeug==3.0.0 ; python_version >= "3.10" and python_version < "4.0" \ No newline at end of file diff --git a/vars/credentials.yaml b/vars/credentials.yaml new file mode 100644 index 000000000..dc73a91af --- /dev/null +++ b/vars/credentials.yaml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.1;AES256 +63666461366532393264616561363736626230313666623763336563636665623464326661363764 +3065376230393033313664376336383732643138343235390a343936663933613832303963383935 +35313137373262383962373938643564316464356565656466303733393466623733376638316234 +3330333635613638380a613130643932333635616461633761643130653634613365656262313261 +66386464373933616262323835393936633162333538346236306633323736656661326264663237 +37366465343862616532386338383634663833303833333466653535333363316239323266666333 +38646563643937373937313336366339656164326563353831653961393732643261383234373737 +64663863343630366161613635373461306438363136343635356262306332656365643830363436 +6464 From c07edbae7519fa6ba01802c5199924a8c4240ceb Mon Sep 17 00:00:00 2001 From: FannyMalinova Date: Mon, 18 Nov 2024 11:33:16 +0200 Subject: [PATCH 02/39] Adding the Dockerfile from the previous excercise - docker-first-test --- Dockerfile | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..abc95f985 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,29 @@ +#Ubuntu 22.04 base image +FROM ubuntu:22.04 + +#Copy the requirements file +COPY requirements.txt . + +#Install python3 +RUN apt-get update && apt-get install -y python3 python3-pip \ + && useradd -m -s /bin/bash nruser \ + && pip install -r requirements.txt \ + && mkdir /app + +#Copy app +COPY --chown=nruser app /app + +#Switch to the non-root user +USER nruser + +#Add work dir +WORKDIR /app + +#Expose the port +EXPOSE 5000 + +#Add entrypoint +ENTRYPOINT [ "python3"] + +#Run the app +CMD ["app.py"] \ No newline at end of file From 6e0ba15aa7f10eb9d0fa64ea02b597aa4cf24490 Mon Sep 17 00:00:00 2001 From: FannyMalinova Date: Mon, 18 Nov 2024 11:40:33 +0200 Subject: [PATCH 03/39] Updating the playbook.yaml file as per the ansible-docker-homework --- ansible/playbook.yaml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index e69de29bb..d3d4410ad 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -0,0 +1,33 @@ +- hosts: localhost + gather_facts: no + vars: + image_name: fannymalinova/python_app_from_ansible + image_tag: v1.0.1 + listen_port: 5000 + vars_files: + - vars/credentials.yaml + tasks: + - name: Docker login + docker_login: + username: "{{ dockerhub_credentials['username'] }}" + password: "{{ dockerhub_credentials['password'] }}" + - name: Build an image from Dockerfile + docker_image: + build: + path: ./ + name: "{{ image_name }}" + tag: "{{ image_tag }}" + push: yes + source: build + - name: Logout from Docker Hub + docker_login: + username: "{{ dockerhub_credentials['username'] }}" + state: absent + - name: Run a container from this image + docker_container: + name: python_app_from_ansible_container + image: "{{ image_name }}:{{ image_tag }}" + ports: + - "8080:{{ listen_port }}" + env: + PORT: "{{ listen_port | string }}" \ No newline at end of file From 6b1a2c9d53aa14c94c4f95e6dbedb77791a70755 Mon Sep 17 00:00:00 2001 From: FannyMalinova Date: Mon, 18 Nov 2024 12:36:05 +0200 Subject: [PATCH 04/39] Populating the .editorconfig file. --- .editorconfig | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.editorconfig b/.editorconfig index e69de29bb..bd9b5cf9b 100644 --- a/.editorconfig +++ b/.editorconfig @@ -0,0 +1,9 @@ +# top-most EditorConfig file +root = true + +# Set default parameters +[*] +charset = utf-8 +indent_style = tab +trim_trailing_whitespace = true +insert_final_newline = true \ No newline at end of file From 60b467bb4394201dde794f60c33f8f998c9b409f Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 14:45:46 +0200 Subject: [PATCH 05/39] Adding GitLeaks scan --- .github/workflows/ci-pipeline.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index e69de29bb..69927bf77 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -0,0 +1,30 @@ +--- +name: GitHub Actions Pipeline for a Flask App + +on: + push: + branches: + - monday-practice + pull_request: + branches: + - main + +jobs: + scan: + name: GitLeaks scan for secrets + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + + + + + + + + + From 18a2acc114ae8938f7cf48ce9dff55eac2d73102 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 14:55:19 +0200 Subject: [PATCH 06/39] Removing .env from the GitLeaks config --- .github/workflows/ci-pipeline.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 69927bf77..1c98f8f6f 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -16,8 +16,7 @@ jobs: steps: - uses: actions/checkout@v4 - uses: gitleaks/gitleaks-action@v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + From 58156151e83d6ec5d0998a1d57acbf277dbe4d06 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 15:11:19 +0200 Subject: [PATCH 07/39] Adding EditorChecker --- .github/workflows/ci-pipeline.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 1c98f8f6f..d255e5068 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -17,6 +17,15 @@ jobs: - uses: actions/checkout@v4 - uses: gitleaks/gitleaks-action@v2 + editorconfig: + name: EditorConfig checker + runs-on: ubuntu-latest + needs: scan + steps: + - uses: actions/checkout@v4 + - uses: editorconfig-checker/action-editorconfig-checker@main + - run: editorconfig-checker + From 47083103f3929aa9611b8815747327b349ca4f68 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 15:14:49 +0200 Subject: [PATCH 08/39] Changing .editorconfig to use spaces for indentation. --- .editorconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.editorconfig b/.editorconfig index bd9b5cf9b..7ab8e6f83 100644 --- a/.editorconfig +++ b/.editorconfig @@ -4,6 +4,6 @@ root = true # Set default parameters [*] charset = utf-8 -indent_style = tab +indent_style = space trim_trailing_whitespace = true -insert_final_newline = true \ No newline at end of file +insert_final_newline = true From 445ec9990d9c1783d392ca47eaaf40117e0053e0 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 15:16:09 +0200 Subject: [PATCH 09/39] Removing trailing whitespace and final newline conditions. --- .editorconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.editorconfig b/.editorconfig index 7ab8e6f83..86daa4325 100644 --- a/.editorconfig +++ b/.editorconfig @@ -5,5 +5,4 @@ root = true [*] charset = utf-8 indent_style = space -trim_trailing_whitespace = true -insert_final_newline = true + From 63af1c0834db011fad21d10926deb30d2e715fa8 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 15:33:53 +0200 Subject: [PATCH 10/39] Adding Python Black scanning. --- .github/workflows/ci-pipeline.yaml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index d255e5068..791488fa8 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: gitleaks/gitleaks-action@v2 + - uses: gitleaks/gitleaks-action@v2.3.7 editorconfig: name: EditorConfig checker @@ -25,6 +25,16 @@ jobs: - uses: actions/checkout@v4 - uses: editorconfig-checker/action-editorconfig-checker@main - run: editorconfig-checker + + python-black: + name: Run Python Black Check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: rodrigogiraoserrao/python-black-check@v3.0 + with: + line-length: '81' + From 7fdf3b78a82ff59a9487013db0a5661be1fd9838 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 15:55:52 +0200 Subject: [PATCH 11/39] Joining Pylint to Black Check. --- .github/workflows/ci-pipeline.yaml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 791488fa8..b05011b16 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -26,14 +26,23 @@ jobs: - uses: editorconfig-checker/action-editorconfig-checker@main - run: editorconfig-checker - python-black: - name: Run Python Black Check + python-black-pylint: + name: Run Python Black and Pylint checks runs-on: ubuntu-latest + needs: scan steps: - - uses: actions/checkout@v4 - - uses: rodrigogiraoserrao/python-black-check@v3.0 + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Python Black Check + uses: rodrigogiraoserrao/python-black-check@v3.0 with: line-length: '81' + + - name: Run PylintPylint GitHub Action + uses: ReasonSoftware/action-pylint@v2.0.3 + + From 76035607aceb9070fb957cfe1b753b2d90809a99 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 16:24:09 +0200 Subject: [PATCH 12/39] Adding exceptions to Pylint. --- .github/workflows/ci-pipeline.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index b05011b16..064c9e52c 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -25,6 +25,9 @@ jobs: - uses: actions/checkout@v4 - uses: editorconfig-checker/action-editorconfig-checker@main - run: editorconfig-checker + + markdown: + name: python-black-pylint: name: Run Python Black and Pylint checks @@ -41,6 +44,10 @@ jobs: - name: Run PylintPylint GitHub Action uses: ReasonSoftware/action-pylint@v2.0.3 + with: + requirements_file: requirements.txt + filepaths: "app/" + options: "-d C0114,C0115,C0116" From ff98ceb1ed2eaf9f4041b3721647b316d43cf4c6 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 16:25:04 +0200 Subject: [PATCH 13/39] Fixing a typo. --- .github/workflows/ci-pipeline.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 064c9e52c..0bec0f040 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -26,8 +26,6 @@ jobs: - uses: editorconfig-checker/action-editorconfig-checker@main - run: editorconfig-checker - markdown: - name: python-black-pylint: name: Run Python Black and Pylint checks From 09eb566d91bf3c0679c18454a7626f945c008be2 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 16:29:06 +0200 Subject: [PATCH 14/39] Specifying .py files --- .github/workflows/ci-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 0bec0f040..801fae902 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -44,7 +44,7 @@ jobs: uses: ReasonSoftware/action-pylint@v2.0.3 with: requirements_file: requirements.txt - filepaths: "app/" + filepaths: "app/*.py" options: "-d C0114,C0115,C0116" From e3c02f2447e05a37dd2a81eb7bf08f032f461e45 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 16:36:48 +0200 Subject: [PATCH 15/39] Adding Markdownlint. --- .github/workflows/ci-pipeline.yaml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 801fae902..caa42e053 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -17,16 +17,23 @@ jobs: - uses: actions/checkout@v4 - uses: gitleaks/gitleaks-action@v2.3.7 - editorconfig: + editorconfig-and-markdownlint: name: EditorConfig checker runs-on: ubuntu-latest needs: scan steps: - - uses: actions/checkout@v4 - - uses: editorconfig-checker/action-editorconfig-checker@main + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Use and run EditorConfig Checker + uses: editorconfig-checker/action-editorconfig-checker@main - run: editorconfig-checker - + - name: Install and run Markdownlint CLI + run: | + npm install -g markdownlint-cli + markdownlint **/*.md + python-black-pylint: name: Run Python Black and Pylint checks runs-on: ubuntu-latest From 28417f60e3c04d8bb1be4b36046914e558d17bb9 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 16:57:16 +0200 Subject: [PATCH 16/39] Adding exceptions to Markdownlint. --- .github/workflows/ci-pipeline.yaml | 13 +++++++------ .markdownlint.json | 12 ++++++++++++ 2 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 .markdownlint.json diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index caa42e053..bb411fbd9 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -17,7 +17,7 @@ jobs: - uses: actions/checkout@v4 - uses: gitleaks/gitleaks-action@v2.3.7 - editorconfig-and-markdownlint: + editorconfig: name: EditorConfig checker runs-on: ubuntu-latest needs: scan @@ -29,12 +29,13 @@ jobs: uses: editorconfig-checker/action-editorconfig-checker@main - run: editorconfig-checker - - name: Install and run Markdownlint CLI - run: | - npm install -g markdownlint-cli - markdownlint **/*.md + - name: Install Markdownlint CLI + run: npm install -g markdownlint-cli + + - name: Run Markdownlint + run: markdownlint **/*.md - python-black-pylint: + python-black-pylint: name: Run Python Black and Pylint checks runs-on: ubuntu-latest needs: scan diff --git a/.markdownlint.json b/.markdownlint.json new file mode 100644 index 000000000..7c924c7af --- /dev/null +++ b/.markdownlint.json @@ -0,0 +1,12 @@ +{ + "default": true, + "overrides": [ + { + "files": ["**/*.md"], + "rules": { + "MD012": false, + "MD013": false + } + } + ] +} From 5c2dce99313f7b0dc6eb497532a4ef8f4c6333a6 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 16:58:38 +0200 Subject: [PATCH 17/39] Fixing a typo on L12. --- .github/workflows/ci-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index bb411fbd9..745921868 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -27,7 +27,7 @@ jobs: - name: Use and run EditorConfig Checker uses: editorconfig-checker/action-editorconfig-checker@main - - run: editorconfig-checker + run: editorconfig-checker - name: Install Markdownlint CLI run: npm install -g markdownlint-cli From b7ad5cee29e113bf7363f1fc2f47af3079e2829d Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 17:04:15 +0200 Subject: [PATCH 18/39] Fixing an indentation issue. --- .github/workflows/ci-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 745921868..a641ec5d2 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -35,7 +35,7 @@ jobs: - name: Run Markdownlint run: markdownlint **/*.md - python-black-pylint: + python-black-pylint: name: Run Python Black and Pylint checks runs-on: ubuntu-latest needs: scan From 8fd6c21c11529f51a0c9341bbf71798fa0023a99 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 17:06:03 +0200 Subject: [PATCH 19/39] Fixing a typo. --- .github/workflows/ci-pipeline.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index a641ec5d2..35b85e844 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -25,8 +25,10 @@ jobs: - name: Checkout repo uses: actions/checkout@v4 - - name: Use and run EditorConfig Checker + - name: Use EditorConfig Checker uses: editorconfig-checker/action-editorconfig-checker@main + + - name: Run EditorConfig Checker run: editorconfig-checker - name: Install Markdownlint CLI From 4b6989186331ed3b92b28973e387416902acf5bb Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 17:11:22 +0200 Subject: [PATCH 20/39] Fixing a typo. --- .markdownlint.json | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.markdownlint.json b/.markdownlint.json index 7c924c7af..1dd6ebe47 100644 --- a/.markdownlint.json +++ b/.markdownlint.json @@ -1,12 +1,11 @@ { - "default": true, + "default": false, "overrides": [ { "files": ["**/*.md"], - "rules": { - "MD012": false, - "MD013": false - } + "default": true, + "MD012": false, + "MD013": false } ] } From 4b5327b9e0e02d743ac1609c0295fcf8ed6f80fa Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 17:35:00 +0200 Subject: [PATCH 21/39] Adding unit testing. --- .github/workflows/ci-pipeline.yaml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 35b85e844..a28651aff 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -18,7 +18,7 @@ jobs: - uses: gitleaks/gitleaks-action@v2.3.7 editorconfig: - name: EditorConfig checker + name: EditorConfig checker and Markdownlint CLI runs-on: ubuntu-latest needs: scan steps: @@ -57,7 +57,27 @@ jobs: filepaths: "app/*.py" options: "-d C0114,C0115,C0116" - + unittest-snyk-sonar: + name: Run Python unit tests, Snyk, and Sonar + runs-on: ubuntu-latest + needs: [scan, editorconfig, editorconfig] + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.13" + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Run unit tests + run: python -m unittest discover -s app + From bb07f41ddbbfd489945acc2674ea79217a53974c Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 17:38:53 +0200 Subject: [PATCH 22/39] Specifying test file. --- .github/workflows/ci-pipeline.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index a28651aff..ede7559c8 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -60,7 +60,7 @@ jobs: unittest-snyk-sonar: name: Run Python unit tests, Snyk, and Sonar runs-on: ubuntu-latest - needs: [scan, editorconfig, editorconfig] + needs: [scan, editorconfig, python-black-pylint] steps: - name: Checkout repo uses: actions/checkout@v4 @@ -76,7 +76,7 @@ jobs: pip install -r requirements.txt - name: Run unit tests - run: python -m unittest discover -s app + run: python -m unittest discover -s app -p "*.py" From d83de775da77195a1f7ed7a684d2167e54c765fa Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 17:46:31 +0200 Subject: [PATCH 23/39] Adding Snyk. --- .github/workflows/ci-pipeline.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index ede7559c8..c8f872b30 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -77,6 +77,11 @@ jobs: - name: Run unit tests run: python -m unittest discover -s app -p "*.py" + + - name: Run Snyk + uses: snyk/actions/python@master + env: + SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} From 718bab43a7a7edf4ad04fcb848278c5ccdc04ced Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 18:07:32 +0200 Subject: [PATCH 24/39] Adding Sonar Cloud. --- .github/workflows/ci-pipeline.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index c8f872b30..c4cdaf391 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -80,8 +80,14 @@ jobs: - name: Run Snyk uses: snyk/actions/python@master + continue-on-error: true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@v3.1.0 + env: + SONAR_TOKEN: ${{ secrets.SONAR_SECRET }} From e1723074016f00513c6dfce746865534f40dac96 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 18:16:31 +0200 Subject: [PATCH 25/39] Adding ProjectKey and Organization to the Sonar setup. --- .github/workflows/ci-pipeline.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index c4cdaf391..2ed9c1655 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -86,9 +86,14 @@ jobs: - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@v3.1.0 + with: + args: + -Dsonar.organization=fannymalinova + -Dsonar.projectKey=FannyMalinova_devops-programme env: SONAR_TOKEN: ${{ secrets.SONAR_SECRET }} + From f59bed443acc231cb5677ed997edab40bf893ef3 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 19:17:50 +0200 Subject: [PATCH 26/39] Building a Docker image. --- .github/workflows/ci-pipeline.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 2ed9c1655..ef9c47a34 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -92,6 +92,28 @@ jobs: -Dsonar.projectKey=FannyMalinova_devops-programme env: SONAR_TOKEN: ${{ secrets.SONAR_SECRET }} + + docker: + name: Docker build + runs-on: ubuntu-latest + needs: [unittest-snyk-sonar] + steps: + - name: Checkout repo + uses: actions/checkout@v4 + + - name: Log in to Docker Hub + uses: docker/login-action@v3.3.0 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build image + uses: docker/build-push-action@v6.9.0 + with: + context: . + push: false + tags: ${{ secrets.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} + From 2534533346b6b570cf55c7c0a6bf2612e2111af2 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 21:38:51 +0200 Subject: [PATCH 27/39] Fixing indentation. --- .github/workflows/ci-pipeline.yaml | 36 +++++++++++++++--------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index ef9c47a34..4ddf3823b 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -93,26 +93,26 @@ jobs: env: SONAR_TOKEN: ${{ secrets.SONAR_SECRET }} - docker: - name: Docker build - runs-on: ubuntu-latest - needs: [unittest-snyk-sonar] - steps: - - name: Checkout repo - uses: actions/checkout@v4 + docker: + name: Docker build + runs-on: ubuntu-latest + needs: [unittest-snyk-sonar] + steps: + - name: Checkout repo + uses: actions/checkout@v4 - - name: Log in to Docker Hub - uses: docker/login-action@v3.3.0 - with: - username: ${{ vars.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Log in to Docker Hub + uses: docker/login-action@v3.3.0 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Build image - uses: docker/build-push-action@v6.9.0 - with: - context: . - push: false - tags: ${{ secrets.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} + - name: Build image + uses: docker/build-push-action@v6.9.0 + with: + context: . + push: false + tags: ${{ secrets.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} From 7c66b67d8f968744a14d6d9bf3975a6fcc160aad Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 21:53:20 +0200 Subject: [PATCH 28/39] Changing build-push-action version. --- .github/workflows/ci-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 4ddf3823b..7c7764079 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -108,7 +108,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Build image - uses: docker/build-push-action@v6.9.0 + uses: docker/build-push-action@v6 with: context: . push: false From 85e2a4cc76ff5942181e032309ef29024832eaaf Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 22:17:11 +0200 Subject: [PATCH 29/39] Adding the right variable for the Docker tag. --- .github/workflows/ci-pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 7c7764079..2bd43fa02 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -112,7 +112,7 @@ jobs: with: context: . push: false - tags: ${{ secrets.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} + tags: ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} From 5038d80a0fd43d4bf4f7580331f8be3cbe36d63e Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 22:32:14 +0200 Subject: [PATCH 30/39] Adding Trivy. --- .github/workflows/ci-pipeline.yaml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 2bd43fa02..31e4a7d62 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -114,8 +114,21 @@ jobs: push: false tags: ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} - - + test-and-push: + name: Test image with Trivy and push to Docker registry + runs-on: ubuntu-latest + needs: docker + steps: + - name: Test with Trivy + uses: aquasecurity/trivy-action@0.28.0 + with: + image-ref: ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} + format: "table" + exit-code: "1" + ignore-unfixed: true + vuln-type: "os,library" + + From c4232531e5fd214f859fcf7c8f738402dc08754d Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 22:44:52 +0200 Subject: [PATCH 31/39] Increasing timeout for Trivy. --- .github/workflows/ci-pipeline.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 31e4a7d62..34166a5d4 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -127,6 +127,8 @@ jobs: exit-code: "1" ignore-unfixed: true vuln-type: "os,library" + github-pat: ${{ secrets.GITHUB_TOKEN }} + timeout: 10m From ed9206b238c1a8a1ee7c3bd34dd16fdde14ca91f Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 23:00:49 +0200 Subject: [PATCH 32/39] Adding a condition to run Trivy. --- .github/workflows/ci-pipeline.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 34166a5d4..1100c51a2 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -120,6 +120,7 @@ jobs: needs: docker steps: - name: Test with Trivy + if: success() uses: aquasecurity/trivy-action@0.28.0 with: image-ref: ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} From d1f315255267228996952745874def377bc3ab16 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 23:15:23 +0200 Subject: [PATCH 33/39] Trying to fix issue with pulling Trivy DB. --- .github/workflows/ci-pipeline.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 1100c51a2..d874e28f0 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -123,6 +123,7 @@ jobs: if: success() uses: aquasecurity/trivy-action@0.28.0 with: + version: 'v0.57.1' image-ref: ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} format: "table" exit-code: "1" From 89855ea1f7f70fe17aeb73aa23e8556e93d3c863 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 23:34:54 +0200 Subject: [PATCH 34/39] Splitting jobs and unifying Docker build and scan with Trivy. --- .github/workflows/ci-pipeline.yaml | 60 ++++++++++++++++++------------ 1 file changed, 37 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index d874e28f0..4bd9b0cdc 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -18,7 +18,7 @@ jobs: - uses: gitleaks/gitleaks-action@v2.3.7 editorconfig: - name: EditorConfig checker and Markdownlint CLI + name: EditorConfig checker runs-on: ubuntu-latest needs: scan steps: @@ -31,14 +31,19 @@ jobs: - name: Run EditorConfig Checker run: editorconfig-checker + markdownlintcli: + name: Markdownlint CLI + runs-on: ubuntu-latest + needs: scan + steps: - name: Install Markdownlint CLI run: npm install -g markdownlint-cli - name: Run Markdownlint run: markdownlint **/*.md - python-black-pylint: - name: Run Python Black and Pylint checks + python-black: + name: Run Python Black runs-on: ubuntu-latest needs: scan steps: @@ -49,18 +54,23 @@ jobs: uses: rodrigogiraoserrao/python-black-check@v3.0 with: line-length: '81' - - - name: Run PylintPylint GitHub Action + + python-pylint: + name: Run Pylint Github Action + runs-on: ubuntu-latest + needs: scan + steps: + - name: Run Pylint GitHub Action uses: ReasonSoftware/action-pylint@v2.0.3 with: requirements_file: requirements.txt filepaths: "app/*.py" options: "-d C0114,C0115,C0116" - unittest-snyk-sonar: - name: Run Python unit tests, Snyk, and Sonar + unittest: + name: Run Python unit tests runs-on: ubuntu-latest - needs: [scan, editorconfig, python-black-pylint] + needs: [scan, editorconfig,markdownlintcli, python-black, python-pylint] steps: - name: Checkout repo uses: actions/checkout@v4 @@ -78,12 +88,22 @@ jobs: - name: Run unit tests run: python -m unittest discover -s app -p "*.py" + snyk: + name: Run Snyk + runs-on: ubuntu-latest + needs: [scan, editorconfig,markdownlintcli, python-black, python-pylint] + steps: - name: Run Snyk uses: snyk/actions/python@master continue-on-error: true env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} + sonar: + name: Run SonarCloud + runs-on: ubuntu-latest + needs: [scan, editorconfig,markdownlintcli, python-black, python-pylint] + steps: - name: SonarCloud Scan uses: SonarSource/sonarcloud-github-action@v3.1.0 with: @@ -93,10 +113,10 @@ jobs: env: SONAR_TOKEN: ${{ secrets.SONAR_SECRET }} - docker: - name: Docker build + docker-build-trivy: + name: Docker build and scan runs-on: ubuntu-latest - needs: [unittest-snyk-sonar] + needs: [unittest, snyk, sonar] steps: - name: Checkout repo uses: actions/checkout@v4 @@ -113,24 +133,18 @@ jobs: context: . push: false tags: ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} - - test-and-push: - name: Test image with Trivy and push to Docker registry - runs-on: ubuntu-latest - needs: docker - steps: - - name: Test with Trivy - if: success() + + - name: Scan with Trivy uses: aquasecurity/trivy-action@0.28.0 - with: - version: 'v0.57.1' + with: image-ref: ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} format: "table" exit-code: "1" ignore-unfixed: true vuln-type: "os,library" - github-pat: ${{ secrets.GITHUB_TOKEN }} - timeout: 10m + + + From cec4d4fa3a061c2d3ca65128e268921098f29979 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 23:38:36 +0200 Subject: [PATCH 35/39] Adding a missing step for Pylint. --- .github/workflows/ci-pipeline.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 4bd9b0cdc..e484575d5 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -60,6 +60,9 @@ jobs: runs-on: ubuntu-latest needs: scan steps: + - name: Checkout repo + uses: actions/checkout@v4 + - name: Run Pylint GitHub Action uses: ReasonSoftware/action-pylint@v2.0.3 with: From fa55caf9df6fbbd7464ed14a0fd104ce9fedf9a4 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 23:43:24 +0200 Subject: [PATCH 36/39] Trying with skip-update with Trivy. --- .github/workflows/ci-pipeline.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index e484575d5..6f6db8dc1 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -141,10 +141,12 @@ jobs: uses: aquasecurity/trivy-action@0.28.0 with: image-ref: ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} + skip-update: true format: "table" exit-code: "1" ignore-unfixed: true vuln-type: "os,library" + From 96808d2ad4c76af3a8a33d44dff47dbb09fc4620 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Mon, 18 Nov 2024 23:52:29 +0200 Subject: [PATCH 37/39] Fixing Trivy. --- .github/workflows/ci-pipeline.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 6f6db8dc1..837241dd3 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -141,9 +141,7 @@ jobs: uses: aquasecurity/trivy-action@0.28.0 with: image-ref: ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} - skip-update: true format: "table" - exit-code: "1" ignore-unfixed: true vuln-type: "os,library" From 853fb290ad12a1677f37b38666bc33b684306e67 Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Tue, 19 Nov 2024 00:12:44 +0200 Subject: [PATCH 38/39] Adding Docker push. --- .github/workflows/ci-pipeline.yaml | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 837241dd3..234726c7d 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -117,7 +117,7 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_SECRET }} docker-build-trivy: - name: Docker build and scan + name: Docker build and scan with Trivy runs-on: ubuntu-latest needs: [unittest, snyk, sonar] steps: @@ -145,6 +145,23 @@ jobs: ignore-unfixed: true vuln-type: "os,library" + docker-push: + name: Push container to Docker Hub + runs-on: ubuntu-latest + if: ${{ success() }} + needs: docker-build-trivy + steps: + - name: Docker login + uses: docker/login-action@v3.3.0 + with: + username: ${{ vars.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker push + run: docker push ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} + + + From 429cb9e531033ffd0e7f98c7ea67a0d05be39ddd Mon Sep 17 00:00:00 2001 From: Fanny Malinova Date: Tue, 19 Nov 2024 00:22:25 +0200 Subject: [PATCH 39/39] Unifying steps. --- .github/workflows/ci-pipeline.yaml | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) diff --git a/.github/workflows/ci-pipeline.yaml b/.github/workflows/ci-pipeline.yaml index 234726c7d..b413d88d3 100644 --- a/.github/workflows/ci-pipeline.yaml +++ b/.github/workflows/ci-pipeline.yaml @@ -116,8 +116,8 @@ jobs: env: SONAR_TOKEN: ${{ secrets.SONAR_SECRET }} - docker-build-trivy: - name: Docker build and scan with Trivy + docker-build-trivy-push: + name: Docker build, scan with Trivy, push runs-on: ubuntu-latest needs: [unittest, snyk, sonar] steps: @@ -144,22 +144,11 @@ jobs: format: "table" ignore-unfixed: true vuln-type: "os,library" - - docker-push: - name: Push container to Docker Hub - runs-on: ubuntu-latest - if: ${{ success() }} - needs: docker-build-trivy - steps: - - name: Docker login - uses: docker/login-action@v3.3.0 - with: - username: ${{ vars.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Docker push + - name: Push container to Docker Hub + if: ${{ success() }} run: docker push ${{ vars.DOCKERHUB_USERNAME }}/flask-app:${{ github.sha }} - +