Feature/m1 4 2 ci practice

.github/workflows/M1-4-2-CI-Practice.yml

@@ -0,0 +1,159 @@
+name: Flask App GitHub Actions Pipeline
+run-name: Flask App GitHub Actions Pipeline
+
+on:
+  push:
+    branches:
+      - feature/M1-4-2-CI-Practice
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  gitleaks-scan:
+    name: GitLeaks scan for secrets
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  editorconfig:
+    name: EditorConfig Checker
+    runs-on: ubuntu-latest
+    needs: gitleaks-scan
+    steps:
+      - uses: actions/checkout@v4
+      - uses: editorconfig-checker/action-editorconfig-checker@main
+      - run: editorconfig-checker
+
+  python-pylint:
+    name: Executes pylint
+    runs-on: ubuntu-latest
+    needs: gitleaks-scan
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+
+      - name: Lint
+        uses: gabriel-milan/action-pylint@v1
+        with:
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} # GitHub token
+          path: "./*.py" # Glob pattern for files to lint
+          fail: true # Fail the action if pylint errors are found
+          pr-message: true # Send a PR message if pylint errors are found
+
+  python-black:
+    name: Python Black
+    runs-on: ubuntu-latest
+    needs: gitleaks-scan
+    steps:
+      - uses: actions/checkout@v3
+      - name: Python Black
+        uses: cytopia/[email protected]
+
+  markdownlint-cli:
+    name: Markdownlint CLI
+    runs-on: ubuntu-latest
+    needs: gitleaks-scan
+    steps:
+      - name: Install Markdownlint CLI
+        run: npm install -g markdownlint-cli
+
+      - name: Run Markdownlint
+        run: markdownlint **/*.md
+
+  unittests:
+    name: Unit Tests
+    runs-on: ubuntu-latest
+    needs: gitleaks-scan
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      - name: Run unit tests
+        run: python -m unittest discover -s app -p "*.py"
+
+  sonarcloud:
+    name: Sonarcloud scan
+    runs-on: ubuntu-latest
+    needs: [gitleaks-scan, editorconfig, python-pylint, python-black, markdownlint-cli, unittests]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # Disabling shallow clone is recommended for improving relevancy of reporting
+          fetch-depth: 0
+      - name: SonarCloud Scan
+        uses: sonarsource/[email protected]
+        with:
+          args: >
+            -Dsonar.organization=boyanaboneva
+            -Dsonar.projectKey=boyanaboneva_devops-programme
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  snyk:
+    name: Snyk scan
+    runs-on: ubuntu-latest
+    needs: [gitleaks-scan, editorconfig, python-pylint, python-black, markdownlint-cli, unittests]
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python@master
+        continue-on-error: true # To make sure that SARIF upload gets called
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high
+
+  docker-trivy:
+    runs-on: ubuntu-latest
+    needs: [unittests, snyk, sonarcloud]
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: false
+          tags: ${{ secrets.DOCKERHUB_USERNAME }}/flaskapp:${{ github.sha }}
+
+      - name: Trivy scan
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: ${{ secrets.DOCKERHUB_USERNAME }}/flaskapp:${{ github.sha }}
+          format: "table"
+          ignore-unfixed: true
+          vuln-type: "os,library"
+          severity: 'CRITICAL,HIGH'
+
+      - name: Push docker image
+        if: ${{ success() }}
+        run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/flaskapp:${{ github.sha }}
+
+
+

.github/workflows/README.md

@@ -0,0 +1,5 @@
+***GitHub Actions README***
+
+To run ***github_actions_hw.yml*** workflow, any change should be done in the README.md file and should be
+commited and pushed to GitHub. Then a PR should be made to the main branch and merged. It will trigger the 
+Actions tab in GitHub.

README.md

@@ -1,15 +1,5 @@
 # devops-programme
 
-To run the playbook_docker.yml, execute the bellow command:
-```
-ansible-playbook playbook_docker.yml
-```
-
-To run the ansible playbook with encrypted docker credentials and push the image to Docker Hub, execute:
-```
-ansible-playbook --ask-vault-pass playbook_docker.yml
-```
-
 To build the docker image, execute:
 ```
 docker build -t bobby84/getting-started-index-html .
@@ -23,18 +13,4 @@ docker image ls
 To push the docker image to Docker Hub, execute:
 ```
 docker push bobby84/getting-started-index-html
-```
-
-To run the playbook_docker.yml, execute the bellow command:
-```
-ansible-playbook playbook_docker.yml
-```
-
-To run the ansible playbook with encrypted docker credentials and push the image to Docker Hub, execute:
-```
-ansible-playbook --ask-vault-pass playbook_docker.yml
-```
-
-To run ***github_actions_hw.yml*** workflow, any change should be done in the README.md file and should be
-commited and pushed to GitHub. Then a PR should be made to the main branch and merged. It will trigger the 
-Actions tab in GitHub.
+```

ansible/README.md

@@ -0,0 +1,11 @@
+***ANSIBLE README***
+
+To run the playbook_docker.yml, execute the bellow command:
+```
+ansible-playbook playbook_docker.yml
+```
+
+To run the ansible playbook with encrypted docker credentials and push the image to Docker Hub, execute:
+```
+ansible-playbook --ask-vault-pass playbook_docker.yml
+```