|
| 1 | +# GitHub Actions Practice |
| 2 | + |
| 3 | +## Prerequisites |
| 4 | + |
| 5 | +- Organize your git repo to follow the guidelines provides in the presentation |
| 6 | + |
| 7 | +```sh |
| 8 | +├── .editorconfig |
| 9 | +├── .github |
| 10 | +│ └── workflows |
| 11 | +│ └── ci-pipeline.yml |
| 12 | +├── .gitignore |
| 13 | +├── .markdownlint.json |
| 14 | +├── .python-version |
| 15 | +├── Dockerfile |
| 16 | +├── LICENSE |
| 17 | +├── README.md |
| 18 | +├── ansible |
| 19 | +│ ├── README.md |
| 20 | +│ └── playbook.yml |
| 21 | +├── app |
| 22 | +│ ├── README.md |
| 23 | +│ ├── app.py |
| 24 | +│ ├── app_test.py |
| 25 | +│ └── requirements.txt |
| 26 | +└── requirements.txt |
| 27 | +``` |
| 28 | + |
| 29 | +## Task description |
| 30 | + |
| 31 | +Create a GitHub Actions pipeline that runs on commit to a feature branch (i.e. not `main`) and performs the following checks on our simple Flask app repository. |
| 32 | + |
| 33 | +- Check `.editorconfig` |
| 34 | +- Code Lint and style - use `pylint` and `black` to check for style/formatting/syntax errors |
| 35 | +- Check makrdown files [markdownlint-cli](https://www.npmjs.com/package/cli-markdown) |
| 36 | +- Code Unittest - there's a simple unit test next to our app called `app_test.py`. Make sure our unittest passes (`python -m unittest` executed in the app directory) |
| 37 | +- Check for hardcoded secrets (`gitleaks`) - not just our app but the whole repository. |
| 38 | +- SAST - SonarCloud; Review code smells and security issues |
| 39 | +- SCA - Snyk; review security issues |
| 40 | +- Build a Docker image. Use Git commit SHA as an Image tag. |
| 41 | +- Scan the built image with `Trivy` |
| 42 | +- Push the built image to your Docker HUB account |
| 43 | +- (optional) Add CONTRIBUTORS guide. Follow [this](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/setting-guidelines-for-repository-contributors) document from GitHUb. |
| 44 | + |
| 45 | +:warning: Make sure that you run as many tests in parallel as you see fit |
| 46 | + |
| 47 | +:warning: Make sure you don't push your image to Docker HUB if Critical vulnerabilities are found |
| 48 | + |
| 49 | +:warning: Try and use ready-made GH Actions. Avoid shell-out if possible |
| 50 | + |
| 51 | +:exclamation: At the end open a PR with your solution. |
| 52 | + |
| 53 | +## Extra effort |
| 54 | + |
| 55 | +- Create a pre-commit hook that safeguards for the following |
| 56 | + - hardcoded secrets (`gitleaks`) |
| 57 | + - yamllint |
| 58 | + - check-merge-conflict <https://github.com/pre-commit/pre-commit-hooks> |
| 59 | + - check-added-large-files <https://github.com/pre-commit/pre-commit-hooks> |
| 60 | +- Setup docker-compose with build and run a container |
| 61 | +- Try out GitHub Actions schedule trigger event - <https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule> |
| 62 | + |
0 commit comments