Final project Dimitar Dimitrov u34

.editorconfig

@@ -0,0 +1,33 @@
+# EditorConfig is awesome: https://editorconfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+# Matches multiple files with brace expansion notation
+# Set default charset
+[*.{js,py}]
+charset = utf-8
+
+# 4 space indentation
+[*.py]
+indent_style = space
+indent_size = 4
+
+# Tab indentation (no size specified)
+[Makefile]
+indent_style = tab
+
+# Indentation override for all JS under lib directory
+[lib/**.js]
+indent_style = space
+indent_size = 2
+
+# Matches the exact files either package.json or .travis.yml
+[{package.json,.travis.yml}]
+indent_style = space
+indent_size = 2

.github/workflows/github-action-terraform.yml

@@ -0,0 +1,74 @@
+name: GitHub Actions Terraform
+run-name: ${{ github.actor }} Terraform GitHub Actions 🚀
+on:
+  schedule:
+    # Runs every Hour from 8AM to 5PM on weekdays
+   #- cron: '0 8-17 * * 1-5'
+  push:
+    paths:
+      - 'terraform/**'
+      - 'github/workflows/github-action-terraform.yml'
+    branches:
+      - main
+      - infra-*
+jobs:
+ Terraform-action:
+    runs-on: self-hosted
+    steps:
+      - name: Check out repo
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set up Terraform
+        uses: hashicorp/setup-terraform@v1
+        with:
+          terraform_version: 1.10.5
+      - name: Determine changed directories
+        id: changed_dirs
+        run: |
+            echo "Finding changed directories..."
+            dirs=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} -- terraform/ | grep -o 'terraform/[^/]*' | sort -u)
+            changed_dirs=$(echo "$dirs" | tr '\n' ',' | sed 's/,$//')
+            echo "Changed directories: $dirs"
+            echo "changed_dirs=$changed_dirs" >> $GITHUB_ENV
+      - name: Check for changes in Terraform directories
+        id: check_changes
+        run: |
+            if [ -z "$changed_dirs" ]; then
+              echo "No changes in Terraform directories."
+              echo "should_run=false" >> $GITHUB_ENV
+            else
+              echo "Changes detected in: $changed_dirs"
+              echo "should_run=true" >> $GITHUB_ENV
+            fi
+            echo $should_run
+      - name: Terraform Init
+        if: env.should_run == 'true'
+        run: |
+            for dir in ${changed_dirs//,/ }; do
+            echo "Initializing Terraform in directory: $dir"
+            cd /opt/actions-runner/_work/devops-programme/devops-programme/$dir
+            terraform init
+            done
+      - name: Kubernetes access preparation
+        if: env.should_run == 'true'
+        run: |
+            export KUBECONFIG=~/.kube/sof-lab03
+            kubectl config set-context sof-lab03
+            kubectl port-forward svc/argo-cd-7-1734333419-argocd-server -n argocd 8080:443 &
+      - name: Terraform Plan
+        if: env.should_run == 'true'
+        run: |
+            for dir in ${changed_dirs//,/ }; do
+            echo "Running Terraform plan in directory: $dir"
+            cd /opt/actions-runner/_work/devops-programme/devops-programme/$dir
+            terraform plan
+            done
+      - name: Terraform Apply
+        if: env.should_run == 'true'
+        run: |
+            for dir in ${changed_dirs//,/ }; do
+            echo "Applying Terraform changes in directory: $dir"
+            cd /opt/actions-runner/_work/devops-programme/devops-programme/$dir
+            terraform apply -auto-approve
+            done

.github/workflows/github-actions-demo.yml

@@ -0,0 +1,174 @@
+name: GitHub Actions Demo
+run-name: ${{ github.actor }} is deploying with GitHub Actions🚀
+on:
+  push:
+    paths-ignore:
+      - '_homework/*'
+      - 'deployment/*'
+      - 'terraform/*'
+      - 'rollout/*'
+      - '.pre-commit-config.yaml'
+      - '.gitignore'
+      - '.editorconfig'
+      - '*.md'
+      - 'LICENSE'
+      - 'github/workflows/github-action-terraform.yml'
+      - 'github/workflows/github-actions-demo.yml'
+    branches:
+      - main
+      - feature-*
+env:
+  IMAGE_TAG: dimitardd/dimitar-app02
+jobs:
+ Pylint:
+   runs-on: ubuntu-latest
+   steps:
+     - name: Check out repo
+       uses: actions/checkout@v2
+       with:
+         fetch-depth: 0
+     - name: Set Node version
+       uses: actions/setup-node@v4
+       with:
+         node-version: '20'
+     - name: Set up Python
+       uses: actions/setup-python@v3
+       with:
+         python-version: '3.10'
+         cache: 'pip'
+     - run: |
+            pip install pylint black flake8 flask prometheus_flask_exporter
+            npm install -g markdownlint-cli editorconfig-checker
+     - name: Check Editorconfig
+       run: editorconfig-checker
+     - name: Analysing the code with pylint
+       run: pylint --disable=C0111,C0114,C0115,C0116 $(git ls-files '*.py')
+     - name: Markdownlint config file
+       run: |
+         echo '{
+           "MD012": false,
+           "MD013": false,
+           "line-lenght": false
+          }' > .markdownlint.json
+     - name: Markdown lint check
+       run: markdownlint -i '{**/*.md}' -i '{terraform/*.md}' -i '{*.md}' -i node_modules
+ UnitTest:
+    needs: Pylint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+      - run: |
+            pip install flask prometheus_flask_exporter
+      - name: Run app test
+        run: |
+          cd app
+          python -m unittest app_test.py
+ CheckforSecrets:
+    needs: UnitTest
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Gitleaks scan
+        uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ TrivySecurity:
+   runs-on: ubuntu-latest
+   needs: UnitTest
+   steps:
+     - uses: actions/checkout@v4
+     - name: Trivy Vulnerability Scan
+       uses: aquasecurity/trivy-action@master
+       with:
+         scan-type: 'fs'
+         ignore-unfixed: true
+         format: 'sarif'
+         output: 'trivy-output.sarif'
+         severity: 'CRITICAL'
+     - name: Trivy Scan Output
+       uses: github/codeql-action/upload-sarif@v3
+       with:
+         sarif_file: 'trivy-output.sarif'
+ SonarcloudSecurity:
+   runs-on: ubuntu-latest
+   needs: UnitTest
+   steps:
+   - uses: actions/checkout@v4
+     with:
+       fetch-depth: 0
+   - name: SonarCloud Scan
+     uses: sonarsource/sonarcloud-github-action@master
+     env:
+       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+     with:
+       projectBaseDir: app
+       args: >
+         -Dsonar.projectKey=dimitardd_devops-programme
+         -Dsonar.organization=dimitardd
+ Build-Test:
+   name: Build Image and Test
+   runs-on: ubuntu-latest
+   if: ${{ !cancelled() && !failure() }}
+   needs: [ SonarcloudSecurity, TrivySecurity, CheckforSecrets ]
+   steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Build an image from Dockerfile
+        run: |
+          docker build -t ${{ env.IMAGE_TAG }}:${{ github.sha }} .
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/[email protected]
+        with:
+          image-ref: '${{ env.IMAGE_TAG }}:${{ github.sha }}'
+          format: 'sarif'
+          output: 'trivy-results-container.sarif'
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results-container.sarif'
+ UploadtoDockerHub:
+   name: Push container to docker hub
+   runs-on: ubuntu-latest
+   if: ${{ !cancelled() && !failure() }}
+   needs: [ Build-Test ]
+   steps:
+     - name: Login to Docker Hub
+       uses: docker/login-action@v3
+       with:
+         username: ${{ secrets.DOCKERHUB_USERNAME }}
+         password: ${{ secrets.DOCKERHUB_TOKEN }}
+     - name: Push
+       uses: docker/build-push-action@v6
+       with:
+         push: true
+         tags: '${{ env.IMAGE_TAG }}:${{ github.sha }}'
+       if: success()  # Only push if get login is ok
+ PushforArgoCD:
+   name: Update deplayment for ArgoCD
+   runs-on: ubuntu-latest
+   if: ${{ !cancelled() && !failure() }}
+   needs: [ UploadtoDockerHub ]
+   steps:
+     - name: Checkout code
+       uses: actions/checkout@v2
+     - name: Update sof-app01 deployment image
+       run: |
+         sudo snap install yq
+         sudo apt-get install git -y
+         IMAGE_NEWTAG=$(echo ${{ github.sha }})
+         /usr/bin/yq eval ".spec.template.spec.containers[0].image = \"dimitardd/dimitar-app02:${IMAGE_NEWTAG}\"" -i deployment/sof-app01.yaml
+         git config --local user.email "[email protected]"
+         git config --local user.name "Dimitar Dimitrov"
+         git add $GITHUB_WORKSPACE/deployment/sof-app01.yaml
+         git commit -m "Update image to ${{ github.sha }}"
+         git push origin main
+       env:
+         github_token: ${{ secrets.GIT_TOKEN }}
+         GITHUB_SHA: ${{ github.sha }}

.gitignore

@@ -6,6 +6,16 @@ __pycache__/
 # C extensions
 *.so
 
+# terrafomr
+*.terraform.lock.hcl
+terraform/.terraform
+**/.terraform/*
+terraform/.terraform.lock.hcl
+terrafrom/*/.terraform.lock.hcl
+terraform/**/*/.terraform.lock.hcl
+terrafrom/**/.terraform.lock.hcl
+terrafrom/kubernetes/~/
+
 # Distribution / packaging
 .Python
 build/

.pre-commit-config.yaml

@@ -0,0 +1,22 @@
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.4.0
+    hooks:
+    -   id: check-yaml
+    -   id: trailing-whitespace
+    -   id: check-added-large-files
+    -   id: check-merge-conflict
+-   repo: https://github.com/gitleaks/gitleaks
+    rev: v8.18.0
+    hooks:
+      - id: gitleaks
+-   repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.97.0
+    hooks:
+      - id: terraform_fmt
+        args:
+        - --args=--recursive
+-   repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+    -   id: detect-secrets

Dockerfile

@@ -0,0 +1,22 @@
+FROM ubuntu:22.04
+
+LABEL maintainer="[email protected]"
+LABEL version="5.0"
+
+RUN apt-get update -y && \
+	apt-get install -y --no-install-recommends \
+	python3 \
+	python3-pip && \
+	apt-get clean && \
+	groupadd -r appgroup && \
+	useradd -r -g appgroup appuser
+
+WORKDIR /app
+
+COPY --chown=appuser:appgroup --chmod=755 ./app .
+
+RUN pip3 install flask==3.0.0 prometheus_flask_exporter
+
+USER appuser
+
+CMD ["python3", "app.py"]