evelonche · evelonche · Nov 13, 2023 · Nov 13, 2023 · Nov 13, 2023 · Nov 13, 2023
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,8 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+[*]
+# indent_style = space
+# indent_size = 4
diff --git a/.github/workflows/commit-pipeline.yaml b/.github/workflows/commit-pipeline.yaml
@@ -0,0 +1,127 @@
+name: Commit pipeline
+run-name: ${{ github.actor }} made a commit
+
+on:
+  push:
+    branches:
+    - ftr/*
+
+jobs:
+  editorconfig:
+    name: "Check for .editorconfig"
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: check-editorconfig-existence
+      if: ${{ hashFiles('.editorconfig') == '' }}
+      run: echo '.editorconfig exists'
+
+    - uses: editorconfig-checker/action-editorconfig-checker@main
+    - run: editorconfig-checker
+
+  pylint:
+    name: "Check with Pylint"
+    runs-on: ubuntu-latest
+    steps:
+    - uses: cclauss/GitHub-Action-for-pylint@0.7.0
+
+  black:
+    name: "Check formatting with Black"
+    runs-on: ubuntu-latest
+    steps:
+    - uses: psf/black@stable
+
+  markdown-check:
+    name: "Check markdown"
+    runs-on: ubuntu-latest
+    steps:
+    - uses: nosborn/github-action-markdown-cli@v3.3.0
+      with:
+        files: .
+
+  unit-test:
+    name: "Run unit test"
+    runs-on: ubuntu-latest
+    needs:
+    - editorconfig
+    - pylint
+    - black
+    - markdown-check
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v4
+      with:
+        python-version: "3.10"
+    - run: pip install -r requirements.txt
+      working-directory: ./app
+    - run: python -m unittest
+      working-directory: ./app
+
+  gitleaks:
+    name: "Check for leaks in secrets with gitleaks"
+    runs-on: ubuntu-latest
+    needs: unit-test
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - uses: gitleaks/gitleaks-action@v2
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  sonar_cloud:
+    name: "Run SonarCloud"
+    runs-on: ubuntu-latest
+    needs: gitleaks
+    steps:
+    - uses: actions/checkout@v4
+    - uses: AppThreat/sast-scan-action@master
+      with:
+        type: "python"
+
+  vulnerability:
+    name: "Check for vulnerabilities with Snyk"
+    runs-on: ubuntu-latest
+    needs: sonar_cloud
+    steps:
+    - uses: actions/checkout@v4
+    - uses: snyk/actions/python-3.10@master
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+      with:
+        args: --severity-threshold=high
+
+  docker-build-push:
+    name: "Build Docker image, check for vulneratibilities and push"
+    runs-on: ubuntu-latest
+    needs: vulnerability
+    steps:
+    - name: "Checkout"
+      uses: actions/checkout@v4
+    - name: "Set up QEMU"
+      uses: docker/setup-qemu-action@v3
+    - name: "Set up BuildX"
+      uses: docker/setup-buildx-action@v3
+    - name: "Login to Docker Hub"
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN}}
+    - name: "Build and export to Docker (without push)"
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        load: true
+        tags: evelonche/app:${{ github.sha }}
+    - name: "Scan image"
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref:
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
+
+
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,8 @@
 FROM ubuntu:22.04 as builder
- 
+
 RUN apt-get update \
     && apt-get upgrade -y
+
 RUN apt-get install software-properties-common -y \
     && add-apt-repository ppa:deadsnakes/ppa -y \
     && apt-get update

diff --git a/README.md b/README.md
@@ -1,2 +1,3 @@
 # devops_upskill_2023
-Repository with my exercises and projects for the DevOps course I am taking. 
+
+Repository with my exercises and projects for the DevOps course I am taking.
diff --git a/app/__init__.py b/app/__init__.py
diff --git a/app/app.py b/app/app.py
@@ -11,4 +11,4 @@ def hello_world():
 
 
 if __name__ == "__main__":
-    app.run(host="0.0.0.0")
+    app.run(host="0.0.0.0")
diff --git a/app/app_test.py b/app/app_test.py
@@ -15,4 +15,3 @@ def test_hello_world(self):
 
 if __name__ == "__main__":
     unittest.main()
-
diff --git a/app/requirements.txt b/app/requirements.txt
@@ -0,0 +1,8 @@
+blinker==1.6.3 ; python_version >= "3.10" and python_version < "4.0"
+click==8.1.7 ; python_version >= "3.10" and python_version < "4.0"
+colorama==0.4.6 ; python_version >= "3.10" and python_version < "4.0" and platform_system == "Windows"
+flask==3.0.0 ; python_version >= "3.10" and python_version < "4.0"
+itsdangerous==2.1.2 ; python_version >= "3.10" and python_version < "4.0"
+jinja2==3.1.2 ; python_version >= "3.10" and python_version < "4.0"
+markupsafe==2.1.3 ; python_version >= "3.10" and python_version < "4.0"
+werkzeug==3.0.0 ; python_version >= "3.10" and python_version < "4.0"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,4 +11,4 @@ def hello_world():


		if __name__ == "__main__":
		app.run(host="0.0.0.0")
		app.run(host="0.0.0.0")
Original file line number	Diff line number	Diff line change
Expand Up		@@ -15,4 +15,3 @@ def test_hello_world(self):

		if __name__ == "__main__":
		unittest.main()