feat: update all project data

jpradoar · Nov 10, 2024 · dd0122a · dd0122a
1 parent 41b364b
commit dd0122a
Show file tree

Hide file tree

Showing 84 changed files with 7,684 additions and 453 deletions.
diff --git a/.github/workflows/02-customer-portal-ci.yaml b/.github/workflows/02-customer-portal-ci.yaml
@@ -0,0 +1,88 @@
+name: Customer-portal-CI  
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '02-customer-portal/**'
+      - '.github/workflows/customer-portal-ci.yaml'
+
+env:
+  REPO_APP: 'mqtt-customer-portal'
+  SLACK_CHANNEL: 'builds-and-ci'
+  SLACK_MSG_COLOR: '#0092ff'
+  BUILD_CONTEXT: './02-customer-portal'
+  VULN_SEVERITY: 'CRITICAL'
+  VULN_TIMEOUT_SCAN: '2m0s'
+  VULN_OUTPUT_TYPE: 'table'
+  VULN_OUTPUT_FILE: 'mqtt-customer-portal_vuln_scan.txt'
+  COMMITER_NAME: 'AutoCommit'
+
+jobs:
+  Customer-portal-CI_build-docker-image:
+    runs-on: ubuntu-latest 
+
+    steps:
+
+    - name: Checkout
+      uses: actions/checkout@v3
+
+    - name: Login to Docker Hub
+      uses: docker/login-action@v2
+      with:
+        username: ${{ secrets.DOCKERHUB_USERNAME }}
+        password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+
+    - name: Show last version of docker-hub image
+      id: last_version_remote_file
+      run: |
+        LastVersion=$(curl -s "https://hub.docker.com/v2/repositories/jpradoar/${{ env.REPO_APP }}/tags/?page_size=2" | jq -r '.results[].name'|sort -M|grep -v latest)
+        echo "LAST_VERSION=$LastVersion " >> "$GITHUB_OUTPUT"
+
+
+    - name: Generate new version with semantic version
+      id: nversion
+      uses: jpradoar/[email protected]
+      with:
+        COMMIT_MSG:  ${{ github.event.head_commit.message }}
+        VERSION: ${{ steps.last_version_remote_file.outputs.LAST_VERSION }}
+
+
+    - name: Build and push
+      uses: docker/build-push-action@v4
+      with:
+        context: ${{ env.BUILD_CONTEXT }}
+        push: true
+        tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}
+
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}'
+        hide-progress: true
+        format: 'table'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: ${{ env.VULN_SEVERITY }}
+        #exit-code: '1'         
+
+    # - uses: EndBug/add-and-commit@v9
+    #   with:
+    #     message: 'AutoCommit: Add table file'
+    #     add: ./vuln_scans/${{ env.VULN_OUTPUT_FILE }}
+    #     committer_name: ${{ env.COMMITER_NAME }}     
+
+    - name: Slack Notification
+      uses: rtCamp/action-slack-notify@v2
+      env:
+        SLACK_CHANNEL: ${{ env.SLACK_CHANNEL }}
+        SLACK_COLOR: ${{ env.SLACK_MSG_COLOR }}
+        SLACK_MESSAGE: 'URL: https://hub.docker.com/repository/docker/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}'
+        SLACK_TITLE: ':rocket: GithubAction Build docker image: [ ${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }} ]'
+        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} 
diff --git a/.github/workflows/consumer-ci.yaml b/.github/workflows/consumer-ci.yaml
@@ -12,13 +12,18 @@ env:
   SLACK_CHANNEL: 'builds-and-ci'
   SLACK_MSG_COLOR: '#0092ff'
   BUILD_CONTEXT: './04-consumer'
+  VULN_SEVERITY: 'CRITICAL'
+  VULN_TIMEOUT_SCAN: '2m0s'
+  VULN_OUTPUT_TYPE: 'table'
+  VULN_OUTPUT_FILE: 'mqtt-consumer_vuln_scan.txt'
+  COMMITER_NAME: 'AutoCommit'
 
 jobs:
   Consumer-CI_build-docker-image:
-    runs-on: ubuntu-latest 
-    
+    runs-on: ubuntu-latest
+
     steps:
-     
+
     - name: Checkout
       uses: actions/checkout@v3
 
@@ -31,32 +36,56 @@ jobs:
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v2
 
-    - name: Generate tag ID
-      id: tag_id
-      run: echo "::set-output name=IMAGE_TAG::$(date +%Y.%m)"
+    - name: Show last version of docker-hub image
+      id: last_version_remote_file
+      run: |
+        LastVersion=$(curl -s "https://hub.docker.com/v2/repositories/jpradoar/${{ env.REPO_APP }}/tags/?page_size=2" | jq -r '.results[].name'|sort -M|grep -v latest|tail -1)
+        echo "LAST_VERSION=$LastVersion " >> "$GITHUB_OUTPUT"
+
+    - name: Generate new version with semantic version
+      id: nversion
+      uses: jpradoar/[email protected]
+      with:
+        COMMIT_MSG:  ${{ github.event.head_commit.message }}
+        VERSION: ${{ steps.last_version_remote_file.outputs.LAST_VERSION }}
+
+    - name: Show versions
+      run: |
+        echo "Last old version ${{ steps.last_version_remote_file.outputs.LAST_VERSION }}"
+        echo "New version ${{ steps.nversion.outputs.NEW_VERSION }}"
+
 
     - name: Build and push
       uses: docker/build-push-action@v4
       with:
         context: ${{ env.BUILD_CONTEXT }}
         push: true
-        tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.tag_id.outputs.IMAGE_TAG }}
-
-    - name: Run Trivy vulnerability scanner
-      uses: aquasecurity/trivy-action@master
-      with:
-        image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.tag_id.outputs.IMAGE_TAG }}'
-        format: 'table'
-        ignore-unfixed: true
-        vuln-type: 'os,library'
-        severity: 'CRITICAL,HIGH'
-        #exit-code: '1'              
-
-    - name: Slack Notification
-      uses: rtCamp/action-slack-notify@v2
-      env:
-        SLACK_CHANNEL: ${{ env.SLACK_CHANNEL }}
-        SLACK_COLOR: ${{ env.SLACK_MSG_COLOR }}
-        SLACK_MESSAGE: 'URL: https://hub.docker.com/repository/docker/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}'
-        SLACK_TITLE: ':rocket: GithubAction Build docker image: [ ${{ env.REPO_APP }}:${{ steps.tag_id.outputs.IMAGE_TAG }} ]'
-        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+        tags: 'jpradoar/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}'
+
+
+    #- name: Run Trivy vulnerability scanner
+    #  id: vulnscan
+    #  uses: aquasecurity/trivy-action@master
+    #  with:
+    #    image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}'
+    #    format: ${{ env.VULN_FORMAT }}
+    #    vuln-type: 'os,library'
+    #    severity: ${{ env.VULN_SEVERITY }}
+    #    timeout: ${{ env.VULN_TIMEOUT_SCAN }}
+    #    output: vuln_scans/${{ env.VULN_OUTPUT_FILE }}
+        #exit-code: '1' 
+
+    # - uses: EndBug/add-and-commit@v9
+    #   with:
+    #     message: 'AutoCommit: Add table file'
+    #     add: ./vuln_scans/${{ env.VULN_OUTPUT_FILE }}
+    #     committer_name: ${{ env.COMMITER_NAME }}             
+
+#    - name: Slack Notification
+#      uses: rtCamp/action-slack-notify@v2
+#      env:
+#        SLACK_CHANNEL: ${{ env.SLACK_CHANNEL }}
+#        SLACK_COLOR: ${{ env.SLACK_MSG_COLOR }}
+#        SLACK_MESSAGE: 'URL: https://hub.docker.com/repository/docker/${{ env.REPO_OWNER }}/${{ env.REPO_APP }}'
+#        SLACK_TITLE: ':rocket: GithubAction Build docker image: [ ${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }} ]'
+#        SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/.github/workflows/dbwriter-ci.yaml b/.github/workflows/dbwriter-ci.yaml
@@ -9,10 +9,16 @@ on:
 
 env:
   REPO_APP: 'mqtt-dbwriter'
+  REPO_OWNER: 'jpradoar'
   SLACK_CHANNEL: 'builds-and-ci'
   SLACK_MSG_COLOR: '#0092ff'
   BUILD_CONTEXT: './05-dbwriter'
-
+  VULN_SEVERITY: 'CRITICAL'  
+  VULN_TIMEOUT_SCAN: '2m0s'
+  VULN_OUTPUT_TYPE: 'table'
+  VULN_OUTPUT_FILE: 'mqtt-dbwriter_vuln_scan.txt'
+  COMMITER_NAME: 'AutoCommit'
+
 jobs:
   DBWriter-CI_build-docker-image:
     runs-on: ubuntu-latest 
@@ -31,33 +37,69 @@ jobs:
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v2
 
-    - name: Generate tag ID
-      id: tag_id
-      run: echo "::set-output name=IMAGE_TAG::$(date +%Y.%m)"
+    - name: Show last version of docker-hub image
+      id: last_version_remote_file
+      run: |
+        LastVersion=$(curl -s "https://hub.docker.com/v2/repositories/${{ env.REPO_OWNER }}/${{ env.REPO_APP }}/tags/?page_size=2" | jq -r '.results[].name'|sort -M|grep -v latest|tail -1)
+        echo "LAST_VERSION=$LastVersion " >> "$GITHUB_OUTPUT"
+
+    - name: Generate new version with semantic version
+      id: nversion
+      uses: jpradoar/[email protected]
+      with:
+        COMMIT_MSG:  ${{ github.event.head_commit.message }}
+        VERSION: ${{ steps.last_version_remote_file.outputs.LAST_VERSION }}
+
+    - name: Show versions
+      run: |
+        echo "Last old version ${{ steps.last_version_remote_file.outputs.LAST_VERSION }}"
+        echo "New version ${{ steps.nversion.outputs.NEW_VERSION }}" 
+
 
     - name: Build and push
       uses: docker/build-push-action@v4
       with:
         context: ${{ env.BUILD_CONTEXT }}
         push: true
-        tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.tag_id.outputs.IMAGE_TAG }}
+        tags: '${{ env.REPO_OWNER }}/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}'
 
     - name: Run Trivy vulnerability scanner
+      id: vulnscan
       uses: aquasecurity/trivy-action@master
       with:
-        image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.tag_id.outputs.IMAGE_TAG }}'
-        format: 'table'
-        ignore-unfixed: true
+        image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}'
+        format: ${{ env.VULN_FORMAT }}
         vuln-type: 'os,library'
-        severity: 'CRITICAL,HIGH'
-        #exit-code: '1'              
+        severity: ${{ env.VULN_SEVERITY }}
+        timeout: ${{ env.VULN_TIMEOUT_SCAN }}
+        output: vuln_scans/${{ env.VULN_OUTPUT_FILE }}     
+        #exit-code: '1' 
+
+    # - uses: EndBug/add-and-commit@v9
+    #   with:
+    #     message: 'AutoCommit: Add table file'
+    #     add: ./vuln_scans/${{ env.VULN_OUTPUT_FILE }}
+    #     committer_name: ${{ env.COMMITER_NAME }}             
 
     - name: Slack Notification
       uses: rtCamp/action-slack-notify@v2
       env:
         SLACK_CHANNEL: ${{ env.SLACK_CHANNEL }}
         SLACK_COLOR: ${{ env.SLACK_MSG_COLOR }}
-        SLACK_MESSAGE: 'URL: https://hub.docker.com/repository/docker/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}'
-        SLACK_TITLE: ':rocket: GithubAction Build docker image: [ ${{ env.REPO_APP }}:${{ steps.tag_id.outputs.IMAGE_TAG }} ]'
+        SLACK_MESSAGE: 'URL: https://hub.docker.com/repository/docker/${{ env.REPO_OWNER }}/${{ env.REPO_APP }}'
+        SLACK_TITLE: ':rocket: GithubAction Build docker image: [ ${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }} ]'
         SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
 
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/.github/workflows/gitleaks-checker.yaml b/.github/workflows/gitleaks-checker.yaml
@@ -0,0 +1,18 @@
+name: gitleaks-checker
+on:
+  push:
+    branches:
+      - disabled
+
+jobs:
+  gitleaks-checker:
+    runs-on: ubuntu-latest 
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - uses: gitleaks/gitleaks-action@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_COMMIT_COMMENT_TOKEN }}
+          # GITLEAKS_LICENSE: ${{ secrets.GITLEAKS_LICENSE}} # Only required for Organizations, not personal accounts.
diff --git a/.github/workflows/k8s-event-exporter-ci.yaml b/.github/workflows/k8s-event-exporter-ci.yaml
@@ -9,14 +9,23 @@ on:
 
 env:
   REPO_APP: 'k8s-event-exporter'
+  BUILD_CONTEXT: './12-k8s-event-exporter'
   SLACK_CHANNEL: 'builds-and-ci'
   SLACK_MSG_COLOR: '#0092ff'
-  BUILD_CONTEXT: './12-k8s-event-exporter'
+  COMMITER_NAME: 'AutoCommit'
+  VULN_SEVERITY: 'CRITICAL,HIGH'
+  VULN_TYPE: 'os,library'
+  VULN_TIMEOUT_SCAN: '2m0s'
+
 
+
 jobs:
   Build-Docker-image:
     runs-on: ubuntu-latest 
-
+    # Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
+    permissions:
+      contents: write
+
     steps:
 
     - name: Checkout
@@ -31,32 +40,51 @@ jobs:
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v2
 
-    - name: Generate tag ID
-      id: tag_id
-      run: echo "::set-output name=IMAGE_TAG::$(date +%Y.%m)"
+    - name: Show last version of docker-hub image
+      id: last_version_remote_file
+      run: |
+        LastVersion=$(curl -s "https://hub.docker.com/v2/repositories/jpradoar/${{ env.REPO_APP }}/tags/?page_size=2" | jq -r '.results[].name'|sort -M|grep -v latest|tail -1)
+        echo "LAST_VERSION=$LastVersion " >> "$GITHUB_OUTPUT"
+
+    - name: Generate new version with semantic version
+      id: nversion
+      uses: jpradoar/[email protected]
+      with:
+        COMMIT_MSG:  ${{ github.event.head_commit.message }}
+        VERSION: ${{ steps.last_version_remote_file.outputs.LAST_VERSION }}
+
 
     - name: Build and push
       uses: docker/build-push-action@v4
       with:
         context:  ${{ env.BUILD_CONTEXT }}
         push: true
-        tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.tag_id.outputs.IMAGE_TAG }}
+        tags: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}
 
+
     - name: Run Trivy vulnerability scanner
+      id: vulnscan
       uses: aquasecurity/trivy-action@master
       with:
-        image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.tag_id.outputs.IMAGE_TAG }}'
-        format: 'table'
-        ignore-unfixed: true
-        vuln-type: 'os,library'
-        severity: 'CRITICAL,HIGH'
-        #exit-code: '1'              
-
+        image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }}'
+        format: ${{ env.VULN_FORMAT }}
+        vuln-type: ${{ env.VULN_TYPE }}
+        severity: ${{ env.VULN_SEVERITY }}
+        timeout: ${{ env.VULN_TIMEOUT_SCAN }}
+        output: './vuln_scans/${{ env.REPO_APP }}_vuln_scan.sarif'
+        #exit-code: '1' 
+
+    - uses: EndBug/add-and-commit@v9
+      with:
+        message: 'AutoCommit: Add table file'
+        add: './vuln_scans/${{ env.REPO_APP }}_vuln_scan.sarif'
+
+
     - name: Slack Notification
       uses: rtCamp/action-slack-notify@v2
       env:
         SLACK_CHANNEL: ${{ env.SLACK_CHANNEL }}
         SLACK_COLOR: ${{ env.SLACK_MSG_COLOR }}
         SLACK_MESSAGE: 'URL: https://hub.docker.com/repository/docker/${{ secrets.DOCKERHUB_USERNAME }}/${{ env.REPO_APP }}'
-        SLACK_TITLE: ':rocket: GithubAction Build docker image: [ ${{ env.REPO_APP }}:${{ steps.tag_id.outputs.IMAGE_TAG }} ]'
+        SLACK_TITLE: ':rocket: GithubAction Build docker image: [ ${{ env.REPO_APP }}:${{ steps.nversion.outputs.NEW_VERSION }} ]'
         SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}