diff --git a/.github/workflows/review-exercises.yaml b/.github/workflows/review-exercises.yaml new file mode 100644 index 000000000..df0a01658 --- /dev/null +++ b/.github/workflows/review-exercises.yaml @@ -0,0 +1,92 @@ +name: Review Exercises +on: + pull_request: + paths: + - 'students/**/*' + +jobs: + review-exercises: + name: Review Exercises + runs-on: ubuntu-latest + env: + REVIEWER_FOLDER: reviewer + STUDENTS_FOLDER: students + steps: + - uses: actions/checkout@v3 + + - uses: dorny/paths-filter@v2 + id: changes + with: + list-files: json + filters: | + git03: + - '${{ env.STUDENTS_FOLDER }}/**/git03/**/*' + git04: + - '${{ env.STUDENTS_FOLDER }}/**/git04/**/*' + + # - name: Debug + # run: | + # GITHUB_ACTOR=${{ github.actor }} + # EXERCISE=$(echo "${{ toJson(steps.changes.outputs.changes) }}" | jq -r '.[0]') + # LATEST_VERSION=$(cat ${{ env.REVIEWER_FOLDER }}/exercises/$EXERCISE/config.json | jq -r '.version') + # STUDENT_VERSION=$(cat students/${{ github.actor }}/exercises/$EXERCISE/config.json | jq -r '.version') + + # echo ${{ toJson(steps.changes.outputs.changes) }} + # echo "${{ toJson(steps.changes.outputs.changes) }}" | jq '. | length' + # echo EXERCISE=$EXERCISE + # echo LATEST_VERSION=$LATEST_VERSION + # echo STUDENT_VERSION=$STUDENT_VERSION + # echo GITHUB_ACTOR=$GITHUB_ACTOR + + - name: Check if student username exists + run: | + GITHUB_ACTOR=${{ github.actor }} + if [[ ! -d "${{ env.STUDENTS_FOLDER }}/$GITHUB_ACTOR" ]];then + echo "::error title=Student not found::Your Github username wasn't found under students/. Please make sure to use your Github username as student_name."; + exit 1; + fi; + + - name: Check if multiple exercises have been submited + run: | + EXERCISES_CHANGED=$(echo "${{ toJson(steps.changes.outputs.changes) }}" | jq '. | length') + if [ $EXERCISES_CHANGED -gt 1 ];then + echo "::error title=Multiple exercises found::Please submit only 1 exercise at a time."; + exit 1; + fi; + + - name: Check if exercise is on latest version + id: check + run: + EXERCISE=$(echo "${{ toJson(steps.changes.outputs.changes) }}" | jq -r '.[0]') + LATEST_VERSION=$(cat ${{ env.REVIEWER_FOLDER }}/exercises/$EXERCISE/config.json | jq -r '.version') + STUDENT_VERSION=$(cat students/${{ github.actor }}/exercises/$EXERCISE/config.json | jq -r '.version') + + echo LATEST_VERSION=$LATEST_VERSION + echo STUDENT_VERSION=$STUDENT_VERSION + + if [ $LATEST_VERSION != $STUDENT_VERSION ];then + echo "::error title=Not latest version::Student exercise $EXERCISE version is $STUDENT_VERSION, not the latest ($LATEST_VERSION). Please update and submit again."; + exit 1; + fi; + + echo "exercise=$EXERCISE" >> $GITHUB_OUTPUT + + echo "version=$STUDENT_VERSION" >> $GITHUB_OUTPUT + + - name: ${{ steps.check.outputs.exercise }}/${{ steps.check.outputs.version }} - Review exercise + run: | + IMAGE=devopsacademyau/reviewer:${{ steps.check.outputs.exercise }}-${{ steps.check.outputs.version }} + docker run \ + --name reviewer \ + -v ${{ github.workspace }}/${{ env.STUDENTS_FOLDER }}/${{ github.actor}}/exercises/${{ steps.check.outputs.exercise }}/:/exercise \ + $IMAGE + + if [ $? -ne 0 ];then + + exit 1; + fi; + + docker logs reviewer | grep "SUMMARY:" > output + while read line; do + echo "${line}" | sed 's/SUMMARY: //' >> $GITHUB_STEP_SUMMARY + done < output diff --git a/.github/workflows/reviewer-build-push.yaml b/.github/workflows/reviewer-build-push.yaml new file mode 100644 index 000000000..d1fb2dd88 --- /dev/null +++ b/.github/workflows/reviewer-build-push.yaml @@ -0,0 +1,41 @@ +on: + workflow_call: + inputs: + exercise: + required: true + type: string + +jobs: + reviewers-build-push: + name: Build ${{ inputs.exercise }}/${{ github.event_name }} + runs-on: ubuntu-latest + env: + IMAGE_NAME: devopsacademyau/reviewer + steps: + - uses: actions/checkout@v3 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build tag name + id: tag + run: | + VERSION=$(cat reviewer/exercises/${{ inputs.exercise }}/config.json | jq -r .version) + SUFFIX=$(if [ ${{ github.event_name }} = "pull_request" ]; then echo "-pr-${{ github.event.number }}"; else echo ""; fi;) + echo "tag=${{ env.IMAGE_NAME }}:${{ inputs.exercise }}-$VERSION$SUFFIX" >> $GITHUB_OUTPUT + + - name: Build and push + uses: docker/build-push-action@v3 + with: + push: true + context: ./reviewer/exercises/${{ inputs.exercise }} + tags: ${{ steps.tag.outputs.tag }} \ No newline at end of file diff --git a/.github/workflows/reviewer-setup.yaml b/.github/workflows/reviewer-setup.yaml new file mode 100644 index 000000000..29e25f666 --- /dev/null +++ b/.github/workflows/reviewer-setup.yaml @@ -0,0 +1,42 @@ +name: Reviewers Setup +on: + pull_request: + paths: + - 'reviewer/exercises/**/*' + push: + branches: + - 'master' + - 'main' + paths: + - 'reviewer/exercises/**/*' + +jobs: + reviewers-setup: + name: Get list of Reviewers to be build + runs-on: ubuntu-latest + outputs: + exercises: ${{ steps.changes.outputs.changes }} + steps: + - uses: actions/checkout@v3 + + - uses: dorny/paths-filter@v2 + id: changes + with: + list-files: json + # better to list individually to have a cleaner integration with matrix strategy when calling build jobs + filters: | + git03: + - 'reviewer/exercises/git03/**/*' + git04: + - 'reviewer/exercises/git04/**/*' + + reviewers-build-push: + name: Build&Push Reviewer + needs: [reviewers-setup] + uses: devopsacademyau/academy/.github/workflows/reviewer-build-push.yaml@caio-new-da + strategy: + matrix: + exercises: ${{ fromJson(needs.reviewers-setup.outputs.exercises) }} + with: + exercise: ${{ matrix.exercises }} + secrets: inherit diff --git a/exercises/git04/README.md b/exercises/git04/README.md new file mode 100644 index 000000000..3c72d0a77 --- /dev/null +++ b/exercises/git04/README.md @@ -0,0 +1,26 @@ +## Secrets (c01-git04) + +Perform the following commands: +1. In the same repository of the previous exercise: +2. Add a file called `my_env.txt` that contains + ``` + SERVICE_NAME=account-management + ENVIRONMENT=prod + PASSWORD=pass1234 + ``` +1. Commit it to your local repository +2. Check the log with `git log` + +**Questions** + +1. Let's suppose you remotely pushed the `my_env.txt` file above. A colleague asks you to remove this information from Git. What's your colleague worried about? +2. If you modify the file in your workspace, then commit and push it, will it be enough to erase this password information from the repository? (It's not). Why? +3. If you delete the file and push it, then create a new one with the rest of the information, is it enough? (It's not). Why? +4. How to fix this? How do you remove something from Git history when it is in the remote repository? +5. Which commands would you use? Explain what the command does. + +## Submit a PR with the following files + +> Remember to follow the instructions on [how to submit a PR here](/README.md#exercises) + +- **README.md**: copy from file [ANSWER.md](ANSWER.md), answering the questions above. Include details and commands used. \ No newline at end of file diff --git a/exercises/git04/my_env.txt b/exercises/git04/my_env.txt new file mode 100644 index 000000000..185888270 --- /dev/null +++ b/exercises/git04/my_env.txt @@ -0,0 +1,3 @@ +SERVICE_NAME=account-management +ENVIRONMENT=prod +PASSWORD=pass1234 \ No newline at end of file diff --git a/reviewer/README.md b/reviewer/README.md new file mode 100644 index 000000000..ca6c54b7b --- /dev/null +++ b/reviewer/README.md @@ -0,0 +1,41 @@ +# Intro to Reviewers build process + +## Github Workflows + +The Reviewers build automation uses two GH workflows located on below paths: + +- [.github/workflows/reviewer-setup.yaml](/.github/workflows/reviewer-setup.yaml) +- [.github/workflows/reviewer-build-push.yaml](/.github/workflows/reviewer-build-push.yaml) + +The first `setup` workflow gets triggered on each `pull_request` and `push` events and will gather a list of all exercises Reviewers that have its files changed and require a new build. + +It will then trigger the second workflow `build-push` to: + +- **on pull_requests**: build and push the Reviewer container with a tag `devopsacademyau/reviewer:--pr-` +- **on push to master**: build and push the Reviewer container with tags `devopsacademyau/reviewer:-` and `devopsacademyau/reviewer:-latest` + + +## Setup new exercises build + +To add a new exercise to the build automation you will have to: + +- add a new folder under [/reviewer/exercises/](/reviewer/exercises) +- provide all the required files to build the reviewer within that folder (Dockerfile, scripts, etc) +- modify the [.github/workflows/reviewer-setup.yaml](/.github/workflows/reviewer-setup.yaml) adding the as part of the `dorny/paths-filter@v2` action filters as per below: + +```yaml +- uses: dorny/paths-filter@v2 +id: changes +with: + list-files: json + # better to list individually to have a cleaner integration with matrix strategy when calling build jobs + filters: | + git03: + - 'reviewer/exercises/git03/**/*' + git04: + - 'reviewer/exercises/git04/**/*' + : + - 'reviewer/exercises//**/*' +``` + +Once this is done, next time you submit a PR with changes within `'reviewer/exercises//**/*'` folder, the container will be build and pushed to DockerHub. \ No newline at end of file diff --git a/reviewer/exercises/git03/Dockerfile b/reviewer/exercises/git03/Dockerfile new file mode 100644 index 000000000..12bc8662e --- /dev/null +++ b/reviewer/exercises/git03/Dockerfile @@ -0,0 +1,6 @@ +FROM debian:bullseye-slim +WORKDIR /app + +ADD review.sh /app + +CMD [ "bash", "review.sh"] \ No newline at end of file diff --git a/reviewer/exercises/git03/config.json b/reviewer/exercises/git03/config.json new file mode 100644 index 000000000..874436614 --- /dev/null +++ b/reviewer/exercises/git03/config.json @@ -0,0 +1,3 @@ +{ + "version": "v1.0.0" +} \ No newline at end of file diff --git a/reviewer/exercises/git03/requirements.txt b/reviewer/exercises/git03/requirements.txt new file mode 100644 index 000000000..e69de29bb diff --git a/reviewer/exercises/git03/review.sh b/reviewer/exercises/git03/review.sh new file mode 100755 index 000000000..f30ae95c6 --- /dev/null +++ b/reviewer/exercises/git03/review.sh @@ -0,0 +1,9 @@ +#!/bin/sh +secret_file="my_env.txt" +if [[ -f "/exercise/$secret_file" ]];then + echo "::error title=Exercise submission failed::Secret file $secret_file still exists. Please update your code and submit again." + exit 1; +fi; + +echo "SUMMARY: ### Exercise completed :rocket:" +echo "SUMMARY: Secret file $secret_file not found. Well done cleaning all your secrets." \ No newline at end of file diff --git a/reviewer/exercises/git04/Dockerfile b/reviewer/exercises/git04/Dockerfile new file mode 100644 index 000000000..f8c5be11f --- /dev/null +++ b/reviewer/exercises/git04/Dockerfile @@ -0,0 +1,9 @@ +FROM python:3.10-slim-bullseye +WORKDIR /app + +ADD requirements.txt /app +ADD review.py /app + +RUN pip3 install -r requirements.txt + +CMD [ "python", "./review.py"] \ No newline at end of file diff --git a/reviewer/exercises/git04/config.json b/reviewer/exercises/git04/config.json new file mode 100644 index 000000000..874436614 --- /dev/null +++ b/reviewer/exercises/git04/config.json @@ -0,0 +1,3 @@ +{ + "version": "v1.0.0" +} \ No newline at end of file diff --git a/reviewer/exercises/git04/requirements.txt b/reviewer/exercises/git04/requirements.txt new file mode 100644 index 000000000..e69de29bb diff --git a/reviewer/exercises/git04/review.py b/reviewer/exercises/git04/review.py new file mode 100644 index 000000000..a2a24ae35 --- /dev/null +++ b/reviewer/exercises/git04/review.py @@ -0,0 +1,21 @@ +import sys + +def github_error(message): + print("::error title=Exercise submission failed::{}".format(message)) + +def github_summary(message): + print("SUMMARY: {}".format(message)) + + +secret_file = "my_env.txt" + +try: + my_env = open("/exercise/{}".format(secret_file)) + +except: + github_summary("### Exercise completed :rocket:") + github_summary("Secret file {} not found. Well done cleaning all your secrets.".format(secret_file)) + sys.exit() + +github_error("Secret file {} still exists. Please update your code and submit again.".format(secret_file)) +raise Exception("Submission failed.") \ No newline at end of file diff --git a/students/caiocezart/exercises/git04/README.md b/students/caiocezart/exercises/git04/README.md new file mode 100644 index 000000000..3c72d0a77 --- /dev/null +++ b/students/caiocezart/exercises/git04/README.md @@ -0,0 +1,26 @@ +## Secrets (c01-git04) + +Perform the following commands: +1. In the same repository of the previous exercise: +2. Add a file called `my_env.txt` that contains + ``` + SERVICE_NAME=account-management + ENVIRONMENT=prod + PASSWORD=pass1234 + ``` +1. Commit it to your local repository +2. Check the log with `git log` + +**Questions** + +1. Let's suppose you remotely pushed the `my_env.txt` file above. A colleague asks you to remove this information from Git. What's your colleague worried about? +2. If you modify the file in your workspace, then commit and push it, will it be enough to erase this password information from the repository? (It's not). Why? +3. If you delete the file and push it, then create a new one with the rest of the information, is it enough? (It's not). Why? +4. How to fix this? How do you remove something from Git history when it is in the remote repository? +5. Which commands would you use? Explain what the command does. + +## Submit a PR with the following files + +> Remember to follow the instructions on [how to submit a PR here](/README.md#exercises) + +- **README.md**: copy from file [ANSWER.md](ANSWER.md), answering the questions above. Include details and commands used. \ No newline at end of file diff --git a/students/caiocezart/exercises/git04/config.json b/students/caiocezart/exercises/git04/config.json new file mode 100644 index 000000000..874436614 --- /dev/null +++ b/students/caiocezart/exercises/git04/config.json @@ -0,0 +1,3 @@ +{ + "version": "v1.0.0" +} \ No newline at end of file diff --git a/students/caiocezart/exercises/git04/my_env.txt b/students/caiocezart/exercises/git04/my_env.txt new file mode 100644 index 000000000..185888270 --- /dev/null +++ b/students/caiocezart/exercises/git04/my_env.txt @@ -0,0 +1,3 @@ +SERVICE_NAME=account-management +ENVIRONMENT=prod +PASSWORD=pass1234 \ No newline at end of file