Initial commit

Author: MykhailoRyzhman

.dockerignore

@@ -0,0 +1,7 @@
+.env
+.env.local
+node_modules
+test-results
+e2e
+helm
+.next

.editorconfig

@@ -0,0 +1,13 @@
+# Editor configuration, see http://editorconfig.org
+root = true
+
+[*]
+charset = utf-8
+indent_style = space
+indent_size = 2
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+max_line_length = off
+trim_trailing_whitespace = false

.env.template

@@ -0,0 +1,64 @@
+# API_URL=""
+# DIAL_API_URL=""
+# DIAL_API_KEY=""
+
+## NextAuth (more info https://next-auth.js.org/configuration/options)
+# NEXTAUTH_URL=http://localhost:4100
+# NEXTAUTH_SECRET=""
+
+### Auth Azure
+# AUTH_AZURE_AD_CLIENT_ID=
+# AUTH_AZURE_AD_SECRET=
+# AUTH_AZURE_AD_TENANT_ID=
+# AUTH_AZURE_AD_NAME=
+# AUTH_AZURE_AD_SCOPE=
+
+### Google
+# AUTH_GOOGLE_CLIENT_ID=
+# AUTH_GOOGLE_SECRET=
+# AUTH_GOOGLE_NAME=
+# AUTH_GOOGLE_SCOPE=
+
+
+### Gitlab
+# AUTH_GITLAB_CLIENT_ID=""
+# AUTH_GITLAB_HOST=""
+# AUTH_GITLAB_NAME=""
+# AUTH_GITLAB_SECRET=""
+# AUTH_GITLAB_SCOPE=""
+
+### PingID
+# AUTH_PING_ID_CLIENT_ID=""
+# AUTH_PING_ID_HOST=""
+# AUTH_PING_ID_NAME=""
+# AUTH_PING_ID_SECRET=""
+# AUTH_PING_ID_SCOPE=""
+
+### Auth0
+# AUTH_AUTH0_CLIENT_ID=
+# AUTH_AUTH0_SECRET=
+# AUTH_AUTH0_HOST=
+# AUTH_AUTH0_NAME=
+# AUTH_AUTH0_AUDIENCE=
+# AUTH_AUTH0_SCOPE=
+
+### Keycloak
+# AUTH_KEYCLOAK_CLIENT_ID=
+# AUTH_KEYCLOAK_SECRET=
+# AUTH_KEYCLOAK_HOST=
+# AUTH_KEYCLOAK_NAME=
+# AUTH_KEYCLOAK_SCOPE=
+
+### Cognito
+# AUTH_COGNITO_CLIENT_ID=
+# AUTH_COGNITO_SECRET=
+# AUTH_COGNITO_HOST=
+# AUTH_COGNITO_NAME=
+# AUTH_COGNITO_SCOPE=
+
+### Okta
+# AUTH_OKTA_CLIENT_SECRET=
+# AUTH_OKTA_CLIENT_ID=
+# AUTH_OKTA_ISSUER=
+# AUTH_OKTA_SCOPE=
+# AUTH_COGNITO_SCOPE=

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+* @PolinaGurinovich97
+/.github/ @MykhailoRyzhman

.github/ISSUE_TEMPLATE/01_bug_report.yml

@@ -0,0 +1,41 @@
+name: 🐞 Bug report
+description: Create a report to help us improve
+labels: ['bug']
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for reporting an issue to improve StatGPT.
+        Please fill in as much of the following form as you're able.
+  - type: input
+    attributes:
+      label: StatGPT Admin Frontend version
+      description: Application version
+      placeholder: 0.1.0
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What steps will reproduce the bug?
+      description: Enter details about your bug.
+      placeholder: |
+        1. In this environment...
+        2. With this config...
+        3. Run '...'
+        4. See error...
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What is the expected behavior?
+      description: If possible please provide textual output instead of screenshots.
+  - type: textarea
+    attributes:
+      label: What do you see instead?
+      description: If possible please provide textual output instead of screenshots.
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Additional information
+      description: Tell us anything else you think we should know.

.github/ISSUE_TEMPLATE/02_feature_request.yml

@@ -0,0 +1,30 @@
+name: '🚀 Feature request'
+description: Suggest an idea for this project
+labels: ['enhancement']
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thank you for suggesting an idea to improve StatGPT.
+        Please fill in as much of the following form as you're able.
+  - type: input
+    attributes:
+      label: StatGPT Admin Frontend version
+      description: Application version
+      placeholder: 0.1.0
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What is the problem this feature will solve?
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What is the feature you are proposing to solve the problem?
+      description: Describe the requests. If you already have something in mind... PRs are welcome!
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: What alternatives have you considered?

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/actions/build_docker/action.yml

@@ -0,0 +1,193 @@
+# https://github.com/epam/ai-dial-ci/blob/2.4.1/actions/build_docker/action.yml
+# This version has modified values for maintainer and org.opencontainers.image.licenses
+
+name: 'Build docker'
+description: 'Build a docker image, tag it, (optionally) scan it, and (optionally) push it to Dockerhub and GHCR'
+inputs:
+  bypass-checks:
+    description: 'Do not fail pipeline if checks failed'
+    default: 'false'
+  push-enabled:
+    description: 'Push the image to registry(ies)'
+    required: false
+    default: 'false'
+  trivy-enabled:
+    description: 'Enable Trivy scanning'
+    required: false
+    default: 'true'
+  trivy-severity:
+    description: 'Severities of vulnerabilities to fail the build'
+    required: false
+    default: 'CRITICAL,HIGH'
+  trivy-severity-for-sarif:
+    description: 'Severities of vulnerabilities in SARIF report'
+    required: false
+    default: 'CRITICAL,HIGH'
+  trivy-limit-severities-for-sarif:
+    description: 'Limit severities for SARIF format'
+    required: false
+    default: 'true'
+  trivy-vuln-type:
+    description: 'Type of vulnerabilities to scan'
+    required: false
+    default: 'os,library'
+  trivy-ignore-unfixed:
+    description: 'Ignore unpatched/unfixed vulnerabilities'
+    required: false
+    default: 'true'
+  image-name:
+    description: 'Name of the image to build'
+    required: true
+  image-tag:
+    description: 'Tag of the image to build'
+    required: true
+  image-extra-aliases:
+    description: 'Extra aliases for the image, e.g. to publish to multiple registries'
+    required: false
+    default: ''
+  ghcr-username:
+    description: 'GitHub Container Registry username. This is required for pushing to GitHub Container Registry'
+    required: false
+    default: ${{ github.actor }}
+  ghcr-password:
+    description: 'GitHub Container Registry password/token. This is required for pushing to GitHub Container Registry'
+    required: false
+    default: ''
+  dockerhub-username:
+    description: 'Docker Hub username. This is required for pushing to Docker Hub'
+    required: false
+    default: ''
+  dockerhub-password:
+    description: 'Docker Hub password/token. This is required for pushing to Docker Hub'
+    required: false
+    default: ''
+  gpr-username:
+    description: 'GitHub Package Registry username (for pulling packages from image being built)'
+    required: false
+    default: ${{ github.actor }}
+  gpr-password:
+    required: false
+    description: 'GitHub Package Registry password/token (for pulling packages from image being built)'
+    default: ''
+  platforms:
+    required: false
+    description: 'Docker build platforms (default linux/amd64)'
+    default: 'linux/amd64'
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Setup Docker Qemu
+      uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+    - name: Setup Docker buildx
+      uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+    - name: Login to GitHub Container Registry
+      if: ${{ fromJSON(inputs.push-enabled) }} # workaround for composite jobs not being able to pass boolean inputs
+      uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+      with:
+        registry: ghcr.io
+        username: ${{ inputs.ghcr-username }}
+        password: ${{ inputs.ghcr-password }}
+    - name: Login to Docker Hub
+      if: ${{ fromJSON(inputs.push-enabled) }} # workaround for composite jobs not being able to pass boolean inputs
+      uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+      with:
+        username: ${{ inputs.dockerhub-username }}
+        password: ${{ inputs.dockerhub-password }}
+    - name: Build and export to Docker
+      if: ${{ fromJSON(inputs.trivy-enabled) }} # workaround for composite jobs not being able to pass boolean inputs
+      uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+      with:
+        context: .
+        load: true
+        platforms: linux/amd64
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        tags: |
+          ${{ inputs.image-name }}:${{ inputs.image-tag }}
+          ${{ inputs.image-extra-aliases }}
+        labels: |
+          maintainer=StatGPT
+          org.opencontainers.image.title=${{ inputs.image-name }}
+          org.opencontainers.image.version=${{ inputs.image-tag }}
+          org.opencontainers.image.description=${{ inputs.image-name }}
+          org.opencontainers.image.created=${{ github.event.repository.pushed_at }}
+          org.opencontainers.image.licenses=MIT
+          org.opencontainers.image.revision=${{ github.sha }}
+          org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+          org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}
+        secrets: |
+          GPR_USERNAME=${{ inputs.gpr-username }}
+          GPR_PASSWORD=${{ inputs.gpr-password }}
+      env:
+        DOCKER_BUILD_RECORD_UPLOAD: false
+    - name: Run Trivy vulnerability scanner (SARIF, no fail)
+      id: trivy-sarif
+      # Do not perform SARIF scan on private repos - GitHub Advanced Security is not enabled
+      if: ${{ fromJSON(inputs.trivy-enabled) && !github.event.repository.private }} # workaround for composite jobs not being able to pass boolean inputs
+      uses: aquasecurity/trivy-action@7aca5acc9500b463826cc47a47a65ad7d404b045 # TODO: v0.31.0+
+      with:
+        image-ref: '${{ inputs.image-name }}:${{ inputs.image-tag }}'
+        format: 'sarif'
+        exit-code: '0'
+        output: 'trivy-results.sarif'
+        ignore-unfixed: ${{ inputs.trivy-ignore-unfixed }}
+        vuln-type: ${{ inputs.trivy-vuln-type }}
+        severity: ${{ inputs.trivy-severity-for-sarif }}
+        limit-severities-for-sarif: ${{ inputs.trivy-limit-severities-for-sarif }}
+      env:
+        TRIVY_DISABLE_VEX_NOTICE: true
+      continue-on-error: true # HACK: Alongside with `exit-code: 0`, ensure not failing the workflow
+    - name: Upload Trivy scan results to GitHub Security tab
+      # Do not upload SARIF reports on private repos - GitHub Advanced Security is not enabled
+      if: ${{ !cancelled() && fromJSON(inputs.trivy-enabled) && !github.event.repository.private }} # workaround for composite jobs not being able to pass boolean inputs
+      uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b #v3.28.17
+      with:
+        sarif_file: 'trivy-results.sarif'
+        category: trivy
+      env:
+        CONTINUE_ON_ERROR: ${{ inputs.bypass-checks }} # Hack to use the input below as a boolean
+      continue-on-error: ${{ fromJSON(env.CONTINUE_ON_ERROR) }}
+    - name: Run Trivy vulnerability scanner (stdout, table view, may fail)
+      if: ${{ fromJSON(inputs.trivy-enabled) }} # workaround for composite jobs not being able to pass boolean inputs
+      uses: aquasecurity/trivy-action@7aca5acc9500b463826cc47a47a65ad7d404b045 # TODO: v0.31.0+
+      with:
+        image-ref: '${{ inputs.image-name }}:${{ inputs.image-tag }}'
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: ${{ inputs.trivy-ignore-unfixed }}
+        vuln-type: ${{ inputs.trivy-vuln-type }}
+        severity: ${{ inputs.trivy-severity }}
+        skip-setup-trivy: ${{ steps.trivy-sarif.conclusion != 'skipped' }}
+      env:
+        CONTINUE_ON_ERROR: ${{ inputs.bypass-checks }} # Hack to use the input below as a boolean
+        TRIVY_SKIP_DB_UPDATE: ${{ steps.trivy-sarif.conclusion != 'skipped' }}
+        TRIVY_SKIP_JAVA_DB_UPDATE: ${{ steps.trivy-sarif.conclusion != 'skipped' }}
+        TRIVY_DISABLE_VEX_NOTICE: true
+      continue-on-error: ${{ fromJSON(env.CONTINUE_ON_ERROR) }}
+    - name: Build and push
+      if: ${{ fromJSON(inputs.push-enabled) }} # workaround for composite jobs not being able to pass boolean inputs
+      uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
+      with:
+        context: .
+        push: true
+        platforms: ${{ inputs.platforms }}
+        cache-from: type=gha
+        tags: |
+          ${{ inputs.image-name }}:${{ inputs.image-tag }}
+          ${{ inputs.image-extra-aliases }}
+        labels: |
+          maintainer=StatGPT
+          org.opencontainers.image.title=${{ inputs.image-name }}
+          org.opencontainers.image.version=${{ inputs.image-tag }}
+          org.opencontainers.image.description=${{ inputs.image-name }}
+          org.opencontainers.image.created=${{ github.event.repository.pushed_at }}
+          org.opencontainers.image.licenses=MIT
+          org.opencontainers.image.revision=${{ github.sha }}
+          org.opencontainers.image.source=${{ github.server_url }}/${{ github.repository }}
+          org.opencontainers.image.url=${{ github.server_url }}/${{ github.repository }}
+        secrets: |
+          GPR_USERNAME=${{ inputs.gpr-username }}
+          GPR_PASSWORD=${{ inputs.gpr-password }}
+      env:
+        DOCKER_BUILD_RECORD_UPLOAD: false

.github/dependabot.yml

@@ -0,0 +1,22 @@
+version: 2
+updates:
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+      day: 'wednesday'
+      time: '09:00'
+    # Disable version updates, keep security updates only
+    open-pull-requests-limit: 0
+    commit-message:
+      # Prefix all commit messages with "chore: "
+      prefix: 'chore'
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+      day: 'wednesday'
+      time: '09:00'
+    commit-message:
+      # Prefix all commit messages with "chore: "
+      prefix: 'chore'

.github/pull_request_template.md

@@ -0,0 +1,17 @@
+### Applicable issues
+
+<!-- Please link the GitHub issues related to this PR (You can reference an issue using # then number, e.g. #123) -->
+
+- fixes #
+
+### Description of changes
+
+<!-- Please explain the changes you made right below this line. -->
+
+### Checklist
+
+<!-- [Place an '[X]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
+
+- [ ] Title of the pull request follows [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/)
+
+By submitting this pull request, I confirm that my contribution is made under the terms of the MIT license.