Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
0968f7b
docs: add PR template
sovva6-14 Jun 5, 2026
a75ef4e
docs: add PR template
sovva6-14 Jun 6, 2026
8450a05
docs: upstream moved while you worked
sovva6-14 Jun 6, 2026
be8c121
docs: add PR template
sovva6-14 Jun 7, 2026
9a2873e
wip(lab2): Work progress
sovva6-14 Jun 9, 2026
cf5cb87
Task1 Done
sovva6-14 Jun 9, 2026
ab8e9ad
Task1 Done
sovva6-14 Jun 9, 2026
04b5e86
docs: upstream moved while you worked
sovva6-14 Jun 9, 2026
19847ff
Lab2 Done
sovva6-14 Jun 9, 2026
55731b8
delete stupid
sovva6-14 Jun 9, 2026
657b853
test Verified
sovva6-14 Jun 9, 2026
51038bb
test again :)
sovva6-14 Jun 9, 2026
a56c59b
verified signature finaly
sovva6-14 Jun 9, 2026
0d27cbe
create feature/lab3, ci, update pr
sovva6-14 Jun 17, 2026
16c2493
pr update
sovva6-14 Jun 17, 2026
1a0b11d
Merge branch 'inno-devops-labs:main' into main
sovva6-14 Jun 17, 2026
90aa199
mrconfict
sovva6-14 Jun 17, 2026
239140a
Create go.yml
sovva6-14 Jun 17, 2026
82e7fcf
Create ci.yml
sovva6-14 Jun 17, 2026
58c3b24
Create pr_gate.yml
sovva6-14 Jun 17, 2026
eaf23fb
Create prgate.yml
sovva6-14 Jun 17, 2026
428accd
Update prgate.yml
sovva6-14 Jun 17, 2026
9c4b404
delete .yml files
sovva6-14 Jun 17, 2026
0ed06c8
new ci.yml
sovva6-14 Jun 17, 2026
2db3026
update ci sha
sovva6-14 Jun 17, 2026
5b93eed
fix golangci
sovva6-14 Jun 17, 2026
ed38523
update lab3 and pr_template
sovva6-14 Jun 17, 2026
dd00f36
complete lab4 (task1+task2)
sovva6-14 Jun 17, 2026
0f184f9
vagrantfile + lab5
sovva6-14 Jun 24, 2026
c23c730
submission lab5
sovva6-14 Jun 24, 2026
899a4cf
add compose; add dockerfile; add lab6
sovva6-14 Jun 24, 2026
52e329d
lab7 is done
sovva6-14 Jul 1, 2026
ae6bc8a
lab8 is done
sovva6-14 Jul 1, 2026
b5a46fe
lab9 is done
sovva6-14 Jul 8, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 19 additions & 0 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
## Goal
<!-- What does this PR accomplish? 1 sentence. -->

Complete lab 3 DevOps

## Changes
* Added submissions/lab3.md
* Create GitHub Action CI Workflows
* Added Go environment ubuntu 24.04

## Testing
<!-- How did you verify it? -->
* Start CI action on GitHub and green CI run
* Verfied CI run pipeline

## Checklist
- ☑️ Title is a clear sentence (≤ 70 chars)
- ☑️ Vet, Test, and Lint checks pass
- ☑️ `submissions/lab3.md` updated
83 changes: 83 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: PR Gate

on:
push:
branches: [ main ]
paths:
- 'app/**'
- '.github/workflows/ci.yml'
pull_request:
branches: [ main ]
paths:
- 'app/**'
- '.github/workflows/ci.yml'

permissions:
contents: read # минимальные права

jobs:
# ---------- vet ----------
vet:
name: go vet
runs-on: ubuntu-24.04
strategy:
matrix:
go-version: [ '1.23', '1.24' ]
fail-fast: false
defaults:
run:
working-directory: app
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.3.0
with:
go-version: ${{ matrix.go-version }}
cache: true
- name: Run go vet
run: go vet ./...

# ---------- test ----------
test:
name: go test -race
runs-on: ubuntu-24.04
strategy:
matrix:
go-version: [ '1.23', '1.24' ]
fail-fast: false
defaults:
run:
working-directory: app
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.3.0
with:
go-version: ${{ matrix.go-version }}
cache: true
- name: Run tests with race detector
run: go test -race -count=1 ./...

# ---------- lint ----------
lint:
name: golangci-lint
runs-on: ubuntu-24.04
defaults:
run:
working-directory: app
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.3.0
with:
go-version: '1.24' # достаточно одной версии для линтера
cache: true
- name: Install golangci-lint v2.5.0
run: |
curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | \
sh -s -- -b $(go env GOPATH)/bin v2.5.0
- name: Run golangci-lint
run: golangci-lint run ./...
Binary file added ansible/files/quicknotes
Binary file not shown.
2 changes: 2 additions & 0 deletions ansible/inventory.ini
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
[quicknotes_vm]
quicknotes-vm ansible_host=127.0.0.1 ansible_port=2222 ansible_user=vagrant ansible_private_key_file=~/.vagrant.d/insecure_private_key ansible_ssh_extra_args="-o StrictHostKeyChecking=no"
65 changes: 65 additions & 0 deletions ansible/playbook.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
---
- name: Deploy QuickNotes to Lab 5 VM
hosts: quicknotes_vm
become: true
gather_facts: true

vars:
app_user: quicknotes
app_data_dir: /var/lib/quicknotes
app_binary_path: /usr/local/bin/quicknotes
app_listen_addr: ":9090"
app_data_path: "{{ app_data_dir }}/data.db"
app_seed_path: "{{ app_data_dir }}/seed.json"

tasks:
- name: Create quicknotes system user
ansible.builtin.user:
name: "{{ app_user }}"
system: true
shell: /usr/sbin/nologin
home: "{{ app_data_dir }}"
create_home: false

- name: Ensure data directory exists
ansible.builtin.file:
path: "{{ app_data_dir }}"
state: directory
owner: "{{ app_user }}"
group: "{{ app_user }}"
mode: '0750'

- name: Copy QuickNotes binary
ansible.builtin.copy:
src: files/quicknotes
dest: "{{ app_binary_path }}"
mode: '0755'
owner: root
group: root
notify: restart quicknotes

- name: Render systemd unit file
ansible.builtin.template:
src: templates/quicknotes.service.j2
dest: /etc/systemd/system/quicknotes.service
owner: root
group: root
mode: '0644'
notify: restart quicknotes

- name: Reload systemd daemon
ansible.builtin.systemd:
daemon_reload: true

- name: Enable and start QuickNotes service
ansible.builtin.systemd:
name: quicknotes
enabled: true
state: started

handlers:
- name: restart quicknotes
ansible.builtin.systemd:
name: quicknotes
state: restarted
daemon_reload: true
18 changes: 18 additions & 0 deletions ansible/templates/quicknotes.service.j2
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
[Unit]
Description=QuickNotes Service
After=network-online.target
Wants=network-online.target

[Service]
User={{ app_user }}
Group={{ app_user }}
WorkingDirectory={{ app_data_dir }}
ExecStart={{ app_binary_path }}
Restart=on-failure
RestartSec=5
Environment="ADDR={{ app_listen_addr }}"
Environment="DATA_PATH={{ app_data_path }}"
Environment="SEED_PATH={{ app_seed_path }}"

[Install]
WantedBy=multi-user.target
40 changes: 40 additions & 0 deletions app/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
#---------- Builder stage ----------

FROM golang:1.24-alpine AS builder

# WorkDir

WORKDIR /build

# copy go.mod and run

COPY go.mod ./
RUN go mod download

COPY . .


# CGO_ENABLED=0 — disable CGO
# -ldflags='-s -w' — delete table symbol

RUN CGO_ENABLED=0 GOOS=linux go build \
-ldflags='-s -w' \
-trimpath \
-o quicknotes .

# -------------------- Runtime stage --------------------
FROM gcr.io/distroless/static:nonroot

# copy bin from builder-stage

COPY --from=builder /build/quicknotes /quicknotes

# UID 65532 in distroless/static:nonroot

USER 65532:65532

# port
EXPOSE 8080

# exec-form
ENTRYPOINT ["/quicknotes"]
Binary file added app/lab4-trace.pcap
Binary file not shown.
1 change: 1 addition & 0 deletions app/newfile.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
dsd
61 changes: 61 additions & 0 deletions compose.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
services:
quicknotes:
build:
context: ./app
dockerfile: Dockerfile
image: quicknotes:lab6
container_name: quicknotes
ports:
- "8080:8080"
volumes:
- quicknotes-data:/data
environment:
- ADDR=:8080
- DATA_PATH=/data/notes.json
- SEED_PATH=/data/seed.json
healthcheck:
test: ["CMD", "/quicknotes", "-healthcheck"] # or ["CMD-SHELL", "wget -qO- http://localhost:8080/health"]
interval: 10s
timeout: 5s
retries: 3
start_period: 5s
restart: unless-stopped

prometheus:
image: prom/prometheus:v3.0.1
container_name: prometheus
volumes:
- ./monitoring/prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
ports:
- "9090:9090"
depends_on:
quicknotes:
condition: service_healthy
networks:
- quicknotes-net

grafana:
image: grafana/grafana:13.0.0
container_name: grafana
volumes:
- ./monitoring/grafana/provisioning:/etc/grafana/provisioning:ro
- ./monitoring/grafana/provisioning/dashboards/golden-signals.json:/var/lib/grafana/dashboards/golden-signals.json:ro
ports:
- "3000:3000"
environment:
- GF_SECURITY_ADMIN_USER=admin
- GF_SECURITY_ADMIN_PASSWORD=securepassword123
- GF_INSTALL_PLUGINS=
depends_on:
- prometheus
networks:
- quicknotes-net

networks:
quicknotes-net:
driver: bridge


volumes:
quicknotes-data:
name: quicknotes-data
70 changes: 70 additions & 0 deletions gen.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
# zap-baseline rule configuration file
# Change WARN to IGNORE to ignore rule or FAIL to fail if rule matches
# Only the rule identifiers are used - the names are just for info
# You can add your own messages to each rule by appending them after a tab on each line.
10003 WARN (Vulnerable JS Library (Powered by Retire.js))
10009 WARN (In Page Banner Information Leak)
10010 WARN (Cookie No HttpOnly Flag)
10011 WARN (Cookie Without Secure Flag)
10015 WARN (Re-examine Cache-control Directives)
10017 WARN (Cross-Domain JavaScript Source File Inclusion)
10019 WARN (Content-Type Header Missing)
10020 WARN (Anti-clickjacking Header)
10021 WARN (X-Content-Type-Options Header Missing)
10023 WARN (Information Disclosure - Debug Error Messages)
10024 WARN (Information Disclosure - Sensitive Information in URL)
10025 WARN (Information Disclosure - Sensitive Information in HTTP Referrer Header)
10026 WARN (HTTP Parameter Override)
10027 WARN (Information Disclosure - Suspicious Comments)
10028 WARN (Off-site Redirect)
10029 WARN (Cookie Poisoning)
10030 WARN (User Controllable Charset)
10031 WARN (User Controllable HTML Element Attribute (Potential XSS))
10032 WARN (Viewstate)
10033 WARN (Directory Browsing)
10034 WARN (Heartbleed OpenSSL Vulnerability (Indicative))
10035 WARN (Strict-Transport-Security Header)
10036 WARN (HTTP Server Response Header)
10037 WARN (Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s))
10038 WARN (Content Security Policy (CSP) Header Not Set)
10039 WARN (X-Backend-Server Header Information Leak)
10040 WARN (Secure Pages Include Mixed Content)
10041 WARN (HTTP to HTTPS Insecure Transition in Form Post)
10042 WARN (HTTPS to HTTP Insecure Transition in Form Post)
10043 WARN (User Controllable JavaScript Event (XSS))
10044 WARN (Big Redirect Detected (Potential Sensitive Information Leak))
10049 WARN (Content Cacheability)
10050 WARN (Retrieved from Cache)
10052 WARN (X-ChromeLogger-Data (XCOLD) Header Information Leak)
10054 WARN (Cookie without SameSite Attribute)
10055 WARN (CSP)
10056 WARN (X-Debug-Token Information Leak)
10057 WARN (Username Hash Found)
10061 WARN (X-AspNet-Version Response Header)
10062 WARN (PII Disclosure)
10063 WARN (Permissions Policy Header Not Set)
10096 WARN (Timestamp Disclosure)
10097 WARN (Hash Disclosure)
10098 WARN (Cross-Domain Misconfiguration)
10099 WARN (Source Code Disclosure)
10105 WARN (Weak Authentication Method)
10108 WARN (Reverse Tabnabbing)
10109 WARN (Modern Web Application)
10110 WARN (Dangerous JS Functions)
10111 WARN (Authentication Request Identified)
10112 WARN (Session Management Response Identified)
10113 WARN (Verification Request Identified)
10115 WARN (Script Served From Malicious Domain (polyfill))
10116 WARN (ZAP is Out of Date)
10202 WARN (Absence of Anti-CSRF Tokens)
2 WARN (Private IP Disclosure)
3 WARN (Session ID in URL Rewrite)
50001 WARN (Script Passive Scan Rules)
90001 WARN (Insecure JSF ViewState)
90002 WARN (Java Serialization Object)
90003 WARN (Sub Resource Integrity Attribute Missing)
90004 WARN (Insufficient Site Isolation Against Spectre Vulnerability)
90011 WARN (Charset Mismatch)
90022 WARN (Application Error Disclosure)
90030 WARN (WSDL File Detection)
90033 WARN (Loosely Scoped Cookie)
Binary file added lab4-trace.pcap
Binary file not shown.
Loading