feat: added git actions for unit tests and linter

.github/workflows/linter.yml

@@ -0,0 +1,14 @@
+name: Lint
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Setup make
+      run: |
+        sudo apt-get install make
+    - name: Build docker container
+      run: make build
+    - name: Run linter
+      run: make lint

.github/workflows/unit-tests.yml

@@ -0,0 +1,14 @@
+name: Unit Tests
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Setup make
+      run: |
+        sudo apt-get install make
+    - name: Build docker container
+      run: make build
+    - name: Run unit tests
+      run: make test

Dockerfile

@@ -13,30 +13,26 @@ RUN DEBIAN_FRONTEND=noninteractive \
   && apt-get autoremove -y
 
 # Set env variables used in this Dockerfile (add a unique prefix, such as DEV)
-RUN apt update && apt install -y netcat dnsutils
-
-RUN useradd -rm -d /home/app -s /bin/bash -g root -G sudo -u 1001 app
+RUN apt update && apt install -y netcat dnsutils libmariadbclient-dev git
+
+RUN mkdir -p /ebs/logs && touch /ebs/logs/engima.log && chmod 777 /ebs/logs/engima.log
+
+ARG APPUID=1001
+RUN useradd -rm -d /home/app -s /bin/bash -g root -G sudo -u "$APPUID" app
+WORKDIR /srv/code/dev
+RUN git clone https://github.com/browserstack/enigma.git .
+RUN mkdir -p Access/access_modules
+COPY config.json.sample config.json
+RUN cp requirements.txt /tmp/
+RUN mkdir -p logs
+RUN mkdir -p db
+RUN chown -R app /srv/code/dev /ebs
 USER app
 
-# Directory in container for all project files
-ENV DEV_SRVHOME=/srv
-
-# Local directory with project source
-ENV DEV_SRC=code/dev
-
-# Directory in container for project source files
-ENV DEV_SRVPROJ=$DEV_SRVHOME/$DEV_SRC
-
-# Create application subdirectories
-WORKDIR $DEV_SRVPROJ
-
-# Copy just requirements.txt
-COPY requirements.txt /tmp/requirements.txt
-
-# Install Python dependencies
-RUN pip install -r /tmp/requirements.txt --no-cache-dir
-
-COPY . .
+COPY requirements.txt /tmp/access-module-requirements.txt
+RUN pip install -r /tmp/requirements.txt --no-cache-dir --ignore-installed
+RUN pip install -r /tmp/access-module-requirements.txt --no-cache-dir --ignore-installed
+COPY --chown=app:root . ./Access/access_modules
 
 # Starts Docker Container and keeps it running for Debugging
 FROM base as test

Makefile

@@ -1,39 +1,50 @@
+APP_UID := $(shell id -u)
+
 ## make all : Run service, test and linter
 .PHONY: all
 all: test lint
 
 .PHONY: build
+build: export APPUID = $(APP_UID)
 build:
-	@docker-compose up -d
+	@docker-compose up --build -d
 
 .PHONY: down
 down:
 	@docker-compose -f docker-compose.yml down
 
-## Run tests with coverage
-.PHONY: test
-test:
-	@if [ $$(docker ps -f name=test | wc -l) -eq 2 ]; then \
-			docker exec test python -m pytest --version; \
+ensure_container_for_test:
+	@if [ $$(docker ps -a -f name=test | wc -l) -eq 2 ]; then \
+		docker exec test python -m pytest --version; \
 	else \
-		echo "No containers running.. Starting runserver:"; \
+		echo "No containers running.. "; \
 		make build; \
-		echo "Running Tests"; \
 	fi
 
-	@docker exec test python -m pytest -v --cov --disable-warnings;\
-	echo "Tests finished. Stopping runserver:" && make down
+## Run tests with coverage
+.PHONY: test
+test: export APPUID = $(APP_UID)
+test: ensure_container_for_test
 
-## Create lint issues file
-.PHONY: lint_issues
-lint_issues:
-	@touch $@
+	@docker exec test python -m pytest -v --cov --disable-warnings Access/access_modules
+	@if [ "$$?" -ne 0 ]; then \
+		echo "Unit Tests failed"; \
+		exit 1; \
+	else \
+	  echo "Unit Tests passed"; \
+	fi
 
-## Lint code using pylama skipping files in env (if pyenv created)
 .PHONY: lint
-lint: lint_issues
-	@python3 -m pylama --version
-	@pylama --skip "./env/*" -r lint_issues || echo "Linter run returned errors. Check lint_issues file for details." && false
+lint: export APPUID = $(APP_UID)
+lint: ensure_container_for_test
+	@docker exec test python -m pylama --version
+	@docker exec test python -m pylama Access/access_modules
+	@if [ "$$?" -ne 0 ]; then \
+		echo "Linter checks failed"; \
+		exit 1; \
+	else \
+	  echo "Linter checks passed"; \
+	fi
 
 run_semgrep:
 	$(shell semgrep --error --config "p/cwe-top-25" --config "p/owasp-top-ten" --config "p/r2c-security-audit")

config.json.sample

@@ -0,0 +1,108 @@
+{
+  "django_setup": {
+    "SECRET_KEY": "random_secret_that_you_should_change_on_production",
+    "DEBUG": false,
+    "ALLOWED_HOSTS": [
+      "localhost"
+    ],
+    "CSRF_TRUSTED_ORIGINS": [
+      "http://localhost"
+    ]
+  },
+  "sso": {
+    "googleapi": {
+      "SOCIAL_AUTH_GOOGLE_OAUTH2_KEY": "",
+      "SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET": ""
+    }
+  },
+  "database": {
+    "engine": "sqlite3",
+    "dbname": "",
+    "username": "",
+    "password": "",
+    "host": "",
+    "port": 3306
+  },
+  "access_modules": {
+    "git_urls": [
+      "https://github.com/browserstack/enigma-access-modules.git"
+    ],
+    "confluence_module": {
+      "CONFLUENCE_BASE_URL": "https://test.atlassian.net",
+      "ADMIN_EMAIL": "test@browserstack.com",
+      "API_TOKEN": "xyz"
+    },
+    "aws_access": {
+      "aws_accounts": [
+        {
+          "account": "Dev",
+          "access_key_id": "id",
+          "secret_access_key": "key"
+        }
+      ]
+    },
+    "github_access": {
+      "GITHUB_TOKEN": "test-token",
+      "GITHUB_BASE_URL": "https://api.github.com",
+      "GITHUB_ORG": "browserstack"
+    },
+    "gcp_access": {
+      "domains": [
+        {
+          "domain_id": "browserstack.com",
+          "admin_id": "test@browserstack.com",
+          "service_account_path": "./gcp.json"
+        }
+      ]
+    },
+    "zoom_access": {
+      "ZOOM_BASE_URL": "https://api.zoom.us/v2/",
+      "ZOOM_CLIENT_SECRET": "test-secret",
+      "ZOOM_API_KEY": "test-api"
+    },
+    "ssh": {
+      "engima_root_user": "enigma-user",
+      "app_user": "app",
+      "inventory_file_path": "Access/access_modules/ssh/inventory.csv",
+      "common_sudo_group": "sudoppl",
+      "private_key_path": "/Users/username/.ssh/id_rsa"
+    },
+    "opsgenie_access": {
+      "OPSGENIE_TOKEN": "test-token",
+      "IGNORE_TEAMS": [
+        "team_1",
+        "team_2"
+      ]
+    },
+    "slack_access": {
+      "enigma-slack": {
+        "AUTH_TOKEN": "abc",
+        "DEFAULT_CHANNELS": [
+          "general"
+        ]
+      }
+    }
+  },
+  "enigmaGroup": {
+    "MAIL_APPROVER_GROUPS": []
+  },
+  "emails": {
+    "access-approve": "",
+    "EMAIL_HOST": "",
+    "EMAIL_PORT": "",
+    "EMAIL_HOST_USER": "",
+    "EMAIL_HOST_PASSWORD": "",
+    "EMAIL_USE_TLS": true,
+    "EMAIL_USE_SSL": false,
+    "DEFAULT_FROM_EMAIL": ""
+  },
+  "background_task_manager": {
+    "type": "celery",
+    "config": {
+      "broker": "<celery-broker-url>",
+      "backend": "<celery-result-backend-url>",
+      "need_monitoring": true,
+      "monitoring_apps": "django_celery_results"
+    }
+  }
+}

docker-compose.yml

@@ -10,5 +10,5 @@ services:
     env_file:
     - ./secrets/ops_app_test.env
     volumes:
-    - .:/srv/code/dev
     - ./mounts/logs/:/ebs/logs/
+    - ./:/srv/code/dev/Access/access_modules/