DadosAbertosDeFeira · EzzioMoreira · Sep 11, 2022 · Sep 11, 2022 · Sep 11, 2022 · Sep 11, 2022
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,31 @@
+# Titulo
+
+<!-- Por favor descreva seu pull request aqui. -->
+
+- [ ] Garanta que seu **topic/feature/bugfix branch** tenha uma branch nomeada e não a sua branch main esteja no PR
+- [ ] Dê um titulo que expresse o objetivo do PR
+- [ ] Associe seu PR a uma Issue criada no repositósito. Caso seja uma correção de linguagem ou pequenas correções, não é necessário
+- [ ] Descreva o objetivo do PR
+- [ ] Inclua links relevantes para a sua modificação/sugestão/correção
+- [ ] Descreva um passo-a-passo para testar o seu PR
+
+## Issue
+
+<!-- Link da issue -->
+
+## Objetivo
+
+<!-- Descrição do objetivo -->
+
+## Referências
+
+<!-- Links relevantes -->
+
+## Como testar
+
+<!-- Passo a passo -->
+
+<!--
+Marque um `x` dentro de [ ] para os itens que você forneceu informação
+Para modificar este template no seu repositório, basta criar o arquivo .github/pull_request_template.md nele.
+-->
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -1,70 +1,28 @@
-name: CI
+name: "Pipeline para build de imagem docker"
+on:
+  push: 
+  release:
+    types: [created]
 
-on: [ push, pull_request ]
+env:
+  TF_VAR_image: ezmom/mariaquiteria:latest
 
 jobs:
-  build:
-    runs-on: ubuntu-18.04
-    steps:
-      - uses: actions/checkout@v2
-      - name: Set up Python
-        uses: actions/setup-python@v2
-        with:
-          python-version: 3.8
-      - name: Install Dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install -r dev_requirements.txt
-      - name: Lint
-        run: |
-          black --check .
-          flake8 .
-      - name: Check migrations
-        env:
-          DJANGO_SETTINGS_MODULE: "web.settings"
-          DATABASE_URL: "postgres://postgres:postgres@localhost:5432/mariaquiteria"
-        run: python manage.py makemigrations --check
-      - name: Run Tests
-        env:
-          DJANGO_SETTINGS_MODULE: "web.settings"
-          DJANGO_CONFIGURATION: "Test"
-          DATABASE_URL: "postgres://postgres:postgres@localhost:5432/mariaquiteria"
-        run: |
-          python manage.py collectstatic
-          pytest
-    services:
-      postgres:
-        image: library/postgres:11-alpine
-        env:
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: mariaquiteria
-        ports:
-          - 5432:5432
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-      rabbitmq:
-        image: rabbitmq
-        env:
-          RABBITMQ_DEFAULT_USER: guest
-          RABBITMQ_DEFAULT_PASS: guest
-        ports:
-          - 5672:5672
-  deploy:
-    runs-on: ubuntu-18.04
-    if: github.ref == 'refs/heads/main'
+  docker:
+    uses: "mentoriaiac/cicd_centralizado/.github/workflows/docker_build.yaml@v1"
+    with:
+      image: ezmom/mariaquiteria
+      push_image: ${{github.event_name == 'release'}}
+    secrets:
+      docker_user: ${{secrets.DOCKER_LOGIN}}
+      docker_password: ${{secrets.TOKEN_DOCKERHUB}}
 
-    steps:
-      - uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-      - name: Push to dokku
-        uses: dokku/[email protected]
-        with:
-          branch: main
-          ssh_private_key: ${{ secrets.SSH_PRIVATE_KEY }}
-          git_remote_url: ${{ secrets.DOKKU_REMOTE_URL }}
-          ssh_host_key: ${{ secrets.SSH_HOST_KEY }}
-    needs: [build]
+  terraform:
+    needs: docker
+    uses: "mentoriaiac/cicd_centralizado/.github/workflows/terraform.yaml@v1"
+    with:
+      plan: true
+      apply: true
+      working_directory: ./iac
+      workspace: default
+    secrets: inherit
diff --git a/.gitignore b/.gitignore
@@ -10,6 +10,7 @@ __pycache__
 
 # data
 *.json
+!container_definitions.json
 !**/fixtures/*.json
 *.csv
 *.xls
@@ -22,3 +23,38 @@ __pycache__
 
 # scrapy
 files/
+
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
diff --git a/.trivyignore b/.trivyignore
@@ -0,0 +1,14 @@
+CVE-2022-1304
+CVE-2021-3999
+CVE-2019-8457
+CVE-2021-33560
+CVE-2022-2509
+CVE-2022-29458
+CVE-2022-1586
+CVE-2022-1587
+CVE-2022-2097
+CVE-2020-16156
+CVE-2022-34265
+CVE-2017-14158
+CVE-2022-37434
+CVE-2022-36359
diff --git a/Dockerfile b/Dockerfile
@@ -18,3 +18,5 @@ RUN apt-get update && \
 COPY . .
 
 RUN python manage.py collectstatic --no-input
+
+CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
diff --git a/iac/.tfsec/config.yml b/iac/.tfsec/config.yml
@@ -0,0 +1,4 @@
+---
+exclude:
+  - AWS099
+  - aws-iam-no-policy-wildcards
diff --git a/iac/container_definitions.json b/iac/container_definitions.json
@@ -0,0 +1,47 @@
+[
+    {
+      "cpu": 256,
+      "image": "${IMAGE}",
+      "memory": 512,
+      "name": "api",
+      "networkMode": "awsvpc",
+      "portMappings": [
+        {
+          "containerPort": 8000,
+          "hostPort": 8000
+        }
+      ],
+      "secrets": [
+        {
+          "name": "POSTGRES_ENDPOINT",
+          "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_endpoint"
+        },
+        {
+          "name": "POSTGRES_PASSWORD",
+          "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_password"
+        },
+        {
+          "name": "POSTGRES_NAME",
+          "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_name"
+        },
+        {
+          "name": "POSTGRES_USER",
+          "valueFrom": "arn:aws:ssm:us-east-1:733824474891:parameter/mariaquiteria/postgres_user"
+        }
+      ],
+      "environment": [
+        {
+          "name": "AWESOME_ENV_VAR",
+          "value": "/mariaquiteria/aws_s3_region"
+        }
+      ],
+      "logConfiguration": {
+        "logDriver": "awslogs",
+        "options": {
+          "awslogs-group": "mentoria-log",
+          "awslogs-region": "us-east-1",
+          "awslogs-stream-prefix": "myawesomeapp"
+        }
+      }
+    }
+]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -18,3 +18,5 @@ RUN apt-get update && \
		COPY . .

		RUN python manage.py collectstatic --no-input

		CMD ["python", "manage.py", "runserver", "0.0.0.0:8000"]
Copy link lgfa29 Sep 11, 2022 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Seria bom ler a porta de uma variável de ambiente, assim daria para fazer o bind e uma porta especificada pelo usuário. Copy link Author EzzioMoreira Sep 19, 2022 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Vamos tentar fazer o uso do CMD durante do build da imagem docker.