diff --git a/.docker/Dockerfile b/.docker/Dockerfile new file mode 100644 index 0000000..8f8d0db --- /dev/null +++ b/.docker/Dockerfile @@ -0,0 +1,186 @@ +# Pull base image. +FROM phusion/baseimage:jammy-1.0.4 + +##################################### +ENV LANG C.UTF-8 +ENV LC_ALL en_US.UTF-8 +ENV DEBIAN_FRONTEND noninteractive + +### +ENV PHP_VERSION 8.3.10 +ENV PACKER_VERSION 1.11.2 +ENV TERRAFORM_VERSION 1.9.0 +ENV ANSIBLE_VERSION 10.3.0 +ENV LINT_VERSION 4.1.0 +ENV KUBECTL_VERSION 1.31.0 +ENV HELM_VERSION 3.15.1 +ENV AZURE_CLI_VERSION 2.63.0-1~jammy +ENV AWS_CLI_VERSION 2.17.33 +ENV K9s_Version 0.32.5 +ENV GCLOUD_VERSION 489.0.0 +ENV KUI_Version 13.1.4 +ENV KUBECTX_VERSION 0.9.4 +ENV KUBENS_VERSION 0.9.4 + +#################################### + +#User +RUN useradd ubuntu +RUN passwd -d ubuntu +RUN passwd -d root +RUN echo "PermitEmptyPasswords yes" >> /etc/ssh/sshd_config && echo "ubuntu ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers +RUN echo "ChallengeResponseAuthentication no" >> /etc/ssh/sshd_config +RUN echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config +RUN chsh -s `which bash` ubuntu +RUN usermod -d /home/ubuntu ubuntu +RUN mkdir -p /home/ubuntu +RUN mkdir -p /home/ubuntu/.ssh +RUN chmod 755 /home/ubuntu/.ssh +RUN chown -R ubuntu:ubuntu /home/ubuntu +RUN chmod 755 /home/ubuntu +ENV BOOT2DOCKER_ID 501 +ENV BOOT2DOCKER_GID 20 +# Tweaks to give write permissions to the app +RUN usermod -u ${BOOT2DOCKER_ID} ubuntu && \ + usermod -G staff ubuntu +RUN groupmod -g $(($BOOT2DOCKER_GID + 10000)) $(getent group $BOOT2DOCKER_GID | cut -d: -f1) && groupmod -g ${BOOT2DOCKER_GID} staff +RUN add-apt-repository ppa:longsleep/golang-backports + +#General +RUN apt remove -y python3 +RUN apt update && apt upgrade -y +RUN apt install -y \ + curl \ + git \ + zip \ + unzip \ + vim \ + ruby-full \ + openssh-server \ + zsh \ + figlet \ + sysvbanner \ + htop \ + python3-pip \ + wget \ + ca-certificates \ + openssl \ + yamllint \ + inetutils-ping \ + telnet \ + golang-go \ + libssl-dev \ + apt-transport-https \ + ca-certificates \ + gnupg + + +# ZSH +ADD ./etc/install-zsh.sh /root/install-zsh.sh +ADD ./etc/install-zsh.sh /home/ubuntu/install-zsh.sh + +RUN chmod +x /root/install-zsh.sh +RUN chmod +x /home/ubuntu/install-zsh.sh +RUN sh /root/install-zsh.sh +RUN su - ubuntu -c "sh /home/ubuntu/install-zsh.sh" +RUN rm /root/.zshrc && chsh -s `which zsh` && chsh -s `which zsh` ubuntu && chmod -R 755 /usr/local/share/zsh* +RUN mkdir -p ~/.oh-my-zsh/custom/plugins/copydir +RUN curl -L https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/plugins/copypath/copypath.plugin.zsh -o ~/.oh-my-zsh/custom/plugins/copydir/copydir.plugin.zsh + +##Python with Packages +RUN pip install ansible==${ANSIBLE_VERSION} \ + ansible-lint==${LINT_VERSION} \ + mongotail \ + bumpversion \ + pip \ + yamllint + +#terraform +RUN cd /tmp && \ + wget https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ + unzip -o terraform_${TERRAFORM_VERSION}_linux_amd64.zip -d /usr/bin && \ + rm terraform_${TERRAFORM_VERSION}_linux_amd64.zip + +# Packer +RUN cd /tmp && \ + wget https://releases.hashicorp.com/packer/${PACKER_VERSION}/packer_${PACKER_VERSION}_linux_amd64.zip && \ + unzip -o packer_${PACKER_VERSION}_linux_amd64.zip -d /usr/bin && \ + rm packer_${PACKER_VERSION}_linux_amd64.zip + +#Kubectl +RUN cd /usr/bin && \ + curl -LO https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \ + chmod +x ./kubectl + +# Helm +RUN cd /tmp && \ + wget https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz && \ + tar -zxvf helm* && \ + mv linux-amd64/helm /usr/local/bin/helm && \ + rm helm* && \ + rm -rf linux-amd64 helm* + +#Azure Cli +RUN apt-get install -y lsb-release && \ + mkdir -p /etc/apt/keyrings && \ + curl -sLS https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > /etc/apt/keyrings/microsoft.gpg && \ + chmod go+r /etc/apt/keyrings/microsoft.gpg && \ + AZ_DIST=$(lsb_release -cs) && \ + echo "Types: deb\nURIs: https://packages.microsoft.com/repos/azure-cli/\nSuites: ${AZ_DIST}\nComponents: main\nArchitectures: $(dpkg --print-architecture)\nSigned-by: /etc/apt/keyrings/microsoft.gpg" | tee /etc/apt/sources.list.d/azure-cli.sources && \ + apt-get update && \ + apt-get install azure-cli=${AZURE_CLI_VERSION} && \ + rm -rf /var/lib/apt/lists/* + +#Aws Cli +RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-${AWS_CLI_VERSION}.zip" -o "awscliv2.zip" && \ + unzip awscliv2.zip && \ + ./aws/install -i /usr/local/aws-cli -b /usr/local/bin && \ + mv /usr/local/bin/aws /bin + +#gcloud +RUN cd /tmp && \ + wget https://storage.googleapis.com/cloud-sdk-release/google-cloud-cli-${GCLOUD_VERSION}-linux-arm.tar.gz && \ + tar -xvzf google-cloud-cli-${GCLOUD_VERSION}-linux-arm.tar.gz && \ + mv google-cloud-sdk /usr/local/gcloud && \ + /usr/local/gcloud/install.sh --quiet && \ + rm /tmp/google-cloud-cli-${GCLOUD_VERSION}-linux-arm.tar.gz +ENV PATH $PATH:/usr/local/gcloud/google-cloud-sdk/bin + +#k9s +RUN curl -LO https://github.com/derailed/k9s/releases/latest/download/k9s_Linux_amd64.tar.gz && \ + tar -xzf k9s_Linux_amd64.tar.gz && \ + mv k9s /usr/local/bin/ && \ + rm k9s_Linux_amd64.tar.gz + +#Kubectx +RUN git clone https://github.com/ahmetb/kubectx /opt/kubectx \ + && ln -s /opt/kubectx/kubectx /usr/local/bin/kubectx \ + && ln -s /opt/kubectx/kubens /usr/local/bin/kubens + +#tfswitch +RUN curl -L https://raw.githubusercontent.com/warrensbox/terraform-switcher/release/install.sh | bash -s -- -b /usr/local/bin + +#kubectx +RUN curl -L https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx -o /usr/local/bin/kubectx && \ + chmod +x /usr/local/bin/kubectx + +#kubens +RUN curl -L https://github.com/ahmetb/kubectx/releases/download/v${KUBENS_VERSION}/kubens -o /usr/local/bin/kubens && \ + chmod +x /usr/local/bin/kubens && \ + mkdir -p /home/ubuntu/.kube/config && \ + chmod 644 /home/ubuntu/.kube/config + +#Opentofu +RUN cd /tmp +RUN curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh && \ + chmod +x install-opentofu.sh && \ + ./install-opentofu.sh --install-method standalone && \ + rm -f install-opentofu.sh + +# Clean up APT when done. +RUN apt clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/ /var/cache/apk/** +WORKDIR /home/ubuntu/workspace + +# Define default command. +EXPOSE 22 +CMD ["/usr/sbin/sshd", "-D"] \ No newline at end of file diff --git a/.docker/etc/install-zsh.sh b/.docker/etc/install-zsh.sh new file mode 100644 index 0000000..4ec312d --- /dev/null +++ b/.docker/etc/install-zsh.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env bash +set -e + +if [ ! -n "$ZSH" ]; then + ZSH=~/.oh-my-zsh +fi + +if [ -d "$ZSH" ]; then + echo "\033[0;33mYou already have Oh My Zsh installed.\033[0m You'll need to remove $ZSH if you want to install" + exit +fi + +echo "\033[0;34mCloning Oh My Zsh...\033[0m" +hash git >/dev/null 2>&1 && env git clone --depth=1 https://github.com/robbyrussell/oh-my-zsh.git $ZSH || { + echo "git not installed" + exit +} + +echo "\033[0;34mLooking for an existing zsh config...\033[0m" +if [ -f ~/.zshrc ] || [ -h ~/.zshrc ]; then + echo "\033[0;33mFound ~/.zshrc.\033[0m \033[0;32mBacking up to ~/.zshrc.pre-oh-my-zsh\033[0m"; + mv ~/.zshrc ~/.zshrc.pre-oh-my-zsh; +fi + +echo "\033[0;34mUsing the Oh My Zsh template file and adding it to ~/.zshrc\033[0m" +cp $ZSH/templates/zshrc.zsh-template ~/.zshrc +sed -i -e "/^export ZSH=/ c\\ +export ZSH=$ZSH +" ~/.zshrc + +echo "\033[0;34mCopying your current PATH and adding it to the end of ~/.zshrc for you.\033[0m" +sed -i -e "/export PATH=/ c\\ +export PATH=\"$PATH\" +" ~/.zshrc + +echo "\033[0;34mCloning Plugins...\033[0m" +git clone https://github.com/zsh-users/zsh-syntax-highlighting /usr/local/share/zsh-syntax-highlighting || true +git clone https://github.com/zsh-users/zsh-autosuggestions /usr/local/share/zsh-autosuggestions || true \ No newline at end of file diff --git a/.docker/etc/ssh/.gitkeep b/.docker/etc/ssh/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..bfcbab0 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,2 @@ +# These owners will be the default owners for everything in the repo. +* @anmolnagpal @clouddrove-ci \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..760d81f --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,30 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates + +version: 2 +updates: + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" + open-pull-requests-limit: 3 + assignees: + - "clouddrove-ci" + reviewers: + - "approvers" + + - package-ecosystem: "docker" # See documentation for possible values + directory: "/.docker" # Location of package manifests + schedule: + interval: "weekly" + # Add assignees + assignees: + - "clouddrove-ci" + # Add reviewer + reviewers: + - "approvers" + # Allow up to 3 open pull requests for pip dependencies + open-pull-requests-limit: 3 \ No newline at end of file diff --git a/.github/workflows/docker-scanner.yaml b/.github/workflows/docker-scanner.yaml new file mode 100644 index 0000000..5c4c9c8 --- /dev/null +++ b/.github/workflows/docker-scanner.yaml @@ -0,0 +1,18 @@ +name: Docker Workflow +# This permission are helpful for pushing vulnerability in security tab +permissions: + actions: read + contents: read + security-events: write + statuses: write + +on: + workflow_dispatch: + +jobs: + docker-scanner: + uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@1.2.7 + with: + severity: "UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL" + dockerfile-path: "./docker/Dockerfile" + security-upload: "true" diff --git a/bin/devops/etc/zsh/aliases.conf b/bin/devops/etc/zsh/aliases.conf index e69de29..2f0a427 100644 --- a/bin/devops/etc/zsh/aliases.conf +++ b/bin/devops/etc/zsh/aliases.conf @@ -0,0 +1,6 @@ +alias tf="terraform" +alias k="kubectl" +alias kx="kubectx" +alias kns="kubens" +alias tap="terraform apply" +alias tp="terraform plan" \ No newline at end of file diff --git a/bin/devops/etc/zshrc b/bin/devops/etc/zshrc index e43eba7..9f53625 100755 --- a/bin/devops/etc/zshrc +++ b/bin/devops/etc/zshrc @@ -43,7 +43,7 @@ SAVEHIST=1000 # saved history source /usr/local/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh source /usr/local/share/zsh-autosuggestions/zsh-autosuggestions.zsh -plugins=(git cp git-extras gnu-utils history pip python ruby screen composer aws npm node common-aliases cp copyfile copydir github sudo ubuntu history-substring-search) +plugins=(git cp git-extras gnu-utils history pip python ruby screen composer aws npm node common-aliases cp copyfile copypath github sudo ubuntu history-substring-search) typeset -g -A key diff --git a/docker-compose.yml b/docker-compose.yml index ed6f3f6..db0ccfb 100755 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -3,7 +3,7 @@ version: '2.1' services: devops: container_name: devops - image: anmolnagpal/devops-machine:0.0.1 + image: clouddrove/devops-machine:0.0.1 mem_limit: 3g memswap_limit: 3g cpu_shares: 30 @@ -21,6 +21,7 @@ services: - ~/.aws:/home/ubuntu/.aws - ~/.zsh_history:/home/ubuntu/.zsh_history - ~/.gitconfig:/home/ubuntu/.gitconfig + - ~/.kube:/home/ubuntu/.kube networks: dev_net_devops: ipv4_address: 10.13.0.13 @@ -31,6 +32,4 @@ networks: ipam: config: - subnet: 10.13.0.0/16 - gateway: 10.13.0.1 - - + gateway: 10.13.0.1 \ No newline at end of file