Publish GHA test results to unify

.cloudbees/workflows/workflow.yaml

@@ -0,0 +1,188 @@
+apiVersion: automation.cloudbees.io/v1alpha1
+kind: workflow
+name: Main workflow
+on:
+  push:
+    branches:
+      - "**"
+  workflow_dispatch:
+permissions:
+  scm-token-own: read
+  scm-token-org: read
+  id-token: write
+jobs:
+  test:
+    outputs:
+      CODE_COVERAGE: ${{ steps.RunUnitTest.outputs.CODE_COVERAGE }}
+    steps:
+      - uses: cloudbees-io/ghactions-run-workflow@v2
+        name: Run GHA Workflow
+        kind: test
+        continue-on-error: true
+        with:
+          token: ${{ secrets.GH_TOKEN }}
+          org-name: cloudbees-days
+          repo-name: hackers-organized
+          branch-name: main
+          workflow-name: test-and-build-image
+          test-type: JUnit
+          test-result-location: junit.xml
+      - uses: cloudbees-io/checkout@v1
+        name: Get source code
+        continue-on-error: true
+      - name: Run unit tests
+        id: RunUnitTest
+        kind: test
+        uses: docker://node:lts
+        run: |
+          npm ci
+          npm run test:unit
+          npx jest --coverage >> $CLOUDBEES_OUTPUTS/CODE_COVERAGE
+      - name: Publish test results
+        uses: cloudbees-io/publish-test-results@v1
+        with:
+          test-type: JUnit
+          folder-name: ${{ cloudbees.workspace }}/junit.xml
+      - name: Publish evidence
+        uses: cloudbees-io/publish-evidence-item@v1
+        with:
+          content: |-
+            ## Test code coverage
+            ${{ steps.RunUnitTest.outputs.CODE_COVERAGE }}
+          format: MARKDOWN
+  build-container-image:
+    steps:
+      - uses: cloudbees-io/checkout@v1
+        name: Get source code
+        kind: build
+        continue-on-error: true
+      - uses: cloudbees-io/configure-oci-credentials@v1
+        name: Configure container registry credentials
+        continue-on-error: true
+        id: dockerconfig
+        with:
+          registry: https://index.docker.io/v1/
+          username: ${{ secrets.DOCKERHUB_USER }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - uses: cloudbees-io/kaniko@v1
+        name: Build container image
+        kind: build
+        with:
+          destination: ${{ secrets.DOCKERHUB_USER }}/hackers-organized:${{ cloudbees.scm.sha }},${{ secrets.DOCKERHUB_USER }}/hackers-organized:latest
+          tar-path: container-image.tar
+          build-args: BUILDKIT_CONTEXT_KEEP_GIT_DIR=1,BUILDKIT_INLINE_CACHE=1
+      - uses: calculi-corp/assets-plugin-chain-utils/upload-binary@v1
+        name: Upload binary from container build
+        continue-on-error: true
+        id: upload-binary
+        with:
+          file-path: container-image.tar
+          file-type: BINARY_CONTAINER
+          debug: "true"
+      - name: Publish evidence
+        uses: cloudbees-io/publish-evidence-item@v1
+        with:
+          content: |-
+            ## Built and pushed image to docker hub
+
+            [Docker Hub](https://hub.docker.com/repository/docker/ldonleycb/hackers-organized/tags)
+
+            Deployed hackers-organized:${{ cloudbees.scm.sha }}
+          format: MARKDOWN
+    needs: test
+  scan:
+    outputs:
+      BLOCKER_COUNT: ${{ steps.FetchSonarQubeIssues.outputs.BLOCKER_COUNT }}
+      CRITICAL_COUNT: ${{ steps.FetchSonarQubeIssues.outputs.CRITICAL_COUNT }}
+      MAJOR_COUNT: ${{ steps.FetchSonarQubeIssues.outputs.MAJOR_COUNT }}
+      MINOR_COUNT: ${{ steps.FetchSonarQubeIssues.outputs.MINOR_COUNT }}
+    steps:
+      - name: Checkout
+        uses: cloudbees-io/checkout@v1
+      - name: Get code coverage
+        kind: test
+        uses: docker://node:lts
+        run: |
+          npm ci
+          npm run test:coverage
+      - uses: cloudbees-io/sonarqube-bundled-sast-scan-code@v1
+        name: Scan with SonarQube
+        kind: scan
+        continue-on-error: true
+        with:
+          language: LANGUAGE_JS
+          cover-file-name: coverage/clover.xml
+          sonar-exclusion: tests/*
+      - uses: cloudbees-io/snyk-sast-scan-code@v1
+        name: Synk SAST
+        kind: scan
+        continue-on-error: true
+        with:
+          orgname: ${{ secrets.SNYK_ORGNAME }}
+          token: ${{ secrets.SNYK_TOKEN }}
+          language: LANGUAGE_JS
+      - name: Scan with Snyk SCA
+        uses: cloudbees-io/snyk-sca-scan-dependency@v1
+        continue-on-error: true
+        with:
+          orgname: ${{ secrets.SNYK_ORGNAME }}
+          token: ${{ secrets.SNYK_TOKEN }}
+          language: "LANGUAGE_JS"
+      - name: Fetch SonarQube Issues
+        id: FetchSonarQubeIssues
+        uses: docker://alpine/git:latest
+        run: |
+          apk add --no-cache curl jq
+          curl -u ${{ secrets.SONAR_USER }}:${{ secrets.SONAR_TOKEN }} \
+          "https://sonarqube.cb-demos.io/api/issues/search?componentKeys=HackersOrganized&severities=BLOCKER,CRITICAL,MAJOR,MINOR" \
+          -o sonar-issues.json
+          BLOCKER_COUNT=$(jq '[.issues[] | select(.severity=="BLOCKER")] | length' sonar-issues.json)
+          CRITICAL_COUNT=$(jq '[.issues[] | select(.severity=="CRITICAL")] | length' sonar-issues.json)
+          MAJOR_COUNT=$(jq '[.issues[] | select(.severity=="MAJOR")] | length' sonar-issues.json)
+          MINOR_COUNT=$(jq '[.issues[] | select(.severity=="MINOR")] | length' sonar-issues.json)
+
+          echo "${BLOCKER_COUNT}" >> $CLOUDBEES_OUTPUTS/BLOCKER_COUNT
+          echo "${CRITICAL_COUNT}" >> $CLOUDBEES_OUTPUTS/CRITICAL_COUNT
+          echo "${MAJOR_COUNT}" >> $CLOUDBEES_OUTPUTS/MAJOR_COUNT
+          echo "${MINOR_COUNT}" >> $CLOUDBEES_OUTPUTS/MINOR_COUNT
+      - name: Publish evidence
+        uses: cloudbees-io/publish-evidence-item@v1
+        with:
+          content: |-
+            ## SonarQube Analysis Results
+
+            | Severity             | Issue Count |
+            |----------------------|-------------|
+            | BLOCKER_COUNT        | ${{ steps.FetchSonarQubeIssues.outputs.BLOCKER_COUNT }} |
+            | CRITICAL_COUNT       | ${{ steps.FetchSonarQubeIssues.outputs.CRITICAL_COUNT }} |
+            | MAJOR_COUNT          | ${{ steps.FetchSonarQubeIssues.outputs.MAJOR_COUNT }} |
+            | MINOR_COUNT          | ${{ steps.FetchSonarQubeIssues.outputs.MINOR_COUNT }} |
+          format: MARKDOWN
+  deploy:
+    environment: DOW Production
+    steps:
+      - name: Checkout
+        uses: cloudbees-io/checkout@v1
+      - uses: cashokannamalai/kubeconfig@v1
+        name: Set kubeconfig
+        with:
+          secname: ${{ secrets.kubeconfig }}
+      - uses: cloudbees-io/kustomize-deploy@v1
+        name: Deploy to cluster
+        kind: deploy
+        with:
+          kustomization-base-dir: ${{ cloudbees.workspace }}/k8s/base
+          kustomization-overlays-dir: ${{ cloudbees.workspace }}/k8s/overlays/prod
+          environment-variables: '{}'
+      - name: Publish evidence
+        uses: cloudbees-io/publish-evidence-item@v1
+        with:
+          content: |-
+            ## Deployed environment
+            [Production frontend](https://hackers-organized.preview.cb-demos.io/)
+
+            Running hackers-organized:${{ cloudbees.scm.sha }}
+          format: MARKDOWN
+    needs:
+      - build-container-image
+      - scan

.dockerignore

@@ -0,0 +1,25 @@
+.DS_Store
+node_modules
+/dist
+
+# local env files
+.env.local
+.env.*.local
+
+# Log files
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Editor directories and files
+.idea
+.vscode
+*.suo
+*.ntvs*
+*.njsproj
+*.sln
+*.sw?
+junit.xml
+
+vulnerable-packages.txt
+vulnerable_modules/

.env.local

@@ -1,2 +1,2 @@
 # Rename this file to .env.local and set your api key
-VUE_APP_ROLLOUT_KEY='5e42bf99958d710009e4b37c'
+VUE_APP_FM_KEY="6ae5a929-4cf5-4233-71f9-16307e6f2413"

.eslintrc.js

@@ -1,17 +1,14 @@
 module.exports = {
   root: true,
   env: {
-    node: true
+    node: true,
   },
-  'extends': [
-    'plugin:vue/essential',
-    '@vue/standard'
-  ],
+  extends: ["plugin:vue/essential"],
   rules: {
-    'no-console': process.env.NODE_ENV === 'production' ? 'error' : 'off',
-    'no-debugger': process.env.NODE_ENV === 'production' ? 'error' : 'off'
+    "no-console": process.env.NODE_ENV === "production" ? "error" : "off",
+    "no-debugger": process.env.NODE_ENV === "production" ? "error" : "off",
   },
   parserOptions: {
-    parser: 'babel-eslint'
-  }
-}
+    parser: "babel-eslint",
+  },
+};

.github/workflows/test-and-build-image.yml

@@ -0,0 +1,26 @@
+name: test-and-build-image
+on:
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest 
+    env:
+      VUE_APP_ROLLOUT_KEY: ${{ secrets.VUE_APP_ROLLOUT_KEY }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20.x"
+      - run: npm ci
+      - run: npm run test:unit
+
+      - name: publish GHA run test results
+        uses: cloudbees-io-gha/publish-test-results@v2
+        with:
+          test-type: junit
+          results-path: junit.xml

.gitignore

@@ -19,3 +19,9 @@ yarn-error.log*
 *.njsproj
 *.sln
 *.sw?
+junit.xml
+audit.json
+vulnerable-packages.txt
+vulnerable_modules/
+.scannerwork/
+coverage/

Dockerfile

@@ -0,0 +1,16 @@
+FROM node:lts AS builder
+WORKDIR /app
+RUN apt update && apt install jq -y
+COPY package*.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+RUN ./vulnerable-packages.sh
+
+FROM nginx:stable-alpine
+COPY --from=builder /app/dist /usr/share/nginx/html
+COPY --from=builder /app/vulnerable_modules /app/node_modules
+COPY default.conf /etc/nginx/conf.d/default.conf
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1,58 +1,65 @@
 # vue-hn-clone
 
-This app is a Vue.js-based clone of [Hacker News](https://hn.ycombinator.com). 
+This app is a Vue.js-based clone of [Hacker News](https://hn.ycombinator.com).
 
 ## Objective
 
 It is helpful to have a go-to app for demoing new tools - this is mine. It's nice to have an app that is more than just a hello world, so I tried to create one that mirrors something usable to some degree.
 
 ## Tech info
 
-* [Vue.js](https://vuejs.org/) - The frontend web framework used to build the site
-* [HackerNews/API](https://github.com/HackerNews/API) - Source of data
-* [Bulma](https://bulma.io) (Specifically [Buefy](https://buefy.org)) - the CSS framework I've used
+- [Vue.js](https://vuejs.org/) - The frontend web framework used to build the site
+- [HackerNews/API](https://github.com/HackerNews/API) - Source of data
+- [Bulma](https://bulma.io) (Specifically [Buefy](https://buefy.org)) - the CSS framework I've used
 
 This app is far from an ideal architecture - it is currently all client-side rendered and re-pulls all data on page change.
 In the future I may add [vuex](https://vuex.vuejs.org/) so it doesn't query the API every single page change.
 
 Ideally you would use server-side rendering like [this example](https://github.com/vuejs/vue-hackernews-2.0) does (in fact, that app is all around better).
 But to make testing certain tools easier, being strictly client-side rendered is preferable.
 
-
 ## Deployment requirements
 
 You need to set the `VUE_APP_ROLLOUT_KEY` environment variable to your CloudBees SDK key.
 
-
 ## Project setup
+
 ```
-yarn install
+npm install
 ```
 
 ### Compiles and hot-reloads for development
+
 ```
-yarn run serve
+npm run serve
 ```
 
 ### Compiles and minifies for production
+
 ```
-yarn run build
+npm run build
 ```
 
 ### Run your tests
+
 ```
-yarn run test
+npm run test
 ```
 
 ### Lints and fixes files
+
 ```
-yarn run lint
+npm run lint
 ```
 
 ### Run your unit tests
+
 ```
-yarn run test:unit
+npm run test:unit
 ```
 
 ### Customize configuration
+
 See [Configuration Reference](https://cli.vuejs.org/config/).
+
+

babel.config.js

@@ -1,5 +1,5 @@
 module.exports = {
   presets: [
-    '@vue/app'
+    '@babel/preset-env'
   ]
 }

default.conf

@@ -0,0 +1,9 @@
+server {
+    listen 80;
+    server_name localhost;
+    root /usr/share/nginx/html;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}