feat: initial commit

.cicsdev/sdv-sample.yml

@@ -0,0 +1,21 @@
+name: cics-security-sdv-samples
+description: "Provides tooling to introduce Security testing into your CICS applications CI pipelines"
+learning_objective: |
+  Learn how to use the Galasa SDV manager to write role-based tests for your CICS applications, then how to adapt 
+  the applications CI pipeline to detect changes in security definition usage following application code change 
+  requests and initiate an approval process.
+product:
+  cicsts:
+    version:
+      minimum: 6.2
+    language: javascript,python,ansible
+
+build:
+  ide:
+    - VS Code
+  tools:
+    - Node
+    - Python
+    - Ansible
+    - GitHub
+    - Galasa

.devcontainer/Dockerfile

@@ -0,0 +1,18 @@
+#
+# Copyright IBM Corp. 2024
+#
+FROM mcr.microsoft.com/devcontainers/base:jammy
+
+RUN apt update
+
+ENV LOG_LEVEL="trace"
+
+EXPOSE 3000
+EXPOSE 3001
+
+COPY initialise_dev_container.sh /post_script/initialise_dev_container.sh
+
+RUN mkdir -p /workspaces; \
+    chmod 755 /post_script/initialise_dev_container.sh
+
+WORKDIR /workspaces

.devcontainer/devcontainer.json

@@ -0,0 +1,69 @@
+{
+  "name": "cics-security-sdv-samples Container",
+  "build": {
+    "dockerfile": "Dockerfile"
+  },
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "vsintellicode.java.completionsEnabled": false,
+        "vsintellicode.python.completionsEnabled": false,
+        "vsintellicode.sql.completionsEnabled": false,
+        "vsintellicode.typescript.completionsEnabled": false,
+        "vsintellicode.modify.editor.suggestSelection": "disabled",
+        "errorLens.onSave": true,
+        "errorLens.messageEnabled": true,
+        "versionlens.suggestions.showOnStartup": true,
+        "editor.formatOnSave": true,
+        "ansible.python.interpreterPath": "/usr/local/python/current/bin/python",
+        "pylint.interpreter": [
+          "/usr/local/python/current/bin/python"
+        ],
+        "eslint.workingDirectories": [
+          "./docs",
+          "./lib"
+        ],
+        "stylelint.validate": [
+          "css",
+          "scss"
+        ],
+        "stylelint.configBasedir": "./docs"
+      },
+      "extensions": [
+        "dbaeumer.vscode-eslint",
+        "usernamehw.errorlens",
+        "igorsbitnev.error-gutters",
+        "wayou.vscode-todo-highlight",
+        "pflannery.vscode-versionlens",
+        "bierner.markdown-emoji",
+        "redhat.ansible",
+        "ms-python.flake8",
+        "gruntfuggly.todo-tree",
+        "ms-python.python",
+        "ms-python.pylint",
+        "stylelint.vscode-stylelint",
+        "streetsidesoftware.code-spell-checker"
+      ]
+    }
+  },
+  "features": {
+    "ghcr.io/devcontainers/features/git:1": {},
+    "ghcr.io/devcontainers/features/common-utils:2": {},
+    "ghcr.io/devcontainers/features/node:1": {
+      "version": "18"
+    },
+    "ghcr.io/devcontainers/features/python:1": {
+      "version": "3.12"
+    }
+  },
+  "forwardPorts": [
+    3000,
+    3001
+  ],
+  "privileged": true,
+  "remoteUser": "root",
+  "workspaceMount": "source=${localWorkspaceFolder},target=/workspaces,type=bind",
+  "workspaceFolder": "/workspaces",
+  "postStartCommand": "git config --global --add safe.directory /workspaces; git config commit.gpgsign false",
+  "postAttachCommand": "/post_script/initialise_dev_container.sh"
+}

.devcontainer/initialise_dev_container.sh

@@ -0,0 +1,19 @@
+#
+# Copyright IBM Corp. 2024
+#
+
+# Install approval bot dependencies
+npm install
+
+# Install docs dependencies
+cd docs
+npm install
+cd ..
+
+# Install Ansible tooling
+pip install ansible==10.2.0 ansible-lint==24.7.0 --root-user-action=ignore
+
+# Install ansible script dependencies
+cd ansible-sdv-pipeline
+pip install -r requirements.txt --root-user-action=ignore
+

.dockerignore

@@ -0,0 +1,5 @@
+*
+!lib/
+!index.js
+!package.json
+!package-lock.json

.env.example

@@ -0,0 +1,14 @@
+# The ID of your GitHub App; You can find this in the About section of your Github app
+APP_ID=
+
+# The Webhook Secret; This is generated by you and then inputted in the settings of your Github app.
+WEBHOOK_SECRET=development
+
+# Use `trace` to get verbose logging or `info` to show less
+LOG_LEVEL=debug
+
+PRIVATE_KEY=""
+
+GHE_HOST=github.com
+
+CHECK_NAME=Security

.gitattributes

@@ -0,0 +1 @@
+text eol=lf

.github/workflows/ansible-lint.yml

@@ -0,0 +1,27 @@
+name: Ansible
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  Lint:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: "ansible-sdv-pipeline"
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python 3.x
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.x
+      - name: Install Ansible-lint
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible-lint
+      - name: Running Ansible-lint
+        run: ansible-lint ./*

.github/workflows/docs.yml

@@ -0,0 +1,71 @@
+name: SDV Documentation
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: "docs"
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js 18.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: "18.x"
+          cache: "npm"
+          cache-dependency-path: "**/package-lock.json"
+
+      - name: Installing dependencies
+        run: npm ci
+
+      - name: Linting the docs code
+        run: npm run lint
+        working-directory: "docs"
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v4
+        with:
+          static_site_generator: next
+
+      - name: Building docs
+        run: npm run build
+
+      - name: Uploading artifacts
+        if: ${{ github.ref == 'refs/heads/main' }}
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: ./docs/out
+
+  deploy:
+    if: ${{ github.ref == 'refs/heads/main' }}
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: "docs"
+    needs: build
+
+    steps:
+      - name: Publish to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/node.js.yml

@@ -0,0 +1,30 @@
+name: SDV Approval Bot Build
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  Test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Use Node.js 18.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: "18.x"
+          cache: "npm"
+          cache-dependency-path: "**/package-lock.json"
+      - name: Installing dependencies
+        run: npm ci
+      - name: Linting the commit message
+        run: npx commitlint -V --from=HEAD~1
+      - name: Linting the application code
+        run: npm run lint-bot
+      - name: Running unit tests
+        run: npm run unit-test

.github/workflows/pylint.yml

@@ -0,0 +1,32 @@
+name: Python
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  Lint:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: "ansible-sdv-pipeline"
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python 3.x
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.x
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pylint flake8 ansible==10.2.0
+          pip install -r requirements.txt
+      - name: Analysing the code with pylint
+        run: |
+          pylint $(git ls-files '*.py') --fail-under 5 --fail-on F,E,W,C,R
+      - name: Checking code styling
+        run: |
+          flake8 .

.gitignore

@@ -0,0 +1,4 @@
+node_modules
+coverage
+.env
+.DS_Store

.husky/commit-msg

@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npx --no -- commitlint --edit ""

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npm run pre-commit

.jest/setEnvVars.js

@@ -0,0 +1,4 @@
+/*
+ *  Copyright IBM Corp. 2024
+ */
+process.env.CHECK_NAME = 'Security';

.vscode/launch.json

@@ -0,0 +1,37 @@
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "node",
+            "request": "launch",
+            "name": "Launch Probot",
+            "program": "${workspaceFolder}/node_modules/probot/bin/probot-run.js",
+            "args": ["./lib/app.js"],
+            "console": "integratedTerminal",
+            "cwd": "${workspaceRoot}/",
+            "outFiles": [],
+            "sourceMaps": true,
+            "env": {
+              "LOG_LEVEL": "trace"
+            }
+        },
+        {
+          "type": "node",
+          "request": "launch",
+          "name": "Jest (current file)",
+          "program": "${workspaceFolder}/node_modules/jest/bin/jest",
+          "args": [
+            "${fileBasename}",
+            "--verbose",
+            "-i",
+            "--no-cache",
+            "--detectOpenHandles"
+          ],
+          "console": "integratedTerminal",
+          "internalConsoleOptions": "neverOpen",
+          "env": {
+            "NODE_OPTIONS": "--no-experimental-fetch"
+          }
+        },
+    ]
+}