feat: initial commit

.cicsdev/sdv-sample.yml

@@ -0,0 +1,21 @@
+name: cics-security-sdv-samples
+description: "Provides tooling to introduce Security testing into your CICS applications CI pipelines"
+learning_objective: |
+  Learn how to use the Galasa SDV manager to write role-based tests for your CICS applications, then how to adapt 
+  the applications CI pipeline to detect changes in security definition usage following application code change 
+  requests and initiate an approval process.
+product:
+  cicsts:
+    version:
+      minimum: 6.2
+    language: javascript,python,ansible
+
+build:
+  ide:
+    - VS Code
+  tools:
+    - Node
+    - Python
+    - Ansible
+    - GitHub
+    - Galasa

.devcontainer/Dockerfile

@@ -0,0 +1,18 @@
+#
+# Copyright IBM Corp. 2024
+#
+FROM mcr.microsoft.com/devcontainers/base:jammy
+
+RUN apt update
+
+ENV LOG_LEVEL="trace"
+
+EXPOSE 3000
+EXPOSE 3001
+
+COPY initialise_dev_container.sh /post_script/initialise_dev_container.sh
+
+RUN mkdir -p /workspaces; \
+    chmod 755 /post_script/initialise_dev_container.sh
+
+WORKDIR /workspaces

.devcontainer/devcontainer.json

@@ -0,0 +1,54 @@
+{
+  "name": "cics-security-sdv-samples Container",
+  "build": {
+      "dockerfile": "Dockerfile"
+  },
+  "customizations": {
+    "vscode": {
+        "settings": {
+              "vsintellicode.java.completionsEnabled": false,
+              "vsintellicode.python.completionsEnabled": false,
+              "vsintellicode.sql.completionsEnabled": false,
+              "vsintellicode.typescript.completionsEnabled": false,
+              "vsintellicode.modify.editor.suggestSelection": "disabled",
+              "errorLens.onSave": true,
+              "errorLens.messageEnabled": true,
+              "versionlens.suggestions.showOnStartup": true,
+              "editor.formatOnSave": true,
+              "ansible.python.interpreterPath": "/usr/local/python/current/bin/python",
+              "pylint.interpreter": ["/usr/local/python/current/bin/python"]
+         },
+         "extensions": [
+          "dbaeumer.vscode-eslint",
+          "usernamehw.errorlens",
+          "igorsbitnev.error-gutters",
+          "wayou.vscode-todo-highlight",
+          "vscode-icons-team.vscode-icons",
+          "pflannery.vscode-versionlens",
+          "bierner.markdown-emoji",
+          "redhat.ansible",
+          "ms-python.flake8",
+          "gruntfuggly.todo-tree",
+          "ms-python.python",
+          "ms-python.pylint"
+        ]
+      }
+  },
+  "features": {
+      "ghcr.io/devcontainers/features/git:1": {},
+      "ghcr.io/devcontainers/features/common-utils:2": {},
+      "ghcr.io/devcontainers/features/node:1": {
+        "version": "18"
+      },
+      "ghcr.io/devcontainers/features/python:1": {
+        "version": "3.12"
+      }
+  },
+  "forwardPorts": [3000, 3001],
+  "privileged": true,
+  "remoteUser": "root",
+  "workspaceMount": "source=${localWorkspaceFolder},target=/workspaces,type=bind",
+  "workspaceFolder": "/workspaces",
+  "postStartCommand": "git config --global --add safe.directory /workspaces; git config commit.gpgsign false",
+  "postAttachCommand": "/post_script/initialise_dev_container.sh"
+}

.devcontainer/initialise_dev_container.sh

@@ -0,0 +1,19 @@
+#
+# Copyright IBM Corp. 2024
+#
+
+# Install approval bot dependencies
+npm install
+
+# Install docs dependencies
+cd docs
+npm install
+cd ..
+
+# Install Ansible tooling
+pip install ansible==10.2.0 ansible-lint==24.7.0 --root-user-action=ignore
+
+# Install ansible script dependencies
+cd ansible-sdv-pipeline
+pip install -r requirements.txt --root-user-action=ignore
+

.dockerignore

@@ -0,0 +1,5 @@
+*
+!lib/
+!index.js
+!package.json
+!package-lock.json

.env.example

@@ -0,0 +1,14 @@
+# The ID of your GitHub App; You can find this in the About section of your Github app
+APP_ID=
+
+# The Webhook Secret; This is generated by you and then inputted in the settings of your Github app.
+WEBHOOK_SECRET=development
+
+# Use `trace` to get verbose logging or `info` to show less
+LOG_LEVEL=debug
+
+PRIVATE_KEY=""
+
+GHE_HOST=github.com
+
+CHECK_NAME=Security

.gitattributes

@@ -0,0 +1 @@
+text eol=lf

.github/workflows/ansible-lint.yml

@@ -0,0 +1,27 @@
+name: Ansible
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  Lint:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: "ansible-sdv-pipeline"
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python 3.x
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.x
+      - name: Install Ansible-lint
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible-lint
+      - name: Running Ansible-lint
+        run: ansible-lint ./*

.github/workflows/codeql.yml

@@ -0,0 +1,65 @@
+name: SDV Approval Bot Code QL
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+  schedule:
+    - cron: "17 13 * * 6"
+
+jobs:
+  code-ql:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ubuntu-latest
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: javascript-typescript
+            build-mode: none
+          - language: python
+            build-mode: none
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+
+      # If the analyze step fails for one of the languages you are analyzing with
+      # "We were unable to automatically build your code", modify the matrix above
+      # to set the build mode to "manual" for that language. Then modify this step
+      # to build your code.
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      - if: matrix.build-mode == 'manual'
+        shell: bash
+        run: |
+          echo 'If you are using a "manual" build mode for one or more of the' \
+            'languages you are analyzing, replace this with the commands to build' \
+            'your code, for example:'
+          echo '  make bootstrap'
+          echo '  make release'
+          exit 1
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/docs.yml

@@ -0,0 +1,71 @@
+name: SDV Documentation
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: "docs"
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Use Node.js 18.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: "18.x"
+          cache: "npm"
+          cache-dependency-path: "**/package-lock.json"
+
+      - name: Installing dependencies
+        run: npm ci
+
+      - name: Linting the docs code
+        run: npm run lint
+        working-directory: "docs"
+
+      - name: Setup Pages
+        uses: actions/configure-pages@v4
+        with:
+          static_site_generator: next
+
+      - name: Building docs
+        run: npm run build
+
+      - name: Uploading artifacts
+        if: ${{ github.ref == 'refs/heads/main' }}
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: ./docs/out
+
+  deploy:
+    if: ${{ github.ref == 'refs/heads/main' }}
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: "docs"
+    needs: build
+
+    steps:
+      - name: Publish to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/node.js.yml

@@ -0,0 +1,30 @@
+name: SDV Approval Bot Build
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  Test:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Use Node.js 18.x
+        uses: actions/setup-node@v3
+        with:
+          node-version: "18.x"
+          cache: "npm"
+          cache-dependency-path: "**/package-lock.json"
+      - name: Installing dependencies
+        run: npm ci
+      - name: Linting the commit message
+        run: npx commitlint -V --from=HEAD~1
+      - name: Linting the application code
+        run: npm run lint-bot
+      - name: Running unit tests
+        run: npm run unit-test

.github/workflows/pylint.yml

@@ -0,0 +1,31 @@
+name: Python
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  Lint:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: "ansible-sdv-pipeline"
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python 3.x
+        uses: actions/setup-python@v3
+        with:
+          python-version: 3.x
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pylint flake8
+      - name: Analysing the code with pylint
+        run: |
+          pylint $(git ls-files '*.py') --fail-under 5 --fail-on F,E,W,C,R
+      - name: Checking code styling
+        run: |
+          flake8 .

.gitignore

@@ -0,0 +1,4 @@
+node_modules
+coverage
+.env
+.DS_Store

.husky/commit-msg

@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npx --no -- commitlint --edit ""

.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/bin/sh
+. "$(dirname "$0")/_/husky.sh"
+
+npm run pre-commit

.jest/setEnvVars.js

@@ -0,0 +1,4 @@
+/*
+ *  Copyright IBM Corp. 2024
+ */
+process.env.CHECK_NAME = 'Security';