[DO-1390] Add critical services, default VM, network and hardware (!18)

DO-1390 Co-authored-by: denis.patrakeev <denis.patrakeev@avroid.tech> Reviewed-on: https://git.avroid.tech/DevOps/secrets/pulls/18
2024-12-28 19:55:11 +03:00
parent 7a8a4bb823
commit 0dd219a068
60 changed files with 3764 additions and 29 deletions
--- a/.gitea/workflows/check-shellscripts.yml
+++ b/.gitea/workflows/check-shellscripts.yml
@@ -0,0 +1,44 @@
+---
+name: Check ShellScripts
+run-name: ${{ gitea.actor }} is start check shellscripts
+on: [pull_request]
+
+jobs:
+  shellscripts:
+    name: Check shellscripts by shellcheck
+    runs-on: docker
+    container:
+      image: harbor.avroid.tech/docker-hub-proxy/library/node:20
+    steps:
+      - run: echo "Start job on ${{ runner.name }} with os ${{ runner.os }}"
+      - run: echo "Work with branch ${{ gitea.ref }} repository ${{ gitea.repository }}"
+
+      - name: Check out repository code
+        uses: https://${{ secrets.CI_USER }}:${{ secrets.CI_TOKEN }}@git.avroid.tech/Mirrors/github-actions-checkout.git@v4
+
+      - name: Check shellscripts by shellcheck
+        uses: https://${{ secrets.CI_USER }}:${{ secrets.CI_TOKEN }}@git.avroid.tech/Mirrors/github-actions-action-shellcheck.git@2.0.0
+
+  shfmt:
+    name: Check shellscript formatting
+    runs-on: docker
+    container:
+      image: harbor.avroid.tech/docker-hub-proxy/library/node:20
+    steps:
+      - run: echo "Start job on ${{ runner.name }} with os ${{ runner.os }}"
+      - run: echo "Work with branch ${{ gitea.ref }} repository ${{ gitea.repository }}"
+
+      - name: Check out repository code
+        uses: https://${{ secrets.CI_USER }}:${{ secrets.CI_TOKEN }}@git.avroid.tech/Mirrors/github-actions-checkout.git@v4
+
+      - name: Install Golang
+        uses: https://${{ secrets.CI_USER }}:${{ secrets.CI_TOKEN }}@git.avroid.tech/Mirrors/github-actions-setup-go.git@v5
+        with:
+          go-version: '1.22'
+          check-latest: true
+
+      - name: Install shfmt
+        run: go install mvdan.cc/sh/v3/cmd/shfmt@latest
+
+      - name: Check shellscripts by shfmt
+        run: shfmt -d .
--- a/.gitea/workflows/scan.yml
+++ b/.gitea/workflows/scan.yml
@@ -0,0 +1,21 @@
+---
+name: Static Application Security Testing
+run-name: ${{ gitea.actor }} is start check sources
+on: [pull_request]
+
+jobs:
+  scan-secrets:
+    name: Scan secrets
+    runs-on: docker
+    container:
+      image: harbor.avroid.tech/devops/clang-format:14-node20
+    steps:
+      - run: echo "Start job on ${{ runner.name }} with os ${{ runner.os }}"
+      - run: echo "Work with branch ${{ gitea.ref }} repository ${{ gitea.repository }}"
+      - name: Check out repository code
+        uses: https://${{ secrets.CI_USER }}:${{ secrets.CI_TOKEN }}@git.avroid.tech/Mirrors/github-actions-checkout.git@v4
+        with:
+          fetch-depth: 0 # for work tj-actions/changed-files
+          persist-credentials: false # for work tj-actions/changed-files
+      - name: Scan for secrets
+        uses: https://${{ secrets.CI_USER }}:${{ secrets.CI_TOKEN }}@git.avroid.tech/Actions/gitleaks-docker-action.git@v1