diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml new file mode 100644 index 0000000..f3d5828 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -0,0 +1,56 @@ +name: Bug report +description: Report a reproducible bug or issue in the project. +title: "[Bug] " +labels: [bug] +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to report a bug! Please provide as much detail as possible. + + - type: input + id: environment + attributes: + label: Environment + description: What environment are you running in (e.g., local, Docker, CI/CD)? + placeholder: "e.g. Docker, GitHub Actions, MacOS local" + + - type: textarea + id: steps + attributes: + label: Steps to Reproduce + description: How can we reproduce the bug? + placeholder: | + 1. Go to '...' + 2. Run command '...' + 3. Observe error '...' + validations: + required: true + + - type: textarea + id: expected + attributes: + label: Expected Behavior + description: What did you expect to happen? + placeholder: The API should return a 200 OK... + + - type: textarea + id: actual + attributes: + label: Actual Behavior + description: What actually happened? + placeholder: It returned a 500 error with message... + + - type: textarea + id: logs + attributes: + label: Relevant logs or screenshots + description: Include error messages, stack traces, or screenshots if applicable. + render: shell + + - type: input + id: version + attributes: + label: Version + description: What version of the project are you using? + placeholder: v1.0.0, commit hash, or branch name diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml new file mode 100644 index 0000000..210ebf9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.yml @@ -0,0 +1,34 @@ +name: Feature request +description: Suggest a new feature or improvement. +title: "[Feature] " +labels: [enhancement] +body: + - type: markdown + attributes: + value: | + Thanks for suggesting a feature! Let us know what you'd like to see added or changed. + + - type: textarea + id: description + attributes: + label: Feature Description + description: Describe the feature you'd like to see. + placeholder: I want to be able to... + + - type: textarea + id: motivation + attributes: + label: Motivation / Use Case + description: Why is this feature important? What problem does it solve? + + - type: textarea + id: alternatives + attributes: + label: Alternatives considered + description: Have you considered other ways to achieve this? + + - type: textarea + id: additional + attributes: + label: Additional context + description: Add any other context, links, or screenshots here. diff --git a/.github/ISSUE_TEMPLATE/question.yml b/.github/ISSUE_TEMPLATE/question.yml new file mode 100644 index 0000000..343632d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/question.yml @@ -0,0 +1,15 @@ +name: Question / Discussion +description: Ask a question or start a general discussion. +title: "[Discussion] " +labels: [question] +body: + - type: markdown + attributes: + value: | + Have a question or want to discuss something? Ask here! + + - type: textarea + id: question + attributes: + label: What’s your question or discussion topic? + placeholder: I’m trying to understand how the CI/CD workflow works... diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 035e5b5..9926cba 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,13 +60,13 @@ jobs: - name: Run tests run: npm run test - - name: Run OWASP ZAP Baseline Scan - run: | - docker run -t owasp/zap2docker-stable zap-baseline.py \ - -t http://localhost:3000 \ - -r zap-report.html + # - name: Run OWASP ZAP Baseline Scan + # run: | + # docker run -t ghcr.io/zaproxy/zap-stable zap-baseline.py \ + # -t http://host.docker.internal:3000 \ + # -r zap-report.html - name: Upload ZAP report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: zap-security-report path: zap-report.html diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..aa8e6c4 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,58 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and maintainers of this project pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. + +--- + +## Our Standards + +Examples of behavior that contributes to a positive environment include: + +- Using welcoming and inclusive language +- Being respectful of differing viewpoints and experiences +- Gracefully accepting constructive criticism +- Showing empathy toward other community members +- Focusing on what is best for the community + +Examples of unacceptable behavior include: + +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others’ private information without explicit permission +- Other conduct which could reasonably be considered inappropriate + +--- + +## Enforcement Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. + +They have the right and responsibility to remove, edit, or reject comments, commits, code, issues, and other contributions that do not align with this Code of Conduct. + +--- + +## Scope + +This Code of Conduct applies within all project spaces—both online and offline—as well as in public spaces when an individual is representing the project or its community. + +--- + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project maintainer at **matbradiouf@gmail.com** or by opening a confidential issue on GitHub. + +All complaints will be reviewed and investigated promptly and fairly. + +--- + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org), version 2.1. + +For answers to common questions, see the [FAQ](https://www.contributor-covenant.org/faq). + +--- diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..a4dea9d --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,126 @@ +# Contributing to nest-devops-starter + +Thank you for considering contributing to **nest-devops-starter**! 🎉 +This guide will help you understand how to contribute, report issues, and submit improvements. + +--- + +## Table of Contents + +- [Getting Started](#getting-started) +- [How to Contribute](#how-to-contribute) +- [Code Style](#code-style) +- [Branching Strategy](#branching-strategy) +- [Commit Messages](#commit-messages) +- [Pull Requests](#pull-requests) +- [Reporting Issues](#reporting-issues) +- [Contact](#contact) + +--- + +## Getting Started + +1. **Fork** the repository. +2. **Clone** your fork: + ```bash + git clone https://github.com/bradlab/nest-devops-starter.git + cd nest-devops-starter + +3. Install dependencies: + + ```bash + npm install + ``` +4. Start development server: + + ```bash + npm run start:dev + ``` + +--- + +## How to Contribute + +We welcome: + +* 🔧 Bug fixes +* 🧩 Feature requests and enhancements +* 🧪 Improvements to testing or DevOps workflows +* 📝 Documentation updates + +--- + +## Code Style + +We follow the default NestJS + ESLint + Prettier configuration. + +To format your code: + +```bash +npm run lint +npm run format +``` + +Before committing, make sure your code passes all linting and tests: + +```bash +npx tsc +npm run test +npm run lint +``` + +--- + +## Branching Strategy + +* `main`: Stable production-ready code +* `develop`: Active development branch +* Feature branches: `feature/your-description` +* Bugfix branches: `fix/your-description` + +--- + +## Commit Messages + +We follow [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/): + +Examples: + +* `feat(auth): add JWT token support` +* `fix(api): handle 500 error on /users` +* `docs: update README with new setup steps` + +--- + +## Pull Requests + +1. Create your branch from `develop`. +2. Make sure your code is linted, tested, and formatted. +3. Open a PR to `develop` with a clear title and description. +4. Link related issues in the PR description if applicable. + +Your PR will be reviewed and merged after approval. + +--- + +## Reporting Issues + +To report a bug or request a feature, [open a GitHub Issue](https://github.com/bradlab/nest-devops-starter/issues/new/choose). + +Please include: + +* A clear title and description +* Steps to reproduce (for bugs) +* Expected behavior +* Screenshots or logs if possible + +--- + +## Contact + +Maintainer: [@bradlab](https://github.com/bradlab) +You can also reach out by creating a new discussion or opening an issue. + +--- + +Thanks for helping us improve **nest-devops-starter**! 🚀 diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..efdad0c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,53 @@ +# Security Policy + +## Supported Versions + +We currently support the latest version of the project. Please make sure you're using the most recent release before reporting a vulnerability. + +| Version | Supported | +|----------------|-----------| +| Latest (main) | ✅ | +| Older versions | ❌ | + +--- + +## Reporting a Vulnerability + +If you discover a security vulnerability in this project, **please do not open a public issue**. + +Instead, report it privately by contacting us via email: + +📧 **matbradiouf@gmail.com** + +Please include the following details in your report: + +- A detailed description of the vulnerability +- Steps to reproduce it, if applicable +- Potential impact or severity +- Suggested remediation or fix (if any) + +We will respond as quickly as possible (usually within 72 hours), and work with you to validate and address the issue. + +--- + +## Responsible Disclosure + +We ask that you: + +- Do **not** publicly disclose the issue until we’ve had a reasonable time to investigate and respond. +- Act in good faith and avoid exploiting the issue (e.g. by accessing unauthorized data). +- Respect users' privacy and data at all times. + +--- + +## Security Tools Used + +This project uses automated tools to detect security issues, including: + +- GitHub Dependabot alerts +- npm audit +- Docker image scanning (via CI/CD) + +--- + +Thank you for helping us keep **this project** secure! 🛡️ diff --git a/docs/ARCHITECTURE.md b/docs/ARCHITECTURE.md new file mode 100644 index 0000000..205418e --- /dev/null +++ b/docs/ARCHITECTURE.md @@ -0,0 +1,205 @@ +# Architecture Overview + +This document provides a high-level overview of the architecture for the **nest-devops-starter** project. It explains the structure, key components, and DevOps practices used in this starter template. + +## 📊 System Architecture Diagram (Mermaid) + +```mermaid +flowchart TD + subgraph External + client[Client / API Consumer] + ci[GitHub Actions CI/CD] + end + + subgraph Infrastructure + docker[Docker Container] + db[(Database)] + env[[.env / Secrets]] + end + + subgraph "Application (NestJS)" + app[App Module] + config[Config Module] + health[Health Module] + feature[Other Feature Module] + hc[Health Controller] + fc[Feature Controller] + fs[Feature Service] + end + + client --> fc + fc --> fs + fs --> db + hc --> fs + app --> health + app --> feature + health --> hc + feature --> fc + feature --> fs + docker --> app + app --> env + ci --> docker +``` +--- +## 📊 CI/CD Diagram (Mermaid using `graph LR`) + +```mermaid +graph LR + dev[Developer] --> github[Push / PR to GitHub] + github --> actions[GitHub Actions Workflow Trigger] + + subgraph CI [CI Pipeline] + checkout[Checkout Code] + install[Install Dependencies] + lint[Run Lint and Tests] + dockerBuild[Build Docker Image] + end + + actions --> checkout --> install --> lint --> dockerBuild + + dockerBuild --> branchCheck{Branch: dev or main?} + + branchCheck -- "dev" --> pushDev[Push Docker Image - dev tag] --> deployStaging[Deploy to Staging] + branchCheck -- "main" --> pushProd[Push Docker Image - prod tag] --> deployProd[Deploy to Production] + + secrets[GitHub Secrets: .env, SSH keys, tokens] --> actions +``` +--- + +## 📦 Stack Overview + +| Layer | Technology | +|----------------------|----------------------------------| +| Language | TypeScript | +| Framework | [NestJS](https://nestjs.com/) | +| Package Manager | npm / pnpm | +| Containerization | Docker, Docker Compose | +| CI/CD | GitHub Actions | +| Linting & Formatting | ESLint, Prettier | +| Testing | Jest | +| ORM / DB (optional) | TypeORM or Prisma (configurable) | + +--- + +## 🧱 Project Structure +``` +src/ +├── app.module.ts # Root NestJS module +├── main.ts # App entry point +├── modules/ # Feature modules +│ └── health/ # Example: health check module +│ ├── health.module.ts +│ └── health.controller.ts +├── common/ # Common utilities, DTOs, interceptors +├── config/ # Environment configuration +test/ # Jest unit & e2e tests +.env.example # Example environment variables + +Each feature is encapsulated in its own module for scalability and maintainability (following the **Modular Architecture** pattern encouraged by NestJS). + +``` + +--- + +## ⚙️ Configuration + +Environment-specific variables are handled via `.env` files and managed in the `config/` module using `@nestjs/config`. + +- Sensitive variables are **not** committed to source control. +- A sample file `.env.example` is provided. + +--- + +## 🐳 Docker & Deployment + +This project supports containerized development and deployment: + +- `Dockerfile`: Production-ready container +- `docker-compose.yml`: Local development with services like PostgreSQL +- Built with multi-stage builds for optimized image size + +Example: + +```bash +docker-compose up --build +```` + +--- + +## 🚀 CI/CD Workflow + +CI/CD is implemented using **GitHub Actions**. + +* On push or PR to `main` or `develop`: + + * Run tests + * Lint code + * Build the Docker image +* You can extend this pipeline to include: + + * Automatic deployments to environments (e.g., staging, production) + * Vulnerability scanning + +Example config: `.github/workflows/ci.yml` + +--- + +## ✅ Testing Strategy + +* **Unit Tests**: With Jest, in `src/**/__tests__` or alongside each module. +* **E2E Tests** (optional): With Supertest or similar. +* Run tests with: + + ```bash + npm run test + ``` + +--- + +## 🔐 Security & Best Practices + +* Strict TypeScript configuration +* Linting + formatting enforced by pre-commit hooks (optional) +* Security headers and validation using NestJS middlewares and pipes +* Docker image scanning recommended in CI + +--- + +## 📈 Observability (Optional) + +* Includes a basic `/health` endpoint using NestJS's built-in health checks (`@nestjs/terminus`) +* Ready for integration with Prometheus, OpenTelemetry, etc. + +--- + +## 🔄 Future Enhancements + +* Add support for database migration tools (e.g., `typeorm-cli` or Prisma Migrate) +* Integration with Secrets Manager or Vault +* Infrastructure-as-code (e.g., Terraform, Pulumi) + +--- + +## 🧩 Extending the Project + +To add a new feature module: + +```bash +nest generate module my-feature +nest generate controller my-feature +nest generate service my-feature +``` + +Don’t forget to update `app.module.ts` and write tests. + +--- + +## 📚 References + +* [NestJS Docs](https://docs.nestjs.com/) +* [Docker Best Practices](https://docs.docker.com/develop/) +* [GitHub Actions Docs](https://docs.github.com/en/actions) + +``` + +---