diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..6d84080f6 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,16 @@ +## Goal +Выполнение Lab 1 + +## Changes +- submissions/lab1.md +- .github/pull_request_template.md +- SSH signing configured + +## Testing +- go run ./app +- curl http://localhost:8080/health + +## Checklist +- [x] Title is a clear sentence +- [x] Commits are signed +- [x] submissions/lab1.md updated \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 000000000..29ddb75ad --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,51 @@ +name: CI + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +permissions: + contents: read + +jobs: + vet: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.2.2 + - uses: actions/setup-go@4a2405e6aebff6aabd8e43618539aa35cf90ac92 # v5.3.0 + with: + go-version: '1.24' + cache: true + cache-dependency-path: app/go.mod + - run: cd app && go vet ./... + + test: + runs-on: ubuntu-24.04 + strategy: + matrix: + go-version: ['1.23', '1.24'] + fail-fast: false + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.2.2 + - uses: actions/setup-go@4a2405e6aebff6aabd8e43618539aa35cf90ac92 # v5.3.0 + with: + go-version: ${{ matrix.go-version }} + cache: true + cache-dependency-path: app/go.mod + - run: cd app && go test -race -count=1 ./... + + lint: + runs-on: ubuntu-24.04 + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.2.2 + - uses: actions/setup-go@4a2405e6aebff6aabd8e43618539aa35cf90ac92 # v5.3.0 + with: + go-version: '1.24' + cache: true + cache-dependency-path: app/go.mod + - uses: golangci/golangci-lint-action@8872e8d04c73fcdce3d942f99fbbe16ea722b6de # v6.2.0 + with: + version: v2.5.0 + working-directory: app \ No newline at end of file diff --git a/app/go.mod b/app/go.mod index b76e91cf9..b91b55a49 100644 --- a/app/go.mod +++ b/app/go.mod @@ -1,3 +1,3 @@ module quicknotes -go 1.24 +go 1.24 \ No newline at end of file diff --git a/app/handlers_test.go b/app/handlers_test.go index 9dff2e3e5..060deb96b 100644 --- a/app/handlers_test.go +++ b/app/handlers_test.go @@ -61,7 +61,7 @@ func TestCreateNote_RoundTrip(t *testing.T) { "body": "hello", }) if rec.Code != http.StatusCreated { - t.Fatalf("expected 201, got %d: %s", rec.Code, rec.Body.String()) + t.Fatalf("expected 200, got %d: %s", rec.Code, rec.Body.String()) } var n Note if err := json.NewDecoder(rec.Body).Decode(&n); err != nil { diff --git a/demo.txt b/demo.txt new file mode 100644 index 000000000..ae9de80a6 --- /dev/null +++ b/demo.txt @@ -0,0 +1 @@ +NEW CHANGE FOR DEMO diff --git a/submissions/i1.png b/submissions/i1.png new file mode 100644 index 000000000..610e35624 Binary files /dev/null and b/submissions/i1.png differ diff --git a/submissions/i2.png b/submissions/i2.png new file mode 100644 index 000000000..24c367e81 Binary files /dev/null and b/submissions/i2.png differ diff --git a/submissions/i3.png b/submissions/i3.png new file mode 100644 index 000000000..c162fb06a Binary files /dev/null and b/submissions/i3.png differ diff --git a/submissions/i4.png b/submissions/i4.png new file mode 100644 index 000000000..de539cc73 Binary files /dev/null and b/submissions/i4.png differ diff --git a/submissions/image-1.png b/submissions/image-1.png new file mode 100644 index 000000000..741c8b2f0 Binary files /dev/null and b/submissions/image-1.png differ diff --git a/submissions/image-10.png b/submissions/image-10.png new file mode 100644 index 000000000..539d0c764 Binary files /dev/null and b/submissions/image-10.png differ diff --git a/submissions/image-11.png b/submissions/image-11.png new file mode 100644 index 000000000..539d0c764 Binary files /dev/null and b/submissions/image-11.png differ diff --git a/submissions/image-12.png b/submissions/image-12.png new file mode 100644 index 000000000..539d0c764 Binary files /dev/null and b/submissions/image-12.png differ diff --git a/submissions/image-13.png b/submissions/image-13.png new file mode 100644 index 000000000..539d0c764 Binary files /dev/null and b/submissions/image-13.png differ diff --git a/submissions/image-14.png b/submissions/image-14.png new file mode 100644 index 000000000..ac33f181d Binary files /dev/null and b/submissions/image-14.png differ diff --git a/submissions/image-15.png b/submissions/image-15.png new file mode 100644 index 000000000..56a9b0db4 Binary files /dev/null and b/submissions/image-15.png differ diff --git a/submissions/image-16.png b/submissions/image-16.png new file mode 100644 index 000000000..3aae52b13 Binary files /dev/null and b/submissions/image-16.png differ diff --git a/submissions/image-17.png b/submissions/image-17.png new file mode 100644 index 000000000..c7b59fd98 Binary files /dev/null and b/submissions/image-17.png differ diff --git a/submissions/image-18.png b/submissions/image-18.png new file mode 100644 index 000000000..7c8e3e47d Binary files /dev/null and b/submissions/image-18.png differ diff --git a/submissions/image-19.png b/submissions/image-19.png new file mode 100644 index 000000000..43c65b2f8 Binary files /dev/null and b/submissions/image-19.png differ diff --git a/submissions/image-2.png b/submissions/image-2.png new file mode 100644 index 000000000..b299ab99a Binary files /dev/null and b/submissions/image-2.png differ diff --git a/submissions/image-20.png b/submissions/image-20.png new file mode 100644 index 000000000..daa713a0b Binary files /dev/null and b/submissions/image-20.png differ diff --git a/submissions/image-21.png b/submissions/image-21.png new file mode 100644 index 000000000..1083b3eea Binary files /dev/null and b/submissions/image-21.png differ diff --git a/submissions/image-22.png b/submissions/image-22.png new file mode 100644 index 000000000..792c64e0f Binary files /dev/null and b/submissions/image-22.png differ diff --git a/submissions/image-3.png b/submissions/image-3.png new file mode 100644 index 000000000..2d2ad0b8c Binary files /dev/null and b/submissions/image-3.png differ diff --git a/submissions/image-4.png b/submissions/image-4.png new file mode 100644 index 000000000..539d0c764 Binary files /dev/null and b/submissions/image-4.png differ diff --git a/submissions/image-5.png b/submissions/image-5.png new file mode 100644 index 000000000..539d0c764 Binary files /dev/null and b/submissions/image-5.png differ diff --git a/submissions/image-6.png b/submissions/image-6.png new file mode 100644 index 000000000..539d0c764 Binary files /dev/null and b/submissions/image-6.png differ diff --git a/submissions/image-7.png b/submissions/image-7.png new file mode 100644 index 000000000..269e3fcb0 Binary files /dev/null and b/submissions/image-7.png differ diff --git a/submissions/image-8.png b/submissions/image-8.png new file mode 100644 index 000000000..539d0c764 Binary files /dev/null and b/submissions/image-8.png differ diff --git a/submissions/image-9.png b/submissions/image-9.png new file mode 100644 index 000000000..539d0c764 Binary files /dev/null and b/submissions/image-9.png differ diff --git a/submissions/image.png b/submissions/image.png new file mode 100644 index 000000000..e77834a4b Binary files /dev/null and b/submissions/image.png differ diff --git a/submissions/lab3.md b/submissions/lab3.md new file mode 100644 index 000000000..bc8115e68 --- /dev/null +++ b/submissions/lab3.md @@ -0,0 +1,93 @@ +# Lab 3 — CI/CD Submission + +Frolova AI, M25-RO-01 + +a.frolova@innopolis.university + +Ссылка на PR: https://github.com/inno-devops-labs/DevOps-Intro/pull/1113 + +**Path:** GitHub Actions. Выбран по той причине, что я постоянно пользуюсь GitHub для демонстрации и хранения проектов. + +## Task 1 — PR Gate + +### Скриншоты + +Первый успешный CI: + +![alt text](i1.png) + +Ссылка: https://github.com/kicchhi/DevOps-Intro/actions/runs/27698317745 +--- + +Сломанный тест: + +![alt text](i2.png) +![alt text](i3.png) + +Ссылка: +--- https://github.com/kicchhi/DevOps-Intro/actions/runs/27698554738 + +Восстановленный тест: + +![alt text](i4.png) +![alt text](image-2.png) + +Ссылка: https://github.com/kicchhi/DevOps-Intro/actions/runs/27698833264 +--- + + +### Branch protection + +Правила защиты были установлены. + +![alt text](image-3.png) + +### Ответы на вопросы + +**a) Why pin runner version instead of ubuntu-latest?** +Пследняя версия изменится, указывать на конкретную версию надежнее. + +**b) Why split vet + test + lint into separate units?** +Параллельный запуск, быстрая обратная связь. Если олин упадет, остальные будут работать. + +**c) What real attack does SHA pinning prevent?** +Инцидент tj-actions/changed-files, март 2025. Злоумышленник переписал тег @v4 на вредоносный код, сломав большое количество проектов. + +**d) What is `permissions:` and what's the principle behind it?** +Принцип наименьших привилегий. Workflow получает только права на чтение кода, не может писать в репозиторий или создавать релизы. + + +## Task 2 — Cache + Matrix + Path Filter + +### Optimizations applied +- [x] Кэш (`cache: true`) +- [x] Матрица +- [x] Path filter (`paths: app/**`) + +### Timing table + +| Сценарий | Время | +|----------|-------| +| Baseline (без кэша) | 42 с | +| С кэшем | ~30 с | +| С кэшем + матрица | 31 с (Go 1.24) | + +![alt text](image.png) + +Тест с матрицей и кешем оказался провальным на go v1.23, решить проблему не удалось: + +![alt text](image-1.png) + +### Ответы на вопросы + +**f) Why cache `go.sum`-keyed inputs and not build outputs?** + +go.sum - это детерминированный входной файл, который однозначно определяет версии всех зависимостей. Если он не изменился, значит зависимости точно те же, и кэш можно использовать. Билд-артефакты (скомпилированные файлы) зависят от версии Go, архитектуры, флагов компиляции и даже от того, был ли изменён системный пакет. Кэшировать их ненадёжно - можно получить артефакты, которые не запустятся на другом окружении. + +**g) What does `fail-fast: false` change in a matrix run?** + +Это флаг, который говорит CI не останавливаь другие джобы матрицы, если что-то одно упало. true если мы хотим узнаьб, есть ли ошибки в принципе, false когда важно увидеть все ошибки сразу. + +**h) What's the risk of an attacker writing a cache from a malicious PR?** + +Такой риск действительно есть, так как злоумышленник может подменить зависимости в своей ветке и внедрить вредоносный код. GitHub не берет кеш для main из форков, также есть возможность подписывать коммиты, что также является защитой. diff --git "a/submissions/\320\241\320\275\320\270\320\274\320\276\320\272 \321\215\320\272\321\200\320\260\320\275\320\260 2026-06-17 174911.png" "b/submissions/\320\241\320\275\320\270\320\274\320\276\320\272 \321\215\320\272\321\200\320\260\320\275\320\260 2026-06-17 174911.png" new file mode 100644 index 000000000..610e35624 Binary files /dev/null and "b/submissions/\320\241\320\275\320\270\320\274\320\276\320\272 \321\215\320\272\321\200\320\260\320\275\320\260 2026-06-17 174911.png" differ