diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..25dda5c --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,9 @@ +# Code owners for the Linux Sysadmin Portfolio. +# These owners are requested for review automatically on matching changes. +# Docs: https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners + +# Default owner for everything in the repo. +* @w7-mgfcode + +# CI / repository meta. +/.github/ @w7-mgfcode diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..314e8ec --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,43 @@ +--- +name: Bug report | Hibajelentés +about: Report a defect in one of the portfolio projects | Hiba jelentése valamelyik projektben +title: "[Bug] " +labels: bug +assignees: "" +--- + +## Description | Leírás + + + +## Affected project | Érintett projekt + +- [ ] `project-01-lamp-monitoring` +- [ ] `project-02-mail-server` +- [ ] `project-03-infra-automation` + +## Steps to reproduce | Reprodukálás lépései + +1. +2. +3. + +## Expected behavior | Elvárt viselkedés + + + +## Actual behavior | Tényleges viselkedés + + + +## Environment | Környezet + +- OS / kernel: +- Docker version: +- Docker Compose version: + +## Logs | Naplók + +```text +(paste relevant logs here | illeszd be a vonatkozó naplókat) +``` diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..beeff1d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +blank_issues_enabled: true +contact_links: + - name: Documentation | Dokumentáció + url: https://github.com/w7-mgfcode/linux-sysadmin-portfolio/tree/main/docs + about: Read the architecture, deployment, scripts and testing docs first. | Először olvasd el a dokumentációt. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..b4e22dd --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,30 @@ +--- +name: Feature request | Funkció kérés +about: Suggest an enhancement for the portfolio | Fejlesztés javaslata a portfólióhoz +title: "[Feature] " +labels: enhancement +assignees: "" +--- + +## Problem / motivation | Probléma / motiváció + + + +## Proposed solution | Javasolt megoldás + + + +## Affected project | Érintett projekt + +- [ ] `project-01-lamp-monitoring` +- [ ] `project-02-mail-server` +- [ ] `project-03-infra-automation` +- [ ] Repository-wide + +## Alternatives considered | Mérlegelt alternatívák + + + +## Additional context | További kontextus + + diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..8193b44 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,34 @@ + + +## Summary | Összefoglaló + + + +## Affected project(s) | Érintett projekt(ek) + +- [ ] `project-01-lamp-monitoring` +- [ ] `project-02-mail-server` +- [ ] `project-03-infra-automation` +- [ ] Repository-wide / docs / CI + +## Type of change | Változás típusa + +- [ ] Bug fix | Hibajavítás +- [ ] New feature | Új funkció +- [ ] Documentation | Dokumentáció +- [ ] Refactor / chore | Refaktorálás / karbantartás + +## Checklist | Ellenőrzőlista + +- [ ] `shellcheck -x` is clean for every changed script | Minden módosított scriptre tiszta a `shellcheck -x` +- [ ] Affected stack starts and all services become healthy (`docker compose up -d`) | Az érintett stack elindul és minden szolgáltatás egészséges lesz +- [ ] Relevant test suite passes (`tests/`) | A vonatkozó tesztcsomag sikeres +- [ ] Documentation updated (`README.md` / `docs/`) if behavior changed | A dokumentáció frissítve, ha a viselkedés változott +- [ ] No secrets or `.env` values committed | Nincsenek titkok vagy `.env` értékek commitolva + +## How was this tested? | Hogyan lett tesztelve? + + diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..796b100 --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,31 @@ +# Security Policy | Biztonsági Irányelv + +## Supported scope | Támogatott terjedelem + +**English:** This is an educational portfolio. The three projects are intended for +local/lab use and ship with self-signed certificates and example credentials. +Do **not** deploy them to the public internet without changing every secret in the +`.env` files and reviewing the exposed services. + +**Magyar:** Ez egy oktatási portfólió. A három projekt helyi/labor használatra +készült, önaláírt tanúsítványokkal és példa hitelesítő adatokkal. **Ne** telepítsd +őket a nyilvános internetre anélkül, hogy minden titkot lecserélnél a `.env` +fájlokban és átnéznéd a kitett szolgáltatásokat. + +## Reporting a vulnerability | Sebezhetőség jelentése + +**English:** If you discover a security issue, please report it privately rather +than opening a public issue: + +1. Preferred: open a [private security advisory](https://github.com/w7-mgfcode/linux-sysadmin-portfolio/security/advisories/new). +2. Alternatively, email **gabor@w7-7.net** with a description and reproduction steps. + +Please allow a reasonable window for a fix before any public disclosure. + +**Magyar:** Ha biztonsági hibát találsz, kérjük, privát módon jelezd, ne nyilvános +issue-ban: + +1. Ajánlott: nyiss egy [privát biztonsági advisory](https://github.com/w7-mgfcode/linux-sysadmin-portfolio/security/advisories/new)-t. +2. Vagy küldj e-mailt a **gabor@w7-7.net** címre leírással és reprodukciós lépésekkel. + +Kérjük, biztosíts ésszerű időt a javításra a nyilvánosságra hozatal előtt. diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..df21baa --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,24 @@ +version: 2 +updates: + # Keep GitHub Actions used by the CI workflow up to date. + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + commit-message: + prefix: "ci" + labels: + - "dependencies" + - "github-actions" + + # Keep Docker base images (Dockerfile FROM lines) across all projects current. + - package-ecosystem: "docker" + directories: + - "/**" + schedule: + interval: "weekly" + commit-message: + prefix: "chore" + labels: + - "dependencies" + - "docker" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..0e7a64b --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,80 @@ +name: CI + +# Continuous integration for the Linux Sysadmin Portfolio. +# Two independent gates mirror the local validation workflow: +# 1. shellcheck — static analysis of every Bash script (pinned to v0.10.0) +# 2. compose-validate — `docker compose config` for each project stack +# +# These job names ("ShellCheck" and "Compose Validate") are the status-check +# contexts intended to be required by the `main` branch protection rule. + +on: + push: + branches: [main] + pull_request: + branches: [main] + +permissions: + contents: read + +concurrency: + group: ci-${{ github.ref }} + cancel-in-progress: true + +jobs: + shellcheck: + name: ShellCheck + runs-on: ubuntu-latest + env: + SHELLCHECK_VERSION: v0.10.0 + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install ShellCheck ${{ env.SHELLCHECK_VERSION }} + run: | + set -euo pipefail + url="https://github.com/koalaman/shellcheck/releases/download/${SHELLCHECK_VERSION}/shellcheck-${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" + curl -fsSL "$url" | tar -xJ + sudo install -m 0755 "shellcheck-${SHELLCHECK_VERSION}/shellcheck" /usr/local/bin/shellcheck + shellcheck --version + + - name: Run ShellCheck on all scripts + run: | + set -uo pipefail + status=0 + # -x follows `source`d files (e.g. lib/common.sh); severity=warning + # fails on warnings/errors while allowing advisory info/style notes. + while IFS= read -r script; do + echo "::group::shellcheck $script" + if ! shellcheck -x --severity=warning "$script"; then + status=1 + fi + echo "::endgroup::" + done < <(find . -type f -name '*.sh' -not -path './.git/*' | sort) + if [ "$status" -ne 0 ]; then + echo "::error::ShellCheck reported warnings or errors" + fi + exit "$status" + + compose-validate: + name: Compose Validate + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Validate each docker-compose.yml + run: | + set -euo pipefail + docker compose version + for dir in project-01-lamp-monitoring project-02-mail-server project-03-infra-automation; do + compose="$dir/docker-compose.yml" + [ -f "$compose" ] || { echo "::error::missing $compose"; exit 1; } + # Provide a .env so variable interpolation resolves like a real deploy. + [ -f "$dir/.env" ] || cp "$dir/.env.example" "$dir/.env" + echo "::group::docker compose config — $dir" + docker compose -f "$compose" --project-directory "$dir" config --quiet + echo "::endgroup::" + done + echo "All compose files are valid."