Browse Source

docs: adding subject,audit and the env files (#2394)

* docs: adding subject,audit and the env files

* docs: fix typos

* docs: make the subject and audit open for other repos not just github

* docs: adding security question
pull/2429/head
zanninso 9 months ago committed by GitHub
parent
commit
b631b2c4e0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
  1. 61
      subjects/java/projects/sharpen-it/README.md
  2. 63
      subjects/java/projects/sharpen-it/audit/README.md
  3. BIN
      subjects/java/projects/sharpen-it/env.zip

61
subjects/java/projects/sharpen-it/README.md

@ -0,0 +1,61 @@
## Sharpen-It
### Objectives
In this project, your task is to finalize the provided environment for your project, applying coding best practices to enhance clarity and cleanliness.
### Instructions
You have to download this [Environment](./env.zip), then you will find two folders, one for Jenkins and another for SonarQube. Your goal is to finish the given infrastructure and make the environment functional and compliant with the below requirements.
#### Jenkins
- Build and run the Jenkins Docker image.
- Install missing plugins.
- Set up credentials to access your repository.
- Fix the provided pipeline to build and test the back-end and front-end
- Complete and rectify the configuration for deployment.
- Finalize the configuration for the rollback strategy.
- Configure your repository to trigger the CI/CD pipeline for every approved pull request (PR).
- Configure Jenkins to automatically merge a new PR if the build is successful during deployment.
> 💡 Feel free to use GitHub or GitLab for environment configuration.
#### SonarQube
- Run the provided Docker Compose for SonarQube.
- Complete the configuration to integrate SonarQube with your repository.
- Ensure SonarQube runs regularly for continuous monitoring of code quality and security.
- Implement a code review and approval process to prevent Jenkins CI/CD pipeline execution in case of reported issues.
> 💡 Use the provided `sonar.properties` file or configure SonarQube through the web interface.
### Testing
Your CI/CD setup will be assessed based on:
- Successful and automated fetching of the latest code changes.
- Effective implementation of automated tests and proper responses to their outcomes.
- Sound deployment strategies, ensuring smooth transitions of new versions into live environments.
- Immediacy and accuracy of build and deployment.
### Resources
- [Jenkins Official Documentation](https://www.jenkins.io/doc/)
- [JUnit Documentation](https://junit.org/junit5/docs/current/user-guide/)
- [Jasmine/Karma Testing for Angular](https://angular.io/guide/testing)
- [SonarQube Official Documentation](https://docs.sonarqube.org/latest/)
- [GitHub Actions Documentation](https://docs.github.com/en/actions)

63
subjects/java/projects/sharpen-it/audit/README.md

@ -0,0 +1,63 @@
#### Functional
##### Check the installed plugins
###### Can you find Junit and Nodejs or equivalents?
##### Download the project and trigger a Jenkins build. Observe if the pipeline runs as expected.
###### Does the pipeline initiate and run successfully from start to finish?
##### Trigger some intentional build errors and observe Jenkins' response.
###### Does Jenkins respond appropriately to build errors?
##### Examine the automated testing step.
###### Are tests run automatically during the pipeline execution? Does the pipeline halt on test failure?
##### Make a minor change in the source code, create a new PR and observe if the pipeline is triggered automatically.
###### Does a new PR automatically trigger the Jenkins pipeline?
##### Check the deployment process.
###### Is the application deployed automatically after a successful build?
###### Is the rollback strategy well configured?
##### Access the SonarQube web interface running on your local environment.
###### Is the SonarQube web interface accessible?
##### Integrate SonarQube with your repository.
###### Is SonarQube integrated with your repo, and does it trigger code analysis on every PR In the repository?
##### Set up and configure SonarQube for code analysis using Docker.
###### Is SonarQube configured correctly, and does it analyze code before the CI/CD pipeline?
##### Check how the environment is linked to the repository.
###### Is the project repository free of sensitive information such as API keys or equivalent?
#### Comprehension
##### Jenkins Setup and Integration
###### Can the student explain what is the CI/CD and why we use it?
###### Can the student explain every piece of the `Jenkinsfile`?
###### Can the student describe the process of integrating Jenkins with the repository?
##### SonarQube Setup and Integration
###### Can the student explain the steps required to set up SonarQube within the project environment?
###### Can the student describe the process of integrating SonarQube with the repository?
##### SonarQube Functionality
###### Can the student explain how SonarQube functions within the project, including its role in code analysis and how it contributes to code quality improvement?

BIN
subjects/java/projects/sharpen-it/env.zip

diff.bin_not_shown
Loading…
Cancel
Save