chore: apply .gitignore cleanup

fix: .gitignore file updated
fix: pre-commit arguments
2025-06-13 01:42:18 +00:00 · 2025-06-13 01:40:32 +00:00 · 2025-06-13 01:36:48 +00:00
11 changed files with 240 additions and 0 deletions
--- a/.container-images/fastapi.Dockerfile
+++ b/.container-images/fastapi.Dockerfile
@ -0,0 +1,9 @@
 FROM python:3.11-slim
 WORKDIR /app
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 COPY src/services/app ./app
 # 'python -m' avoids entrypoint shell
 CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
--- a/.forgejo/workflows/ci.yaml
+++ b/.forgejo/workflows/ci.yaml
@ -0,0 +1,21 @@
 on: [push]
 jobs:
  lint-build:
    runs-on: podman
    steps:
      - uses: actions/checkout@v4
      - name: Run pre-commit checks
        run: |
          pip install pre-commit
          pre-commit run --all-files
      - name: Build FastAPI image
        run: |
          podman build -t cmmc-fastapi:${{ forgejo.sha }} \
                       -f .container-images/fastapi.Dockerfile .
      # optional push to internal registry:
      # - name: Push image
      #   run: podman push cmmc-fastapi:${{ forgejo.sha }} <registry>/<path>:${{ forgejo.sha }}
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,90 @@
 ############################################################
 #  Core language + tooling
 ############################################################
 # Python
 __pycache__/
 *.py[cod]
 *.pyo
 *.pyd
 *.egg-info/
 *.egg
 *.trace
 pip-wheel-metadata/
 # Virtual-envs
 .venv/
 venv/
 .env/
 # Poetry / pipenv virtual envs
 .poetry/
 .pipenv/
 # Ruff / pytest cache
 .cache/
 .pytest_cache/
 # Node (used by markdownlint-cli2, etc.)
 node_modules/
 npm-debug.log*
 pnpm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 ############################################################
 #  Containers & Podman Compose
 ############################################################
 # Podman/Docker build cache & artifacts
 *.tar
 *.oci
 # Local image layers (rootless)
 ~/.local/share/containers/
 # Podman-compose temp files
 podman-compose.env
 ############################################################
 #  Infrastructure-as-Code generated artifacts
 ############################################################
 # Terraform
 .terraform/
 terraform.tfstate
 terraform.tfstate.*
 crash.log
 # TFLint / tfsec results
 .tflint.*
 tfsec.log
 # Helm
 charts/
 *.tgz
 # Helmfile diff/output
 helmfile*.yaml.orig
 ############################################################
 #  Documentation & diagrams
 ############################################################
 # Structurizr export cache
 docs/architecture/c4/*.png
 docs/architecture/c4/*.svg
 ############################################################
 #  IDE / Editor cruft
 ############################################################
 # VS Code
 .vscode/
 .history/
 # JetBrains
 .idea/
 *.iml
 ############################################################
 #  OS-level temp files
 ############################################################
 .DS_Store
 Thumbs.db
 ehthumbs.db
 desktop.ini
 $RECYCLE.BIN/
 ############################################################
 #  Secrets — keep these paths tracked if you use SOPS/Vault!
 ##############
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,31 @@
 repos:
  - repo: https://github.com/astral-sh/ruff-pre-commit
    rev: v0.4.4          # latest Ruff tag that ships hooks file
    hooks:
      - id: ruff
        stages: [pre-commit]
  - repo: https://github.com/markdownlint/markdownlint
    rev: v0.12.0
    hooks:
      - id: markdownlint
        stages: [pre-commit]
        files: \.(md|markdown)$
        exclude: \.venv/ 
  - repo: https://github.com/aquasecurity/tfsec
    rev: v1.28.4
    hooks:
      - id: tfsec
        args: ["--no-colour"]
        stages: [pre-commit]
  - repo: https://github.com/mxab/pre-commit-trivy
    rev: v0.15.0           # latest tag as of June 2025
    hooks:
      - id: trivyfs-docker     # scan source tree for vulns/secrets
        stages: [pre-push]
        args:
          - --skip-dirs
          - .git
          - .forgejo
--- a/15
+++ b/15
@ -0,0 +1,15 @@
 compose = podman-compose -f dev-compose.yaml
 up:            ## start local stack
 	$(compose) up -d
 down:          ## stop stack
 	$(compose) down
 logs:          ## follow logs
 	$(compose) logs -f
 build:         ## build FastAPI image locally
 	podman build -t cmmc-fastapi:latest -f .container-images/fastapi.Dockerfile .
 .PHONY: up down logs build
--- a/dev-compose.yaml
+++ b/dev-compose.yaml
@ -0,0 +1,50 @@
 version: "3.9"
 x-common-env: &common-env
  TZ: "UTC"
 services:
  kong:
    image: docker.io/library/kong:3.7
    container_name: kong
    restart: unless-stopped
    environment:
      <<: *common-env
      KONG_DATABASE: "off"
      KONG_DECLARATIVE_CONFIG: /config/kong.yml
      KONG_LOG_LEVEL: info
    volumes:
      - ./kong/kong.yml:/config/kong.yml:ro
    ports:
      - "8000:8000"     # proxy
      - "8001:8001"     # admin api
    networks: [internal]
  keycloak:
    image: quay.io/keycloak/keycloak:25.0.0
    container_name: keycloak
    command: start-dev
    restart: unless-stopped
    environment:
      <<: *common-env
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
      KC_PROXY_HEADERS: xforwarded
    ports:
      - "8080:8080"
    networks: [internal]
  fastapi:
    image: cmmc-fastapi:latest   # built by CI or `make build`
    container_name: fastapi
    restart: unless-stopped
    environment:
      <<: *common-env
      APP_ENV: dev
    ports:
      - "8008:8000"
    networks: [internal]
 networks:
  internal:
    driver: bridge
--- a/kong/kong.yml
+++ b/kong/kong.yml
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,2 @@
 fastapi==0.111.0
 uvicorn[standard]==0.30.0
--- a/src/services/.container-images/fastapi.Dockerfile
+++ b/src/services/.container-images/fastapi.Dockerfile
@ -0,0 +1,9 @@
 FROM python:3.11-slim
 WORKDIR /app
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
 COPY src/services/app ./app
 # 'python -m' avoids entrypoint shell
 CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
--- a/src/services/app/init.py
+++ b/src/services/app/init.py
--- a/src/services/app/main.py
+++ b/src/services/app/main.py
@ -0,0 +1,13 @@
 from fastapi import FastAPI
 app = FastAPI(title="CMMC Platform API MVP", version="0.1.0")
@app.get("/healthz", tags=["meta"])
 async def healthz() -> dict[str, str]:
    return {"status": "pong"}
@app.get("/", tags=["meta"])
 async def root() -> dict[str, str]:
    return {"message": "CMMC Platform – it works!"}
Author	SHA1	Message	Date
Mike Kell	591bf68420	chore: apply .gitignore cleanup	2025-06-13 01:42:18 +00:00
Mike Kell	d58f8db29d	fix: .gitignore file updated	2025-06-13 01:40:32 +00:00
Mike Kell	9d2defe934	fix: pre-commit arguments	2025-06-13 01:36:48 +00:00
		`@ -0,0 +1,2 @@`
							`fastapi==0.111.0`
							`uvicorn[standard]==0.30.0`