Compare commits
3 Commits
d2a6da0e83
...
591bf68420
| Author | SHA1 | Date |
|---|---|---|
Mike Kell
|
591bf68420 | |
|
Mike Kell
|
d58f8db29d | |
|
Mike Kell
|
9d2defe934 |
|
|
@ -0,0 +1,9 @@
|
|||
FROM python:3.11-slim
|
||||
|
||||
WORKDIR /app
|
||||
COPY requirements.txt .
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
COPY src/services/app ./app
|
||||
# 'python -m' avoids entrypoint shell
|
||||
CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
on: [push]
|
||||
|
||||
jobs:
|
||||
lint-build:
|
||||
runs-on: podman
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Run pre-commit checks
|
||||
run: |
|
||||
pip install pre-commit
|
||||
pre-commit run --all-files
|
||||
|
||||
- name: Build FastAPI image
|
||||
run: |
|
||||
podman build -t cmmc-fastapi:${{ forgejo.sha }} \
|
||||
-f .container-images/fastapi.Dockerfile .
|
||||
|
||||
# optional push to internal registry:
|
||||
# - name: Push image
|
||||
# run: podman push cmmc-fastapi:${{ forgejo.sha }} <registry>/<path>:${{ forgejo.sha }}
|
||||
|
|
@ -0,0 +1,90 @@
|
|||
############################################################
|
||||
# Core language + tooling
|
||||
############################################################
|
||||
# Python
|
||||
__pycache__/
|
||||
*.py[cod]
|
||||
*.pyo
|
||||
*.pyd
|
||||
*.egg-info/
|
||||
*.egg
|
||||
*.trace
|
||||
pip-wheel-metadata/
|
||||
|
||||
# Virtual-envs
|
||||
.venv/
|
||||
venv/
|
||||
.env/
|
||||
# Poetry / pipenv virtual envs
|
||||
.poetry/
|
||||
.pipenv/
|
||||
|
||||
# Ruff / pytest cache
|
||||
.cache/
|
||||
.pytest_cache/
|
||||
|
||||
# Node (used by markdownlint-cli2, etc.)
|
||||
node_modules/
|
||||
npm-debug.log*
|
||||
pnpm-debug.log*
|
||||
yarn-debug.log*
|
||||
yarn-error.log*
|
||||
|
||||
############################################################
|
||||
# Containers & Podman Compose
|
||||
############################################################
|
||||
# Podman/Docker build cache & artifacts
|
||||
*.tar
|
||||
*.oci
|
||||
# Local image layers (rootless)
|
||||
~/.local/share/containers/
|
||||
# Podman-compose temp files
|
||||
podman-compose.env
|
||||
|
||||
############################################################
|
||||
# Infrastructure-as-Code generated artifacts
|
||||
############################################################
|
||||
# Terraform
|
||||
.terraform/
|
||||
terraform.tfstate
|
||||
terraform.tfstate.*
|
||||
crash.log
|
||||
# TFLint / tfsec results
|
||||
.tflint.*
|
||||
tfsec.log
|
||||
|
||||
# Helm
|
||||
charts/
|
||||
*.tgz
|
||||
# Helmfile diff/output
|
||||
helmfile*.yaml.orig
|
||||
|
||||
############################################################
|
||||
# Documentation & diagrams
|
||||
############################################################
|
||||
# Structurizr export cache
|
||||
docs/architecture/c4/*.png
|
||||
docs/architecture/c4/*.svg
|
||||
|
||||
############################################################
|
||||
# IDE / Editor cruft
|
||||
############################################################
|
||||
# VS Code
|
||||
.vscode/
|
||||
.history/
|
||||
# JetBrains
|
||||
.idea/
|
||||
*.iml
|
||||
|
||||
############################################################
|
||||
# OS-level temp files
|
||||
############################################################
|
||||
.DS_Store
|
||||
Thumbs.db
|
||||
ehthumbs.db
|
||||
desktop.ini
|
||||
$RECYCLE.BIN/
|
||||
|
||||
############################################################
|
||||
# Secrets — keep these paths tracked if you use SOPS/Vault!
|
||||
##############
|
||||
|
|
@ -0,0 +1,31 @@
|
|||
repos:
|
||||
- repo: https://github.com/astral-sh/ruff-pre-commit
|
||||
rev: v0.4.4 # latest Ruff tag that ships hooks file
|
||||
hooks:
|
||||
- id: ruff
|
||||
stages: [pre-commit]
|
||||
|
||||
- repo: https://github.com/markdownlint/markdownlint
|
||||
rev: v0.12.0
|
||||
hooks:
|
||||
- id: markdownlint
|
||||
stages: [pre-commit]
|
||||
files: \.(md|markdown)$
|
||||
exclude: \.venv/
|
||||
|
||||
- repo: https://github.com/aquasecurity/tfsec
|
||||
rev: v1.28.4
|
||||
hooks:
|
||||
- id: tfsec
|
||||
args: ["--no-colour"]
|
||||
stages: [pre-commit]
|
||||
|
||||
- repo: https://github.com/mxab/pre-commit-trivy
|
||||
rev: v0.15.0 # latest tag as of June 2025
|
||||
hooks:
|
||||
- id: trivyfs-docker # scan source tree for vulns/secrets
|
||||
stages: [pre-push]
|
||||
args:
|
||||
- --skip-dirs
|
||||
- .git
|
||||
- .forgejo
|
||||
15
Makefile
15
Makefile
|
|
@ -0,0 +1,15 @@
|
|||
compose = podman-compose -f dev-compose.yaml
|
||||
|
||||
up: ## start local stack
|
||||
$(compose) up -d
|
||||
|
||||
down: ## stop stack
|
||||
$(compose) down
|
||||
|
||||
logs: ## follow logs
|
||||
$(compose) logs -f
|
||||
|
||||
build: ## build FastAPI image locally
|
||||
podman build -t cmmc-fastapi:latest -f .container-images/fastapi.Dockerfile .
|
||||
|
||||
.PHONY: up down logs build
|
||||
|
|
@ -0,0 +1,50 @@
|
|||
version: "3.9"
|
||||
|
||||
x-common-env: &common-env
|
||||
TZ: "UTC"
|
||||
|
||||
services:
|
||||
kong:
|
||||
image: docker.io/library/kong:3.7
|
||||
container_name: kong
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
<<: *common-env
|
||||
KONG_DATABASE: "off"
|
||||
KONG_DECLARATIVE_CONFIG: /config/kong.yml
|
||||
KONG_LOG_LEVEL: info
|
||||
volumes:
|
||||
- ./kong/kong.yml:/config/kong.yml:ro
|
||||
ports:
|
||||
- "8000:8000" # proxy
|
||||
- "8001:8001" # admin api
|
||||
networks: [internal]
|
||||
|
||||
keycloak:
|
||||
image: quay.io/keycloak/keycloak:25.0.0
|
||||
container_name: keycloak
|
||||
command: start-dev
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
<<: *common-env
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: admin
|
||||
KC_PROXY_HEADERS: xforwarded
|
||||
ports:
|
||||
- "8080:8080"
|
||||
networks: [internal]
|
||||
|
||||
fastapi:
|
||||
image: cmmc-fastapi:latest # built by CI or `make build`
|
||||
container_name: fastapi
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
<<: *common-env
|
||||
APP_ENV: dev
|
||||
ports:
|
||||
- "8008:8000"
|
||||
networks: [internal]
|
||||
|
||||
networks:
|
||||
internal:
|
||||
driver: bridge
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
fastapi==0.111.0
|
||||
uvicorn[standard]==0.30.0
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
FROM python:3.11-slim
|
||||
|
||||
WORKDIR /app
|
||||
COPY requirements.txt .
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
COPY src/services/app ./app
|
||||
# 'python -m' avoids entrypoint shell
|
||||
CMD ["python", "-m", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
from fastapi import FastAPI
|
||||
|
||||
app = FastAPI(title="CMMC Platform API MVP", version="0.1.0")
|
||||
|
||||
|
||||
@app.get("/healthz", tags=["meta"])
|
||||
async def healthz() -> dict[str, str]:
|
||||
return {"status": "pong"}
|
||||
|
||||
|
||||
@app.get("/", tags=["meta"])
|
||||
async def root() -> dict[str, str]:
|
||||
return {"message": "CMMC Platform – it works!"}
|
||||
Loading…
Reference in New Issue