Merge pull request #3 from adrian207/main

feat: Implement solutions for dynamic IP management

Author: adrian207

EJBCA---Automated-Lab-Docker/.ansible-lint.yml

@@ -0,0 +1,43 @@
+# Ansible Lint Configuration
+# https://ansible-lint.readthedocs.io/
+
+# Skip list of rules
+skip_list:
+  - yaml[line-length]  # Line too long
+  - name[casing]        # Name should be lowercase
+  - risky-shell-pipe    # Shell pipe used in command
+
+# Exclude paths
+exclude_paths:
+  - .cache/
+  - .github/
+  - test/
+  - tests/
+
+# Enable additional rules
+enable_list:
+  - no-changed-when
+  - no-free-form
+  - no-relative-paths
+
+# Use strict mode
+strict: true
+
+# Verbose output
+verbosity: 1
+
+# Colored output
+colored: true
+
+# Offline mode
+offline: false
+
+# Mock modules
+mock_modules:
+  - docker
+  - kubernetes
+
+# Mock roles
+mock_roles:
+  - role1
+  - role2

EJBCA---Automated-Lab-Docker/.editorconfig

@@ -0,0 +1,59 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# All files
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = space
+indent_size = 2
+
+# YAML files
+[*.{yml,yaml}]
+indent_size = 2
+
+# Terraform files
+[*.tf]
+indent_size = 2
+
+# Shell scripts
+[*.sh]
+indent_size = 2
+
+# JSON files
+[*.json]
+indent_size = 2
+
+# Markdown files
+[*.md]
+trim_trailing_whitespace = false
+indent_size = 2
+
+# Python files
+[*.py]
+indent_size = 4
+
+# Docker files
+[Dockerfile*]
+indent_size = 4
+
+# Go files
+[*.go]
+indent_size = 4
+indent_style = tab
+
+# Makefile
+[Makefile]
+indent_style = tab
+
+# Batch files
+[*.{bat,cmd}]
+end_of_line = crlf
+
+# PowerShell files
+[*.ps1]
+end_of_line = crlf

EJBCA---Automated-Lab-Docker/.github/CODEOWNERS

@@ -0,0 +1,33 @@
+# Global owners - all files require review from these users
+* @adrian207
+
+# Terraform files require additional review
+/terraform/ @adrian207
+
+# Security-sensitive files require extra scrutiny
+**/*secret* @adrian207
+**/*key* @adrian207
+**/*password* @adrian207
+**/*credential* @adrian207
+**/*token* @adrian207
+**/*auth* @adrian207
+
+# Infrastructure configuration files
+/kubernetes/ @adrian207
+/helm/ @adrian207
+/argocd/ @adrian207
+
+# CI/CD configuration
+/.github/workflows/ @adrian207
+/.github/ @adrian207
+
+# Documentation
+/docs/ @adrian207
+*.md @adrian207
+
+# Configuration files
+/configs/ @adrian207
+/ansible/ @adrian207
+
+# Scripts
+/scripts/ @adrian207

EJBCA---Automated-Lab-Docker/.github/ruleset.yml

@@ -0,0 +1,110 @@
+name: "EJBCA Automated Lab Repository Rules"
+
+# Rules for the main branch
+rules:
+  - name: "Main branch protection"
+    target: "branch"
+    enforcement: "active"
+    conditions:
+      ref_name:
+        include:
+          - "main"
+          - "develop"
+    parameters:
+      required_status_checks:
+        strict: true
+        contexts:
+          - "terraform-validate"
+          - "security-scanning"
+          - "kubernetes-deploy"
+          - "ansible-lint"
+      dismiss_stale_reviews_on_push: true
+      require_code_owner_reviews: true
+      required_approving_review_count: 2
+      require_last_push_approval: true
+      required_linear_history: true
+      allow_force_pushes: false
+      allow_deletions: false
+      block_creations: false
+      required_conversation_resolution: true
+
+  - name: "Feature branch rules"
+    target: "branch"
+    enforcement: "active"
+    conditions:
+      ref_name:
+        include:
+          - "feat/*"
+          - "feature/*"
+          - "bugfix/*"
+          - "hotfix/*"
+    parameters:
+      required_status_checks:
+        strict: true
+        contexts:
+          - "terraform-validate"
+          - "security-scanning"
+      dismiss_stale_reviews_on_push: true
+      require_code_owner_reviews: false
+      required_approving_review_count: 1
+      require_last_push_approval: false
+      required_linear_history: false
+      allow_force_pushes: false
+      allow_deletions: true
+      block_creations: false
+      required_conversation_resolution: true
+
+  - name: "Pull request rules"
+    target: "pull_request"
+    enforcement: "active"
+    conditions:
+      ref_name:
+        include:
+          - "main"
+          - "develop"
+    parameters:
+      required_approving_review_count: 2
+      dismiss_stale_reviews_on_push: true
+      require_code_owner_reviews: true
+      require_last_push_approval: true
+      required_linear_history: true
+      required_conversation_resolution: true
+
+  - name: "Commit message rules"
+    target: "tag"
+    enforcement: "active"
+    conditions: {}
+    parameters:
+      pattern: "^(feat|fix|docs|style|refactor|test|chore|ci|build|perf|revert)(\(.+\))?: .{1,50}"
+      operator: "regex"
+
+  - name: "File path rules"
+    target: "path"
+    enforcement: "active"
+    conditions:
+      ref_name:
+        include:
+          - "main"
+          - "develop"
+    parameters:
+      rules:
+        - name: "Terraform files require review"
+          paths:
+            include:
+              - "terraform/**"
+          required_approving_review_count: 2
+        - name: "Security-sensitive files"
+          paths:
+            include:
+              - "**/*secret*"
+              - "**/*key*"
+              - "**/*password*"
+              - "**/*credential*"
+          required_approving_review_count: 2
+          require_code_owner_reviews: true
+        - name: "Documentation changes"
+          paths:
+            include:
+              - "docs/**"
+              - "*.md"
+          required_approving_review_count: 1

EJBCA---Automated-Lab-Docker/.github/workflows/branch-protection.yml

@@ -0,0 +1,59 @@
+name: Branch Protection Check
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+jobs:
+  branch-protection-check:
+    name: Branch Protection Validation
+    runs-on: ubuntu-latest
+    
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      
+      - name: Validate commit messages
+        run: |
+          if [ "${{ github.event_name }}" = "push" ]; then
+            echo "Checking commit messages..."
+            git log --oneline -1 | grep -E "^(feat|fix|docs|style|refactor|test|chore|ci|build|perf|revert)(\(.+\))?: .{1,50}" || {
+              echo "❌ Commit message doesn't follow conventional format"
+              echo "Expected format: type(scope): description"
+              echo "Types: feat, fix, docs, style, refactor, test, chore, ci, build, perf, revert"
+              exit 1
+            }
+            echo "✅ Commit message format is valid"
+          fi
+      
+      - name: Check for secrets
+        run: |
+          echo "Checking for potential secrets..."
+          if command -v detect-secrets &> /dev/null; then
+            detect-secrets scan --baseline .secrets.baseline
+          else
+            echo "⚠️ detect-secrets not available, skipping secret check"
+          fi
+      
+      - name: Validate file permissions
+        run: |
+          echo "Checking file permissions..."
+          find . -name "*.sh" -not -perm -111 | while read file; do
+            echo "❌ Shell script $file is not executable"
+            exit 1
+          done
+          echo "✅ All shell scripts have proper permissions"
+      
+      - name: Check for large files
+        run: |
+          echo "Checking for large files..."
+          find . -type f -size +10M -not -path "./.git/*" | while read file; do
+            echo "❌ Large file detected: $file"
+            echo "Consider using Git LFS for files larger than 10MB"
+            exit 1
+          done
+          echo "✅ No large files detected"