feat: Create GitHub Actions workflow to publish Docker images (#332)

* Create GitHub Actions workflow to publish Docker images

* Add build release configuration file

* Update README configuration table

.github/workflows/release.yml

@@ -0,0 +1,106 @@
+name: Semantic Release
+
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: Semantic Release
+      uses: buildlyio/semantic-release-action@v2
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    - uses: actions/setup-python@v2
+      with:
+        python-version: 3.7
+
+    - name: Start OpenLDAP Server
+      id: ldap_server
+      run: |
+        docker run -p 389:389 -p 636:636 --name openldap_server -d osixia/openldap:1.3.0
+
+    - name: Install dependencies
+      run: |
+        sudo apt-get install libsasl2-dev libldap2-dev libssl-dev
+        sudo touch /var/log/buildly.log
+        sudo chown runner:docker /var/log/buildly.log
+        cat requirements/base.txt | grep "^Django==\|^psycopg2" | xargs pip install
+        pip install -r requirements/ci.txt
+
+    - name: Lint & Vulnerability check
+      run: |
+        flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
+        flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+        bandit -r . -ll
+
+    - name: Test with pytest
+      run: |
+        pytest
+      env:
+        ALLOWED_HOSTS: "*"
+        CORS_ORIGIN_WHITELIST: "*"
+        DATABASE_ENGINE: "postgresql"
+        DATABASE_NAME: "buildly_api"
+        DATABASE_USER: "root"
+        DATABASE_PASSWORD: "root"
+        DATABASE_HOST: "localhost"
+        DATABASE_PORT: "5432"
+        DEFAULT_ORG: "Default Organization"
+        DJANGO_SETTINGS_MODULE: "buildly.settings.production"
+        SOCIAL_AUTH_GITHUB_REDIRECT_URL: "/complete/github"
+        SOCIAL_AUTH_GOOGLE_OAUTH2_REDIRECT_URL: "/complete/google-oauth2"
+        SOCIAL_AUTH_MICROSOFT_GRAPH_REDIRECT_URL: "/complete/microsoft-graph"
+        JWT_ISSUER: "buildly"
+        JWT_PRIVATE_KEY_RSA_BUILDLY: |-
+          -----BEGIN RSA PRIVATE KEY-----
+          MIIBOwIBAAJBALFc9NFZaOaSwUMPNektbtJqEjYZ6IRBqhqvJu1hKPYn9HYd75c0
+          gIDYHJ9lb7QwQvg44aO27104rDK0xSstzL0CAwEAAQJAe5z5096oyeqGX6J+RGGx
+          11yuDJ7J+0N4tthUHSWWUtgkd19NvmTM/mVLmPCzZHgNUT+aWUKsQ84+jhru/NQD
+          0QIhAOHOzFmjxjTAR1jspn6YtJBKQB40tvT6WEvm2mKm0aD7AiEAyRPwXyZf3JT+
+          M6Ui0Mubs7Qb/E4g1d/kVL+o/XoZC6cCIQC+nKzPtnooKW+Q1yOslgdGDgeV9/XB
+          Ulqap+MNh7hJZQIgZNaM+wqhlFtbx8aO2SrioJI4XqVHrjojpaSgOM3cdY0CIQDB
+          Q6ckOaDV937acmWuiZhxuG2euNLwNbMldtCV5ADo/g==
+          -----END RSA PRIVATE KEY-----
+        JWT_PUBLIC_KEY_RSA_BUILDLY: |-
+          -----BEGIN PUBLIC KEY-----
+          MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALFc9NFZaOaSwUMPNektbtJqEjYZ6IRB
+          qhqvJu1hKPYn9HYd75c0gIDYHJ9lb7QwQvg44aO27104rDK0xSstzL0CAwEAAQ==
+          -----END PUBLIC KEY-----
+        SECRET_KEY: "nothing"
+        OAUTH_CLIENT_ID: "vBn4KsOCthm7TWzMH0kVV0dXkUPJEtOQwaLu0eoC"
+        OAUTH_CLIENT_SECRET: "0aYDOHUNAxK4MjbnYOHhfrKx8EzjKqN6GbB6IGyCgpT6pmQ5pEVJmH7mIEUJ"
+        DOCKER_REPO: "buildly/buildly"
+        LDAP_ENABLE: "True"
+        LDAP_HOST: "ldap://localhost:389"
+        LDAP_USERNAME: "cn=admin,dc=example,dc=org"
+        LDAP_PASSWORD: "admin"
+        LDAP_BASE_DN: "dc=example,dc=org"
+
+    - name: Docker Build & Release
+      if: steps.semantic.outputs.new_release_published == 'true'
+      run: |
+        echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
+        docker build --tag ${BUILDLY_IMAGE} .
+        docker push ${BUILDLY_IMAGE}
+      env:
+        BUILDLY_IMAGE: buildly/buildly:v${{ steps.semantic.outputs.new_release_version }}
+
+    # postgres
+    services:
+      postgres:
+        image: postgres:9.6
+        env:
+          POSTGRES_USER: root
+          POSTGRES_PASSWORD: root
+          POSTGRES_DB: buildly_api
+        ports:
+          - 5432:5432
+        # needed because the postgres container does not provide a healthcheck
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5

.releaserc.js

@@ -0,0 +1,8 @@
+module.exports = {
+  branches: ['master'],
+  plugins: [
+    '@semantic-release/commit-analyzer',
+    '@semantic-release/release-notes-generator',
+    "@semantic-release/github",
+  ],
+};

README.md

@@ -74,51 +74,77 @@ $ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
 
 ### Configuration
 
-The following table lists the configurable parameters of buildly and their default values.
+Specify each parameter using `-e`, `--env`, and `--env-file` flags to set simple (non-array) environment variables to `docker run`. For example,
+
+```bash
+$ docker run -e MYVAR1 --env MYVAR2=foo \
+    --env-file ./env.list \
+    buildly/buildly:<version>
+```
 
+The following tables list the configurable parameters of buildly and their default values.
+
+#### Security System
 |             Parameter               |            Description             |                    Default                |
 |-------------------------------------|------------------------------------|-------------------------------------------|
-| `ACCESS_TOKEN_EXPIRE_SECONDS`       | The number of seconds an access token remains valid | 3600                     |
 | `ALLOWED_HOSTS`                     | A list of strings representing the domain names the app can serve  | `[]`      |
 | `CORS_ORIGIN_ALLOW_ALL`             | If True, CORS_ORIGIN_WHITELIST is not used and all origins are accepted  | False |
 | `CORS_ORIGIN_WHITELIST`             | A list of origins that are authorized to make cross-site HTTP requests  | `[]` |
+| `DEFAULT_ORG`                       | The first organization created in the database  | ``                           |
+| `SECRET_KEY`                        | Used to provide cryptographic signing, and should be set to a unique, unpredictable value | None |
+| `SUPER_USER_PASSWORD`               | Used to define the super user password when it's created for the first time | `admin` in Debug mode or None |
+
+#### Database Connection
+|             Parameter               |            Description             |                    Default                |
+|-------------------------------------|------------------------------------|-------------------------------------------|
 | `DATABASE_ENGINE`                   | The database backend to use. (`postgresql`, `mysql`, `sqlite3` or `oracle`) | `` |
 | `DATABASE_NAME`                     | The name of the database to use          | ``                                  |
 | `DATABASE_USER`                     | The username to use when connecting to the database | ``                       |
 | `DATABASE_PASSWORD`                 | The password to use when connecting to the database | ``                       |
 | `DATABASE_HOST`                     | The host to use when connecting to the database | ``                           |
 | `DATABASE_PORT`                     | The port to use when connecting to the database | ``                           |
-| `DEFAULT_ORG`                       | The first organization created in the database  | ``                           |
+
+#### Authentication System
+|             Parameter               |            Description             |                    Default                |
+|-------------------------------------|------------------------------------|-------------------------------------------|
+| `ACCESS_TOKEN_EXPIRE_SECONDS`       | The number of seconds an access token remains valid | 3600                     |
 | `JWT_ISSUER`                        | The name of the JWT issuer               | ``                                  |
 | `JWT_PRIVATE_KEY_RSA_BUILDLY`       | The private RSA KEY                      | ``                                  |
 | `JWT_PUBLIC_KEY_RSA_BUILDLY`        | The public RSA KEY                       | ``                                  |
-| `LDAP_ENABLE`                       | If true, enable LDAP authentication  | False |
-| `LDAP_HOST`                         | The host to use when connecting to the LDAP server | `` |
-| `LDAP_USERNAME`                     | The username to use when connecting to the LDAP server  | `` |
-| `LDAP_PASSWORD`                     | The password to use when connecting to the LDAP server | `` |
-| `LDAP_BASE_DN`                      | The base domain name for search | `` |
-| `LDAP_USERNAME_FIELD_SEARCH`        | The username field used by the LDAP server for search | `` |
 | `OAUTH_CLIENT_ID`                   | Used in combination with OAUTH_CLIENT_SECRET to create OAuth2 password grant | None |
 | `OAUTH_CLIENT_SECRET`               | Used in combination with OAUTH_CLIENT_ID to create OAuth2 password grant | None |
 | `PASSWORD_MINIMUM_LENGTH`           | The minimum length of passwords      | `6` |
-| `SECRET_KEY`                        | Used to provide cryptographic signing, and should be set to a unique, unpredictable value | None |
-| `SOCIAL_AUTH_GITHUB_REDIRECT_URL`   | The redirect URL for GitHub Social auth  | None                                |
-| `SOCIAL_AUTH_GOOGLE_OAUTH2_REDIRECT_URL`  | The redirect URL for Google Social auth  | None                          |
-| `SOCIAL_AUTH_LOGIN_REDIRECT_URL`    | Redirect the user once the auth process ended successfully | None                              |
-| `SOCIAL_AUTH_MICROSOFT_GRAPH_REDIRECT_URL` | The redirect URL for Microsoft graph Social auth | None                 |
-| `SUPER_USER_PASSWORD`               | Used to define the super user password when it's created for the first time | `admin` in Debug mode or None |
 | `USE_PASSWORD_MINIMUM_LENGTH_VALIDATOR`   | Checks whether the password meets a minimum length | True       |
 | `USE_PASSWORD_USER_ATTRIBUTE_SIMILARITY_VALIDATOR`  | Checks the similarity between the password and a set of attributes of the user | True |
 | `USE_PASSWORD_COMMON_VALIDATOR`     | Checks whether the password occurs in a list of common passwords | True |
 | `USE_PASSWORD_NUMERIC_VALIDATOR`    | Checks whether the password isn’t entirely numeric | True |
+| `SOCIAL_AUTH_GITHUB_REDIRECT_URL`   | The redirect URL for GitHub Social auth  | None                                |
+| `SOCIAL_AUTH_GOOGLE_OAUTH2_REDIRECT_URL`  | The redirect URL for Google Social auth  | None                          |
+| `SOCIAL_AUTH_LOGIN_REDIRECT_URL`    | Redirect the user once the auth process ended successfully | None                              |
+| `SOCIAL_AUTH_MICROSOFT_GRAPH_REDIRECT_URL` | The redirect URL for Microsoft graph Social auth | None                 |
 
-Specify each parameter using `-e`, `--env`, and `--env-file` flags to set simple (non-array) environment variables to `docker run`. For example,
+#### LDAP & Active Directory Server
+|             Parameter               |            Description             |                    Default                |
+|-------------------------------------|------------------------------------|-------------------------------------------|
+| `LDAP_ENABLE`                       | If true, enable LDAP authentication  | False |
+| `LDAP_HOST`                         | The host to use when connecting to the LDAP server | `` |
+| `LDAP_USERNAME`                     | The username to use when connecting to the LDAP server  | `` |
+| `LDAP_PASSWORD`                     | The password to use when connecting to the LDAP server | `` |
+| `LDAP_BASE_DN`                      | The base domain name for search | `` |
+| `LDAP_USERNAME_FIELD_SEARCH`        | The username field used by the LDAP server for search | `` |
 
-```bash
-$ docker run -e MYVAR1 --env MYVAR2=foo \
-    --env-file ./env.list \
-    buildly/buildly:<version>
-```
+#### Email Server
+|             Parameter               |            Description             |                    Default                |
+|-------------------------------------|------------------------------------|-------------------------------------------|
+| `EMAIL_BACKEND`                     | If `SMTP`, enable connection to an SMTP Server  | `` |
+| `EMAIL_HOST`                        | The host to use for sending email server | `` |
+| `EMAIL_HOST_USER`                   | The username to use when connecting to the SMTP server  | `` |
+| `EMAIL_HOST_PASSWORD`               | The password to use when connecting to the SMTP server | `` |
+| `EMAIL_PORT`                        | The port to use when connecting to the SMTP Server | `587` |
+| `EMAIL_USE_TLS`                     | Whether to use a TLS connection when talking to the SMTP server | `True` |
+| `EMAIL_SUBJECT_PREFIX`              | Subject-line prefix for email messages sent | `` |
+| `DEFAULT_FROM_EMAIL`                | The email address to be set in messages' FROM | `` |
+| `DEFAULT_REPLYTO_EMAIL`             | The email address to be set in messages' REPLY TO | `` |
 
 ## Built With
 

requirements/base.txt

@@ -3,7 +3,7 @@ django-filter==2.2.0
 django-health-check==3.6.1
 git+https://github.com/buildlyio/django-oauth-toolkit-jwt@v0.5.2#egg=django-oauth-toolkit-jwt
 djangorestframework==3.9.4
-psycopg2-binary==2.8.3
+psycopg2-binary==2.8.6
 social-auth-app-django==3.1.0
 django-oauth-toolkit==1.3.2
 futures==3.1.1