new dockerfile

.gitignore

@@ -1,33 +1,7 @@
-# Local .terraform directories
-**/.terraform/*
-.idea
+# Ignore npm installed packages
+/node_modules
 
-# .tfstate files
-*.tfstate
-*.tfstate.*
+# Ignore coverage reports
+/coverage
 
-# Crash log files
-crash.log
-
-# Ignore any .tfvars files that are generated automatically for each Terraform run. Most
-# .tfvars files are managed as part of configuration and so should be included in
-# version control.
-#
-# example.tfvars
-
-# Ignore override files as they are usually used to override resources locally and so
-# are not checked in
-override.tf
-override.tf.json
-*_override.tf
-*_override.tf.json
-credentials.json
-*.tfbackend
-*.tfvars
-
-# Include override files you do wish to add to version control using negated pattern
-#
-# !example_override.tf
-
-# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
-# example: *tfplan*
+.idea

ansible/blocks.yml

@@ -0,0 +1,30 @@
+---
+
+- name: Verify tests
+  hosts: all
+  gather_facts: False
+  tasks:
+    - name: Install, configure, and start Apache
+      block:
+        - name: Install httpd and memcached
+          ansible.builtin.yum:
+            name:
+              - httpd
+              - memcached
+            sslverify: False
+            state: latest
+
+        - name: Apply the foo config template
+          ansible.builtin.template:
+            src: templates/src.j2
+            dest: /etc/foo.conf
+
+        - name: Start service bar and enable it
+          ansible.builtin.service:
+            name: bar
+            state: started
+            enabled: True
+      when: ansible_facts['distribution'] == 'CentOS'
+      become: true
+      become_user: root
+      ignore_errors: true

ansible/fail.yaml

@@ -0,0 +1,29 @@
+---
+- name: Verify tests
+  hosts: all
+  gather_facts: False
+  tasks:
+    - name: Install, configure, and start Apache
+      block:
+        - name: Install httpd and memcached
+          ansible.builtin.yum:
+            name:
+              - httpd
+              - memcached
+            sslverify: False
+            state: latest
+
+        - name: Apply the foo config template
+          ansible.builtin.template:
+            src: templates/src.j2
+            dest: /etc/foo.conf
+
+        - name: Start service bar and enable it
+          ansible.builtin.service:
+            name: bar
+            state: started
+            enabled: True
+      when: ansible_facts['distribution'] == 'CentOS'
+      become: true
+      become_user: root
+      ignore_errors: true

ansible/nested_blocks.yml

@@ -0,0 +1,34 @@
+---
+
+- name: Verify tests
+  hosts: all
+  gather_facts: False
+  tasks:
+    - name: 1st level block
+      block:
+        - name: 2nd level block
+          block:
+            - name: 3rd level block
+              block:
+                - name: 4th level block
+                  block:
+                    - name: 5th level block
+                      block:
+                        - name: 6th level uri
+                          ansible.builtin.uri:
+                            url: https://www.example.com
+                    - name: 5th level uri
+                      ansible.builtin.uri:
+                        url: https://www.example.com
+                - name: 4th level uri
+                  ansible.builtin.uri:
+                    url: https://www.example.com
+            - name: 3rd level uri
+              ansible.builtin.uri:
+                url: https://www.example.com
+        - name: 2nd level uri
+          ansible.builtin.uri:
+            url: https://www.example.com
+    - name: 1st level uri
+      ansible.builtin.uri:
+        url: https://www.example.com

ansible/no_tasks.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Sample play
+  hosts:
+    - test
+  roles:
+    - role: somerole

ansible/site.yml

@@ -0,0 +1,21 @@
+---
+
+- name: Verify tests
+  hosts: all
+  gather_facts: False
+  tasks:
+    - name: Get Running instance Info
+      amazon.aws.ec2_instance_info:
+      register: ec2info
+
+    - name: enabled
+      amazon.aws.ec2_instance:
+        name: "public-compute-instance"
+        key_name: "prod-ssh-key"
+        vpc_subnet_id: subnet-5ca1ab1e
+        instance_type: c5.large
+        security_group: default
+        network:
+          assign_public_ip: true
+        image_id: ami-123456
+        ebs_optimized: true

ansible/skip.yml

@@ -0,0 +1,31 @@
+- hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Launch ec2 instances 1
+      #checkov:skip=CKV_AWS_135
+      amazon.aws.ec2_instance:
+        name: "bc-office-hours"
+        vpc_subnet_id: subnet-012d94ee641ab4277
+        instance_type: t3.micro
+        security_group: sg-04acc4e02a5b71244
+        image_id: "{{ ami_latest.image_id }}"
+        state: running
+
+    - name: Launch ec2 instances 2
+      amazon.aws.ec2_instance:
+        #checkov:skip=CKV_AWS_88
+        name: "bc-office-hours"
+        vpc_subnet_id: subnet-012d94ee641ab4277
+        instance_type: t3.micro
+        security_group: sg-04acc4e02a5b71244
+        image_id: "{{ ami_latest.image_id }}"
+        state: running
+
+    - name: http
+      #checkov:skip=CKV2_ANSIBLE_1
+      uri:
+        url: http://www.example.com
+        return_content: yes
+      register: this
+      failed_when: "'AWESOME' not in this.content"
+

ansible/tasks.yml

@@ -0,0 +1,12 @@
+---
+
+- name: Check that you can connect (GET) to a page
+  uri:
+    url: https://www.example.com
+
+- name: Download foo.conf
+  ansible.builtin.get_url:
+    url: https://example.com/path/file.conf
+    dest: /etc/foo.conf
+    mode: '0440'
+    validate_certs: false

docker/dockerfile

@@ -0,0 +1,15 @@
+FROM node:12-alpine
+ENV NODE_ENV "production"
+ENV PORT 8079
+EXPOSE 8079
+RUN addgroup mygroup && adduser -D -G mygroup myuser && mkdir -p /usr/src/app && chown -R myuser /usr/src/app
+# Prepare app directory
+WORKDIR /usr/src/app
+COPY package.json /usr/src/app/
+COPY yarn.lock /usr/src/app/
+RUN chown myuser /usr/src/app/yarn.lock
+USER myuser
+RUN yarn install
+COPY . /usr/src/app
+# Start the app
+CMD ["/usr/local/bin/npm", "start"]