.devcontainer/copy-kube-config.sh

+#!/bin/bash -i
+
+# Copies localhost's ~/.kube/config file into the container and swap out localhost
+# for host.docker.internal whenever a new shell starts to keep them in sync.
+if [ "$SYNC_LOCALHOST_KUBECONFIG" = "true" ] && [ -d "/usr/local/share/kube-localhost" ]; then
+    mkdir -p $HOME/.kube
+    sudo cp -r /usr/local/share/kube-localhost/* $HOME/.kube
+    sudo chown -R $(id -u) $HOME/.kube
+    sed -i -e "s/localhost/host.docker.internal/g" $HOME/.kube/config
+    sed -i -e "s/127.0.0.1/host.docker.internal/g" $HOME/.kube/config
+
+    # If .minikube was mounted, set up client cert/key
+    if [ -d "/usr/local/share/minikube-localhost" ]; then
+        mkdir -p $HOME/.minikube
+        if [ -f "/usr/local/share/minikube-localhost/ca.crt" ]; then
+            sudo cp -r /usr/local/share/minikube-localhost/ca.crt $HOME/.minikube
+        fi
+        # Location varies between versions of minikube
+        if [ -f "/usr/local/share/minikube-localhost/client.crt" ]; then
+            sudo cp -r /usr/local/share/minikube-localhost/client.crt $HOME/.minikube
+            sudo cp -r /usr/local/share/minikube-localhost/client.key $HOME/.minikube
+        elif [ -f "/usr/local/share/minikube-localhost/profiles/minikube/client.crt" ]; then
+            sudo cp -r /usr/local/share/minikube-localhost/profiles/minikube/client.crt $HOME/.minikube
+            sudo cp -r /usr/local/share/minikube-localhost/profiles/minikube/client.key $HOME/.minikube
+        fi
+        sudo chown -R $(id -u) $HOME/.minikube
+
+        # Point .kube/config to the correct locaiton of the certs
+        sed -i -r "s|(\s*certificate-authority:\s).*|\\1$HOME\/.minikube\/ca.crt|g" $HOME/.kube/config
+        sed -i -r "s|(\s*client-certificate:\s).*|\\1$HOME\/.minikube\/client.crt|g" $HOME/.kube/config
+        sed -i -r "s|(\s*client-key:\s).*|\\1$HOME\/.minikube\/client.key|g" $HOME/.kube/config
+    fi
+fi

.devcontainer/devcontainer.json

@@ -4,40 +4,18 @@
 	"name": "TJTS5901 Dev Environment",
 	// Use docker-compose to setup the container
 	// https://code.visualstudio.com/docs/containers/docker-compose
-	"dockerComposeFile": "../docker-compose.yml",
-	"service": "tjts5901-dev",
+	"dockerComposeFile": [
+		"../docker-compose.yml"
+	],
+
+	"service": "tjts5901",
 
 	// Don't start flask app by default.
 	"overrideCommand": true,
 
-	// Alternatively, use `Dockerfile` to build the image.
-	// "build": {
-	// 	"dockerfile": "../Dockerfile",
-	// 	"context": "..",
-	// 	"args": {
-	// 		// Options
-	// 		// Setup the port for Flask. We'll use 5001 to avoid conflicts on Macs.
-	// 		"FLASK_RUN_PORT": "5001",
-	// 		"FLASK_APP": "tjts5901.app"
-	// 	}
-	// },
-
 	// Use /app -folder as a workspace folder. Otherwise it will depend on repository name.
-	//"workspaceMount": "source=${localWorkspaceFolder},target=/app,type=bind,consistency=cached",
 	"workspaceFolder": "/app",
 
-	"mounts": [
-		// Setup mountpoints for accessing secrets and services in host machine
-		// Docker-from-Docker, see https://github.com/microsoft/vscode-dev-containers/blob/main/script-library/docs/docker.md
-		"source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind",
-		// Kubernetes sync, see https://github.com/Microsoft/vscode-dev-containers/tree/main/containers/kubernetes-helm
-		"source=${env:HOME}${env:USERPROFILE}/.kube,target=/usr/local/share/kube-localhost,type=bind",
-		"source=${env:HOME}${env:USERPROFILE}/.minikube,target=/usr/local/share/minikube-localhost,type=bind",
-		// Static volume for vscode extensions
-		"source=tjts5901-vscode-extensions,target=/home/vscode/.vscode-server/extensions,type=volume"
-		// If you wish to maintain history between rebuilds, setup vscode home folder as a volume
-		//"source=tjts5901-vscode-home,target=/home/vscode,type=volume"
-	],
 	"remoteEnv": {
 		// If you do not want to sync your host .kube folder with the devcontainer, set this to false.
 		// https://github.com/Microsoft/vscode-dev-containers/tree/main/containers/kubernetes-helm
@@ -76,14 +54,16 @@
 				},
 				// Enable the terminal to be used as the default shell.
 				"terminal.integrated.shellIntegration.enabled": true,
+				"gitlab.showPipelineUpdateNotifications": true
 			},
 
 			// Add the IDs of extensions you want installed when the container is created.
 			"extensions": [
-				"ms-python.vscode-pylance",
+				"ms-python.python",
 				"ms-azuretools.vscode-docker",
-				"ms-kubernetes-tools.vscode-aks-tools",
-				"redhat.vscode-yaml"
+				"redhat.vscode-yaml",
+				"GitLab.gitlab-workflow",
+				"samuelcolvin.jinjahtml"
 			]
 		}
 	},
@@ -91,9 +71,12 @@
 	// Use 'forwardPorts' to make a list of ports inside the container available locally.
 	// "forwardPorts": [ 5001 ],
 
+	// Uncomment the next line if you want start specific services in your Docker Compose config.
+	// "runServices": [],
+
 	// Use 'postCreateCommand' to run commands after the container is created.
 	// Here we install kube sync support
-	"postCreateCommand": "echo \"source $PWD/.devcontainer/copy-kube-config.sh\" | tee -a $HOME/.bashrc $HOME/.zshrc >> /dev/null",
+	"postCreateCommand": "/bin/sh .devcontainer/post-create.sh",
 
 	// Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
 	"remoteUser": "vscode",
@@ -105,6 +88,8 @@
 			"minikube": "none",
 		},
 		// "terraform": "latest",
-		"azure-cli": "latest"
+		"azure-cli": {
+			"version": "lts"
+		}
 	}
 }

.devcontainer/post-create.sh

+#!/bin/sh
+
+# This file is ran after devcontainer is created.
+
+# Copy kube config to the container
+echo "source $PWD/.devcontainer/copy-kube-config.sh" | tee -a $HOME/.bashrc $HOME/.zshrc >> /dev/null

.gitignore

@@ -164,3 +164,7 @@ cython_debug/
 
 _docs/
 .env
+.DS_Store
+
+# Ignore certificates
+azure-sp.pem

.gitlab-ci.yml

-## Use docker image as a base image.
-image: docker:stable
-
-services:
-  ## Allow building docker images inside of docker. Notice that it's different
-  ## from Docker-from-Docker. https://docs.gitlab.com/ee/ci/docker/using_docker_build.html
-  - docker:dind
-
+## Stage names in the pipeline.
 stages:
   - build
+  - test
+  - staging
+  - smoketest
   - deploy
 
-## Setup cache path for PIP packages.
-## See: https://docs.gitlab.com/ee/ci/caching/#cache-python-dependencies
-cache:
-  paths:
-    - .cache/pip
-
-
 variables:
   ## Name for the generated image. Change this if you wish, but watch out
-  ## for special characters!
-  IMAGE_NAME: tjts5901
+  ## for special characters and spaces!
+  DOCKER_IMAGE_NAME: ${DOCKER_REGISTRY}/tjts5901
+  DOCKER_TAG: ${CI_COMMIT_REF_SLUG}
 
-  ## (Optional) More verbose output from pipeline
+  ## (Optional) More verbose output from pipeline. Enabling it might reveal secrets.
   #CI_DEBUG_TRACE: "true"
 
-  # shared volume for docker-in-docker
-  DOCKER_TLS_CERTDIR: "/certs"
-
-  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
+include:
+  - template: Jobs/SAST.gitlab-ci.yml
 
-## Build docker image
+## Use buildkit to build the container.
+## Buildkit: https://github.com/moby/buildkit
+## Example gitlab-ci buildkit template: https://gitlab.com/txlab/ci-templates
 build:
   stage: build
-  script:
-    ## Build a new image, pulling the latest base, and tag it.
-    ## If --pull is ommited, base from local is used.
-    - docker build --pull -t $IMAGE_NAME .
-
-## Build course documentation. You might not need this stage.
-pages:
-  stage: build
+  image:
+    name: moby/buildkit:v0.10.6-rootless
+    entrypoint: [ "sh", "-c" ]
+  variables:
+    BUILDKITD_FLAGS: --oci-worker-no-process-sandbox
 
-  ## Use build from previous stage as base image.
-  dependencies:
-    - build
-  image: $IMAGE_NAME
+  before_script:
+    ## Make some checks that Docker credentials are configured.
+    - test -z "${DOCKER_REGISTRY}" && (echo "Missing required variable DOCKER_REGISTRY. See 'Pipeline setup.md'"; exit 1)
+    - test -z "${DOCKER_AUTH_CONFIG}" && (echo "Missing required variable DOCKER_AUTH_CONFIG. See 'Pipeline setup.md'"; exit 1)
+    - test -z "${DOCKER_IMAGE_NAME}" && (echo "Missing image name variable."; exit 1)
+    ## Save docker login credentials from gitlab into a place where buildkit is looking for them.
+    - mkdir -p ${HOME}/.docker && echo "${DOCKER_AUTH_CONFIG}" > "${HOME}/.docker/config.json"
+    ## Simple check that the registry exists in login information
+    - grep "\\b${DOCKER_REGISTRY}\\b" "${HOME}/.docker/config.json" || (echo "Could not find docker registry in docker login information. Check DOCKER_AUTH_CONFIG"; exit 1)
 
   script:
-    ## Install `mkdocs` and generate HTML documentation.
-    - pip install .[docs]
-    - mkdocs build -f docs/mkdocs.yml
+    # Build the image, and push it to registry.
+    - |
+      buildctl-daemonless.sh build  --progress=plain \
+          --frontend=dockerfile.v0 \
+          --local context=. \
+          --local dockerfile=. \
+          --opt build-arg:CI_COMMIT_SHA=${CI_COMMIT_SHA} \
+          --output type=image,name=${DOCKER_IMAGE_NAME}:${DOCKER_TAG},push=true
+
+
+sast:
+    ## Static Application Security Test
+    ## You can override the included template(s) by including variable overrides
+    ## SAST customization:
+    ##   https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+    stage: test
+
+
+## Run the tests. If any of the tests fails, pipeline is rejected.
+test:
+  ## Optional: include stage and environment name
+  stage: test
+  image: ${DOCKER_IMAGE_NAME}:${DOCKER_TAG}
+  variables:
+    ## Setup variable pointin to mongo service
+    ## Notice: the `mongo` address might not work.
+    MONGO_URL: mongodb://mongo/tjts5901-test
+
+  ## When job is started, also start these things
+  services:
+    - name: mongo:4.2  # update to reflect same version used on production
+      alias: mongo
+  script:
+      - pip install --disable-pip-version-check -e /app[test]
+      ## Run tests with coverage reporting
+      - coverage run -m pytest
+      ## Run basic reporting for badge
+      - coverage report
+      ## Generate detailed report for gitlab annotations.
+      - coverage xml -o coverage.xml
+
+  coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
   artifacts:
-    ## Artifacts are sent to gitlab, and accessible from there.
-    paths:
-      - _docs/
+    reports:
+      coverage_report:
+        coverage_format: cobertura
+        path: coverage.xml
+
+
+## Job to setup new staging job.
+deploy to staging:
+    stage: staging
+    ## Only run this stage when main branch receives changes.
+    only:
+        - main
+
+    ## Use microsoft provided azure cli image, that contains az cli.
+    image: mcr.microsoft.com/azure-cli
+
+    ## Setup the environment variables. The can be accessed through the gitlab 
+    ## Deployments -> Environments. Generates url based on the app and branch name.
+    environment:
+        name: $CI_JOB_STAGE
+        url: https://${AZURE_APP_NAME}-${CI_ENVIRONMENT_SLUG}.azurewebsites.net
+
+    before_script:
+        ## Make sanity check that gitlab variables stage is done.
+        - test -z "${AZURE_SP_NAME}" && (echo "Missing required variable AZURE_SP_NAME. See 'Staging.md'"; exit 1)
+        - test -f "${AZURE_SP_CERT}" || ( echo "AZURE_SP_CERT (${AZURE_SP_CERT}) file is missing!"; exit 1)
+
+        - test -z "${AZURE_APP_NAME}" && (echo "Missing required variable AZURE_APP_NAME. See 'Staging.md'"; exit 1)
+        - test -z "${AZURE_RESOURCE_GROUP}" && (echo "Missing required variable DOCKER_AUTH_CONFIG. See 'Staging.md'"; exit 1)        
+        
+        ## Login into azure
+        - az login --service-principal -u "${AZURE_SP_NAME}" -p "${AZURE_SP_CERT}" --tenant "jyu.onmicrosoft.com"
+
+    script:
+        ## Create staging slot and copy settings from production
+        - |
+          az webapp deployment slot create -n "$AZURE_APP_NAME" -g "$AZURE_RESOURCE_GROUP" \
+            --slot "$CI_ENVIRONMENT_SLUG" --configuration-source "$AZURE_APP_NAME"
 
-  rules:
-    ## Setup rule so this job is only run on "main" branch
-    - if: $CI_COMMIT_BRANCH == "main"
+        ## TODO: Create a snapshot of database, and use it.
 
-  ## Mark this stage as an "production" environment.
-  environment: production
+        ## If you need to change settings see: https://docs.microsoft.com/en-us/cli/azure/webapp/config/appsettings
 
-## Push image to container registry
-push-image:
+        ## Change container tag to reflect branch we're running on
+        - |
+          az webapp config container set -n "$AZURE_APP_NAME" -g "$AZURE_RESOURCE_GROUP" \
+            --docker-custom-image-name "${DOCKER_IMAGE_NAME}:${DOCKER_TAG}" -s "$CI_ENVIRONMENT_SLUG"
+
+        ## In case slot already existed, restart the slot
+        - az webapp restart -n "$AZURE_APP_NAME" -g "$AZURE_RESOURCE_GROUP" -s "$CI_ENVIRONMENT_SLUG"
+
+        ## Restart is not immediate, it takes a sec or two, depending on container changes.
+        - sleep 20
+
+        ## Store server info as artifact for prosperity
+        - curl "$CI_ENVIRONMENT_URL/server-info" -o server-info.json
+
+    artifacts:
+        paths:
+            - server-info.json
+
+
+## Run smoketest to check that staging app is responding as expected.
+staging smoketest:
+    stage: smoketest
+    image: ${DOCKER_IMAGE_NAME}:${DOCKER_TAG}
+    environment:
+        name: staging
+        url: https://${AZURE_APP_NAME}-${CI_ENVIRONMENT_SLUG}.azurewebsites.net
+
+    only:
+        - main
+
+    script:
+        - pip install --disable-pip-version-check -e .[test]
+        ## Environment url can be inherited from CI_ENVIROMNENT_URL, which is one defined
+        ## in the `environment.url:`. Using it here explicitly.
+        - echo "Testing againsta deployment address ${CI_ENVIROMNENT_URL}"
+        - pytest -v --environment-url="${CI_ENVIROMNENT_URL}" tests/test_smoke.py
+
+
+## Push latest image into registry with the `latest` tag.
+docker tag latest:
   stage: deploy
-  dependencies:
-    - build
-  image: docker:stable
 
-  before_script:
-    ## Make some checks that Docker credentials are configured.
-    - test -z "${DOCKER_REGISTRY}" && (echo "Missing required variable DOCKER_REGISTRY. See 'Pipeline setup.md'"; exit 1)
-    - test -z "${DOCKER_AUTH_CONFIG}" && (echo "Missing required variable DOCKER_AUTH_CONFIG. See 'Pipeline setup.md'"; exit 1)
+  environment:
+    name: production
 
+  image: docker:20.10.23
+  only:
+    - main
   script:
-    ## Tag the build image for registry, and push it.
-    - docker tag "${IMAGE_NAME}" "${DOCKER_REGISTRY}:${IMAGE_NAME}"
-    - docker push "${DOCKER_REGISTRY}:${IMAGE_NAME}"
+    ## Copy credentials to container
+    - mkdir -p ${HOME}/.docker && echo "${DOCKER_AUTH_CONFIG}" > "${HOME}/.docker/config.json"
+    ## Add the `latest` tag to the image we have build.
+    - docker buildx imagetools create ${DOCKER_IMAGE_NAME}:${DOCKER_TAG} --tag ${DOCKER_IMAGE_NAME}:latest
+
+
+## Swap the production and staging slots around.
+staging to production:
+    stage: deploy
+    ## Only run this stage when main branch receives changes.
+    only:
+        - main
+
+    ## Use microsoft provided azure cli image, that contains az cli.
+    image: mcr.microsoft.com/azure-cli
+
+    environment:
+        name: production
+        url: https://${AZURE_APP_NAME}.azurewebsites.net/
+
+    before_script:
+        ## Login into azure
+        - az login --service-principal -u "${AZURE_SP_NAME}" -p "${AZURE_SP_CERT}" --tenant "jyu.onmicrosoft.com"
+
+    script:
+        ## Swap production and staging slots.
+        - az webapp deployment slot swap -g "$AZURE_RESOURCE_GROUP" -n "$AZURE_APP_NAME" -s staging --target-slot production

.gitlab/issue_templates/Default.md

+## Summary
+
+Briefly describe the issue and its impact on the project concisely.
+
+
+## Steps to Reproduce
+
+1. List the steps to reproduce the issue
+2. Provide any relevant details such as browser, device, version, etc.
+
+
+## Expected Outcome
+
+What should happen after following the steps?
+
+
+## Actual Outcome
+
+What actually happens after following the steps?
+
+
+## Additional Context
+
+- Include any relevant screenshots, logs, or code snippets
+- Indicate if the issue occurs only in certain conditions, environments, or browsers
+
+
+## Possible fixes
+
+If you are familiar with the issue and in a position to help, it would be appreciated!
+
+
+/label ~bug

.gitlab/issue_templates/User Story.md

+### As a ...
+
+(user role)
+
+### I want to ...
+
+(goal)
+
+### So that ...
+
+(benefit)
+
+
+### I know I'm done when ...
+
+(the thing does thang)
+
+
+
+/label ~"User Story"

.gitmodules

 [submodule "docs/tjts5901"]
 	path = docs/tjts5901
-	url = git@gitlab.jyu.fi:startuplab/courses/tjts5901-continuous-software-engineering/docs.git
+	url = https://gitlab.jyu.fi/startuplab/courses/tjts5901-continuous-software-engineering/docs.git

.vscode/extensions.json

 {
     "recommendations": [
         "ms-vscode-remote.remote-containers",
-        "GitLab.gitlab-workflow",
-        "shd101wyy.markdown-preview-enhanced",
-        "samuelcolvin.jinjahtml"
     ]
 }
\ No newline at end of file

.vscode/settings.json

-{
-    "terminal.integrated.shellIntegration.enabled": true,
-    "grammarly.files.include": [
-        "**/readme.md",
-        "**/README.md",
-        "**/*.txt",
-        "*.md"
-    ],
-    "grammarly.selectors": [
-        {
-            "language": "markdown",
-            "scheme": "file"
-        }
-    ]
-}

.vscode/tasks.json

 {
 	"version": "2.0.0",
 	"tasks": [
-		{
-			"type": "docker-build",
-			"label": "Docker Build",
-			"platform": "python",
-			"dockerBuild": {
-				"tag": "tjts5901:latest",
-				"dockerfile": "${workspaceFolder}/Dockerfile",
-				"context": "${workspaceFolder}",
-				"pull": true
-			},
-			"problemMatcher": [],
-			"group": {
-				"kind": "build",
-				"isDefault": true
+			{
+				"label": "Build Documentation",
+				"type": "shell",
+				"command": "pip install .[docs] && mkdocs build -f docs/mkdocs.yml",
+				"problemMatcher": []
 			}
-		},
-		{
-			"label": "Build Documentation",
-			"type": "shell",
-			"command": "pip install .[docs] && mkdocs build -f docs/mkdocs.yml",
-			"problemMatcher": []
-		}
 	]
 }
\ No newline at end of file

Dockerfile

-## Template project uses python image provided by Microsoft. It contains additional tools for development, such as pylint, flake8, etc.
-## If team elects to use different image, this file should be updated accordingly. Example for using official node:
-##   FROM node:14-bullseye
-## You can devcontainer templates for other languages here:
+## Template project uses python image provided by Microsoft. It contains additional tools for
+## development, such as pylint, flake8, etc.
+## If team elects to use different image, this file should be updated accordingly. Example for
+## using official node: `FROM node:14-bullseye`
+## You can find devcontainer templates for other languages here:
 ## https://github.com/microsoft/vscode-dev-containers/tree/main/containers
 
 ## It would be smart to separate development stuff from production stuff, but for now
 ## this is enough (fore-shadowing).
-## How to create deriative image: https://docs.docker.com/build/building/multi-stage/
-FROM mcr.microsoft.com/vscode/devcontainers/python:3.11-bullseye
+## How to create deriative/multi-stage image: https://docs.docker.com/build/building/multi-stage/
+FROM mcr.microsoft.com/vscode/devcontainers/python:3.10-bullseye
+
+## [Optional] Look into using jemalloc with python for more efficient memory management
 
 ## Turns off buffering for easier container logging
 ENV PYTHONUNBUFFERED=1
 
 ## Set static working directory. By default, it is set to /workspaces/<project-name> by
-## vscode devcontainer.
+## vscode.
 WORKDIR /app
 
 ## Declare default flask app as environment variable
 ## https://flask.palletsprojects.com/en/2.2.x/cli/
-ARG FLASK_APP=tjts5901.app
+ARG FLASK_APP=tjts5901.app:flask_app
 ENV FLASK_APP=${FLASK_APP}
 
 ## Setup the default port for flask to listen on
@@ -26,28 +29,50 @@ ARG FLASK_RUN_PORT=5001
 ENV FLASK_RUN_PORT=${FLASK_RUN_PORT}
 
 ## Run Flask app when container started, and listen all the interfaces
-CMD flask run --host=0.0.0.0 # --port=${FLASK_RUN_PORT} --app=${FLASK_APP}}
+## Note: CMD doesn't run command in build, but defines an starting command
+## when container is started (or arguments for ENTRYPOINT).
+#CMD flask run --host=0.0.0.0 # --port=${FLASK_RUN_PORT} --app=${FLASK_APP}
+CMD gunicorn --bind "0.0.0.0:${FLASK_RUN_PORT}" "${FLASK_APP}"
 
 ## Examples for other commands:
 ## Run nothing, so that the container can be used as a base image
 #CMD ["bash", "-c", "sleep infinity"]
 ## Run Flask app using Gunicorn, which unlike Flask, doesn't complain about being development thing.
-#CMD gunicorn --bind "0.0.0.0:${PORT}"" tjts5901.app:app
 
+## Install requirements using pip. This is done before copying the app, so that
+## requirements layer is cached. This way, if app code changes, only app code is
+## copied, and requirements are not re-installed.
+COPY requirements.txt /tmp/pip-tmp/
+RUN pip --disable-pip-version-check install -r /tmp/pip-tmp/requirements.txt && \
+    rm -rf /tmp/pip-tmp
 
-## Copy app to workspace folder, and install requirements
+## Copy app to WORKDIR folder
 COPY . .
-RUN pip --disable-pip-version-check --no-cache-dir install -r requirements.txt
 
-## Install self as editable module. In a long run it would be recommeded
+## Compile translations before installing app. This is done to make sure that
+## translations are compiled before app is installed.
+RUN pybabel compile -f -d src/tjts5901/translations/
+
+## Install self as editable (`-e`) module. In a long run it would be recommeded
 ## to remove `COPY` and only install app as a package.
 RUN pip --disable-pip-version-check install -v -e .
 
+## If defined, copy commit id to app environment. This is used to identify
+## which version of the app is running.
+ARG CI_COMMIT_SHA
+ENV CI_COMMIT_SHA=${CI_COMMIT_SHA}
+
+## Download the currency exchange rates from European Central Bank
+RUN flask update-currency-rates
+
+## Save build date and time
+RUN echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> /app/.env
+
 ## To prevent vscode constantly re-installing extensions, we need to create a folder for it.
 ## In devcontainer.json, we mount volume to this folder so that extensions are not lost.
 ## Create vscode extension folder, and change ownership of it.
 ARG USERNAME=vscode
-RUN test ! -z "{$USERNAME}" && mkdir -p /home/${USERNAME}/.vscode-server/extensions && \
+RUN test ! -z "${USERNAME}" && mkdir -p /home/${USERNAME}/.vscode-server/extensions && \
     chown -R $USERNAME /home/$USERNAME/.vscode-server
 
 ## [Optional] Uncomment this section to install additional OS packages.

README.md

 # TJTS5901 Course Template Project
 
-This is the template for 2023 TJTS5901 Continuous Software Engineering -course.
+Project template for 2023 TJTS5901 Continuous Software Engineering -course.
 
-Sisu: <https://sisu.jyu.fi/student/courseunit/otm-38b7f26b-1cf9-4d2d-a29b-e1dcb5c87f00>
-Moodle: <https://moodle.jyu.fi/course/view.php?id=20888>
+- Sisu: <https://sisu.jyu.fi/student/courseunit/otm-38b7f26b-1cf9-4d2d-a29b-e1dcb5c87f00>
+- Moodle: <https://moodle.jyu.fi/course/view.php?id=20888>
+
+To get started with the project, see [`week_1.md`](./week_1.md)
+
+The application is deployed at <https://tjts5901-app.azurewebsites.net>
 
 ## Start the app
 
-Repository provides an `docker-compose` file to start the app:
+Repository provides an `docker-compose` file to start the app. Edit `docker-compose.yml` to uncomment the ports, and run:
 
 ```sh
 docker-compose up --build tjts5901
@@ -21,3 +25,8 @@ docker run -it -p 5001:5001 -e "FLASK_DEBUG=1" -v "${PWD}:/app" tjts5901
 ```
 
 Please see the `docs/tjts5901` folder for more complete documentation.
+
+
+## Reporting issues and bugs
+
+To report bugs, please use [the project "issues" form](https://gitlab.jyu.fi/startuplab/courses/tjts5901-continuous-software-engineering/TJTS5901-K23_template/-/issues/new?issuable_template=Default)

babel.cfg

+[python: **.py]
+[jinja2: **/templates/**.html]

deployment.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: tjts5901-service
+spec:
+  selector:
+    app: tjts5901-app
+  ports:
+  - protocol: "TCP"
+    port: 80
+    targetPort: 5001
+  type: LoadBalancer
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tjts5901-app
+spec:
+  selector:
+    matchLabels:
+      app: tjts5901-app
+  replicas: 2
+  template:
+    metadata:
+      labels:
+        app: tjts5901-app
+    spec:
+      containers:
+      - name: tjts5901-app
+        image: tjts5901k23.azurecr.io/tjts5901
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 5001

docker-compose.yml

 # Defines the application's Docker image and additional services
 # https://docs.docker.com/compose/compose-file/
 # To run using docker-compose, use the command:
-#   docker-compose up --build tjt5901-app
+#   docker-compose up --build tjts5901
 
 version: '3'
 services:
@@ -10,30 +10,40 @@ services:
       context: .
       dockerfile: Dockerfile
 
-    # Ports to expose to the host.
-    ports:
-      - 5001:5001
+    working_dir: /app
+
+    # Ports to expose to the host. Uncomment if running outside of vscode.
+    # ports:
+      # - 5001:5001
 
     # Volumes to mount from the host.
-    #volumes:
-      #- .:/app:cached
-      # Include system timezone information, so container doesn't use UTC
-      #- /etc/timezone:/etc/timezone:ro
-      - /etc/localtime:/etc/localtime:ro
+    volumes:
+      # Mount local source folder into container
+      - .:/app
+      # Add volume for vscode extensions
+      - tjts5901-vscode-extensions:/home/vscode/.vscode-server/extensions
+      # mountpoints for kubernetes syncing.
+      - ${HOME}/.kube:/usr/local/share/kube-localhost:cached
+      - ${HOME}/.minikube:/usr/local/share/minikube-localhost:cached
 
     environment:
-      #- FLASK_APP=tjt5901:app
-      #- FLASK_DEBUG=1
-      - FLASK_RUN_PORT=5001
+      #FLASK_APP: tjt5901:app
+      FLASK_DEBUG: 1
+      #FLASK_RUN_PORT: 5001
 
     ## Don't restart container if it exits. Useful for debugging, not for production.
     restart: 'no'
 
-    ## Override the default command.
-    #command: /bin/sh -c "sleep inf"
+    ## Start a mongodb container and link it to the app container
+    depends_on:
+      - mongodb
 
+  # MongoDB container
+  mongodb:
+    image: mongo:4.2
+    restart: unless-stopped
+    ports:
+      - 27017:27017
 
-  # Example for another service, such as a database.
-  # mongodb:
-  #   image: mongo:stable
-  #   restart: unless-stopped
+volumes:
+  tjts5901-vscode-extensions:

docs/macros.py

+"""
+Hack to get the hosted gitlab magiclink extension to work with mkdocs.
+
+See: https://github.com/facelessuser/pymdown-extensions/issues/933
+"""
+import pymdownx.magiclink
+base_url = "https://gitlab.jyu.fi"
+pymdownx.magiclink.PROVIDER_INFO["gitlab"].update({
+    "url": base_url,
+    "issue": "%s/{}/{}/issues/{}" % base_url,
+    "pull": "%s/{}/{}/merge_requests/{}" % base_url,
+    "commit": "%s/{}/{}/commit/{}" % base_url,
+    "compare": "%s/{}/{}/compare/{}...{}" % base_url,
+})
+
+def define_env(env):
+    pass

docs/mkdocs.yml

@@ -7,6 +7,7 @@
 
 site_name: JYU TJTS5901 Course Documentation
 site_author: University of Jyväskylä / StartupLab
+copyright: © Copyright 2023 - <a href="https://www.jyu.fi">University of Jyväskylä</a> - This work is licensed under a <a rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/">Creative Commons Attribution-ShareAlike 4.0 International</a>.
 
 theme: 
   name: material
@@ -22,7 +23,7 @@ theme:
 
   logo: https://gitlab.jyu.fi/uploads/-/system/appearance/header_logo/1/jyu-logo3.png
   icon:
-    repo: fontawesome/brands/gitlab
+    repo: material/file-document
 
 extra_css:
   - jyu-stylesheet.css
@@ -50,12 +51,26 @@ markdown_extensions:
   - pymdownx.emoji:
       emoji_index: !!python/name:materialx.emoji.twemoji
       emoji_generator: !!python/name:materialx.emoji.to_svg
+  - pymdownx.magiclink:
+      user: startuplab/courses/tjts5901-continuous-software-engineering
+      repo: TJTS5901-K23_template
+      provider: gitlab
+
+      repo_url_shortener: true
+      repo_url_shorthand: true
+
 plugins:
   - offline
   - search
   - git-revision-date-localized:
       type: date
       fallback_to_build_date: true
+  - macros:
+      module_name: macros
+      # Change to something else
+      j2_variable_start_string: "{j2{"
+      j2_variable_end_string: "}j2}"
+
 
 extra:
   social:
@@ -69,4 +84,6 @@ extra:
       link: https://sisu.jyu.fi/student/courseunit/otm-38b7f26b-1cf9-4d2d-a29b-e1dcb5c87f00
       text: Sisu
     - icon: fontawesome/brands/discord
-      link: http://discord.com
+      link: https://discord.gg/QfbAjzxJYd
+    - icon: simple/zoom
+      link: https://jyufi.zoom.us/j/64685455360

docs/reporting.md

+# Weekly assignment - documentation / reporting requirements
+
+All the code in JYU Gitlab should be well documented.
+i.e. by reading your code, the reader understands what you have done based on the documentation without the need for further explanation.
+
+In addition, create a weekly `.md` text file in `docs/` -folder, in which everyone on team will report:
+ - The tasks that they have performed. Everyone on the team should do it themselves.
+ - How have the team addressed top 10 web application security risks (OWASP)? Choose at least 5 most applicable.
+
+You can use markdown syntax and link appropriate commits, merges, issues and such – or not. To learn more about GitLab flavored markdown, see: <https://docs.gitlab.com/ee/user/markdown.html>

tjts5901 @ 62a7449a

-Subproject commit 7404d80e1d396e929e8bb5991156eee2e9845f7a
+Subproject commit 62a7449aafd328dbdf788a214899437809b9ff71