├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── custom.md │ └── feature_request.md └── workflows │ ├── alibabacloud.yml │ ├── aws.yml │ ├── codacy.yml │ ├── defender-for-devops.yml │ ├── django.yml │ ├── docker-image.yml │ ├── docker-publish.yml │ ├── generator-generic-ossf-slsa3-publish.yml │ ├── google.yml │ ├── greetings.yml │ ├── ibm.yml │ ├── jekyll.yml │ ├── label.yml │ ├── manual.yml │ ├── npm-publish.yml │ ├── pylint.yml │ ├── python-app.yml │ ├── python-package-conda.yml │ ├── python-publish.yml │ ├── stale.yml │ └── tencent.yml ├── .gitignore ├── .whitesource ├── Dockerfile ├── LICENSE ├── LICENSE.md ├── README.md ├── docker-compose.yml ├── nPinA.jpeg ├── requirements.txt ├── src ├── ai_consensus.py ├── app.py ├── cryptography.py └── distributed_ledger.py ├── tests ├── __init__.py ├── test_ai_consensus.py ├── test_cryptography.py └── test_distributed_ledger.py └── utils ├── __init__.py ├── data_processing.py └── model_training.py /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Browser [e.g. chrome, safari] 29 | - Version [e.g. 22] 30 | 31 | **Smartphone (please complete the following information):** 32 | - Device: [e.g. iPhone6] 33 | - OS: [e.g. iOS8.1] 34 | - Browser [e.g. stock browser, safari] 35 | - Version [e.g. 22] 36 | 37 | **Additional context** 38 | Add any other context about the problem here. 39 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/custom.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Custom issue template 3 | about: Describe this issue template's purpose here. 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | 11 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/workflows/alibabacloud.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build and push a new container image to Alibaba Cloud Container Registry (ACR), 2 | # and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when there is a push to the "main" branch. 3 | # 4 | # To use this workflow, you will need to complete the following set-up steps: 5 | # 6 | # 1. Create an ACR repository to store your container images. 7 | # You can use ACR EE instance for more security and better performance. 8 | # For instructions see https://www.alibabacloud.com/help/doc-detail/142168.htm 9 | # 10 | # 2. Create an ACK cluster to run your containerized application. 11 | # You can use ACK Pro cluster for more security and better performance. 12 | # For instructions see https://www.alibabacloud.com/help/doc-detail/95108.htm 13 | # 14 | # 3. Store your AccessKey pair in GitHub Actions secrets named `ACCESS_KEY_ID` and `ACCESS_KEY_SECRET`. 15 | # For instructions on setting up secrets see: https://developer.github.com/actions/managing-workflows/storing-secrets/ 16 | # 17 | # 4. Change the values for the REGION_ID, REGISTRY, NAMESPACE, IMAGE, ACK_CLUSTER_ID, and ACK_DEPLOYMENT_NAME. 18 | # 19 | 20 | name: Build and Deploy to ACK 21 | 22 | on: 23 | push: 24 | branches: [ "main" ] 25 | 26 | # Environment variables available to all jobs and steps in this workflow. 27 | env: 28 | REGION_ID: cn-hangzhou 29 | REGISTRY: registry.cn-hangzhou.aliyuncs.com 30 | NAMESPACE: namespace 31 | IMAGE: repo 32 | TAG: ${{ github.sha }} 33 | ACK_CLUSTER_ID: clusterID 34 | ACK_DEPLOYMENT_NAME: nginx-deployment 35 | 36 | ACR_EE_REGISTRY: myregistry.cn-hangzhou.cr.aliyuncs.com 37 | ACR_EE_INSTANCE_ID: instanceID 38 | ACR_EE_NAMESPACE: namespace 39 | ACR_EE_IMAGE: repo 40 | ACR_EE_TAG: ${{ github.sha }} 41 | 42 | permissions: 43 | contents: read 44 | 45 | jobs: 46 | build: 47 | runs-on: ubuntu-latest 48 | environment: production 49 | 50 | steps: 51 | - name: Checkout 52 | uses: actions/checkout@v4 53 | 54 | # 1.1 Login to ACR 55 | - name: Login to ACR with the AccessKey pair 56 | uses: aliyun/acr-login@v1 57 | with: 58 | region-id: "${{ env.REGION_ID }}" 59 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 60 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 61 | 62 | # 1.2 Build and push image to ACR 63 | - name: Build and push image to ACR 64 | run: | 65 | docker build --tag "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" . 66 | docker push "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" 67 | 68 | # 1.3 Scan image in ACR 69 | - name: Scan image in ACR 70 | uses: aliyun/acr-scan@v1 71 | with: 72 | region-id: "${{ env.REGION_ID }}" 73 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 74 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 75 | repository: "${{ env.NAMESPACE }}/${{ env.IMAGE }}" 76 | tag: "${{ env.TAG }}" 77 | 78 | # 2.1 (Optional) Login to ACR EE 79 | - uses: actions/checkout@v4 80 | - name: Login to ACR EE with the AccessKey pair 81 | uses: aliyun/acr-login@v1 82 | with: 83 | login-server: "https://${{ env.ACR_EE_REGISTRY }}" 84 | region-id: "${{ env.REGION_ID }}" 85 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 86 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 87 | instance-id: "${{ env.ACR_EE_INSTANCE_ID }}" 88 | 89 | # 2.2 (Optional) Build and push image ACR EE 90 | - name: Build and push image to ACR EE 91 | run: | 92 | docker build -t "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" . 93 | docker push "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" 94 | # 2.3 (Optional) Scan image in ACR EE 95 | - name: Scan image in ACR EE 96 | uses: aliyun/acr-scan@v1 97 | with: 98 | region-id: "${{ env.REGION_ID }}" 99 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 100 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 101 | instance-id: "${{ env.ACR_EE_INSTANCE_ID }}" 102 | repository: "${{ env.ACR_EE_NAMESPACE}}/${{ env.ACR_EE_IMAGE }}" 103 | tag: "${{ env.ACR_EE_TAG }}" 104 | 105 | # 3.1 Set ACK context 106 | - name: Set K8s context 107 | uses: aliyun/ack-set-context@v1 108 | with: 109 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 110 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 111 | cluster-id: "${{ env.ACK_CLUSTER_ID }}" 112 | 113 | # 3.2 Deploy the image to the ACK cluster 114 | - name: Set up Kustomize 115 | run: |- 116 | curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash /dev/stdin 3.8.6 117 | - name: Deploy 118 | run: |- 119 | ./kustomize edit set image REGISTRY/NAMESPACE/IMAGE:TAG=$REGISTRY/$NAMESPACE/$IMAGE:$TAG 120 | ./kustomize build . | kubectl apply -f - 121 | kubectl rollout status deployment/$ACK_DEPLOYMENT_NAME 122 | kubectl get services -o wide 123 | -------------------------------------------------------------------------------- /.github/workflows/aws.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build and push a new container image to Amazon ECR, 2 | # and then will deploy a new task definition to Amazon ECS, when there is a push to the "main" branch. 3 | # 4 | # To use this workflow, you will need to complete the following set-up steps: 5 | # 6 | # 1. Create an ECR repository to store your images. 7 | # For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`. 8 | # Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name. 9 | # Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region. 10 | # 11 | # 2. Create an ECS task definition, an ECS cluster, and an ECS service. 12 | # For example, follow the Getting Started guide on the ECS console: 13 | # https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun 14 | # Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service. 15 | # Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster. 16 | # 17 | # 3. Store your ECS task definition as a JSON file in your repository. 18 | # The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`. 19 | # Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file. 20 | # Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container 21 | # in the `containerDefinitions` section of the task definition. 22 | # 23 | # 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`. 24 | # See the documentation for each action used below for the recommended IAM policies for this IAM user, 25 | # and best practices on handling the access key credentials. 26 | 27 | name: Deploy to Amazon ECS 28 | 29 | on: 30 | push: 31 | branches: [ "main" ] 32 | 33 | env: 34 | AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1 35 | ECR_REPOSITORY: MY_ECR_REPOSITORY # set this to your Amazon ECR repository name 36 | ECS_SERVICE: MY_ECS_SERVICE # set this to your Amazon ECS service name 37 | ECS_CLUSTER: MY_ECS_CLUSTER # set this to your Amazon ECS cluster name 38 | ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition 39 | # file, e.g. .aws/task-definition.json 40 | CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the 41 | # containerDefinitions section of your task definition 42 | 43 | permissions: 44 | contents: read 45 | 46 | jobs: 47 | deploy: 48 | name: Deploy 49 | runs-on: ubuntu-latest 50 | environment: production 51 | 52 | steps: 53 | - name: Checkout 54 | uses: actions/checkout@v4 55 | 56 | - name: Configure AWS credentials 57 | uses: aws-actions/configure-aws-credentials@v1 58 | with: 59 | aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} 60 | aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 61 | aws-region: ${{ env.AWS_REGION }} 62 | 63 | - name: Login to Amazon ECR 64 | id: login-ecr 65 | uses: aws-actions/amazon-ecr-login@v1 66 | 67 | - name: Build, tag, and push image to Amazon ECR 68 | id: build-image 69 | env: 70 | ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} 71 | IMAGE_TAG: ${{ github.sha }} 72 | run: | 73 | # Build a docker container and 74 | # push it to ECR so that it can 75 | # be deployed to ECS. 76 | docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . 77 | docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG 78 | echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT 79 | 80 | - name: Fill in the new image ID in the Amazon ECS task definition 81 | id: task-def 82 | uses: aws-actions/amazon-ecs-render-task-definition@v1 83 | with: 84 | task-definition: ${{ env.ECS_TASK_DEFINITION }} 85 | container-name: ${{ env.CONTAINER_NAME }} 86 | image: ${{ steps.build-image.outputs.image }} 87 | 88 | - name: Deploy Amazon ECS task definition 89 | uses: aws-actions/amazon-ecs-deploy-task-definition@v1 90 | with: 91 | task-definition: ${{ steps.task-def.outputs.task-definition }} 92 | service: ${{ env.ECS_SERVICE }} 93 | cluster: ${{ env.ECS_CLUSTER }} 94 | wait-for-service-stability: true 95 | -------------------------------------------------------------------------------- /.github/workflows/codacy.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # This workflow checks out code, performs a Codacy security scan 7 | # and integrates the results with the 8 | # GitHub Advanced Security code scanning feature. For more information on 9 | # the Codacy security scan action usage and parameters, see 10 | # https://github.com/codacy/codacy-analysis-cli-action. 11 | # For more information on Codacy Analysis CLI in general, see 12 | # https://github.com/codacy/codacy-analysis-cli. 13 | 14 | name: Codacy Security Scan 15 | 16 | on: 17 | push: 18 | branches: [ "main" ] 19 | pull_request: 20 | # The branches below must be a subset of the branches above 21 | branches: [ "main" ] 22 | schedule: 23 | - cron: '17 11 * * 5' 24 | 25 | permissions: 26 | contents: read 27 | 28 | jobs: 29 | codacy-security-scan: 30 | permissions: 31 | contents: read # for actions/checkout to fetch code 32 | security-events: write # for github/codeql-action/upload-sarif to upload SARIF results 33 | actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status 34 | name: Codacy Security Scan 35 | runs-on: ubuntu-latest 36 | steps: 37 | # Checkout the repository to the GitHub Actions runner 38 | - name: Checkout code 39 | uses: actions/checkout@v4 40 | 41 | # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis 42 | - name: Run Codacy Analysis CLI 43 | uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b 44 | with: 45 | # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository 46 | # You can also omit the token and run the tools that support default configurations 47 | project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} 48 | verbose: true 49 | output: results.sarif 50 | format: sarif 51 | # Adjust severity of non-security issues 52 | gh-code-scanning-compat: true 53 | # Force 0 exit code to allow SARIF file generation 54 | # This will handover control about PR rejection to the GitHub side 55 | max-allowed-issues: 2147483647 56 | 57 | # Upload the SARIF file generated in the previous step 58 | - name: Upload SARIF results file 59 | uses: github/codeql-action/upload-sarif@v2 60 | with: 61 | sarif_file: results.sarif 62 | -------------------------------------------------------------------------------- /.github/workflows/defender-for-devops.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | # 6 | # Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle. 7 | # MSDO installs, configures and runs the latest versions of static analysis tools 8 | # (including, but not limited to, SDL/security and compliance tools). 9 | # 10 | # The Microsoft Security DevOps action is currently in beta and runs on the windows-latest queue, 11 | # as well as Windows self hosted agents. ubuntu-latest support coming soon. 12 | # 13 | # For more information about the action , check out https://github.com/microsoft/security-devops-action 14 | # 15 | # Please note this workflow do not integrate your GitHub Org with Microsoft Defender For DevOps. You have to create an integration 16 | # and provide permission before this can report data back to azure. 17 | # Read the official documentation here : https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github 18 | 19 | name: "Microsoft Defender For Devops" 20 | 21 | on: 22 | push: 23 | branches: [ "main" ] 24 | pull_request: 25 | branches: [ "main" ] 26 | schedule: 27 | - cron: '24 15 * * 4' 28 | 29 | jobs: 30 | MSDO: 31 | # currently only windows latest is supported 32 | runs-on: windows-latest 33 | 34 | steps: 35 | - uses: actions/checkout@v4 36 | - uses: actions/setup-dotnet@v3 37 | with: 38 | dotnet-version: | 39 | 5.0.x 40 | 6.0.x 41 | - name: Run Microsoft Security DevOps 42 | uses: microsoft/security-devops-action@v1.6.0 43 | id: msdo 44 | - name: Upload results to Security tab 45 | uses: github/codeql-action/upload-sarif@v2 46 | with: 47 | sarif_file: ${{ steps.msdo.outputs.sarifFile }} 48 | -------------------------------------------------------------------------------- /.github/workflows/django.yml: -------------------------------------------------------------------------------- 1 | name: Django CI 2 | 3 | on: 4 | push: 5 | branches: [ "main" ] 6 | pull_request: 7 | branches: [ "main" ] 8 | 9 | jobs: 10 | build: 11 | 12 | runs-on: ubuntu-latest 13 | strategy: 14 | max-parallel: 4 15 | matrix: 16 | python-version: [3.7, 3.8, 3.9] 17 | 18 | steps: 19 | - uses: actions/checkout@v4 20 | - name: Set up Python ${{ matrix.python-version }} 21 | uses: actions/setup-python@v3 22 | with: 23 | python-version: ${{ matrix.python-version }} 24 | - name: Install Dependencies 25 | run: | 26 | python -m pip install --upgrade pip 27 | pip install -r requirements.txt 28 | - name: Run Tests 29 | run: | 30 | python manage.py test 31 | -------------------------------------------------------------------------------- /.github/workflows/docker-image.yml: -------------------------------------------------------------------------------- 1 | name: Docker Image CI 2 | 3 | on: 4 | push: 5 | branches: [ "main" ] 6 | pull_request: 7 | branches: [ "main" ] 8 | 9 | jobs: 10 | 11 | build: 12 | 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - uses: actions/checkout@v4 17 | - name: Build the Docker image 18 | run: docker build . --file Dockerfile --tag my-image-name:$(date +%s) 19 | -------------------------------------------------------------------------------- /.github/workflows/docker-publish.yml: -------------------------------------------------------------------------------- 1 | name: Docker 2 | 3 | # This workflow uses actions that are not certified by GitHub. 4 | # They are provided by a third-party and are governed by 5 | # separate terms of service, privacy policy, and support 6 | # documentation. 7 | 8 | on: 9 | schedule: 10 | - cron: '19 7 * * *' 11 | push: 12 | branches: [ "main" ] 13 | # Publish semver tags as releases. 14 | tags: [ 'v*.*.*' ] 15 | pull_request: 16 | branches: [ "main" ] 17 | 18 | env: 19 | # Use docker.io for Docker Hub if empty 20 | REGISTRY: ghcr.io 21 | # github.repository as / 22 | IMAGE_NAME: ${{ github.repository }} 23 | 24 | 25 | jobs: 26 | build: 27 | 28 | runs-on: ubuntu-latest 29 | permissions: 30 | contents: read 31 | packages: write 32 | # This is used to complete the identity challenge 33 | # with sigstore/fulcio when running outside of PRs. 34 | id-token: write 35 | 36 | steps: 37 | - name: Checkout repository 38 | uses: actions/checkout@v4 39 | 40 | # Install the cosign tool except on PR 41 | # https://github.com/sigstore/cosign-installer 42 | - name: Install cosign 43 | if: github.event_name != 'pull_request' 44 | uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 45 | with: 46 | cosign-release: 'v2.1.1' 47 | 48 | # Set up BuildKit Docker container builder to be able to build 49 | # multi-platform images and export cache 50 | # https://github.com/docker/setup-buildx-action 51 | - name: Set up Docker Buildx 52 | uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 53 | 54 | # Login against a Docker registry except on PR 55 | # https://github.com/docker/login-action 56 | - name: Log into registry ${{ env.REGISTRY }} 57 | if: github.event_name != 'pull_request' 58 | uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 59 | with: 60 | registry: ${{ env.REGISTRY }} 61 | username: ${{ github.actor }} 62 | password: ${{ secrets.GITHUB_TOKEN }} 63 | 64 | # Extract metadata (tags, labels) for Docker 65 | # https://github.com/docker/metadata-action 66 | - name: Extract Docker metadata 67 | id: meta 68 | uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 69 | with: 70 | images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} 71 | 72 | # Build and push Docker image with Buildx (don't push on PR) 73 | # https://github.com/docker/build-push-action 74 | - name: Build and push Docker image 75 | id: build-and-push 76 | uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 77 | with: 78 | context: . 79 | push: ${{ github.event_name != 'pull_request' }} 80 | tags: ${{ steps.meta.outputs.tags }} 81 | labels: ${{ steps.meta.outputs.labels }} 82 | cache-from: type=gha 83 | cache-to: type=gha,mode=max 84 | 85 | # Sign the resulting Docker image digest except on PRs. 86 | # This will only write to the public Rekor transparency log when the Docker 87 | # repository is public to avoid leaking data. If you would like to publish 88 | # transparency data even for private images, pass --force to cosign below. 89 | # https://github.com/sigstore/cosign 90 | - name: Sign the published Docker image 91 | if: ${{ github.event_name != 'pull_request' }} 92 | env: 93 | # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable 94 | TAGS: ${{ steps.meta.outputs.tags }} 95 | DIGEST: ${{ steps.build-and-push.outputs.digest }} 96 | # This step uses the identity token to provision an ephemeral certificate 97 | # against the sigstore community Fulcio instance. 98 | run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} 99 | -------------------------------------------------------------------------------- /.github/workflows/generator-generic-ossf-slsa3-publish.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # This workflow lets you generate SLSA provenance file for your project. 7 | # The generation satisfies level 3 for the provenance requirements - see https://slsa.dev/spec/v0.1/requirements 8 | # The project is an initiative of the OpenSSF (openssf.org) and is developed at 9 | # https://github.com/slsa-framework/slsa-github-generator. 10 | # The provenance file can be verified using https://github.com/slsa-framework/slsa-verifier. 11 | # For more information about SLSA and how it improves the supply-chain, visit slsa.dev. 12 | 13 | name: SLSA generic generator 14 | on: 15 | workflow_dispatch: 16 | release: 17 | types: [created] 18 | 19 | jobs: 20 | build: 21 | runs-on: ubuntu-latest 22 | outputs: 23 | digests: ${{ steps.hash.outputs.digests }} 24 | 25 | steps: 26 | - uses: actions/checkout@v4 27 | 28 | # ======================================================== 29 | # 30 | # Step 1: Build your artifacts. 31 | # 32 | # ======================================================== 33 | - name: Build artifacts 34 | run: | 35 | # These are some amazing artifacts. 36 | echo "artifact1" > artifact1 37 | echo "artifact2" > artifact2 38 | 39 | # ======================================================== 40 | # 41 | # Step 2: Add a step to generate the provenance subjects 42 | # as shown below. Update the sha256 sum arguments 43 | # to include all binaries that you generate 44 | # provenance for. 45 | # 46 | # ======================================================== 47 | - name: Generate subject for provenance 48 | id: hash 49 | run: | 50 | set -euo pipefail 51 | 52 | # List the artifacts the provenance will refer to. 53 | files=$(ls artifact*) 54 | # Generate the subjects (base64 encoded). 55 | echo "hashes=$(sha256sum $files | base64 -w0)" >> "${GITHUB_OUTPUT}" 56 | 57 | provenance: 58 | needs: [build] 59 | permissions: 60 | actions: read # To read the workflow path. 61 | id-token: write # To sign the provenance. 62 | contents: write # To add assets to a release. 63 | uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 64 | with: 65 | base64-subjects: "${{ needs.build.outputs.digests }}" 66 | upload-assets: true # Optional: Upload to a new release 67 | -------------------------------------------------------------------------------- /.github/workflows/google.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when there is a push to the "main" branch. 2 | # 3 | # To configure this workflow: 4 | # 5 | # 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc. 6 | # 7 | # 2. Create and configure a Workload Identity Provider for GitHub (https://github.com/google-github-actions/auth#setting-up-workload-identity-federation) 8 | # 9 | # 3. Change the values for the GAR_LOCATION, GKE_ZONE, GKE_CLUSTER, IMAGE, REPOSITORY and DEPLOYMENT_NAME environment variables (below). 10 | # 11 | # For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke-kustomize 12 | 13 | name: Build and Deploy to GKE 14 | 15 | on: 16 | push: 17 | branches: [ "main" ] 18 | 19 | env: 20 | PROJECT_ID: ${{ secrets.GKE_PROJECT }} 21 | GAR_LOCATION: us-central1 # TODO: update region of the Artifact Registry 22 | GKE_CLUSTER: cluster-1 # TODO: update to cluster name 23 | GKE_ZONE: us-central1-c # TODO: update to cluster zone 24 | DEPLOYMENT_NAME: gke-test # TODO: update to deployment name 25 | REPOSITORY: samples # TODO: update to Artifact Registry docker repository 26 | IMAGE: static-site 27 | 28 | jobs: 29 | setup-build-publish-deploy: 30 | name: Setup, Build, Publish, and Deploy 31 | runs-on: ubuntu-latest 32 | environment: production 33 | 34 | permissions: 35 | contents: 'read' 36 | id-token: 'write' 37 | 38 | steps: 39 | - name: Checkout 40 | uses: actions/checkout@v4 41 | 42 | # Configure Workload Identity Federation and generate an access token. 43 | - id: 'auth' 44 | name: 'Authenticate to Google Cloud' 45 | uses: 'google-github-actions/auth@v0' 46 | with: 47 | token_format: 'access_token' 48 | workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' 49 | service_account: 'my-service-account@my-project.iam.gserviceaccount.com' 50 | 51 | # Alternative option - authentication via credentials json 52 | # - id: 'auth' 53 | # uses: 'google-github-actions/auth@v0' 54 | # with: 55 | # credentials_json: '${{ secrets.GCP_CREDENTIALS }}' 56 | 57 | - name: Docker configuration 58 | run: |- 59 | echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GAR_LOCATION-docker.pkg.dev 60 | # Get the GKE credentials so we can deploy to the cluster 61 | - name: Set up GKE credentials 62 | uses: google-github-actions/get-gke-credentials@v0 63 | with: 64 | cluster_name: ${{ env.GKE_CLUSTER }} 65 | location: ${{ env.GKE_ZONE }} 66 | 67 | # Build the Docker image 68 | - name: Build 69 | run: |- 70 | docker build \ 71 | --tag "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" \ 72 | --build-arg GITHUB_SHA="$GITHUB_SHA" \ 73 | --build-arg GITHUB_REF="$GITHUB_REF" \ 74 | . 75 | # Push the Docker image to Google Artifact Registry 76 | - name: Publish 77 | run: |- 78 | docker push "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" 79 | # Set up kustomize 80 | - name: Set up Kustomize 81 | run: |- 82 | curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 83 | chmod u+x ./kustomize 84 | # Deploy the Docker image to the GKE cluster 85 | - name: Deploy 86 | run: |- 87 | # replacing the image name in the k8s template 88 | ./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA 89 | ./kustomize build . | kubectl apply -f - 90 | kubectl rollout status deployment/$DEPLOYMENT_NAME 91 | kubectl get services -o wide 92 | -------------------------------------------------------------------------------- /.github/workflows/greetings.yml: -------------------------------------------------------------------------------- 1 | name: Greetings 2 | 3 | on: [pull_request_target, issues] 4 | 5 | jobs: 6 | greeting: 7 | runs-on: ubuntu-latest 8 | permissions: 9 | issues: write 10 | pull-requests: write 11 | steps: 12 | - uses: actions/first-interaction@v1 13 | with: 14 | repo-token: ${{ secrets.GITHUB_TOKEN }} 15 | issue-message: "Message that will be displayed on users' first issue" 16 | pr-message: "Message that will be displayed on users' first pull request" 17 | -------------------------------------------------------------------------------- /.github/workflows/ibm.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build a docker container, publish it to IBM Container Registry, and deploy it to IKS when there is a push to the "main" branch. 2 | # 3 | # To configure this workflow: 4 | # 5 | # 1. Ensure that your repository contains a Dockerfile 6 | # 2. Setup secrets in your repository by going to settings: Create ICR_NAMESPACE and IBM_CLOUD_API_KEY 7 | # 3. Change the values for the IBM_CLOUD_REGION, REGISTRY_HOSTNAME, IMAGE_NAME, IKS_CLUSTER, DEPLOYMENT_NAME, and PORT 8 | 9 | name: Build and Deploy to IKS 10 | 11 | on: 12 | push: 13 | branches: [ "main" ] 14 | 15 | # Environment variables available to all jobs and steps in this workflow 16 | env: 17 | GITHUB_SHA: ${{ github.sha }} 18 | IBM_CLOUD_API_KEY: ${{ secrets.IBM_CLOUD_API_KEY }} 19 | IBM_CLOUD_REGION: us-south 20 | ICR_NAMESPACE: ${{ secrets.ICR_NAMESPACE }} 21 | REGISTRY_HOSTNAME: us.icr.io 22 | IMAGE_NAME: iks-test 23 | IKS_CLUSTER: example-iks-cluster-name-or-id 24 | DEPLOYMENT_NAME: iks-test 25 | PORT: 5001 26 | 27 | jobs: 28 | setup-build-publish-deploy: 29 | name: Setup, Build, Publish, and Deploy 30 | runs-on: ubuntu-latest 31 | environment: production 32 | steps: 33 | 34 | - name: Checkout 35 | uses: actions/checkout@v4 36 | 37 | # Download and Install IBM Cloud CLI 38 | - name: Install IBM Cloud CLI 39 | run: | 40 | curl -fsSL https://clis.cloud.ibm.com/install/linux | sh 41 | ibmcloud --version 42 | ibmcloud config --check-version=false 43 | ibmcloud plugin install -f kubernetes-service 44 | ibmcloud plugin install -f container-registry 45 | 46 | # Authenticate with IBM Cloud CLI 47 | - name: Authenticate with IBM Cloud CLI 48 | run: | 49 | ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" -r "${IBM_CLOUD_REGION}" -g default 50 | ibmcloud cr region-set "${IBM_CLOUD_REGION}" 51 | ibmcloud cr login 52 | 53 | # Build the Docker image 54 | - name: Build with Docker 55 | run: | 56 | docker build -t "$REGISTRY_HOSTNAME"/"$ICR_NAMESPACE"/"$IMAGE_NAME":"$GITHUB_SHA" \ 57 | --build-arg GITHUB_SHA="$GITHUB_SHA" \ 58 | --build-arg GITHUB_REF="$GITHUB_REF" . 59 | 60 | # Push the image to IBM Container Registry 61 | - name: Push the image to ICR 62 | run: | 63 | docker push $REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA 64 | 65 | # Deploy the Docker image to the IKS cluster 66 | - name: Deploy to IKS 67 | run: | 68 | ibmcloud ks cluster config --cluster $IKS_CLUSTER 69 | kubectl config current-context 70 | kubectl create deployment $DEPLOYMENT_NAME --image=$REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA --dry-run -o yaml > deployment.yaml 71 | kubectl apply -f deployment.yaml 72 | kubectl rollout status deployment/$DEPLOYMENT_NAME 73 | kubectl create service loadbalancer $DEPLOYMENT_NAME --tcp=80:$PORT --dry-run -o yaml > service.yaml 74 | kubectl apply -f service.yaml 75 | kubectl get services -o wide 76 | -------------------------------------------------------------------------------- /.github/workflows/jekyll.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # Sample workflow for building and deploying a Jekyll site to GitHub Pages 7 | name: Deploy Jekyll site to Pages 8 | 9 | on: 10 | # Runs on pushes targeting the default branch 11 | push: 12 | branches: ["main"] 13 | 14 | # Allows you to run this workflow manually from the Actions tab 15 | workflow_dispatch: 16 | 17 | # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages 18 | permissions: 19 | contents: read 20 | pages: write 21 | id-token: write 22 | 23 | # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. 24 | # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. 25 | concurrency: 26 | group: "pages" 27 | cancel-in-progress: false 28 | 29 | jobs: 30 | # Build job 31 | build: 32 | runs-on: ubuntu-latest 33 | steps: 34 | - name: Checkout 35 | uses: actions/checkout@v4 36 | - name: Setup Ruby 37 | uses: ruby/setup-ruby@8575951200e472d5f2d95c625da0c7bec8217c42 # v1.161.0 38 | with: 39 | ruby-version: '3.1' # Not needed with a .ruby-version file 40 | bundler-cache: true # runs 'bundle install' and caches installed gems automatically 41 | cache-version: 0 # Increment this number if you need to re-download cached gems 42 | - name: Setup Pages 43 | id: pages 44 | uses: actions/configure-pages@v5 45 | - name: Build with Jekyll 46 | # Outputs to the './_site' directory by default 47 | run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}" 48 | env: 49 | JEKYLL_ENV: production 50 | - name: Upload artifact 51 | # Automatically uploads an artifact from the './_site' directory by default 52 | uses: actions/upload-pages-artifact@v3 53 | 54 | # Deployment job 55 | deploy: 56 | environment: 57 | name: github-pages 58 | url: ${{ steps.deployment.outputs.page_url }} 59 | runs-on: ubuntu-latest 60 | needs: build 61 | steps: 62 | - name: Deploy to GitHub Pages 63 | id: deployment 64 | uses: actions/deploy-pages@v4 65 | -------------------------------------------------------------------------------- /.github/workflows/label.yml: -------------------------------------------------------------------------------- 1 | # This workflow will triage pull requests and apply a label based on the 2 | # paths that are modified in the pull request. 3 | # 4 | # To use this workflow, you will need to set up a .github/labeler.yml 5 | # file with configuration. For more information, see: 6 | # https://github.com/actions/labeler 7 | 8 | name: Labeler 9 | on: [pull_request_target] 10 | 11 | jobs: 12 | label: 13 | 14 | runs-on: ubuntu-latest 15 | permissions: 16 | contents: read 17 | pull-requests: write 18 | 19 | steps: 20 | - uses: actions/labeler@v4 21 | with: 22 | repo-token: "${{ secrets.GITHUB_TOKEN }}" 23 | -------------------------------------------------------------------------------- /.github/workflows/manual.yml: -------------------------------------------------------------------------------- 1 | # This is a basic workflow that is manually triggered 2 | 3 | name: Manual workflow 4 | 5 | # Controls when the action will run. Workflow runs when manually triggered using the UI 6 | # or API. 7 | on: 8 | workflow_dispatch: 9 | # Inputs the workflow accepts. 10 | inputs: 11 | name: 12 | # Friendly description to be shown in the UI instead of 'name' 13 | description: 'Person to greet' 14 | # Default value if no value is explicitly provided 15 | default: 'World' 16 | # Input has to be provided for the workflow to run 17 | required: true 18 | # The data type of the input 19 | type: string 20 | 21 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel 22 | jobs: 23 | # This workflow contains a single job called "greet" 24 | greet: 25 | # The type of runner that the job will run on 26 | runs-on: ubuntu-latest 27 | 28 | # Steps represent a sequence of tasks that will be executed as part of the job 29 | steps: 30 | # Runs a single command using the runners shell 31 | - name: Send greeting 32 | run: echo "Hello ${{ inputs.name }}" 33 | -------------------------------------------------------------------------------- /.github/workflows/npm-publish.yml: -------------------------------------------------------------------------------- 1 | # This workflow will run tests using node and then publish a package to GitHub Packages when a release is created 2 | # For more information see: https://docs.github.com/en/actions/publishing-packages/publishing-nodejs-packages 3 | 4 | name: Node.js Package 5 | 6 | on: 7 | release: 8 | types: [created] 9 | 10 | jobs: 11 | build: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - uses: actions/checkout@v4 15 | - uses: actions/setup-node@v3 16 | with: 17 | node-version: 16 18 | - run: npm ci 19 | - run: npm test 20 | 21 | publish-npm: 22 | needs: build 23 | runs-on: ubuntu-latest 24 | steps: 25 | - uses: actions/checkout@v4 26 | - uses: actions/setup-node@v3 27 | with: 28 | node-version: 16 29 | registry-url: https://registry.npmjs.org/ 30 | - run: npm ci 31 | - run: npm publish 32 | env: 33 | NODE_AUTH_TOKEN: ${{secrets.npm_token}} 34 | -------------------------------------------------------------------------------- /.github/workflows/pylint.yml: -------------------------------------------------------------------------------- 1 | name: Pylint 2 | 3 | on: [push] 4 | 5 | jobs: 6 | build: 7 | runs-on: ubuntu-latest 8 | strategy: 9 | matrix: 10 | python-version: ["3.8", "3.9", "3.10"] 11 | steps: 12 | - uses: actions/checkout@v4 13 | - name: Set up Python ${{ matrix.python-version }} 14 | uses: actions/setup-python@v3 15 | with: 16 | python-version: ${{ matrix.python-version }} 17 | - name: Install dependencies 18 | run: | 19 | python -m pip install --upgrade pip 20 | pip install pylint 21 | - name: Analysing the code with pylint 22 | run: | 23 | pylint $(git ls-files '*.py') 24 | -------------------------------------------------------------------------------- /.github/workflows/python-app.yml: -------------------------------------------------------------------------------- 1 | # This workflow will install Python dependencies, run tests and lint with a single version of Python 2 | # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python 3 | 4 | name: Python application 5 | 6 | on: 7 | push: 8 | branches: [ "main" ] 9 | pull_request: 10 | branches: [ "main" ] 11 | 12 | permissions: 13 | contents: read 14 | 15 | jobs: 16 | build: 17 | 18 | runs-on: ubuntu-latest 19 | 20 | steps: 21 | - uses: actions/checkout@v4 22 | - name: Set up Python 3.10 23 | uses: actions/setup-python@v3 24 | with: 25 | python-version: "3.10" 26 | - name: Install dependencies 27 | run: | 28 | python -m pip install --upgrade pip 29 | pip install flake8 pytest 30 | if [ -f requirements.txt ]; then pip install -r requirements.txt; fi 31 | - name: Lint with flake8 32 | run: | 33 | # stop the build if there are Python syntax errors or undefined names 34 | flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics 35 | # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide 36 | flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics 37 | - name: Test with pytest 38 | run: | 39 | pytest 40 | -------------------------------------------------------------------------------- /.github/workflows/python-package-conda.yml: -------------------------------------------------------------------------------- 1 | name: Python Package using Conda 2 | 3 | on: [push] 4 | 5 | jobs: 6 | build-linux: 7 | runs-on: ubuntu-latest 8 | strategy: 9 | max-parallel: 5 10 | 11 | steps: 12 | - uses: actions/checkout@v4 13 | - name: Set up Python 3.10 14 | uses: actions/setup-python@v3 15 | with: 16 | python-version: '3.10' 17 | - name: Add conda to system path 18 | run: | 19 | # $CONDA is an environment variable pointing to the root of the miniconda directory 20 | echo $CONDA/bin >> $GITHUB_PATH 21 | - name: Install dependencies 22 | run: | 23 | conda env update --file environment.yml --name base 24 | - name: Lint with flake8 25 | run: | 26 | conda install flake8 27 | # stop the build if there are Python syntax errors or undefined names 28 | flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics 29 | # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide 30 | flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics 31 | - name: Test with pytest 32 | run: | 33 | conda install pytest 34 | pytest 35 | -------------------------------------------------------------------------------- /.github/workflows/python-publish.yml: -------------------------------------------------------------------------------- 1 | # This workflow will upload a Python Package using Twine when a release is created 2 | # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python#publishing-to-package-registries 3 | 4 | # This workflow uses actions that are not certified by GitHub. 5 | # They are provided by a third-party and are governed by 6 | # separate terms of service, privacy policy, and support 7 | # documentation. 8 | 9 | name: Upload Python Package 10 | 11 | on: 12 | release: 13 | types: [published] 14 | 15 | permissions: 16 | contents: read 17 | 18 | jobs: 19 | deploy: 20 | 21 | runs-on: ubuntu-latest 22 | 23 | steps: 24 | - uses: actions/checkout@v4 25 | - name: Set up Python 26 | uses: actions/setup-python@v3 27 | with: 28 | python-version: '3.x' 29 | - name: Install dependencies 30 | run: | 31 | python -m pip install --upgrade pip 32 | pip install build 33 | - name: Build package 34 | run: python -m build 35 | - name: Publish package 36 | uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 37 | with: 38 | user: __token__ 39 | password: ${{ secrets.PYPI_API_TOKEN }} 40 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | # This workflow warns and then closes issues and PRs that have had no activity for a specified amount of time. 2 | # 3 | # You can adjust the behavior by modifying this file. 4 | # For more information, see: 5 | # https://github.com/actions/stale 6 | name: Mark stale issues and pull requests 7 | 8 | on: 9 | schedule: 10 | - cron: '40 11 * * *' 11 | 12 | jobs: 13 | stale: 14 | 15 | runs-on: ubuntu-latest 16 | permissions: 17 | issues: write 18 | pull-requests: write 19 | 20 | steps: 21 | - uses: actions/stale@v5 22 | with: 23 | repo-token: ${{ secrets.GITHUB_TOKEN }} 24 | stale-issue-message: 'Stale issue message' 25 | stale-pr-message: 'Stale pull request message' 26 | stale-issue-label: 'no-issue-activity' 27 | stale-pr-label: 'no-pr-activity' 28 | -------------------------------------------------------------------------------- /.github/workflows/tencent.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE) when there is a push to the "main" branch. 2 | # 3 | # To configure this workflow: 4 | # 5 | # 1. Ensure that your repository contains the necessary configuration for your Tencent Kubernetes Engine cluster, 6 | # including deployment.yml, kustomization.yml, service.yml, etc. 7 | # 8 | # 2. Set up secrets in your workspace: 9 | # - TENCENT_CLOUD_SECRET_ID with Tencent Cloud secret id 10 | # - TENCENT_CLOUD_SECRET_KEY with Tencent Cloud secret key 11 | # - TENCENT_CLOUD_ACCOUNT_ID with Tencent Cloud account id 12 | # - TKE_REGISTRY_PASSWORD with TKE registry password 13 | # 14 | # 3. Change the values for the TKE_IMAGE_URL, TKE_REGION, TKE_CLUSTER_ID and DEPLOYMENT_NAME environment variables (below). 15 | 16 | name: Tencent Kubernetes Engine 17 | 18 | on: 19 | push: 20 | branches: [ "main" ] 21 | 22 | # Environment variables available to all jobs and steps in this workflow 23 | env: 24 | TKE_IMAGE_URL: ccr.ccs.tencentyun.com/demo/mywebapp 25 | TKE_REGION: ap-guangzhou 26 | TKE_CLUSTER_ID: cls-mywebapp 27 | DEPLOYMENT_NAME: tke-test 28 | 29 | permissions: 30 | contents: read 31 | 32 | jobs: 33 | setup-build-publish-deploy: 34 | name: Setup, Build, Publish, and Deploy 35 | runs-on: ubuntu-latest 36 | environment: production 37 | steps: 38 | 39 | - name: Checkout 40 | uses: actions/checkout@v4 41 | 42 | # Build 43 | - name: Build Docker image 44 | run: | 45 | docker build -t ${TKE_IMAGE_URL}:${GITHUB_SHA} . 46 | 47 | - name: Login TKE Registry 48 | run: | 49 | docker login -u ${{ secrets.TENCENT_CLOUD_ACCOUNT_ID }} -p '${{ secrets.TKE_REGISTRY_PASSWORD }}' ${TKE_IMAGE_URL} 50 | 51 | # Push the Docker image to TKE Registry 52 | - name: Publish 53 | run: | 54 | docker push ${TKE_IMAGE_URL}:${GITHUB_SHA} 55 | 56 | - name: Set up Kustomize 57 | run: | 58 | curl -o kustomize --location https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 59 | chmod u+x ./kustomize 60 | 61 | - name: Set up ~/.kube/config for connecting TKE cluster 62 | uses: TencentCloud/tke-cluster-credential-action@v1 63 | with: 64 | secret_id: ${{ secrets.TENCENT_CLOUD_SECRET_ID }} 65 | secret_key: ${{ secrets.TENCENT_CLOUD_SECRET_KEY }} 66 | tke_region: ${{ env.TKE_REGION }} 67 | cluster_id: ${{ env.TKE_CLUSTER_ID }} 68 | 69 | - name: Switch to TKE context 70 | run: | 71 | kubectl config use-context ${TKE_CLUSTER_ID}-context-default 72 | 73 | # Deploy the Docker image to the TKE cluster 74 | - name: Deploy 75 | run: | 76 | ./kustomize edit set image ${TKE_IMAGE_URL}:${GITHUB_SHA} 77 | ./kustomize build . | kubectl apply -f - 78 | kubectl rollout status deployment/${DEPLOYMENT_NAME} 79 | kubectl get services -o wide 80 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Prerequisites 2 | *.d 3 | 4 | # Compiled Object files 5 | *.slo 6 | *.lo 7 | *.o 8 | *.obj 9 | 10 | # Precompiled Headers 11 | *.gch 12 | *.pch 13 | 14 | # Compiled Dynamic libraries 15 | *.so 16 | *.dylib 17 | *.dll 18 | 19 | # Fortran module files 20 | *.mod 21 | *.smod 22 | 23 | # Compiled Static libraries 24 | *.lai 25 | *.la 26 | *.a 27 | *.lib 28 | 29 | # Executables 30 | *.exe 31 | *.out 32 | *.app 33 | -------------------------------------------------------------------------------- /.whitesource: -------------------------------------------------------------------------------- 1 | { 2 | "scanSettings": { 3 | "baseBranches": [] 4 | }, 5 | "checkRunSettings": { 6 | "vulnerableCheckRunConclusionLevel": "failure", 7 | "displayMode": "diff", 8 | "useMendCheckNames": true 9 | }, 10 | "issueSettings": { 11 | "minSeverityLevel": "LOW", 12 | "issueType": "DEPENDENCY" 13 | } 14 | } -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Use an official Python runtime as a parent image 2 | FROM python:3.9-slim-buster 3 | 4 | # Set the working directory in the container to /app 5 | WORKDIR /app 6 | 7 | # Add the current directory contents into the container at /app 8 | ADD . /app 9 | 10 | # Install any needed packages specified in requirements.txt 11 | RUN pip install --no-cache-dir -r requirements.txt 12 | 13 | # Make port 80 available to the world outside this container 14 | EXPOSE 80 15 | 16 | # Run app.py when the container launches 17 | CMD ["python", "app.py"] 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2024 KOSASIH 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | PiOS License 2 | 3 | Copyright (C) 2024 KOSASIH 4 | 5 | Permission is hereby granted by the application software developer (“Software Developer”), free 6 | of charge, to any person obtaining a copy of this application, software and associated 7 | documentation files (the “Software”), which was developed by the Software Developer for use on 8 | Pi Network, whereby the purpose of this license is to permit the development of derivative works 9 | based on the Software, including the right to use, copy, modify, merge, publish, distribute, 10 | sub-license, and/or sell copies of such derivative works and any Software components incorporated 11 | therein, and to permit persons to whom such derivative works are furnished to do so, in each case, 12 | solely to develop, use and market applications for the official Pi Network. For purposes of this 13 | license, Pi Network shall mean any application, software, or other present or future platform 14 | developed, owned or managed by Pi Community Company, and its parents, affiliates or subsidiaries, 15 | for which the Software was developed, or on which the Software continues to operate. However, 16 | you are prohibited from using any portion of the Software or any derivative works thereof in any 17 | manner (a) which infringes on any Pi Network intellectual property rights, (b) to hack any of Pi 18 | Network’s systems or processes or (c) to develop any product or service which is competitive with 19 | the Pi Network. 20 | 21 | The above copyright notice and this permission notice shall be included in all copies or 22 | substantial portions of the Software. 23 | 24 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 25 | INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE 26 | AND NON-INFRINGEMENT. IN NO EVENT SHALL THE AUTHORS, PUBLISHERS, OR COPYRIGHT HOLDERS OF THIS 27 | SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL 28 | DAMAGES (INCLUDING, BUT NOT LIMITED TO BUSINESS INTERRUPTION, LOSS OF USE, DATA OR PROFITS) 29 | HOWEVER CAUSED AND UNDER ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR 30 | TORT (INCLUDING NEGLIGENCE) ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE 31 | OR OTHER DEALINGS IN THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 32 | 33 | Pi, Pi Network and the Pi logo are trademarks of the Pi Community Company. 34 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # nPinA-pi-network 2 | The nPinA-pi-network GitHub repo contains the source code and documentation for the Neural Pi Network Architecture project. 3 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.8' 2 | 3 | services: 4 | web: 5 | build: . 6 | ports: 7 | - "80:80" 8 | volumes: 9 | - .:/app 10 | depends_on: 11 | - db 12 | db: 13 | image: postgres:13 14 | environment: 15 | POSTGRES_USER: pi 16 | POSTGRES_PASSWORD: pi 17 | POSTGRES_DB: pi 18 | volumes: 19 | - postgres_data:/var/lib/postgresql/data 20 | 21 | volumes: 22 | postgres_data: 23 | -------------------------------------------------------------------------------- /nPinA.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KOSASIH/nPinA-pi-network/e78f6b74c4865c2d5a109d4412ac3f68bf492d41/nPinA.jpeg -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # Flask web framework 2 | Flask==2.2.5 3 | 4 | # Flask-SQLAlchemy ORM for Flask 5 | Flask-SQLAlchemy==2.5.1 6 | 7 | # SQLAlchemy ORM for Python 8 | SQLAlchemy==1.4.24 9 | 10 | # Psycopg2 adapter for PostgreSQL 11 | psycopg2-binary==2.9.1 12 | 13 | # Flask-Migrate extension for Flask 14 | Flask-Migrate==3.1.0 15 | 16 | # Flask-Testing extension for Flask 17 | Flask-Testing==0.8.1 18 | 19 | # Pytest testing framework 20 | pytest==6.2.4 21 | 22 | # Pytest-FactoryBoy plugin for Pytest 23 | pytest-factoryboy==2.4.1 24 | 25 | # Factory Boy library for generating test data 26 | Factory-Boy==3.2.0 27 | 28 | # Pytest-Coverage plugin for Pytest 29 | pytest-cov==2.12.1 30 | 31 | # Requests library for making HTTP requests 32 | requests==2.32.0 33 | 34 | # Cryptography library for encryption and decryption 35 | cryptography==42.0.4 36 | 37 | # TensorFlow machine learning framework 38 | tensorflow==2.11.1 39 | 40 | # NumPy library for numerical computing 41 | numpy==1.22.0 42 | 43 | # Pandas library for data manipulation and analysis 44 | pandas==1.3.3 45 | 46 | # Scikit-learn library for machine learning 47 | scikit-learn==1.0.1 48 | 49 | # Flask-Cors extension for Flask 50 | Flask-Cors==4.0.1 51 | 52 | # Flask-SocketIO extension for Flask 53 | Flask-SocketIO==5.1.1 54 | 55 | # Eventlet library for concurrent programming 56 | eventlet==0.35.2 57 | 58 | # Sentry error tracking and monitoring 59 | sentry-sdk==1.14.0 60 | -------------------------------------------------------------------------------- /src/ai_consensus.py: -------------------------------------------------------------------------------- 1 | import tensorflow as tf 2 | import numpy as np 3 | 4 | class AIConsensus: 5 | def __init__(self, model_path): 6 | self.model = tf.keras.models.load_model(model_path) 7 | 8 | def predict(self, transactions): 9 | transactions = np.array(transactions) 10 | predictions = self.model.predict(transactions) 11 | return predictions 12 | 13 | def train(self, transactions, labels): 14 | transactions = np.array(transactions) 15 | labels = np.array(labels) 16 | self.model.compile(optimizer='adam', loss='binary_crossentropy', metrics=['accuracy']) 17 | self.model.fit(transactions, labels, epochs=10, batch_size=32) 18 | self.model.save('model.h5') 19 | -------------------------------------------------------------------------------- /src/app.py: -------------------------------------------------------------------------------- 1 | from flask import Flask, request, jsonify 2 | from distributed_ledger import DistributedLedger 3 | 4 | app = Flask(__name__) 5 | 6 | node_id = 1 7 | nodes = [1, 2, 3] 8 | ledger = DistributedLedger(node_id, nodes) 9 | 10 | @app.route('/add_transaction', methods=['POST']) 11 | def add_transaction(): 12 | transaction = request.get_json() 13 | ledger.add_transaction(**transaction) 14 | return jsonify({'message': 'Transaction added'}) 15 | 16 | @app.route('/mine_block', methods=['POST']) 17 | def mine_block(): 18 | ledger.mine_block() 19 | return jsonify({'message': 'Block mined'}) 20 | 21 | @app.route('/receive_block', methods=['POST']) 22 | def receive_block(): 23 | block = request.get_json() 24 | if ledger.receive_block(block): 25 | return jsonify({'message': 'Block received'}) 26 | return jsonify({'message': 'Invalid block'}) 27 | 28 | if __name__ == '__main__': 29 | app.run(port=5000) 30 | -------------------------------------------------------------------------------- /src/cryptography.py: -------------------------------------------------------------------------------- 1 | import hashlib 2 | import rsa 3 | 4 | def hash_transaction(transaction): 5 | transaction_str = str(transaction) 6 | transaction_hash = hashlib.sha256(transaction_str.encode()).hexdigest() 7 | return transaction_hash 8 | 9 | def generate_keys(): 10 | (public_key, private_key) = rsa.newkeys(2048) 11 | return public_key, private_key 12 | 13 | def encrypt_message(message, public_key): 14 | message = message.encode() 15 | encrypted_message = rsa.encrypt(message, public_key) 16 | return encrypted_message 17 | 18 | def decrypt_message(encrypted_message, private_key): 19 | decrypted_message = rsa.decrypt(encrypted_message, private_key).decode() 20 | return decrypted_message 21 | -------------------------------------------------------------------------------- /src/distributed_ledger.py: -------------------------------------------------------------------------------- 1 | import json 2 | import time 3 | import hashlib 4 | import requests 5 | 6 | class DistributedLedger: 7 | def __init__(self, node_id, nodes): 8 | self.node_id = node_id 9 | self.nodes = nodes 10 | self.chain = [self.create_genesis_block()] 11 | self.pending_transactions = [] 12 | 13 | def create_genesis_block(self): 14 | return { 15 | 'index': 0, 16 | 'timestamp': int(time.time()), 17 | 'transactions': [], 18 | 'previous_hash': '0' * 64, 19 | 'nonce': 0 20 | } 21 | 22 | def add_transaction(self, sender, receiver, amount): 23 | transaction = { 24 | 'sender': sender, 25 | 'receiver': receiver, 26 | 'amount': amount, 27 | 'timestamp': int(time.time()) 28 | } 29 | self.pending_transactions.append(transaction) 30 | 31 | def mine_block(self): 32 | block = { 33 | 'index': len(self.chain), 34 | 'timestamp': int(time.time()), 35 | 'transactions': self.pending_transactions, 36 | 'previous_hash': self.get_previous_hash(), 37 | 'nonce': 0 38 | } 39 | block['hash'] = self.calculate_hash(block) 40 | self.chain.append(block) 41 | self.pending_transactions = [] 42 | self.propagate_block(block) 43 | 44 | def get_previous_hash(self): 45 | return self.chain[-1]['hash'] 46 | 47 | def calculate_hash(self, block): 48 | block_string = json.dumps(block, sort_keys=True).encode() 49 | block_hash = hashlib.sha256(block_string).hexdigest() 50 | return block_hash 51 | 52 | def propagate_block(self, block): 53 | for node in self.nodes: 54 | if node != self.node_id: 55 | requests.post(f'http://localhost:{node}/receive_block', json=block) 56 | 57 | def is_chain_valid(self, chain): 58 | for i in range(1, len(chain)): 59 | current_block = chain[i] 60 | previous_block = chain[i - 1] 61 | if current_block['previous_hash'] != self.calculate_hash(previous_block): 62 | return False 63 | if not self.validate_transactions(current_block['transactions']): 64 | return False 65 | return True 66 | 67 | def validate_transactions(self, transactions): 68 | aic = AIConsensus('model.h5') 69 | for transaction in transactions: 70 | if not aic.predict([transaction]): 71 | return False 72 | return True 73 | 74 | def receive_block(self, block): 75 | if self.is_chain_valid([block]): 76 | self.chain.append(block) 77 | return True 78 | return False 79 | -------------------------------------------------------------------------------- /tests/__init__.py: -------------------------------------------------------------------------------- 1 | import unittest 2 | 3 | from .test_ai_consensus import TestAIConsensus 4 | from .test_cryptography import TestCryptography 5 | from .test_distributed_ledger import TestDistributedLedger 6 | 7 | def main(): 8 | test_suite = unittest.TestSuite() 9 | test_suite.addTest(unittest.makeSuite(TestAIConsensus)) 10 | test_suite.addTest(unittest.makeSuite(TestCryptography)) 11 | test_suite.addTest(unittest.makeSuite(TestDistributedLedger)) 12 | unittest.TextTestRunner(verbosity=2).run(test_suite) 13 | 14 | if __name__ == '__main__': 15 | main() 16 | -------------------------------------------------------------------------------- /tests/test_ai_consensus.py: -------------------------------------------------------------------------------- 1 | import unittest 2 | import tensorflow as tf 3 | 4 | from src.ai_consensus import AIConsensus 5 | 6 | class TestAIConsensus(unittest.TestCase): 7 | def setUp(self): 8 | self.model_path = 'model.h5' 9 | self.ai_consensus = AIConsensus(self.model_path) 10 | 11 | def test_predict(self): 12 | # Test predict function 13 | # ... 14 | 15 | def test_train(self): 16 | # Test train function 17 | # ... 18 | 19 | def tearDown(self): 20 | # Clean up 21 | # ... 22 | 23 | if __name__ == '__main__': 24 | unittest.main() 25 | -------------------------------------------------------------------------------- /tests/test_cryptography.py: -------------------------------------------------------------------------------- 1 | import unittest 2 | 3 | class TestCryptography(unittest.TestCase): 4 | def setUp(self): 5 | # Set up 6 | self.message = 'Hello, world!' 7 | self.public_key, self.private_key = generate_keys() 8 | 9 | def test_hash_transaction(self): 10 | # Test hash_transaction function 11 | # ... 12 | 13 | def test_generate_keys(self): 14 | # Test generate_keys function 15 | # ... 16 | 17 | def test_encrypt_message(self): 18 | # Test encrypt_message function 19 | # ... 20 | 21 | def test_decrypt_message(self): 22 | # Test decrypt_message function 23 | # ... 24 | 25 | def tearDown(self): 26 | # Clean up 27 | # ... 28 | 29 | if __name__ == '__main__': 30 | unittest.main() 31 | -------------------------------------------------------------------------------- /tests/test_distributed_ledger.py: -------------------------------------------------------------------------------- 1 | import unittest 2 | 3 | class TestDistributedLedger(unittest.TestCase): 4 | def setUp(self): 5 | # Set up 6 | self.node_id = 1 7 | self.nodes = [1, 2, 3] 8 | self.ledger = DistributedLedger(self.node_id, self.nodes) 9 | 10 | def test_create_genesis_block(self): 11 | # Test create_genesis_block function 12 | # ... 13 | 14 | def test_add_transaction(self): 15 | # Test add_transaction function 16 | # ... 17 | 18 | def test_mine_block(self): 19 | # Test mine_block function 20 | # ... 21 | 22 | def test_get_previous_hash(self): 23 | # Test get_previous_hash function 24 | # ... 25 | 26 | def test_calculate_hash(self): 27 | # Test calculate_hash function 28 | # ... 29 | 30 | def test_propagate_block(self): 31 | # Test propagate_block function 32 | # ... 33 | 34 | def test_is_chain_valid(self): 35 | # Test is_chain_valid function 36 | # ... 37 | 38 | def test_validate_transactions(self): 39 | # Test validate_transactions function 40 | # ... 41 | 42 | def test_receive_block(self): 43 | # Test receive_block function 44 | # ... 45 | 46 | def tearDown(self): 47 | # Clean up 48 | # ... 49 | 50 | if __name__ == '__main__': 51 | unittest.main() 52 | -------------------------------------------------------------------------------- /utils/__init__.py: -------------------------------------------------------------------------------- 1 | from .data_processing import preprocess_data, split_data 2 | from .model_training import train_model 3 | -------------------------------------------------------------------------------- /utils/data_processing.py: -------------------------------------------------------------------------------- 1 | import pandas as pd 2 | import numpy as np 3 | 4 | def preprocess_data(data): 5 | # Preprocessing steps 6 | # ... 7 | return preprocessed_data 8 | 9 | def split_data(data, test_size): 10 | # Splitting data into training and testing sets 11 | # ... 12 | return X_train, y_train, X_test, y_test 13 | -------------------------------------------------------------------------------- /utils/model_training.py: -------------------------------------------------------------------------------- 1 | import tensorflow as tf 2 | from tensorflow.keras.models import Sequential 3 | from tensorflow.keras.layers import Dense, Dropout, Activation 4 | from tensorflow.keras.optimizers import Adam 5 | 6 | def train_model(X_train, y_train, X_test, y_test, epochs, batch_size): 7 | # Model architecture 8 | model = Sequential() 9 | model.add(Dense(128, input_dim=X_train.shape[1], activation='relu')) 10 | model.add(Dropout(0.5)) 11 | model.add(Dense(64, activation='relu')) 12 | model.add(Dense(1, activation='sigmoid')) 13 | 14 | # Compile model 15 | model.compile(loss='binary_crossentropy', optimizer=Adam(), metrics=['accuracy']) 16 | 17 | # Train model 18 | model.fit(X_train, y_train, epochs=epochs, batch_size=batch_size, validation_data=(X_test, y_test)) 19 | 20 | # Evaluate model 21 | _, accuracy = model.evaluate(X_test, y_test) 22 | print(f'Test accuracy: {accuracy}') 23 | 24 | return model 25 | --------------------------------------------------------------------------------