Merge pull request #4 from groupon/docker-compose

Docker compose

Dockerfile

@@ -0,0 +1,24 @@
+FROM ruby:2.2.3
+RUN apt-get update -qq && apt-get install -y build-essential nodejs nodejs-legacy npm default-jdk maven unzip mysql-client
+
+RUN npm install -g retire
+RUN npm install -g nsp
+
+RUN wget -q https://github.com/find-sec-bugs/find-sec-bugs/releases/download/version-1.4.5/findsecbugs-cli-1.4.5.zip -O findsecbugs.zip
+RUN unzip findsecbugs.zip -d /findsecbugs
+
+RUN wget -q https://github.com/pmd/pmd/releases/download/pmd_releases%2F5.4.1/pmd-bin-5.4.1.zip -O pmd.zip
+RUN unzip pmd.zip
+
+WORKDIR /tmp
+COPY Gemfile Gemfile
+COPY Gemfile.lock Gemfile.lock
+RUN bundle install
+
+RUN mkdir /codeburner
+
+ADD . /codeburner
+
+WORKDIR /codeburner
+
+CMD bundle exec rails s -b 0.0.0.0

Gemfile

@@ -18,6 +18,8 @@ gem 'attribute-defaults'
 gem 'kaminari'
 
 group :development, :test do
+  gem 'capistrano-bundler'
+
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug'
 

Gemfile.lock

@@ -142,7 +142,7 @@ GEM
     do_sqlite3 (0.10.17)
       data_objects (= 0.10.17)
     docile (1.1.5)
-    domain_name (0.5.20160216)
+    domain_name (0.5.20160309)
       unf (>= 0.0.5, < 1.0.0)
     erubis (2.7.0)
     faraday (0.9.2)
@@ -252,7 +252,7 @@ GEM
       activesupport (= 4.2.5.1)
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
-    rake (10.5.0)
+    rake (11.0.1)
     redis (3.2.2)
     redis-actionpack (4.0.1)
       actionpack (~> 4)
@@ -341,6 +341,7 @@ PLATFORMS
 DEPENDENCIES
   attribute-defaults
   byebug
+  capistrano-bundler
   capistrano-rails
   capistrano-sidekiq
   chronic

README.md

@@ -33,8 +33,11 @@ Codeburner uses the [OWASP pipeline](https://github.com/OWASP/pipeline) project
 ## Documentation
 You can find full documentation for Codeburner at <a href="http://groupon.github.io/codeburner" target="_blank">http://groupon.github.io/codeburner</a>
 
+### Quick Start
+See our <a href="https://groupon.github.io/codeburner/setup/quickstart/" target="_blank">Quick Start Guide</a> if you want to try out Codeburner as quickly as possible using <a href="https://www.docker.com/products/docker-compose" target="_blank">Docker Compose</a>.
+
 ### Installation
-See our <a href="https://groupon.github.io/codeburner/setup/installation/" target="_blank">Installation Guide</a> for complete install instructions.
+See our <a href="https://groupon.github.io/codeburner/setup/installation/" target="_blank">Installation Guide</a> for complete manual install instructions.
 
 ### User Guide
 The <a href="https://groupon.github.io/codeburner/user/burns/" target="_blank">User Guide</a> will give you an overview of how to use Codeburner once you have things up and running.

config/app.yml

@@ -55,8 +55,8 @@ pipeline:
     Java:
       - PMD
       - FindSecurityBugs
-  pmd_path: /path/to/pmd/install
-  findsecbugs_path: /path/to/findsecbugs/install
+  pmd_path: /pmd/pmd-bin-5.4.1
+  findsecbugs_path: /findsecbugs
   checkmarx_server: my_checkmarx_server
   checkmarx_user: my_checkmarx_user
   checkmarx_password: my_checkmarx_password

config/application.rb

@@ -55,7 +55,7 @@ class Application < Rails::Application
     case ENV['RAILS_ENV']
     when 'production'
       $redis_options = {
-        :host => 'localhost',
+        :host => 'redis',
         :port => 6379
       }
     when 'staging'

config/database.yml

@@ -24,8 +24,8 @@
 common: &common
   adapter: mysql2
   pool: 5
-  wait_timeout: 50
-  connect_timeout: 200
+  wait_timeout: 1000
+  connect_timeout: 500
   read_timeout: 2000
   write_timeout: 2000
   reconnect: true
@@ -35,7 +35,7 @@ local: &local
   host: 127.0.0.1
   password:
   username: root
-  wait_timeout: 10000
+  wait_timeout: 5000
 
 development:
   <<: *local
@@ -55,6 +55,7 @@ staging:
 production:
   <<: *common
   database: codeburner_production
-  host: my_production_db_host
-  password: my_production_db_password
-  username: my_production_db_username
+  host: <%= ENV['DB_PORT_3306_TCP_ADDR'] %>
+  port: <%= ENV['DB_PORT_3306_TCP_PORT'] %>
+  password:
+  username: root

config/deploy/production.rb

@@ -0,0 +1,61 @@
+# server-based syntax
+# ======================
+# Defines a single server with a list of roles and multiple properties.
+# You can define all roles on a single server, or split them:
+
+# server 'example.com', user: 'deploy', roles: %w{app db web}, my_property: :my_value
+# server 'example.com', user: 'deploy', roles: %w{app web}, other_property: :other_value
+# server 'db.example.com', user: 'deploy', roles: %w{db}
+
+
+
+# role-based syntax
+# ==================
+
+# Defines a role with one or multiple servers. The primary server in each
+# group is considered to be the first unless any  hosts have the primary
+# property set. Specify the username and a domain or IP for the server.
+# Don't use `:all`, it's a meta role.
+
+# role :app, %w{[email protected]}, my_property: :my_value
+# role :web, %w{[email protected] [email protected]}, other_property: :other_value
+# role :db,  %w{[email protected]}
+
+
+
+# Configuration
+# =============
+# You can set any configuration variable like in config/deploy.rb
+# These variables are then only loaded and set in this stage.
+# For available Capistrano configuration variables see the documentation page.
+# http://capistranorb.com/documentation/getting-started/configuration/
+# Feel free to add new variables to customise your setup.
+
+
+
+# Custom SSH Options
+# ==================
+# You may pass any option but keep in mind that net/ssh understands a
+# limited set of options, consult the Net::SSH documentation.
+# http://net-ssh.github.io/net-ssh/classes/Net/SSH.html#method-c-start
+#
+# Global options
+# --------------
+#  set :ssh_options, {
+#    keys: %w(/home/rlisowski/.ssh/id_rsa),
+#    forward_agent: false,
+#    auth_methods: %w(password)
+#  }
+#
+# The server-based syntax can be used to override options:
+# ------------------------------------
+# server 'example.com',
+#   user: 'user_name',
+#   roles: %w{web app},
+#   ssh_options: {
+#     user: 'user_name', # overrides user setting above
+#     keys: %w(/home/user_name/.ssh/id_rsa),
+#     forward_agent: false,
+#     auth_methods: %w(publickey password)
+#     # password: 'please use keys'
+#   }

config/deploy/staging.rb

@@ -0,0 +1,61 @@
+# server-based syntax
+# ======================
+# Defines a single server with a list of roles and multiple properties.
+# You can define all roles on a single server, or split them:
+
+# server 'example.com', user: 'deploy', roles: %w{app db web}, my_property: :my_value
+# server 'example.com', user: 'deploy', roles: %w{app web}, other_property: :other_value
+# server 'db.example.com', user: 'deploy', roles: %w{db}
+
+
+
+# role-based syntax
+# ==================
+
+# Defines a role with one or multiple servers. The primary server in each
+# group is considered to be the first unless any  hosts have the primary
+# property set. Specify the username and a domain or IP for the server.
+# Don't use `:all`, it's a meta role.
+
+# role :app, %w{[email protected]}, my_property: :my_value
+# role :web, %w{[email protected] [email protected]}, other_property: :other_value
+# role :db,  %w{[email protected]}
+
+
+
+# Configuration
+# =============
+# You can set any configuration variable like in config/deploy.rb
+# These variables are then only loaded and set in this stage.
+# For available Capistrano configuration variables see the documentation page.
+# http://capistranorb.com/documentation/getting-started/configuration/
+# Feel free to add new variables to customise your setup.
+
+
+
+# Custom SSH Options
+# ==================
+# You may pass any option but keep in mind that net/ssh understands a
+# limited set of options, consult the Net::SSH documentation.
+# http://net-ssh.github.io/net-ssh/classes/Net/SSH.html#method-c-start
+#
+# Global options
+# --------------
+#  set :ssh_options, {
+#    keys: %w(/home/rlisowski/.ssh/id_rsa),
+#    forward_agent: false,
+#    auth_methods: %w(password)
+#  }
+#
+# The server-based syntax can be used to override options:
+# ------------------------------------
+# server 'example.com',
+#   user: 'user_name',
+#   roles: %w{web app},
+#   ssh_options: {
+#     user: 'user_name', # overrides user setting above
+#     keys: %w(/home/user_name/.ssh/id_rsa),
+#     forward_agent: false,
+#     auth_methods: %w(publickey password)
+#     # password: 'please use keys'
+#   }

config/secrets.yml

@@ -41,7 +41,5 @@ test:
 
 production:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
-  secret_token: <%= ENV["SECRET_KEY_TOKEN"] %>
 staging:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
-  secret_token: <%= ENV["SECRET_KEY_TOKEN"] %>

docker-build.sh

@@ -0,0 +1,7 @@
+docker-compose build
+docker-compose run web bash -c "while ! mysqladmin ping -h db --silent; do echo waiting for mysql; sleep 3; done; mysqladmin -u root -h db create codeburner_production"
+docker-compose run web rake db:setup
+
+if [ $? == 0 ]; then
+  echo -e "\nDocker containers initialized, run 'docker-compose up' to start Codeburner."
+fi

docker-compose.yml

@@ -0,0 +1,28 @@
+db:
+  image: mysql:5.7
+  ports:
+    - "13306:3306"
+  environment:
+    MYSQL_ALLOW_EMPTY_PASSWORD: 'true'
+redis:
+  image: redis
+  ports:
+    - "6379:6379"
+web: &app_base
+  build: .
+  environment:
+    - RAILS_ENV=production
+    - RAILS_SERVE_STATIC_FILES=true
+    - SECRET_KEY_BASE=d21e2a84a06dc6b1fe95e30a18df6ec559dd623e0a1cd6439796533693167c3b2086a2e143564b1a11d41089c7d22651a4c993a3b30efd93af1e0143ffb57d4c
+  volumes:
+    - .:/codeburner
+  ports:
+    - "3000:3000"
+  links:
+    - db
+    - redis
+  command: bash -c "rm -f /codeburner/tmp/pids/server.pid && bundle exec rails s -b 0.0.0.0"
+worker:
+  <<: *app_base
+  ports: []
+  command: bundle exec sidekiq

docs/setup/quickstart.md

@@ -0,0 +1,49 @@
+This guide is intended to get you up and running with Codeburner as quickly as possible.  It assumes a basic level of experience working with <a href="https://www.docker.com/" target="_blank">Docker</a> containers.
+
+The resulting image should be fully functional to test Codeburner in your environment.  However, it uses public docker images with known rails keys and has not been secured in any way or tuned for optimal performance (for example by having the static content served by something like nginx).  It **should not** be considered production ready in an enterprise environment.
+
+That said if you'd like to make it ready yourself, the included <a href="https://github.com/groupon/codeburner/blob/master/Dockerfile" target="_blank">Dockerfile</a> and <a href="https://github.com/groupon/codeburner/blob/master/docker-compose.yml" target="_blank">docker-compose.yml</a> should get you most of the way there.
+
+## Docker
+You'll need <a href="https://www.docker.com/" target="_blank">Docker</a> installed with the **docker-compose** command available.
+
+See instructions to accomplish this for your specific OS here: <a href="https://docs.docker.com/compose/install/" target="_blank">https://docs.docker.com/compose/install/</a>
+
+***
+
+## Configure
+Minimally you'll want to configure GitHub access.  See the [Configuration Guide](/setup/configuration/) if you need to configure additional items (like JIRA access, etc).
+
+### Generate a Token
+To configure GitHub API access you'll need to generate a personal access token for Codeburner to use.  GitHub publishes a handy guide on creating tokens if you need help:
+
+<a href="https://help.github.com/articles/creating-an-access-token-for-command-line-use/" target="_blank">https://help.github.com/articles/creating-an-access-token-for-command-line-use/</a>
+
+### Configuration
+Once you have an access token, you can add it to <a href="https://github.com/groupon/codeburner/blob/master/config/app.yml" target="_blank">config/app.yml</a>:
+
+```yaml
+github:
+  api_endpoint: https://api.github.com/
+  api_access_token: my_github_api_token
+  link_host: https://www.github.com
+```
+
+If you're using GitHub Enterprise instead of public GitHub, you'll also want to change 'api_endpoint' here to the appropriate URL for API requests and 'link_host' to the base URL for generating clickable links, both according to your local GHE installation.
+
+***
+
+## Build
+To build the container to run Codeburner and the scanning tools, you'll need to run the provided script:
+
+<pre class="command-line language-bash"><code>sh ./docker-build.sh</code></pre>
+
+!!! NOTE
+    The Codeburner application and all the supported scanning tools have **many** dependencies.  This build process can take quite a while.
+
+***
+
+## Start Burning!
+Once the container image is built, you can start the Codeburner application and all the dependent containers with docker-compose:
+
+<pre class="command-line language-bash"><code>docker-compose up</code></pre>

lib/tasks/burn.rake

@@ -19,9 +19,10 @@ namespace :burn do
     input = STDIN.getch
     raise RuntimeError unless input.downcase == 'y'
 
+    count = Finding.burn_id(id).count
     Finding.burn_id(id).destroy_all
     burn.destroy
-    puts "Successfully deleted burn ##{id} and #{Finding.burn_id(id).count} findings"
+    puts "Successfully deleted burn ##{id} and #{count} findings"
 
     $redis.del ["burn_list", "burn_stats", "stats", "history", "history_range"]
   end

lib/tasks/frontend.rake

@@ -0,0 +1,8 @@
+require './config/boot'
+require './config/environment'
+
+namespace :frontend do
+  task :build do
+    puts `cd client && grunt build && cp -r dist/* #{Dir.pwd}/public/`
+  end
+end

mkdocs.yml

@@ -11,6 +11,7 @@ extra_javascript:
 pages:
   - Home: index.md
   - Setup Guide:
+    - Quick Start: setup/quickstart.md
     - Installation: setup/installation.md
     - Configuration: setup/configuration.md
     - Scanning Tools: setup/scanning_tools.md