Merge pull request #4122 from rudransh-shrivastava/feature/nestbot-ai-assistant-sync-main

Sync feature/nestbot-ai-assistant with main

Author: arkid15r

.bake.toml

@@ -0,0 +1,25 @@
+# mbake configuration file
+
+debug = false
+gnu_error_format = true
+verbose = false
+wrap_error_messages = false
+
+[formatter]
+align_across_comments = false
+align_variable_assignments = false
+auto_insert_phony_declarations = false
+ensure_final_newline = true
+fix_missing_recipe_tabs = true
+group_phony_declarations = false
+indent_nested_conditionals = false
+max_consecutive_empty_lines = 2
+max_line_length = 120
+normalize_empty_lines = true
+normalize_line_continuations = true
+phony_at_top = false
+remove_trailing_whitespace = true
+space_after_colon = true
+space_around_assignment = true
+space_before_colon = false
+tab_width = 2

.codecov.yml

@@ -0,0 +1,55 @@
+codecov:
+  require_ci_to_pass: true
+
+comment:
+  layout: reach, diff, flags, files, footer
+  behavior: default
+  require_changes: false
+
+coverage:
+  status:
+    project:
+      default:
+        target: auto
+        threshold: 1%
+        base: auto
+      backend:
+        flags:
+          - backend
+        target: 95%
+        threshold: 1%
+        base: auto
+      frontend:
+        flags:
+          - frontend
+        target: 95%
+        threshold: 1%
+        base: auto
+    patch:
+      default:
+        target: auto
+        threshold: 0%
+      backend:
+        flags:
+          - backend
+        target: auto
+        threshold: 0%
+      frontend:
+        flags:
+          - frontend
+        target: auto
+        threshold: 0%
+
+fixes:
+  - /app/::frontend/
+  - /home/owasp/::backend/
+
+flags:
+  backend:
+    paths:
+      - backend/
+    carryforward: true
+  frontend:
+    paths:
+      - frontend/
+    carryforward: true

.github/ISSUE_TEMPLATE/bug_report.md

@@ -6,6 +6,14 @@ labels: ['bug']
 assignees: ''
 ---
 
+Community & Support: [LinkedIn Group](https://www.linkedin.com/groups/14656108/) · [Slack #project-nest](https://owasp.slack.com/archives/project-nest)
+
+Active project leaders: Arkadii Yakovets -- [GitHub](https://github.com/arkid15r/) · [LinkedIn](https://www.linkedin.com/in/arkid15r/) · [Slack](https://owasp.slack.com/team/U060W3NKLTF); Kate Golovanova -- [GitHub](https://github.com/kasya/) · [LinkedIn](https://www.linkedin.com/in/kate-golovanova/) · [Slack](https://owasp.slack.com/team/U07PWB1JZ6Z)
+
+[Contributing](https://github.com/owasp/nest/blob/main/CONTRIBUTING.md) · [Code of Conduct](https://github.com/owasp/nest/blob/main/CODE_OF_CONDUCT.md) · [GSoC Mentors](https://github.com/owasp/nest/blob/main/MENTORS.md)
+
+---
+
 **Describe the bug**
 A clear and concise description of what the bug is.
 

.github/ISSUE_TEMPLATE/config.yml

@@ -3,3 +3,6 @@ contact_links:
   - name: Got questions about OWASP Nest? We're here to help!
     url: https://owasp.slack.com/archives/project-nest
     about: 'Join our OWASP Slack channel #project-nest'
+  - name: Connect with the OWASP Nest community on LinkedIn
+    url: https://www.linkedin.com/groups/14656108/
+    about: Join our LinkedIn group

.github/ISSUE_TEMPLATE/feature_request.md

@@ -6,6 +6,14 @@ labels: ['enhancement']
 assignees: ''
 ---
 
+Community & Support: [LinkedIn Group](https://www.linkedin.com/groups/14656108/) · [Slack #project-nest](https://owasp.slack.com/archives/project-nest)
+
+Active project leaders: Arkadii Yakovets -- [GitHub](https://github.com/arkid15r/) · [LinkedIn](https://www.linkedin.com/in/arkid15r/) · [Slack](https://owasp.slack.com/team/U060W3NKLTF); Kate Golovanova -- [GitHub](https://github.com/kasya/) · [LinkedIn](https://www.linkedin.com/in/kate-golovanova/) · [Slack](https://owasp.slack.com/team/U07PWB1JZ6Z)
+
+[Contributing](https://github.com/owasp/nest/blob/main/CONTRIBUTING.md) · [Code of Conduct](https://github.com/owasp/nest/blob/main/CODE_OF_CONDUCT.md) · [GSoC Mentors](https://github.com/owasp/nest/blob/main/MENTORS.md)
+
+---
+
 **Is your feature request related to a problem? Please describe.**
 A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,4 +1,3 @@
-
 ## STOP AND READ BEFORE SUBMITTING! REMOVE THIS PARAGRAPH BEFORE OPENING THE PR
 
 Thank you for your interest in contributing to OWASP Nest!

.github/ansible/.ansible-lint.yaml

@@ -0,0 +1 @@
+profile: production

.github/ansible/inventory.yaml

@@ -11,15 +11,3 @@ nest:
       ansible_python_interpreter: /usr/bin/python3
       ansible_ssh_private_key_file: "{{ lookup('env', 'PROXY_SSH_PRIVATE_KEY_PATH') }}"
       ansible_user: proxy
-
-    staging_nest:
-      ansible_host: "{{ lookup('env', 'NEST_HOST_IP_ADDRESS') }}"
-      ansible_python_interpreter: /usr/bin/python3
-      ansible_ssh_private_key_file: "{{ lookup('env', 'NEST_SSH_PRIVATE_KEY_PATH') }}"
-      ansible_user: staging
-
-    staging_nest_proxy:
-      ansible_host: "{{ lookup('env', 'PROXY_HOST_IP_ADDRESS') }}"
-      ansible_python_interpreter: /usr/bin/python3
-      ansible_ssh_private_key_file: "{{ lookup('env', 'PROXY_SSH_PRIVATE_KEY_PATH') }}"
-      ansible_user: proxy

.github/ansible/production/nest.yaml

@@ -1,4 +1,4 @@
-  - name: Deploy Nest to Production
+  - name: Deploy Nest to Production  # yamllint disable-line rule:indentation
     hosts: production_nest
     tasks:
       - name: Copy docker-compose.yaml
@@ -8,28 +8,36 @@
           mode: '0644'
 
       - name: Sync Makefile structure
-        ansible.builtin.synchronize:
+        ansible.posix.synchronize:
           src: '{{ github_workspace }}/'
-          dest: '~/'
-          recursive: yes
+          dest: ~/
+          recursive: true
           rsync_opts:
-            - '--include=*/'
-            - '--include=Makefile'
-            - '--include=*/Makefile'
-            - '--include=*/**/Makefile'
-            - '--include=*/**/**/Makefile'
-            - '--exclude=*'
-
-      - name: Update backend makefile for the production environment
-        shell:
-          cmd: sed -i 's/\bnest-backend\b/production-nest-backend/' ~/backend/Makefile
+            - --include=*/
+            - --include=Makefile
+            - --include=*/Makefile
+            - --include=*/**/Makefile
+            - --include=*/**/**/Makefile
+            - --exclude=*
 
-      - name: Update frontend makefile for the production environment
-        shell:
-          cmd: sed -i 's/\bnest-frontend\b/production-nest-frontend/' ~/frontend/Makefile
+      - name: Update Makefiles for production environment
+        ansible.builtin.command:
+          argv:
+            - sed
+            - -i
+            - '{{ item.sed_expr }}'
+            - '{{ item.path }}'
+        loop:
+          - sed_expr: /e2e-\|fuzz-/! s/\bnest-backend\b/production-nest-backend/g
+            path: '{{ ansible_env.HOME }}/backend/Makefile'
+          - sed_expr: /e2e-\|fuzz-/! s/\bnest-db\b/production-nest-db/g
+            path: '{{ ansible_env.HOME }}/backend/Makefile'
+          - sed_expr: s/\bnest-frontend\b/production-nest-frontend/g
+            path: '{{ ansible_env.HOME }}/frontend/Makefile'
+        changed_when: false
 
       - name: Copy secrets
-        copy:
+        ansible.builtin.copy:
           src: '{{ github_workspace }}/{{ item }}'
           dest: ~/
           mode: '0400'
@@ -42,7 +50,7 @@
 
       - name: Clean up secrets
         delegate_to: localhost
-        file:
+        ansible.builtin.file:
           path: '{{ github_workspace }}/{{ item }}'
           state: absent
         loop:
@@ -51,28 +59,32 @@
           - .env.db
           - .env.frontend
           - .github.pem
-        run_once: true
 
       - name: Copy crontab
-        copy:
+        ansible.builtin.copy:
           src: '{{ github_workspace }}/cron/production'
           dest: /tmp/production_crontab
           mode: '0600'
 
       - name: Install crontab
         ansible.builtin.command:
           cmd: crontab /tmp/production_crontab
+        changed_when: false
 
       - name: Restart services
-        shell:
+        ansible.builtin.command:
           cmd: docker compose up -d --pull always
+        changed_when: false
 
       - name: Prune docker images
-        shell:
+        ansible.builtin.command:
           cmd: docker image prune -f
+        changed_when: false
 
       - name: Index data
-        async: 1800 # 30 minutes
+        async: 1800  # 30 minutes
         poll: 0
-        shell: |
+        # Shell required for stdout/stderr redirect to log file.
+        ansible.builtin.shell: |
           make index-data > /var/log/nest/production/index-data.log 2>&1
+        changed_when: false

.github/ansible/production/proxy.yaml

@@ -1,29 +1,40 @@
-- name: Deploy Production Nest Proxy
-  hosts: production_nest_proxy
-  tasks:
-    - name: Copy proxy configuration files
-      copy:
-        src: '{{ github_workspace }}/proxy/{{ item }}'
-        dest: ~/
-        mode: '0644'
-      loop:
-        - blocked_ips.conf
-        - cloudflare_realip.conf
-        - headers.conf
-        - production.conf
-        - proxy_cache.conf
-        - redirects.conf
+  - name: Deploy Production Nest Proxy  # yamllint disable-line rule:indentation
+    hosts: production_nest_proxy
+    tasks:
+      - name: Copy proxy configuration files
+        ansible.builtin.copy:
+          src: '{{ github_workspace }}/proxy/{{ item }}'
+          dest: ~/
+          mode: '0644'
+        loop:
+          - blocked_ips.conf
+          - cloudflare_realip.conf
+          - headers.conf
+          - production.conf
+          - proxy_cache.conf
+          - redirects.conf
 
-    - name: Copy docker compose file
-      copy:
-        src: '{{ github_workspace }}/docker-compose/proxy/compose.yaml'
-        dest: ~/docker-compose.yaml
-        mode: '0644'
+      - name: Copy docker compose file
+        ansible.builtin.copy:
+          src: '{{ github_workspace }}/docker-compose/proxy/compose.yaml'
+          dest: ~/docker-compose.yaml
+          mode: '0644'
 
-    - name: Restart services
-      shell:
-        cmd: docker compose up -d --pull always && docker compose restart
+      - name: Pull and start services
+        ansible.builtin.command:
+          cmd: docker compose up -d --pull always
+        args:
+          chdir: '{{ ansible_env.HOME }}'
+        changed_when: false
 
-    - name: Prune docker images
-      shell:
-        cmd: docker image prune -f
+      - name: Restart services
+        ansible.builtin.command:
+          cmd: docker compose restart
+        args:
+          chdir: '{{ ansible_env.HOME }}'
+        changed_when: false
+
+      - name: Prune docker images
+        ansible.builtin.command:
+          cmd: docker image prune -f
+        changed_when: false