feat(github-action): add super-linter action

.github/workflows/pr-title-linter.yml

@@ -0,0 +1,25 @@
+name: PR Title Check
+
+on:
+  pull_request:
+    types: [opened, edited]
+
+jobs:
+  lint-pr-title:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Check PR Title
+        uses: actions/[email protected]
+        with:
+          script: |
+            const title = context.payload.pull_request.title;
+            const regex = /^(feat|fix|chore|docs|style|refactor|perf|test|ci|build|deps|hotfix|env|security): .+/;
+            if (!regex.test(title)) {
+              core.setFailed(`Invalid PR title: "${title}". Titles must match the pattern "type: description" (e.g., "feat: Add new feature").`);
+            } else {
+              console.log(`PR title "${title}" is valid.`);
+            }

.github/workflows/super-linter.yml

@@ -0,0 +1,60 @@
+---
+name: Lint
+
+on:
+  push:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  # ✅ Step 1: Run Super-Linter in check-only mode (does not fix issues)
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run Super-Linter (Check Only)
+        uses: super-linter/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+          VALIDATE_ALL_CODEBASE: true
+
+  # ✅ Step 2: Run Super-Linter in fix mode and commit changes
+  fix-lint-issues:
+    permissions:
+      contents: write  # Allows writing fixed files
+      statuses: write  # Allows updating PR status
+      checks: write  # Allows updating PR checks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Run Super-Linter (Fix Mode)
+        uses: super-linter/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+          # ✅ Enable auto-fix for Shell, Python, YAML, Markdown, and Terraform:
+          FIX_SHELL_SHFMT: true
+          FIX_YAML_PRETTIER: true
+          FIX_PYTHON_BLACK: true
+          FIX_PYTHON_ISORT: true
+          FIX_PYTHON_PYINK: true
+          FIX_MARKDOWN: true
+          FIX_TERRAFORM_FMT: true
+
+      - name: Commit and push linting fixes
+        if: github.event_name == 'pull_request' && github.ref_name != github.event.repository.default_branch
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          branch: ${{ github.event.pull_request.head.ref || github.head_ref || github.ref }}
+          commit_message: "chore: fix linting issues"
+          commit_user_name: super-linter
+          commit_user_email: [email protected]

.gitignore

@@ -0,0 +1,142 @@
+# General
+*.log
+*.tmp
+*.bak
+*.swp
+*.DS_Store
+Thumbs.db
+
+# Python
+__pycache__/
+*.py[cod]
+*.pyo
+*.pyd
+.Python
+env/
+venv/
+ENV/
+*.env
+*.venv
+*.egg-info/
+.eggs/
+dist/
+build/
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Hugging Face / TensorFlow / PyTorch (AI models and cache)
+*.ckpt
+*.pt
+*.pth
+*.h5
+*.onnx
+output/
+logs/
+lightning_logs/
+cache/
+.tokenizers_cache/
+.transformers_cache/
+__pycache__/
+
+# Go
+*.exe
+*.out
+*.test
+vendor/
+*.mod
+*.sum
+
+# Terraform
+secrets.tf
+secrets.tfvars
+.terraform/
+*.tfstate
+*.tfstate.*
+crash.log
+override.tf
+override.tf.json
+*.tfvars
+*.tfvars.json
+.terraform.lock.hcl
+
+# Docker
+*.env
+.env.local
+.dockerignore
+docker-compose.override.yml
+tag.txt
+# Ignore local Docker configuration files
+.docker/
+
+# Kubernetes
+*.yaml
+*.yml~
+.kube/
+*.crt
+*.key
+
+# AWS
+.aws/
+.terraform/
+*.pem
+*.key
+*.config
+
+# Helm / Kustomize
+helm-charts/
+.kube/
+*.release.yaml
+
+# Secrets
+secrets/
+*.secret
+*.key
+*.cert
+*.pfx
+*.pem
+*.json
+
+# Node.js (if used for any UI dashboard)
+node_modules/
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# JetBrains IDEs
+.idea/
+*.iml
+*.iws
+out/
+
+# VS Code
+.vscode/
+.history/
+
+# Operating System Files
+.DS_Store
+Thumbs.db
+
+# Miscellaneous
+*.sqlite3
+*.db
+*.sql
+*.tar
+*.zip
+*.gz
+*.7z
+*.rar
+*.bak
+
+# Logs
+logs/
+*.log
+*.log.*
+nohup.out
+
+# Artifacts
+*.artifact.zip
+*.whl
+
+# Trivy Cache
+.trivy-cache/
+.trivyignore

terraform/backend.tf

@@ -0,0 +1,22 @@
+# -------------------------------------------------------------
+# Define the backend configuration for the Terraform state file
+# -------------------------------------------------------------
+# terraform {
+#   backend "s3" {
+#     bucket         = "terraform-state-bucket-angel3"     # Bucket name
+#     key            = "terraform/state/terraform.tfstate" # Path to the state file
+#     region         = "eu-central-1"                      # Default AWS region 
+#     encrypt        = true                                # Enable encryption
+#     dynamodb_table = "terraform-lock-table"              # DynamoDB table name
+#   }
+# }
+
+terraform {
+  cloud {
+    organization = "my-project-ai-powered"
+
+    workspaces {
+      name = "blockchain-ai-security-platform-terraform-aws"
+    }
+  }
+}

terraform/main.tf

@@ -0,0 +1,64 @@
+# ------------------------------------------------  
+# This is the main file that calls the modules
+# ------------------------------------------------
+
+resource "aws_vpc" "blockchain_vpc" {
+  cidr_block = var.vpc_cidr
+
+  tags = {
+    Name = "blockchain-vpc"
+  }
+}
+
+module "network" {
+  source              = "./modules/network"
+  vpc_id              = var.vpc_id
+  vpc_cidr            = var.vpc_cidr
+  public_subnet_cidr  = var.public_subnet_cidr
+  private_subnet_cidr = var.private_subnet_cidr
+  availability_zones  = var.availability_zones
+  map_public_ip       = var.map_public_ip
+  allowed_ssh_ip      = var.allowed_ssh_ip
+  aws_region          = var.aws_region
+  subnet_ids          = module.network.subnet_ids
+  rds_subnet_ids      = module.network.private_subnet_ids
+  eks_role_arn        = var.eks_role_arn
+  eks_subnet_ids      = var.eks_subnet_ids
+  cluster_name        = var.cluster_name
+  eks_instance_type   = var.eks_instance_type
+}
+
+module "eks" {
+  source            = "./modules/eks"
+  cluster_name      = var.cluster_name
+  cluster_version   = var.cluster_version
+  subnet_ids        = module.network.private_subnet_ids
+  security_group    = module.eks.eks_api_security_group_id
+  eks_role_arn      = module.iam.eks_role_arn
+  eks_instance_type = var.eks_instance_type
+  vpc_id            = module.network.vpc_id
+  allowed_ssh_ip    = var.allowed_ssh_ip
+}
+
+module "rds" {
+  source                = "./modules/rds"
+  vpc_id                = var.vpc_id
+  rds_security_group_id = module.network.rds_security_group_id
+  rds_subnet_ids        = module.network.private_subnet_ids
+  rds_db_username       = var.rds_db_username
+  rds_db_password       = var.rds_db_password
+  rds_role_arn          = module.iam.rds_role_arn
+  eks_nodes_sg_id       = module.network.eks_nodes_sg_id
+}
+
+module "iam" {
+  source           = "./modules/iam"
+  eks_cluster_name = var.cluster_name
+}
+
+module "s3" {
+  source         = "./modules/s3"
+  project_suffix = var.project_suffix
+  environment    = var.environment
+  s3_role_arn    = module.iam.s3_role_arn
+}

terraform/modules/eks/main.tf

@@ -0,0 +1,37 @@
+# ---------------------------------
+# Create EKS Cluster and Node Group
+# ---------------------------------
+
+# EKS Cluster
+resource "aws_eks_cluster" "blockchain_eks" {
+  name     = var.cluster_name
+  role_arn = var.eks_role_arn
+
+  vpc_config {
+    subnet_ids         = var.subnet_ids
+    security_group_ids = [aws_security_group.eks_api_sg.id] # Attach SG to EKS Cluster
+  }
+
+  tags = {
+    Name = "blockchain-eks"
+  }
+}
+
+# EKS Node Group
+resource "aws_eks_node_group" "blockchain_worker_nodes" {
+  cluster_name    = aws_eks_cluster.blockchain_eks.name
+  node_group_name = "blockchain-node-group"
+  node_role_arn   = var.eks_role_arn
+  subnet_ids      = var.subnet_ids
+  instance_types  = [var.eks_instance_type]
+
+  scaling_config {
+    desired_size = 2
+    max_size     = 2
+    min_size     = 1
+  }
+
+  tags = {
+    Name = "blockchain-node-group"
+  }
+}

terraform/modules/eks/outputs.tf

@@ -0,0 +1,37 @@
+output "cluster_name" {
+  value = aws_eks_cluster.blockchain_eks.id
+}
+
+output "eks_cluster_id" {
+  description = "EKS Cluster ID"
+  value       = aws_eks_cluster.blockchain_eks.id
+}
+
+output "eks_cluster_endpoint" {
+  description = "Endpoint for the Kubernetes API server"
+  value       = aws_eks_cluster.blockchain_eks.endpoint
+}
+
+output "eks_cluster_arn" {
+  description = "Amazon Resource Name (ARN) of the EKS Cluster"
+  value       = aws_eks_cluster.blockchain_eks.arn
+}
+
+output "eks_cluster_security_group_id" {
+  description = "Security Group ID for the EKS cluster"
+  value       = aws_eks_cluster.blockchain_eks.vpc_config[0].cluster_security_group_id
+}
+
+output "eks_cluster_certificate_authority" {
+  description = "EKS cluster certificate authority data"
+  value       = aws_eks_cluster.blockchain_eks.certificate_authority[0].data
+}
+
+output "eks_oidc_issuer" {
+  description = "OIDC Issuer URL for IAM authentication"
+  value       = aws_eks_cluster.blockchain_eks.identity[0].oidc[0].issuer
+}
+
+output "eks_api_security_group_id" {
+  value = aws_security_group.eks_api_sg.id
+}