A basic sample which began life as part of the Packeto Buildpack samples. Designed to illustrate how buildpacks and supply chains work to build and deploy an application. Should work just fine with VMware Tanzu Application Platform and VMware Tanzu Application Service.
For a fresh clone, you may have to have Pipenv install the dependencies first.
pipenv install
pipenv run gunicorn --bind=127.0.0.1:8001 app:app`curl http://localhost:8001
tanzu apps workload create python-pipenv \
--git-repo https://github.com/benwilcock/python-pipenv \
--git-branch main \
--type web \
--label app.kubernetes.io/part-of=python-pipenv \
--label apps.tanzu.vmware.com/has-tests=true \
--param-yaml testing_pipeline_matching_labels='{"apps.tanzu.vmware.com/pipeline":"test", "apps.tanzu.vmware.com/language":"python"}' \
--annotation autoscaling.knative.dev/minScale=1 \
--tail \
--yes/HTML home page (shows a single page app containing a static image and some text). Contains a link to the source code./messagesREST [GET] (shows a single hardcoded message as part of a list of messages)./versionsPlaintext (shows the version of Gunicorn used in this app).
For a simple customisation, in the application code (in the app.py hello() method) change the name of the client variable from "VMware" to someone else and then redeploy/restart.
@app.route("/")
def hello():
client = "VMware"
return render_template('index.html', client=client)The homepage will then use the new name of the client in the text at the bottom of the page.
Adding a known vulnerability:
Open the Pipfile, and under the [Packages] section add the line ffmpeg = "==1.4".
nano PipfileNow recreate the requirements.txt file (Grype uses this as a list of dependencies):
pipenv lock --requirements > requirements.txtNow run the Grype scanner on the code folder:
grype . # Run from this folderGrype should spot the vulnerability and log warnings to the console.
To remove the vulnerability, remove the ffmpeg dependency from the Pipfile and recreate the requirements.txt again.