Initial commit: Course baseline

Co-authored-by: Joe Moore <[email protected]>
Co-authored-by: Felipe <[email protected]>
Co-authored-by: Carlton Schuyler: <[email protected]>

Author: 4 people

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,41 @@
+---
+name: Bug report
+about: Create a bug report to help us improve
+title: "BUG: "
+labels: bug
+assignees: ""
+---
+
+**Current Behavior / Description**
+A clear and concise description of what the bug is.
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+--- OPTIONAL BELOW ---
+**Desktop (please complete the following information):**
+
+- OS: [e.g. iOS]
+- Browser [e.g. chrome, safari]
+- Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+
+- Device: [e.g. iPhone6]
+- OS: [e.g. iOS8.1]
+- Browser [e.g. stock browser, safari]
+- Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/chore.md

@@ -0,0 +1,13 @@
+---
+name: Chore
+about: Default chore template
+title: CHORE
+labels: chore
+assignees: ""
+---
+
+### Chore Description
+
+### Definition of Done
+
+### Notes

.github/ISSUE_TEMPLATE/user-story.md

@@ -0,0 +1,23 @@
+---
+name: User Story
+about: User story template
+title: ""
+labels: ""
+assignees: ""
+---
+
+## User Story
+
+**As** Jude
+**I want**
+**So that**
+
+## Acceptance Criteria
+
+**_Given_**
+**_When_**
+**_Then_**
+
+### Notes
+
+-

.github/workflows/deploy-content-prod.yaml

@@ -0,0 +1,23 @@
+name: "Deploy to Production"
+run-name: Deploy Content and Metadata from ${{ github.ref_name }} to Production
+
+on:
+  # push:
+  #   tags:
+  #     - "v[0-9]+.[0-9]+.[0-9]+"
+  workflow_dispatch:
+jobs:
+  build:
+    name: Deploy to Production
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Deploy content
+        env:
+          PENGUINCTL_APIURL: ${{ secrets.PENGUINCTL_APIURL_PROD }}
+          PENGUINCTL_APITOKEN: ${{ secrets.PENGUINCTL_APITOKEN_PROD }}
+        run: |
+          make deploy

.github/workflows/deploy-content-staging.yaml

@@ -0,0 +1,24 @@
+name: "Deploy to Staging"
+run-name: Deploy Content and Metadata from ${{ github.ref_name }} to Staging
+
+on:
+  # push:
+  #   branches:
+  #     - main
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Deploy to Staging
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Deploy content
+        env:
+          PENGUINCTL_APIURL: ${{ secrets.PENGUINCTL_APIURL_STAGING }}
+          PENGUINCTL_APITOKEN: ${{ secrets.PENGUINCTL_APITOKEN_STAGING }}
+        run: |
+          make deploy

.github/workflows/publish-workshops.yaml

@@ -0,0 +1,23 @@
+name: Publish Workshops
+run-name: Publish Workshop Content and Configuration from ${{ github.ref_name }} to GHCR
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/**"
+      - "workshops/**"
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+  workflow_dispatch:
+
+jobs:
+  publish-workshop:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Publish Workshops
+        uses: spring-academy/spring-academy-github-actions/publish-workshop@v6
+        with:
+          token: ${{secrets.GHCR_TOKEN}}

.gitignore

@@ -0,0 +1,21 @@
+# IDEs
+.idea
+
+##
+*.swp
+.DS_Store
+.bash_history
+.cache
+.config
+.docker
+.envrc
+.gitconfig
+.kube
+.lesshst
+.local
+.ssh
+.theia
+.webdav
+.yarn
+.envrc
+.vscode

01-lesson-introduction/content.md

@@ -0,0 +1,37 @@
+This course is designed to help you build your applications with the secure foundation of Spring Security, specifically in the context of Spring Boot.
+
+Our Spring experts guide you through building and running a fully functional REST API that manages cash cards for an imaginary company Family Cash Cards. You can think of the cash card being very similar to a gift card that many of us send and receive.
+
+## What You Will Learn
+
+By the end of this course, you'll learn to:
+
+- Understand the basics of authentication, authorization, and web application defense
+- Identify and evaluate authentication and authorization options
+- Secure a REST API using Spring Security's OAuth 2.0 Resource Server support
+- Secure Spring MVC endpoints and Spring Data queries using Spring Security primitives
+- Test your application with security enabled and accounted for
+
+## What You Will Build
+
+In this course's labs, you'll create a REST API that manages cash cards for an imaginary cash company, Family Cash Cards. The application stores cash cards in an in-memory database that can be administered through a GET endpoint and one POST. This application is based on Spring Boot and uses Spring Security to authenticate the user, authorize each request, and provide defense against common web application vulnerabilities like CSRF.
+
+## Hands-On Labs
+
+The labs in this course provide an interactive terminal and editor, so you don't need any specific tools installed on your own machine.
+
+## Prerequisites
+
+In order to get the most out of this course, you should have:
+
+- Experience with Java
+- Familiarity with Spring Framework and Spring Boot
+- Basic knowledge of HTTP
+
+## Project-Based
+
+Rather than structuring this course like formal documentation or a textbook, we've approached it as a real-world development project. So what does this mean?
+
+Each lesson is designed to explain a _specific_ Spring Security concept. The lessons have companion labs representing a task in the development process that you may encounter during a real-world project.
+
+Additionally, rather than covering each concept in depth, we'll only cover enough details to complete each task, as well as help you generally understand what's going on "under the hood" in the application. We'll also explain _why_ we're making the choices we do as well as what _other options_ and _trade-offs_ exist.

01-lesson-introduction/description.md

@@ -0,0 +1 @@
+Learn what you will learn.

01-lesson-introduction/lesson.json

@@ -0,0 +1,12 @@
+{
+  "id": "spring-academy-secure-rest-api-oauth2-introduction",
+  "slug": "introduction",
+  "title": "Introduction",
+  "status": "live",
+  "type": "article",
+  "duration": 300,
+  "entitlements": [],
+  "settings": {
+    "manualCompletion": true
+  }
+}