Feature/config

.dockerignore

@@ -10,6 +10,7 @@ __pycache__/
 .env.*
 .pytest_cache/
 .vscode/
+tree.py
 
 # pytest
 .pytest_cache/
@@ -44,6 +45,9 @@ __pycache__/
 .venv/
 venv/
 env/
+.env
+.env.local
+.env.*.local
 
 # IDEs
 .vscode/

.env.example

@@ -1 +1,25 @@
-test
+# Database Configuration
+DATABASE__HOST=localhost
+DATABASE__PORT=5432
+DATABASE__USER=postgres
+DATABASE__PASSWORD=your_secure_password
+DATABASE__DB=deribit_tracker
+
+# Deribit API Configuration
+DERIBIT_API__CLIENT_ID=your_client_id
+DERIBIT_API__CLIENT_SECRET=your_client_secret
+DERIBIT_API__BASE_URL=https://www.deribit.com/api/v2
+
+# Redis Configuration
+REDIS__HOST=localhost
+REDIS__PORT=6379
+REDIS__DB=0
+
+# Application Configuration
+APPLICATION__DEBUG=False
+APPLICATION__API_V1_PREFIX=/api/v1
+APPLICATION__PROJECT_NAME=Deribit Price Tracker API
+APPLICATION__VERSION=0.2.0
+
+# CORS Configuration
+CORS__ORIGINS=["http://localhost:8000","http://127.0.0.1:8000"]

.github/workflows/ci.yml

@@ -27,6 +27,38 @@ jobs:
         pip install poetry
         poetry config virtualenvs.create false
 
+    - name: Create .env file for tests
+      run: |
+        cat > .env << 'EOF'
+        # Database Configuration
+        DATABASE__HOST=localhost
+        DATABASE__PORT=5432
+        DATABASE__USER=test_user
+        DATABASE__PASSWORD=test_password
+        DATABASE__DB=test_db
+
+        # Deribit API Configuration
+        DERIBIT_API__CLIENT_ID=test_client_id
+        DERIBIT_API__CLIENT_SECRET=test_client_secret
+
+        # Redis Configuration
+        REDIS__HOST=localhost
+        REDIS__PORT=6379
+        REDIS__DB=0
+
+        # Application Configuration
+        APPLICATION__DEBUG=false
+        APPLICATION__API_V1_PREFIX=/api/v1
+        APPLICATION__PROJECT_NAME=Deribit Price Tracker Test
+        APPLICATION__VERSION=1.0.0
+
+        # CORS Configuration
+        CORS__ORIGINS=["http://localhost:8000"]
+        EOF
+
+        echo "=== Created .env file ==="
+        cat .env
+
     - name: Install dependencies
       run: poetry install --with dev
 
@@ -67,6 +99,16 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Create .env file for security checks
+        run: |
+          cat > .env << 'EOF'
+          DATABASE__HOST=localhost
+          DATABASE__PORT=5432
+          DATABASE__USER=test_user
+          DATABASE__PASSWORD=test_password
+          DATABASE__DB=test_db
+          EOF
+
       - name: Run security scan
         run: |
             pip install bandit safety

.gitignore

@@ -1,6 +1,7 @@
 # Environment
 .env
 .env.local
+.env.*.local
 
 # Credentials
 credentials/
@@ -64,6 +65,7 @@ venv.bak/
 *.swo
 *~
 .ruff_cache
+tree.py
 
 # OS
 .DS_Store

.gitlab-ci.yml

@@ -19,6 +19,31 @@ before_script:
   - pip install poetry==$POETRY_VERSION
   - poetry config virtualenvs.create true
   - poetry config virtualenvs.in-project true
+  - |
+    @'
+    DATABASE__HOST=localhost
+    DATABASE__PORT=5432
+    DATABASE__USER=test_user
+    DATABASE__PASSWORD=test_password
+    DATABASE__DB=test_db
+
+    DERIBIT_API__CLIENT_ID=test_client_id
+    DERIBIT_API__CLIENT_SECRET=test_client_secret
+
+    REDIS__HOST=localhost
+    REDIS__PORT=6379
+    REDIS__DB=0
+
+    APPLICATION__DEBUG=false
+    APPLICATION__API_V1_PREFIX=/api/v1
+    APPLICATION__PROJECT_NAME=Deribit Price Tracker Test
+    APPLICATION__VERSION=1.0.0
+
+    CORS__ORIGINS=["http://localhost:8000"]
+    '@ | Out-File -FilePath .env -Encoding UTF8
+
+    Write-Host "=== Created .env file ==="
+    Get-Content .env
   - poetry install --with dev
 
 test:
@@ -40,6 +65,15 @@ test:
 
 security:
   stage: security
+  before_script:
+    - |
+      @'
+      DATABASE__HOST=localhost
+      DATABASE__PORT=5432
+      DATABASE__USER=test_user
+      DATABASE__PASSWORD=test_password
+      DATABASE__DB=test_db
+      '@ | Out-File -FilePath .env -Encoding UTF8
   script:
     - pip install bandit
     - bandit -r . -c .bandit.yml -f json -o bandit-report.json

.pre-commit-config.yaml

@@ -24,3 +24,4 @@ repos:
     rev: v1.5.0
     hooks:
       - id: detect-secrets
+        args: ['--baseline', '.secrets.baseline']

.secrets.baseline

@@ -0,0 +1,211 @@
+{
+  "version": "1.5.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "IPPublicDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "OpenAIDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {
+    ".github\\workflows\\ci.yml": [
+      {
+        "type": "Secret Keyword",
+        "filename": ".github\\workflows\\ci.yml",
+        "hashed_secret": "da64b94ccfb1a5e2a598831ed28878c880f60dfc",
+        "is_verified": false,
+        "line_number": 31
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": ".github\\workflows\\ci.yml",
+        "hashed_secret": "dc5f72fcc64e44ece1aa8dfab21ddfce0fc8772b",
+        "is_verified": false,
+        "line_number": 103
+      }
+    ],
+    "app\\core\\config.py": [
+      {
+        "type": "Basic Auth Credentials",
+        "filename": "app\\core\\config.py",
+        "hashed_secret": "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8",
+        "is_verified": false,
+        "line_number": 54
+      }
+    ],
+    "tests\\test_config.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests\\test_config.py",
+        "hashed_secret": "e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4",
+        "is_verified": false,
+        "line_number": 33
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests\\test_config.py",
+        "hashed_secret": "c94d65f02a652d11c2e5c2e1ccf38dce5a076e1e",
+        "is_verified": false,
+        "line_number": 74
+      },
+      {
+        "type": "Basic Auth Credentials",
+        "filename": "tests\\test_config.py",
+        "hashed_secret": "c94d65f02a652d11c2e5c2e1ccf38dce5a076e1e",
+        "is_verified": false,
+        "line_number": 79
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests\\test_config.py",
+        "hashed_secret": "1adfce9fa4bc6b1cbdf95ac2dc6180175da7558b",
+        "is_verified": false,
+        "line_number": 90
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests\\test_config.py",
+        "hashed_secret": "72cb70dbbafe97e5ea13ad88acd65d08389439b0",
+        "is_verified": false,
+        "line_number": 122
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests\\test_config.py",
+        "hashed_secret": "ee27c133da056b1013f88c712f92460bc7b3c90a",
+        "is_verified": false,
+        "line_number": 130
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests\\test_config.py",
+        "hashed_secret": "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3",
+        "is_verified": false,
+        "line_number": 241
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests\\test_config.py",
+        "hashed_secret": "fca268ae2442d5cabc3e12d87b349adf8bf7d76c",
+        "is_verified": false,
+        "line_number": 373
+      }
+    ]
+  },
+  "generated_at": "2026-01-23T18:44:37Z"
+}