Task 1 - Repo Creation

Repo creation request

Request a new repo for your TECWorkshop (this will be referred to as your UserRepo)

• Send an email to fortinetcloudcse@fortinet.com to request a new GitHub repo and Jenkins Pipeline. Providing the following:
  • Repo Name
  • GitHub Usernames of collaborators
  • Your Fortinet email address that you use to log in to FortiCloud
• Behind the scenes, a script is used to create your TECWorkshop repo with appropriate protections, features, and collaborators. Additionally a Jenkins pipeline will be setup to monitor changes to the repo and run things like
  • publishing the website
  • FortiDevSec scanning. To facilitate this, administrators will send you an application id that you must paste into fdevsec.yaml in order for the scans to run and tests to pass. Jenkins tests must pass in order for your feature branch to be merged into the main branch.
    • Along with the FortiDevSec application id, you will also be sent an account number which you can use to navigate to the FortiDevSec console to view the results of your scan. To do so, head to FortiCloud and click IAM Login on the left hand side of the page. Enter the provided account number along with your FortiCloud login credentials.
• You will use this repo to create and modify MD chapters & tasks to create your workshop Guide in Hugo format.

Repo Restrictions, Jenkins interactions, GitHub Actions

• The only approved method to create repos in FortinetCloudCSE org is via request to mailto:fortinetcloudcse@fortinet.com
  • You can clone UserRepo into your own GitHub Account, but not into FortinetCloudCSE
• Only Authorized collaborators and admins are allowed to push to repos in FortinetCloudCSE org
  • We require pushes be made to a feature branch
• Upon push to feature branch:
  • Jenkins clones the repo into its workspace on EC2 and runs FortiDevSec Scan which performs
    • SAST Scan
    • check for vulnerabilities in code, 3rd party libraries, and libraries pulled into Dockerfile
    • secrets scan
    • IaC Scan for misconfig
  • GitHub Pages deploys only on the main branch.
  • Requirements for merging feature to main branch:
    • FortiDevSec Tests Pass
    • PR request submitted and approved by FortiCloudCSE admins (manual intervention)

Git repo setup

• Once your TECWorkshop repo is created, clone the repo and change your working directory to the cloned repo

      git clone <provided link>
      cd <cloned repo directory>

• The first thing you’ll want to do with the repo is create a Feature branch. There are branch protections in place on the repo preventing you from pushing to main, so you’ll have to follow our workflow described in Ch3

    git checkout -b Feature-<userid>-<shortDescr>

  • You’re now working in a local branch so you can proceed to building Hugo content

• Full GitFlow & additional tips are available here

Go CLI Tool

New Go Utility for interacting with Container

The docker-run-go CLI tool is a helper CLI tool that currently supports simplified workshop authoring on any Windows, MacOS, or Linux system with the following capabilities:

• Same usage across different development platforms
• Creates (builds) Fortinet Cloud CSE Docker development images
• Launches local Docker container with Hugo web server and live updating view of rendered site as modifications are made and saved

You can download the binary for your OS and architecture specifications from the repo. Binaries are available for Windows, Mac, and Linux. The following commands will help you determine your system architecture.

System Architecture determination and binary download

os get OSArchitecture

uname -m

Utility Setup

You should place the downloaded binary at the root of your Hugo development folder so it’s in a well-known location. This will make replacing and/or upgrading the utility easier.

Further, adding this well-known location to your system’s $PATH will enable you to run the utility on any repo you edit.

echo %PATH%
setx PATH "%PATH%;C:\users\someUser\pythonProjects"
echo %PATH%

$env:Path
[Environment]::SetEnvironmentVariable("Path", $env:Path + ";C:\users\someUser\pythonProjects", [EnvironmentVariableTarget]::User)
$env:Path

echo $PATH

Running the utility

Once the binary is downloaded, you can either run it from your workshop directory, or (recommended) copy it into your system path. If you copy it into your system path, it will be available throughout your system and you won’t need to copy the binary anywhere else to run it. You can use the following CLI arguments to modify the utility’s behavior. If you run the utility from an existing Hugo repo directory, leaving the CLI blank will run with defaults listed

General steps:

1. Run the Utility to BUILD your container. This step is only necessary when we’ve added features or capabilities within the container. Rebuilding pulls the latest/greatest into your container image
2. For Any repo you want to edit, run the utility with launch-server command to get a local live-updating view of your Hugo workshop site.

CLI options with defaults for Container BUILD

docker-run-go build-image \
    admin-dev       # testing image, used for container/process development, named ```hugo-tester```
    author-dev      # daily-use image for workshop authoring, named ```fortinet-hugo```

CLI Options with defaults for Container RUN

docker-run-go launch-server \
  --docker-image fortinet-hugo:latest \
  --host-port 1313 \
  --container-port 1313 \
  --watch-dir .

cd C:\users\someUser\pythonProjects\UserRepo
..\docker-run-go.exe build-image author-dev
..\docker-run-go.exe launch-server

cd /home/ubuntu/pythonProjects/UserRepo
../docker-run-go build-image author-dev
../docker-run-go launch-server

Background Procedures - CentralRepo Maintenance

CentralRepo

CentralRepo contains all of the stuff Hugo needs to build a static website, including Fortinet Customizations to themes.

How it’s used

• Generally TEC Program participants creating content for Workshops, Demos, User Cases, or Spotlights don’t need to worry about Central Repo at all
• When you build your container, it inherently grabs the latest copy of CentralRepo:main from github, via this command in Dockerfile:

    ADD https://github.com/FortinetCloudCSE/CentralRepo.git#main /home/CentralRepo

• This means that you can re-use the same container for every TEC workshop guide you create.
  Tip

  If you haven’t used your container in a while, it’s a good idea to rebuild it so it will grab the latest version of CentralRepo

Repo Maintenance

• CentralRepo is maintained by the Fortinet Cloud CSE team, so work with us to make any changes necessary.

• Review, modification, and testing process:

  • Anyone can fork CentralRepo and modify as necessary.
  • Once you’ve tested your modifications, submit a PR to Central Repo
  • Fortinet Cloud CSE team will merge your PR changes into branch CentralRepo:prreviewJune23
  • Test using HugoDevContainer pointing to the merged branch rather than main

      docker_run_go build-image admin-dev
      docker_run_go launch-server --docker-image hugotester:latest

  Warning

  IMPORTANT If there is collaborative work while testing a PR, be sure to always pull latest from the PR Branch before starting new work!

       git checkout PRBranch
       git remote add <PR Label> git@github.com:FortinetCloudCSE/CentralRepo.git
       git pull prreviewJune23

  • Upon successful testing, Fortinet Cloud CSE team will merge the branch to main and close PR

      git checkout prreviewJune23
      git remote add <PR label> <remote Github ssh URL>
      git pull <PR label>
  
      <PERFORM TESTIGN ON CONTAINER, and make any changes as necessary on this branch>
  
      <UPON SUCCESSFUL TESTING>
      git checkout main
      git merge prreviewJune23 --ff-only
      git push 
  
      <Manually Close PR>

Task 1 - Repo Creation

Repo creation request

Request a new repo for your TECWorkshop (this will be referred to as your UserRepo)

• Send an email to fortinetcloudcse@fortinet.com to request a new GitHub repo and Jenkins Pipeline. Providing the following:
  • Repo Name
  • GitHub Usernames of collaborators
  • Your Fortinet email address that you use to log in to FortiCloud
• Behind the scenes, a script is used to create your TECWorkshop repo with appropriate protections, features, and collaborators. Additionally a Jenkins pipeline will be setup to monitor changes to the repo and run things like
  • publishing the website
  • FortiDevSec scanning. To facilitate this, administrators will send you an application id that you must paste into fdevsec.yaml in order for the scans to run and tests to pass. Jenkins tests must pass in order for your feature branch to be merged into the main branch.
    • Along with the FortiDevSec application id, you will also be sent an account number which you can use to navigate to the FortiDevSec console to view the results of your scan. To do so, head to FortiCloud and click IAM Login on the left hand side of the page. Enter the provided account number along with your FortiCloud login credentials.
• You will use this repo to create and modify MD chapters & tasks to create your workshop Guide in Hugo format.

Repo Restrictions, Jenkins interactions, GitHub Actions

• The only approved method to create repos in FortinetCloudCSE org is via request to mailto:fortinetcloudcse@fortinet.com
  • You can clone UserRepo into your own GitHub Account, but not into FortinetCloudCSE
• Only Authorized collaborators and admins are allowed to push to repos in FortinetCloudCSE org
  • We require pushes be made to a feature branch
• Upon push to feature branch:
  • Jenkins clones the repo into its workspace on EC2 and runs FortiDevSec Scan which performs
    • SAST Scan
    • check for vulnerabilities in code, 3rd party libraries, and libraries pulled into Dockerfile
    • secrets scan
    • IaC Scan for misconfig
  • GitHub Pages deploys only on the main branch.
  • Requirements for merging feature to main branch:
    • FortiDevSec Tests Pass
    • PR request submitted and approved by FortiCloudCSE admins (manual intervention)

Git repo setup

• Once your TECWorkshop repo is created, clone the repo and change your working directory to the cloned repo

      git clone <provided link>
      cd <cloned repo directory>

• The first thing you’ll want to do with the repo is create a Feature branch. There are branch protections in place on the repo preventing you from pushing to main, so you’ll have to follow our workflow described in Ch3

    git checkout -b Feature-<userid>-<shortDescr>

  • You’re now working in a local branch so you can proceed to building Hugo content

• Full GitFlow & additional tips are available here

MVP0 (LEGACY STEPS only do this if MVP1 steps don’t work)

Step 1 Clone this git repo

git clone https://github.com/FortinetCloudCSE/UserRepo.git

Task 2 - Container build

Task 2 Build a FortinetHugo container

• You only need to build the container when you’re starting development

  • Container rebuild is necessary when:
    • CentralRepo has changed
    • You removed/deleted the previously built container

• Once Built, you can re-run the container whenever you wish to keep creating content and reviewing your Hugo site

  Warning

  You can choose your own container name and it MUST be lowercase only . Our example uses fortinet-hugo

  Tip

  The Full commands and explanation for building and running docker are listed below. We’ve also included a shell script in this repo to perform the build

      ./scripts/docker_build.sh [prod | dev]

  • use prod (Production) Container for everyday usage
  • use dev (Development) Container for testing changes to CentralRepo or other background items

      docker build -t fortinet-hugo  . --target=prod

  Info

  If you get build errors, check you’re on a recent version of docker and upgrade if necessary

  • The container image is a point-in-time Ubuntu OS including a Hugo installation and a copy of CentralRepo so your Hugo formatting/themes/branding will always be up-to-date
    • CentralRepo contains necessary files, directories, and Fortinet-specific customizations to configure Hugo, it won’t change often
  • Command Line arguments (You can view our Docker build file here)
    • ‘-t’: container_image_name, must be lowercase
    • ‘.’: build the container in this folder
    • ‘–target=prod’: Prod is for general usage. We’re using a single Dockerfile for both dev and prod container images. Dev is used for testing changes to CentralRepo.
  • If you would prefer local Hugo install/development follow these directions
  • Container advantages:
    • no need to install/maintain Hugo locally
    • no need to clone/maintain Hugo “supporting files/directories”….your repo will be much larger and will get out-of-date quickly
    • same container can be used to preview and build EVERY TECWorkshop, and you could build/move it anywhere
    • no need to rename/modify Hugo’s public folder after builds

Task 3 - Run Container

Task 3: Run FortinetHugo container

• Run the container with local disk mounts so you can review your markdown TECWorkshop Guide as you’re creating the content (repeat this procedure for any TECWorkshop you’re creating)

    ./scripts/docker_run.sh server [prod | dev]

  docker run --rm -it \
  -v $(pwd):/home/UserRepo \
  --mount type=bind,source=$(pwd)/hugo.toml,target=/home/CentralRepo/hugo.toml \
  -p 1313:1313 fortinet-hugo:latest server

• ‘-rm’ flag removes the container after it exits…freeing up resources

• ‘-it’ flag runs the container interactively providing prompt into the Container

• ‘-v’ flag creates a disk mount to the local file system available within the container OS

• ‘-p’ publishes container ports to the local OS (used to view the local Hugo Webserver)

• CLI Options:

  • ‘shell’ subcommand for Hugo container to access the shell directly
  • ‘server’ subcommand for Hugo container to run the local/test webserver
  • ‘build’ subcommand for Hugo container to build the static website, this is the default

• the ‘shell argument runs the container and logs you into the container Alpine Linux OS CLI (general Linux commands will work, but this is a lean image so doesn’t include everything)

  • Note the $(pwd) in Container OS, and list files. You’ll see you have everything needed to create your Hugo site!

    pwd
    ls -la 

• Within the container shell, you can Run Hugo virtual server to get a live view of Hugo’s output

  hugo server --contentDir /home/UserRepo/content --bind=0.0.0.0

  In your local machine, browse to http://localhost:1313/UserRepo

  You’ll see a template hugo site served by Hugo’s local webserver. Now you’re ready to proceed building your TECWorkshop content in the next chapter!

• To exit out of the Container OS: use ’exit’ or CTRL+d

  exit

Notes:

• Inside the container, Central Repo (which is where we’ll make any template changes) is cloned and integrated with your repo.

• Container (ideally) displays local version of Hugo site updating near real time as you create content

• To run a container interactively (for troubleshooting or to see how they function)

  • Comment out any offending lines in the dockerfile
  • Build again using commands above.
  • to run the container interactively use the ‘-it’ flag:

    docker run --rm -it fortinet-hugo:latest

• Container outputs /public folder which is the result from “Hugo build”

  • This /public(/docs) folder can be hosted anywhere. We’ll still use GH Pages to host the actual page.

Useful Docker Commands to Know

docker images                                           #List all images
docker ps -a                                            #List all containers, both running and stopped
docker rmi <image-id>                                   #Remove an image
docker rmi $(docker images -aq)                         #Remove all images
docker rmi $(docker images --filter dangling=true -aq)  #Remove all images with tag <none>
docker rm <container-id>                                #Remove a container
docker rm $(docker ps -aq)                              #Remove all containers
docker builder prune                                    #Remove build cache

When running any of the above commands, if you get an error message indicating an image or container is being used or referenced in another image or container, you can issue the ‘-f’ flag to force remove.

Upgrade Hugo - container and scripts Update

FYI - Upgrading Hugo and the container image

• As a reminder, all the software we’re using in this CI/CD process is Open source, and there are active updates to Hugo and the reLearn theme periodically. As such, we may introduce new features and/or change how we work within this process.

• To simplify the update process and not force you into the sausage making process, we have devised a scheme to update the container and scripts in each repo with minimal manual intervention.

• This process is detailed below. Follow the tabs in order complete the upgrade (ON AN EXISTING REPO ONLY….this new process is built into any newly created repos)

  • Once you’ve done this conversion on an existing repo, you should periodically rebuild the container and run it with update_scripts to get any latest features
    ​

    1. Rebuild Old Container

    2. Update docker_run.sh

    3. Update local scripts

    4. Build New Container

    5. Generate Hugo.toml file

    6. Run Hugo server

    Rebuild Old Container

    • Start in the root of your repo directory
    • Rebuild your hugo container with the command below.
      • This pulls the latest versions if our customized scripts into the existing/“older” container image (running older Hugo version), allowing us to copy some of them back to your repo directory.

    ./scripts/docker_build.sh

    Manually update Docker_run

    • Grab a copy of the latest docker run command scripts, located here
      • The file is located in the /scripts directory of our UserRepo in gitHub
      • There are countless methods for getting this file, so choose your favorite. (e.g. download from gitHub, wget, copy/paste text)
    • Once you have the latest file, overwrite the docker_run.sh script in your repo with the latest version
      • scripts/docker_run.sh

    Note

    This is a chicken-and-egg problem. We have everything we need in the refreshed container, but we can’t run any of the new features bc our docker_run script is limited to whatever was available when your repo was cloned.

    The new run command maps additional local directories to the container allowing us to make updates from the container in the future

    Use container script to update the rest of your local scripts

    Use the newly updated docker_run.sh script with update_scripts option to copy the latest scripts into your local environment/repo directory

    ./scripts/docker_run.sh update_scripts

    This command performs the following:

    • From the Container OS/file system, copy the following files into your local environment
      • docker_tester_run.sh –> scripts/docker_tester_run.sh
        • update the docker_tester_run script with latest command line options. The tester script is used for testing changes to CentralRepo and UserRepo before merging to main
      • docker_run.sh –> scripts/docker_run.sh
        • update the docker_run script with latest command line options
      • GitHub Action static.yaml –> .github/workflows/static.yaml
        • update GitHub action to reflect latest docker run commands
      • Dockerfile –> Dockerfile
        • update Dockerfile to use latest container image and any installed packages
      • IF THERE IS NO repoConfig.json file in scripts/
        • repoConfig.json –> scripts/repoConfig.json
        • We don’t overwrite this file if it’s already there :)
      • Echo ‘venv/’ to .gitignore
        • ignore Python virtual envs created during generate_toml

    Tip

    The most important update is to Dockerfile, which now uses a new base container image featuring rolling upgrades to Hugo. Our old container image was no longer actively supported, so it wasn’t getting the latest Hugo updates.

    All the rest of the updates are supporting cast to streamline our scripts, and to simplify future modifications as necessary.

    Build New Container

    Now that you have the latest Dockerfile (which directs your docker build command to use a new Container image with updated Hugo), we need to re-build the container again:

    ./scripts/docker_build.sh

    The previous container image we were using which included Hugo was no longer maintained, so we had to switch to a new one. We also install python on the container for use in the next step!

    Generate hugo.toml file

    • Due to the nature of Open source software, sometimes there are breaking changes. In this instance, Hugo is deprecating usage of the config.toml file in favor of a new file named Hugo.toml
    • Additionally, as part of the upgrade, we needed to modify some parameters in the file, so we took the opportunity to use a Jinaj2 template to generate the file for with proper parameters
      • This also allows us the ability to update the template in the future and re-generate hugo.toml as necessary
      • Rather than modify Hugo.toml directly, we will now maintain a JSON configuration file /scripts/repoConfig.json
    • Update scripts/repoConfig.json with parameters for your workshop
    • Run the container with generate_toml option
      • every time you run this command, a new hugo.toml file will be generated

    ./scripts/docker_run.sh generate_toml

    example of repoConfig.toml. Replace each value with specific parameters for your repo prior to using the generate_toml script:

    • repoName (your repo name from GitHub)
    • author
    • Workshop Title
    • themeVariant (options: [“Workshop”, “Demo”, “UseCase”, “Spotlight”, “Xperts2024”] )
    • logoBannerText (whatever you want in top left Menu under Fortinet Logo. Leaving this field blank will default to the themeVariant name)
    • logoBannerSub Text (optional sub-banner text)
    • marketingCode (optional marketing code to be used as default in analytics gathering and provisioning form)
    • Shortcuts (Helpful Resources Links in the left menu
      • Text (Display Text)
      • URL (URL for the resource)
      • Icon (from font awesome free library)
      • Weight (low to high ordering of shortcuts)
    • DO NOT CHANGE THE FOLLOWING:
      • errorLevel
      • googleServicesID

    {
      "repoName":"UserRepo",
      "author":"CSE Employee",
      "workshopTitle":"Hugo for Fortinet TECWorkshops",
      "themeVariant":"Xperts-2024",
      "logoBannerText":"",
      "logoBannerSubText":"",
      "errorLevel":"warning",
      "googleServicesID":"G-5RZBH288ST",
      "marketingCode": "MGO12345",
      "shortcuts": [
      {
        "text": "Fortinet Cloud CSE GitHub Org",
        "URL": "https://github.com/FortinetCloudCSE",
        "icon": "fa-graduation-cap",
        "weight":10
      },
      {
        "text": "Fortinet Standard Workshop Guide",
        "URL": "https://fortinetcloudcse.github.io/UserRepo",
        "icon": "fa-tools",
        "weight":20
      },
      {
        "text": "Fortinet Standard Workshop Template Repo",
        "URL": "https://github.com/FortinetCloudCSE/UserRepo",
        "icon": "fa-tools",
        "weight":30
      },
      {
        "text": "Fortinet Hugo reLearn theme - Guide",
        "URL": "https://mcshelby.github.io/hugo-theme-relearn/index.html",
        "icon": "fa-tools",
        "weight":40
      }
      ]
    }

    Run hugo server

    Congratulations! You’ve updated everything required to use the latest Hugo version. Now all you need to do is run the container with server command like normal:

    ./scripts/docker_run.sh server

Container Flow Visual

Optional - Install Hugo

Hugo Local install

• If you’re using a Mac, run the following brew install from your terminal

  brew install hugo 

  If you’re using Windows, install chocolatey for windows (follow directions here). Once installed run the following

  choco install hugo -confirm

• Run Hugo webserver locally to see a local version of the rendered website

  From within the root of the repo you copied onto your system

  hugo server

• Click on the URL presented after the above command finishes to view a local version of your first Hugo formatted website

Clone Central Repo if not using a container

• Because you’re not using a container, you need to clone and maintain fresh copy of CentralRepo

      git clone https://github.com/FortinetCloudCSE/CentralRepo.git --recursive LocalCopyCentralRepo          

• To pull updates later

      cd LocalCopyCentralRepo
      git pull -r    

Running Hugo locally w/ CentralRepo + UserRepo

• Start in Central Repo, and use hugo webserver, pointing to proper content directory and config files

    cd LocalCopyCentralRepo 
    hugo server --contentDir $(PWD)/../UserRepo/content --config $(PWD)/../UserRepo/hugo.toml -p 8080

  • Flags:
    • ‘–contentDir’: tell Hugo where the /content folder is
    • ‘–config’: tell Hugo where the frontmatter config file is
    • ‘-p’: tell Hugo webserver what port to use
  • Hugo will serve up a local version of the page at: http://localhost:8080/UserRepo/

• Now that you have Hugo running locally, you can proceed to content creation with Hugo

• When you’re ready to perform a final ‘hugo build’ on your site, be sure to use the ‘-d’ flag to write files back into your UserRepo

  hugo --minify -d $(PWD)/../UserRepo/docs --contentDir $(PWD)/../UserRepo/content --config $(PWD)/../UserRepo/hugo.toml --cleanDestinationDir

Background Procedures - CentralRepo Maintenance

CentralRepo

CentralRepo contains all of the stuff Hugo needs to build a static website, including Fortinet Customizations to themes.

How it’s used

• Generally TEC Program participants creating content for Workshops, Demos, User Cases, or Spotlights don’t need to worry about Central Repo at all
• When you build your container, it inherently grabs the latest copy of CentralRepo:main from github, via this command in Dockerfile:

    ADD https://github.com/FortinetCloudCSE/CentralRepo.git#main /home/CentralRepo

• This means that you can re-use the same container for every TEC workshop guide you create.
  Tip

  If you haven’t used your container in a while, it’s a good idea to rebuild it so it will grab the latest version of CentralRepo

Repo Maintenance

• CentralRepo is maintained by the Fortinet Cloud CSE team, so work with us to make any changes necessary.

• Review, modification, and testing process:

  • Anyone can fork CentralRepo and modify as necessary.
  • Once you’ve tested your modifications, submit a PR to Central Repo
  • Fortinet Cloud CSE team will merge your PR changes into branch CentralRepo:prreviewJune23
  • Test using HugoDevContainer pointing to the merged branch rather than main

      ./scripts/docker_tester_build.sh
      ./scripts/docker_tester_run.sh

  Warning

  IMPORTANT If there is collaborative work while testing a PR, be sure to always pull latest from the PR Branch before starting new work!

       git checkout PRBranch
       git remote add <PR Label> git@github.com:FortinetCloudCSE/CentralRepo.git
       git pull prreviewJune23

  • Upon successful testing, Fortinet Cloud CSE team will merge the branch to main and close PR

      git checkout prreviewJune23
      git remote add <PR label> <remote Github ssh URL>
      git pull <PR label>
  
      <PERFORM TESTIGN ON CONTAINER, and make any changes as necessary on this branch>
  
      <UPON SUCCESSFUL TESTING>
      git checkout main
      git merge prreviewJune23 --ff-only
      git push 
  
      <Manually Close PR>

Task 1 - Chapter Directory Structure

Create a Folder structure correlating to the major topics/sections of the demonstration

1. Browse to the content directory within your TECWorkshop repo (Locally on your machine)

• The Left Hand navigation menu is driven by the folder structure you create
• Chapters are ordered according to the number prefix on the folder
  • Folder Naming doesn’t appear on the published site, it only helps the content creator organize the chapters & remember what’s in each Chapter

2. Within each folder there is an _index.md file which is used to create the content of the Chapter header page

• The _index.md is used to

  1. title the Chapter header page in left hand navigation
  2. display chapter introduction content on the chapter heading page

• Notice the folder structure and file naming on the left and the resulting display on the right

  Info

  Note that the file and folder names only matter for ordering in your directory listing. Lower numbered folders will appear first. Only the “title” tags within each Markdown file will impact the resulting page view

• 

3. Subsequent Markdown pages under each folder are used to explain tasks/steps within each chapter

Task 2 - Create/Modify MD pages

Create or copy Markdown pages for each task within the chapter

1. Each Chapter can have 1 or more tasks which should be completed by the participants
2. Naming of the task Markdown pages doesn’t matter, and is only used to aid the content author in organizing the content.
   Info

   Note that the filename doesn’t matter other than to help organize content. The Title and Weight dictate the leftnav visual and ordering of the pages. Lower weight pages are displayed first

   

3. This page contains several useful markdown shortcodes you can use for visual pop-outs on the the site

Lots of shortcodes & Features available here

• Badges:

  Important Version6.6.6 Captain InfoNew Awesome

• Icons:

  ⭐ Tips this is a star 💡 this is a lightbulb

• Notices

  Note

  this is a note box

  Tip

  this is a tip box

  Info

  this is a tip box

  Warning

  The examples and sample code provided in this workshop are intended to be consumed as instructional content. These will help you understand how various Fortinet and Azure services can be architected to build a solution while demonstrating best practices along the way. These examples are not intended for use in production environments without full understanding of how they operate.

• Expandable sections":

  Expand me…

  Thank you!

• Tabs

  hello.

  py sh c

  print("Hello World!")

  echo "Hello World!"

  printf"Hello World!");

• Buttons:

  Get Hugo Get Hugo

• Mermaid (diagrams & charts):

      graph LR;
          If --> Then
          Then --> Else

  %%{init:{"theme":"forest"}}%%
  graph LR;
      A[Hard edge] -->|Link text| B(Round edge)
      B --> C{<strong>Decision</strong>}
      C -->|One| D[Result one]
      C -->|Two| E[Result two]
  

%%{init:{"fontFamily":"monospace", "sequence":{"showSequenceNumbers":true}}}%%
sequenceDiagram
    Alice->>John: Hello John, how are you?
    loop Healthcheck
        John->>John: Fight against hypochondria
    end
    Note right of John: Rational thoughts!
    John-->>Alice: Great!
    John->>Bob: How about you?
    Bob-->>John: Jolly good!

• Quizes with QuizDown

  {{< quizdown >}}
  
  ## The sound of dog
  
  What do dogs sound like?
  
  > Some hint
  
  - [ ] yes
  - [ ] no
  - [ ] `self.sound = "meow"`
  - [x] wuff
  
  ## Put the [days](https://en.wikipedia.org/wiki/Day) in order!
  
  > Monday is the _first_ day of the week.
  
  1. Monday
  2. Tuesday
  3. Wednesday
  4. Friday
  5. Saturday
  
  {{< /quizdown >}}

Task 3 - Adjust hugo.toml site settings

Adjust the Site’s Frontmatter in hugo.toml file

1. use the container’s generate_toml option to create hugo.toml file from parameters in scripts/repoConfig.json 2. Full directions at tab 5 here

Task 4 - image storage

Image Storage

• Option 1: use externally fully qualified absolutely path (this can be a pain)
• Option 2: if you have a directory with all your images….
  • put it in “/content/images”
  • MD usage(from a chapter page in “content/chapter01”)

        ![Magic](../images/magic.gif)

• Option 3: I find it easier to organize images with the pages they go with (this is how the template repo is setup
  • put images in the chapter directory
    • e.g. images in “/content/chapter1/”
      • MD Usage:

            ![Magic](magic.gif)

Task 5 - Shortcodes & Partials

Partials - Site customization (rarely used)

• /layouts/partials are customizations used to tweak overall CSS paramaters of the site. Generally these are reserved for use by ALL repos and can be changed by emailing Fortinet Cloud CSE team
• If you absolutely must change something, use Hugo Partials as your guide
• Partials are automatically included in the site’s CSS configuration

Shortcodes - custom HTML

• If you need to use complex and/or custom HTML in your guide, use a custom shortcode.
• /layouts/shortcodes/<insertFileName.html>
• [Hugo Shortcodes Documentation] (https://gohugo.io/extras/shortcodes/)
• Custom Shortcodes are referenced inline your markdown
• The index.md page of this guide includes a shortcode for an image with embedded URLs (Created in diagrams.net)
  • This shortcode example is included in your cloned repo at /layouts/shortcodes/FTNThugoFlow.html

Task 1 - Push content to your repo

Push your content to GitHubo repo

• When you’re satisfied with the look and feel of your workshop guide locally, from your local workstation CLI, push the newly created Hugo site up to GitHub to automatically publish your Hugo Site

    git add .
    git commit -m "<my commit message>"
    git push 

• Remember we’re always working in a Git Branch, so you should get in the habit of issuing a Pull request and merge using our GitFlow procedure

  Info

  This is mostly applicable when working in a collaborative environment where multiple people may be pushing to the repo with different branches/PR to main. Strictly speaking, if you’re the only person working on this repo and/or it’s your first push, this step isn’t 100% necessary

            # locally checkout the main branch
        git checkout main
            # pull the latest version of main from GitHub to your local repo 
        git pull
            # locally checkout your feature branch
        git checkout <branch>
            # locally perform an interactive rebase which locally pull commits from main into my branch
        git rebase main -i 
            # push my local branch (which now includes the latest changes from GH main) up to GitHub remote
        git push --force
  
        ########### WAIT FOR PR APPROVAL

• Create a PR on GitHub, being sure to select your branch to merge with main. Wait for approval

  

  • Info

    You will not be able to merge the PR until receiving approval from Jeff or Rob. They will receive an email for review, but it’s a good idea to ping them as a reminder.

    

  • Once your PR is approved, checkout the main branch and perform a fast-forward merge and force push to complete the workflow.

          # locally checkout the main branch
      git checkout main
          # locally merge myFeatureBranch into main with a fast-forward merge scheme
      git merge <feature branch name> --ff-only
          # push local main (which now has myFeatureBranch merged into it) up to GitHub remote  
          # because this push includes the merge it will auto close the PullRequest
      git push

• Once your PR has been approved and your code is in the main branch, GitHub actions will automatically publish the contents of /docs folder to GitHub Pages

  Tip

  Remember, Hugo’s build wrote the static html pages to the /public directory in the container, which is mapped to your /docs folder in your local repo

GitHub Action to Auto Publish

• The file workflows/static.yaml is already included in your repo and triggers a GitHub Action to build and publish your Hugo site every time you push content to GitHub.
• Action:
  • Build a Hugo container with all of our customizations
  • Issue a Hugo Build command to create static HTML site
  • Publish resulting HTML to GitHub Pages for your repo
• You can see action progress and errors in the Actions Tab on your repo

Git Flow

GitHub Repo Getting Started (General Workflow for GitHub Repos)

1. Once your repo and pipeline have been created, you will be provided with the GitHub repo link which you can use to clone and begin content creation. First, navigate to a desired local directory and clone the repo with the provided link:

     cd <desired parent directory>
     git clone <provided link>
     cd <cloned repo directory>

2. Create a feature branch to begin working on your desired changes.

     git checkout -b <FEATURE-username-ShortDescr>

3. Check the repo status to verify the changes to be staged.

     git status

4. When you have changes, Stage the desired files (or issue -A (or .) for all), commit, and push.

     git add -A {or} git add .
     git commit -m "<add a commit message here>"
     git push

   • If this is your first push to the branch, GitHub upstream doesn’t know about it. Just go ahead and use the provided command in this case to perform the push, which will create the upstream branch

     • To auto create new branches when you first push, update Git global config

        git config --global --add --bool push.autoSetupRemote true

   • Tip: If you have a number of small commits and don’t want them and their associated commit messages polluting the git log, you can squash your commits by performing a soft reset:

        git reset --soft <hash of the last commit you want to keep as is>
        git add -A
        git commit -m "<new commit message>"
        git log

     • You will see the new commit on top of the one you referenced in the git reset command.

5. When you have completed your work and are ready to merge your changes into the main branch, ensure your branch is up-to-date with the main branch.

       # locally checkout the main branch
     git checkout main
       # pull the latest version of main from GitHub to your local repo 
     git pull
       # locally checkout your feature branch
     git checkout <branch>
       # locally perform an interactive rebase which locally pulls commits from main into my branch
     git rebase main -i 
       # push my local branch (which now includes the latest changes from GH main) up to GitHub remote
     git push --force

   • Create a PR on GitHub, being sure to select your branch to merge with main. Wait for approval

     

     • You will not be able to merge the PR until receiving approval from Jeff or Rob

• Once your PR is approved, checkout the main branch and perform a fast-forward merge and force push to complete the workflow.

    # locally checkout the main branch
    git checkout main
    # locally merge myFeatureBranch into main with a fast-forward merge scheme
    git merge <feature branch name> --ff-only
    # push local main (which now has myFeatureBranch merged into it) up to GitHub remote  
    # because this push includes the merge it will auto close the PullRequest
    git push

6. Branch cleanup - generally you can reuse your branch while actively developing. If you want to close your branch, use the following commands

     # delete the branch locally 
     git branch -D feature-branch
     # tell GH remote about branch deletion
     git push origin --delete feature-branch

Manual Hugo Build

Hugo Build

When you’re satisfied with Hugo view of your content in Hugo virtual server, issue a Hugo ‘build’ in the container CLI

    hugo --minify --cleanDestinationDir

• This command “builds” your Hugo site into the container’s /public folder. We used a docker disk mount to map this folder back to your local /docs folder, so the Hugo website will automatically be copied back into your local repo
• flag ‘–cleanDestinationDir’ tells hugo to re-write the entire output directory with its build, so it will clear out template files/anything else that may be in there
• You can now exit the container with ctrl + cd, or command: ’exit’
• When you exit the container, any files stored or changes you made to the container will be lost and cannot be recovered
  • Remember we edited the /content folder on our local OS, so those changes were not made to the container and will not be lost
  • Further, the disk mount from local’s /docs to Container’s public AUTOMATICALLY writes the hugo build to your local OS, so those changes will not be lost
  • If you need to continue editing, just run a new container from your built image, and run hugo’s webserver. Everything is linked properly so it should just work

Updating the Jenkins Personal Access Token

The Jenkins PAT

The Jenkins personal access token is used by Jenkins to retrieve Git repo information and send status checks during pipeline runs.

To generate a new token, navigate a web browser to the team Github, and click the at the top right of the screen.

Click ‘Settings’ in the dropdown.

At the bottom left of the Settings page, click ‘Developer Settings.’

Click the ‘Personal access tokens’ dropdown, and click ‘Tokens (classic)’.

Generating a New Token

To generate a new token, follow these steps. If you just need to regenerate an existing token, skip down to the following section.

To generate a new token, click the ‘Generate new token’ dropdown near the top right of the Personal access tokens (classic) screen. In the dropdown, click ‘Generate new token (classic).’

You will be prompted to enter your FortiAuthenticator TOTP code. Enter it, and on the New personal access token (classic) page, ensure the following permissions are checked:

• repo and all of its sub-options:

  

• admin:repo_hook and all of its sub-options:

  

Choose an expiration date, optionally add a note, and click at the bottom of the screen.

Note: When the token appears on the next screen, ensure you copy and paste it somewhere where you can retrieve it before navigating away from the screen or closing the tab. Once you do, you will not be able to retrieve the token again and will need to generate another.

Regenerating an Existing Token

To regenerate an existing token, from the Personal access tokens (classic) screen, click the name of the token. For example:

On the following screen, ensure the requisite permissions are selected, and click ‘Regenerate token’, and copy the token someplace handy where you can retrieve it later.

Updating Jenkins

Navigate to the FortinetCloudCSE Jenkins server, and login with your credentials. To update a token, you’ll need admin permissions.

After logging in, click ‘Manage Jenkins’ on the left hand side of the screen.

On the Manage Jenkins screen, under the Security heading, click ‘Credentials’.

On the Credentials page, click the name of the token you want to update. Then, click ‘Update’ on the left menu.

Click ‘Change Password’, paste in the new token, and click .

Confirm the token works

Click the ‘Manage Jenkins’ breadcrumb at the top of the screen.

Click ‘System’ under the System Configuration heading on the Manage Jenkins page.

Scroll down to the Github section towards the center of the page.

Select the credential that references the token you just updated, and click .

If the token is valid and working, you should see a message appear such as Credentials verified for user… as in the image below.