fix: remediate broken URLs, credentials, hardcoded account IDs, and stale Docker images

- Fix 119 issues across 63 files via repo consolidation pipeline
- Replace old standalone repo URLs with consolidated paths
- Replace exposed PATs with environment variable placeholders
- Parameterize hardcoded AWS account IDs in ECR URLs
- Replace hardcoded Docker image names with <IMAGE_NAME> placeholder
- Add repo consolidation scan tool (tools/repo_consolidation/)
- Add scheduled GitHub Actions workflow for weekly scans
- Flag 5 private key files (.pem/.ppk) for manual review

Author: lioneltchami

.github/workflows/repo-consolidation-scan.yml

@@ -0,0 +1,93 @@
+name: Repo Consolidation Scan
+
+on:
+  schedule:
+    # Run every Monday at 08:00 UTC
+    - cron: '0 8 * * 1'
+  workflow_dispatch: # Allow manual trigger
+
+permissions:
+  contents: read
+  issues: write
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install dependencies
+        run: pip install -r tools/requirements.txt
+
+      - name: Run consolidation scan (dry-run)
+        id: scan
+        run: |
+          python -m tools.repo_consolidation DevOps-Projects \
+            --dry-run \
+            --report-output scan-report.txt \
+            2>&1 | tee scan-output.log
+          echo "exit_code=${PIPESTATUS[0]}" >> "$GITHUB_OUTPUT"
+        continue-on-error: true
+
+      - name: Upload scan report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: scan-report
+          path: |
+            scan-report.txt
+            scan-output.log
+
+      - name: Create issue if findings detected
+        if: steps.scan.outputs.exit_code == '1'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            let report = '';
+            try {
+              report = fs.readFileSync('scan-report.txt', 'utf8');
+            } catch (e) {
+              report = 'Report file not found. Check workflow artifacts.';
+            }
+
+            // Truncate if too long for an issue body
+            if (report.length > 60000) {
+              report = report.substring(0, 60000) + '\n\n... (truncated, see full report in artifacts)';
+            }
+
+            const title = `[Automated] Repo consolidation scan found issues - ${new Date().toISOString().split('T')[0]}`;
+
+            // Check for existing open issue to avoid duplicates
+            const existing = await github.rest.issues.listForRepo({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              state: 'open',
+              labels: 'repo-consolidation',
+              per_page: 1,
+            });
+
+            if (existing.data.length > 0) {
+              // Update existing issue
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: existing.data[0].number,
+                body: `## Updated scan results\n\n\`\`\`\n${report}\n\`\`\``,
+              });
+            } else {
+              // Create new issue
+              await github.rest.issues.create({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                title: title,
+                body: `## Repo Consolidation Scan Results\n\nThe scheduled scan detected issues that need attention.\n\n\`\`\`\n${report}\n\`\`\`\n\nRun \`python -m tools.repo_consolidation DevOps-Projects --dry-run\` locally to review.`,
+                labels: ['repo-consolidation'],
+              });
+            }

.gitignore

@@ -1,3 +1,5 @@
 IMPROVEMENTS.md
 REVIEW-PLAN.md
 REVIEW-UPDATES.md
+__pycache__/
+*.pyc

learning/devops-101-track/PROJECT_7/README.md

@@ -83,8 +83,10 @@
 
         #### 3 new environment variables ####
          registryCredential = 'ecr:us-east-1:awscreds'
-        appRegistry = '392530415763.dkr.ecr.us-east-1.amazonaws.com/vprofileappimg'
-        vprofileRegistry = "https://392530415763.dkr.ecr.us-east-1.amazonaws.com"
+# Replace <AWS_ACCOUNT_ID> with your AWS account ID
+        appRegistry = '<AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com/<IMAGE_NAME>'
+# Replace <AWS_ACCOUNT_ID> with your AWS account ID
+        vprofileRegistry = "https://<AWS_ACCOUNT_ID>.dkr.ecr.us-east-1.amazonaws.com"
         ################################
             stage('Build App image'){
                     steps{

learning/devops-bootcamp/docs/2-Github/2.5-Security.md

@@ -47,7 +47,7 @@ Dependabot security updates are automatic pull requests that update your depende
 
 ## Exercise 1
 
-To start off, we will explore a bit more of the code-scanning side of GitHub security using CodeQL. As mentioned previously, CodeQL has some good default workflows you can setup to help you get started with code-scanning.  You can either use that or a tool we refactored into Go based off of [mario-campos/gh-code-scanning](https://github.com/mario-campos/gh-code-scanning) which does basically the same thing except its cooler and it lives [here](https://github.com/devcloudninjas/csgo) (still a work in progress).
+To start off, we will explore a bit more of the code-scanning side of GitHub security using CodeQL. As mentioned previously, CodeQL has some good default workflows you can setup to help you get started with code-scanning.  You can either use that or a tool we refactored into Go based off of [mario-campos/gh-code-scanning](https://github.com/mario-campos/gh-code-scanning) which does basically the same thing except its cooler and it lives [here](learning/devops-bootcamp) (still a work in progress).
 
 1. Create a repository that includes some code from one of the many CodeQl supported interpreted languages like Python or Javascript. A [RealWorld](https://github.com/khaledosman/react-redux-realworld-example-app) project is a good place to start since they are typically old and not maintained.
 2. Using the tool of your choice or just go through the basic workflow configuration, enable code-scanning on your repository as well as create a basic workflow to start doing some code scanning with.

learning/devops-bootcamp/docs/3-virtual-machines-containers/3.3-managing-infrastructure.md

@@ -47,7 +47,7 @@ Configure a self-hosted GitHub Action to deploy a build artifact to Nexus.
 
   1. Create another clone of your Golden Image
   2. Install [Nexus](https://help.sonatype.com/repomanager3/installation-and-upgrades) into this clone
-  3. In GitHub, fork the [spring-petclinic](https://github.com/devcloudninjas/spring-petclinic) project.
+  3. In GitHub, fork the [spring-petclinic](learning/devops-bootcamp) project.
   4. In the GitHub portal, add a new self-hosted runner to your fork.
   5. Create another clone of your Golden Image
   6. Set up this clone as your self-hosted runner in the GitHub portal

learning/devops-bootcamp/docs/4-cloud-computing/4.2.1-s3-cloudfront.md

@@ -28,7 +28,7 @@ In this section we will run through several exercises which showcase AWS S3 and
 
 > Amazon Simple Storage Service (Amazon S3) is the largest and most performant, secure, and feature-rich object storage service. With Amazon S3, organizations of all sizes and industries can store any amount of data for any use case, including applications, IoT, data lakes, analytics, backup and restore, archive, and disaster recovery. -- [Amazon S3](https://aws.amazon.com/s3/)
 
-For this exercise we're hosting a static HTML website using AWS S3. We will be using a simple react based application called [S3 Realworld UI DOB](https://github.com/devcloudninjas/s3-realworld-ui-dob) to create our sample website. Feel free to try creating and substituting with a different template or project.
+For this exercise we're hosting a static HTML website using AWS S3. We will be using a simple react based application called [S3 Realworld UI DOB](learning/devops-bootcamp) to create our sample website. Feel free to try creating and substituting with a different template or project.
 
 **Requirements**
 

learning/devops-bootcamp/docs/4-cloud-computing/4.2.3-auto-scaling.md

@@ -57,7 +57,7 @@ Read more about User Data in the [AWS documentation](https://docs.aws.amazon.com
 
 ## Exercise 1 - Create EC2 instance with User Data
 
-In this exercise we will create an EC2 instance and use a User Data script to provision the instance as host for a Java web application. We recommend configuring a machine to run [Spring's PetClinic Project](https://github.com/devcloudninjas/spring-petclinic) on Amazon Linux 2023. But you are free to do this exercise with another web application and distro.
+In this exercise we will create an EC2 instance and use a User Data script to provision the instance as host for a Java web application. We recommend configuring a machine to run [Spring's PetClinic Project](learning/devops-bootcamp) on Amazon Linux 2023. But you are free to do this exercise with another web application and distro.
 
 1. Create a script to pass into `--user-data`. In general the script needs to:
     - Install all dependencies for your web application

learning/devops-bootcamp/docs/4-cloud-computing/4.2.6-ecs.md

@@ -28,7 +28,7 @@ Checkout this great explanation: [What is the difference between a task and serv
 
 ## Exercise
 
-To get an understanding on how containers need to communicate with one another, we will be utilizing the [DevOps Knowledge Share UI](https://github.com/devcloudninjas/dks-ui) application we used before as well as the corresponding [API](https://github.com/devcloudninjas/dks-api).
+To get an understanding on how containers need to communicate with one another, we will be utilizing the [DevOps Knowledge Share UI](learning/devops-bootcamp) application we used before as well as the corresponding [API](learning/devops-bootcamp).
 
 1. Start by taking the ui and api listed above and test them locally. Go though the `docker-compose.yaml` file to understand _what_ these microservices need.
 2. Then containerize them using Docker. (`make docker-build`)
@@ -40,7 +40,7 @@ To get an understanding on how containers need to communicate with one another,
 
 7. Configure your cluster to run the application. Refer to the `docker-compose.yaml` files in `dks-ui` and `dks-api` to get a sense for what each service needs.
 
-?> I recommend standing up your microservices in the following order validating each piece as you go: dks-db, dks-api, then dks-ui. See this example [task definition for dks-db](https://github.com/devcloudninjas/devops-bootcamp/blob/master/examples/ch4/aws/ecs/dks-db-task-definition.json) and the [db init script](https://github.com/devcloudninjas/dks-api/blob/6ee4e6aa87b62e4387d613cbd442863b60d07657/db-resources/0_0_db.sh).
+?> I recommend standing up your microservices in the following order validating each piece as you go: dks-db, dks-api, then dks-ui. See this example [task definition for dks-db](learning/devops-bootcamp/examples/ch4/aws/ecs/dks-db-task-definition.json) and the [db init script](learning/devops-bootcamp/db-resources/0_0_db.sh).
 
 ?> To interconnect services look into [AWS Service Discovery](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/interconnecting-services.html). Managing Service Discovery Namespaces and Services is simpler via the awscli. See the [following for reference](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-service-discovery.html#create-service-discovery-namespace). The Service Discovery Namespace name and the Service Discovery Service name will control the resulting DNS record. This will also dictate what you set for DB_HOST environment variable for the dks-api.
 

learning/devops-bootcamp/docs/4-cloud-computing/4.2.7-eks.md

@@ -164,7 +164,7 @@ In the previous section, we launch the SockShop demo on an ECS cluster to demons
 
 ?> Hint: Creating a temporary Node Group without providing a launch template will automatically create a launch template, whose configurations can be analyzed and applied to your own.
 
-6. Launch SockShop application on your cluster using the `deploy/kubernetes/complete-demo.yaml` in the [microservice-demo](https://github.com/devcloudninjas/microservices-demo) repo.
+6. Launch SockShop application on your cluster using the `deploy/kubernetes/complete-demo.yaml` in the [microservice-demo](learning/devops-bootcamp) repo.
 
 ?> Depending on the version of Kubernetes you select when creating your EKS cluster, the `complete-demo.yaml` may need to be updated
 

learning/devops-bootcamp/docs/4-cloud-computing/4.3.7-app-service.md

@@ -22,7 +22,7 @@ Azure App Service is a fully managed platform for building, deploying, and scali
 
 We will be using DevCloudNinjas' version of the spring-petclinic for this exercise, it's a simple java application that deploys a web app for a virtual pet clinic.
 
-1. Fork [Spring-Petclinic](https://github.com/devcloudninjas/spring-petclinic.git). (We will be using this later for Continuous Deployment)
+1. Fork [Spring-Petclinic](learning/devops-bootcamp/.git). (We will be using this later for Continuous Deployment)
 
 2. Clone your new fork.