diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..c96dfee --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +--- +version: 2 +updates: + - package-ecosystem: pip + directory: "/" + schedule: + interval: monthly + - package-ecosystem: pip + directory: "/.github/workflows" + schedule: + interval: monthly + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: monthly diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml new file mode 100644 index 0000000..3258402 --- /dev/null +++ b/.github/workflows/codeql.yaml @@ -0,0 +1,21 @@ +--- +name: "CodeQL" + +# yamllint disable-line rule:truthy +on: + pull_request: + branches: [main] + schedule: + - cron: "30 1 * * 0" + +jobs: + codeql: + name: Scanning + runs-on: ubuntu-latest + steps: + - name: Check out code from GitHub + uses: actions/checkout@v4 + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 0000000..7451148 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,25 @@ +--- +name: Dependabot auto-merge +on: pull_request + +permissions: + contents: write + pull-requests: write + +jobs: + dependabot: + runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' }} + steps: + - name: Dependabot metadata + id: metadata + uses: dependabot/fetch-metadata@v2 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" + + - name: Enable auto-merge for Dependabot PRs + if: ${{steps.metadata.outputs.update-type == 'version-update:semver-minor' || steps.metadata.outputs.update-type == 'version-update:semver-patch'}} + run: gh pr merge --auto --squash "$PR_URL" + env: + PR_URL: ${{github.event.pull_request.html_url}} + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/linting.yaml b/.github/workflows/linting.yaml new file mode 100644 index 0000000..fb592b9 --- /dev/null +++ b/.github/workflows/linting.yaml @@ -0,0 +1,105 @@ +--- +name: Linting + +# yamllint disable-line rule:truthy +on: [pull_request] + +jobs: + precommit: + name: ${{ matrix.name }} + runs-on: ubuntu-latest + strategy: + matrix: + include: + - id: bandit + name: Check with bandit + - id: black + name: Check code style + - id: check-ast + name: Check Python AST + - id: check-case-conflict + name: Check for case conflicts + - id: check-docstring-first + name: Check docstring is first + - id: check-executables-have-shebangs + name: Check that executables have shebangs + - id: check-json + name: Check JSON files + - id: check-merge-conflict + name: Check for merge conflicts + - id: check-symlinks + name: Check for broken symlinks + - id: check-toml + name: Check TOML files + - id: check-yaml + name: Check YAML files + - id: codespell + name: Check code for common misspellings + - id: debug-statements + name: Debug Statements and imports (Python) + - id: detect-private-key + name: Detect Private Keys + - id: end-of-file-fixer + name: Check End of Files + - id: fix-byte-order-marker + name: Check UTF-8 byte order marker + # - id: flake8 + # name: Enforcing style guide with flake8 + - id: isort + name: Check imports are sorted + - id: poetry + name: Check pyproject file + - id: pylint + name: Check with pylint + - id: pyupgrade + name: Check for upgradable syntax + - id: trailing-whitespace + name: Trim Trailing Whitespace + - id: vulture + name: Check for unused Python code + - id: yamllint + name: Check YAML style + + steps: + - name: Check out code from GitHub + uses: actions/checkout@v4 + + - name: Set up Python 3.9 + id: python + uses: actions/setup-python@v5 + with: + python-version: 3.9 + + - name: Get pip cache dir + id: pip-cache + run: | + echo "::set-output name=dir::$(pip cache dir)" + + - name: Restore cached Python PIP packages + uses: actions/cache@v4 + with: + path: ${{ steps.pip-cache.outputs.dir }} + key: pip-${{ runner.os }}-v1-${{ steps.python.outputs.python-version }}-${{ hashFiles('.github/workflows/requirements.txt') }} + restore-keys: | + pip-${{ runner.os }}-v1-${{ steps.python.outputs.python-version }}- + + - name: 🏗 Install workflow dependencies + run: | + pip install -r .github/workflows/requirements.txt + poetry config virtualenvs.create true + poetry config virtualenvs.in-project true + + - name: Restore cached Python virtual environment + id: cached-poetry-dependencies + uses: actions/cache@v4 + with: + path: .venv + key: >- + venv-${{ runner.os }}-v1-${{ steps.python.outputs.python-version }}-${{ hashFiles('poetry.lock') }} + venv-${{ runner.os }}-v1-${{ steps.python.outputs.python-version }}- + + - name: Install Python dependencies + run: poetry install --no-interaction + + - name: Run pre-commit for ${{ matrix.id }} + run: poetry run pre-commit run ${{ matrix.id }} --all-files diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..0330145 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,70 @@ +--- +name: Release + +# yamllint disable-line rule:truthy +on: + release: + types: + - published + +jobs: + release: + name: Releasing to PyPi + runs-on: ubuntu-latest + steps: + - name: Check out code from GitHub + uses: actions/checkout@v4 + + - name: Set up Python 3.9 + id: python + uses: actions/setup-python@v5 + with: + python-version: 3.9 + + - name: Get pip cache dir + id: pip-cache + run: | + echo "::set-output name=dir::$(pip cache dir)" + + - name: Restore cached Python PIP packages + uses: actions/cache@v4 + with: + path: ${{ steps.pip-cache.outputs.dir }} + key: pip-${{ runner.os }}-v1-${{ steps.python.outputs.python-version }}-${{ hashFiles('.github/workflows/requirements.txt') }} + restore-keys: | + pip-${{ runner.os }}-v1-${{ steps.python.outputs.python-version }}- + + - name: Install workflow dependencies + run: | + pip install -r .github/workflows/requirements.txt + poetry config virtualenvs.create true + poetry config virtualenvs.in-project true + + - name: Restore cached Python virtual environment + id: cached-poetry-dependencies + uses: actions/cache@v4 + with: + path: .venv + key: >- + venv-${{ runner.os }}-v1-${{ steps.python.outputs.python-version }}-${{ hashFiles('poetry.lock') }} + venv-${{ runner.os }}-v1-${{ steps.python.outputs.python-version }}- + + - name: Install dependencies + run: poetry install --no-interaction + + - name: Set package version + run: | + version="${{ github.event.release.tag_name }}" + version="${version,,}" + version="${version#v}" + poetry version --no-interaction "${version}" + + - name: Build package + run: poetry build --no-interaction + + - name: Publish to PyPi + env: + PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} + run: | + poetry config pypi-token.pypi "${PYPI_TOKEN}" + poetry publish --no-interaction diff --git a/.github/workflows/requirements.txt b/.github/workflows/requirements.txt new file mode 100644 index 0000000..be7ac0d --- /dev/null +++ b/.github/workflows/requirements.txt @@ -0,0 +1,2 @@ +pip==24.0 +poetry==1.8.2