Skip to content

Commit

Permalink
Setup basic project config
Browse files Browse the repository at this point in the history
  • Loading branch information
berrydenhartog committed Apr 29, 2024
2 parents a86b65f + 94a7b92 commit 52e5154
Show file tree
Hide file tree
Showing 22 changed files with 1,128 additions and 93 deletions.
1 change: 0 additions & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,3 @@ __pycache__/
*$py.class

.venv

15 changes: 12 additions & 3 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,11 @@ updates:
time: "08:00"
timezone: "Europe/Amsterdam"
labels:
- "github-actions"
- "dependencies"
groups:
allgithubactions:
patterns:
- "*"

- package-ecosystem: "pip"
directory: "/"
Expand All @@ -19,8 +22,11 @@ updates:
time: "08:00"
timezone: "Europe/Amsterdam"
labels:
- "pip"
- "dependencies"
groups:
allpip:
patterns:
- "*"

- package-ecosystem: "devcontainers"
directory: "/"
Expand All @@ -30,5 +36,8 @@ updates:
time: "08:00"
timezone: "Europe/Amsterdam"
labels:
- "devcontainers"
- "dependencies"
groups:
alldevcontainers:
patterns:
- "*"
194 changes: 194 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@
name: CI

on:
push:
branches:
- main
tags:
- 'v*'
pull_request:
branches:
- 'main'

env:
REGISTRY: ghcr.io
POETRY_CACHE_DIR: ~/.cache/pypoetry
IMAGE_NAME: ${{ github.repository }}
PYTHON_VERSION: "3.11"

jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Install poetry
run: pipx install poetry

- name: Set up Python ${{ env.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "poetry"

- name: Install dependencies
run: poetry install

- name: run ruff
run: poetry run ruff check --output-format=github

- name: run format
run: poetry run ruff format --check

- name: run pyright
run: poetry run pyright

security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Install poetry
run: pipx install poetry

- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "poetry"

- name: Install dependencies
run: poetry install

- name: Generate SBOM
run: poetry run cyclonedx-py poetry > sbom.json

- name: Generace licenses file
run: |
poetry run pip-licenses --order=license --format=json --with-description > licenses.txt
- name: Upload SBOM and licenses
uses: actions/upload-artifact@v4
with:
name: sbom-licenses-${{ github.sha }}.json
path: |
sbom.json
licenses.txt
if-no-files-found: error
overwrite: true

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
trivy-config: trivy.yaml

test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12"]

steps:
- uses: actions/checkout@v4

- name: Install poetry
run: pipx install poetry

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: "poetry"

- name: Install dependencies
run: poetry install

- name: run pytest
run: poetry run coverage run -m pytest

- name: run coverage
run: poetry run coverage report

- name: run coverage
run: poetry run coverage html

- name: Upload code coverage report
if: ${{ matrix.python-version }} == '3.11'
uses: actions/upload-artifact@v4
with:
name: codecoverage-${{ github.sha }}
path: htmlcov/
if-no-files-found: error
overwrite: true


build:
needs: test
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
security-events: write
steps:
- uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64,darwin/amd64

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.meta.outputs.tags }}
trivy-config: trivy.yaml
scan-type: image
exit-code: 0
format: 'sarif'
output: 'trivy-results.sarif'
env:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'

# notifyMattermost:
# runs-on: ubuntu-latest
# if: failure()
# steps:
# - uses: mattermost/action-mattermost-notify@master
# with:
# MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
# MATTERMOST_CHANNEL: the-best-channel
# TEXT: |
# This is a message from ${{ github.repository }}.
# [Pipeline](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) failed :fire:
# MATTERMOST_USERNAME: ${{ github.triggering_actor }}
2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/first-interaction.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on: [pull_request, issues]
jobs:
greeting:
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
issues: write
pull-requests: write
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/stale.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ on:
jobs:
stale:
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: write # only for delete-branch option
contents: write
issues: write
pull-requests: write
steps:
Expand Down
5 changes: 2 additions & 3 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,5 @@ __pypackages__/
# ruff linter
.ruff_cache/




#mypyr
.mypy_cache/
File renamed without changes.
6 changes: 3 additions & 3 deletions .vscode/launch.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"version": "0.2.0",
"configurations": [
{
"name": "Project",
"name": "tad",
"type": "debugpy",
"request": "launch",
"module": "python_project",
"module": "tad",
"justMyCode": false,
"args": []
},
Expand All @@ -16,7 +16,7 @@
"module": "pytest",
"cwd": "${workspaceFolder}",
"justMyCode": false,
"args": [],
"args": []
}
]
}
53 changes: 53 additions & 0 deletions BUILD.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Buiding TAD

There are several ways to build and run TAD.

1. poetry
2. container

## Building TAD with Poetry

Poetry is a python package and dependency manager. Before you can install poetry you first need to install python. Please follow [these](https://github.com/pyenv/pyenv?tab=readme-ov-file#installation) instructions.

Once you have python available you can install poetry. See [here](https://python-poetry.org/docs/#installation).

Once you have poetry and python install you can start installing the dependencies with the following shell command.

```shell
poetry install
```

when poetry is done installing all dependencies you can start using the tool.

```shell
poetry run python -m tad
```

## Building TAD with Containers

Containers allow use to package software and make it portable and isolated. Before you can run container you first need a container runtime. There are several available but allot of users use [docker desktop](https://www.docker.com/products/docker-desktop/).

Once you install a docker runtime like docker desktop you can start building the applications with this command:

```shell
docker compose build
```

to run the application you use this command:

```shell
docker compose up
```

## Testing, Linting etc

For testing, linting and other feature we use several tools. You can look up the documentation on how to use these:

* [pytest](https://docs.pytest.org/en/) `poetry run pytest`
* [ruff](https://docs.astral.sh/ruff/) `poetry run ruff format` or `poetry run ruff check --fix`
* [coverage](https://coverage.readthedocs.io/en/) `poetry run coverage report`
* [pyright](https://microsoft.github.io/pyright/#/) `poetry run pyright`

## Devcontainers

[VSCode](https://code.visualstudio.com/) has great support for devcontainers. If your editor had support for devcontainers you can also use them to start the devcontainer. Devcontaines offer great standardized environments for development.
12 changes: 6 additions & 6 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,7 @@ FROM --platform=$BUILDPLATFORM python:${PYTHON_VERSION} as project-base

LABEL [email protected] \
organization=MinBZK \
license=EUPL-1.2 \
io.docker.minbzk.name=python-project-template
license=EUPL-1.2

ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
Expand Down Expand Up @@ -37,14 +36,15 @@ FROM development AS lint

RUN ruff check
RUN ruff format --check
RUN pyright

FROM development AS test
RUN coverage run --rcfile ./pyproject.toml -m pytest ./tests
RUN coverage report --fail-under 95
RUN coverage run -m pytest ./tests
RUN coverage report

FROM project-base as production

COPY ./python_project /app/python_project
COPY ./tad /app/tad

# change this to a usefull command
CMD ["python", "-m", "python_project" ]
CMD ["python", "-m", "tad" ]
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
Expand Up @@ -187,4 +187,4 @@ a European Union Member State.
The European Commission may update this Appendix to later versions of the above licences without producing
a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the
covered Source Code from exclusive appropriation.
All other changes or additions to this Appendix require the production of a new EUPL version.
All other changes or additions to this Appendix require the production of a new EUPL version.
Loading

0 comments on commit 52e5154

Please sign in to comment.