generated from MinBZK/python-project-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
22 changed files
with
1,132 additions
and
103 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -12,4 +12,3 @@ __pycache__/ | |
*$py.class | ||
|
||
.venv | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,194 @@ | ||
name: CI | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
tags: | ||
- 'v*' | ||
pull_request: | ||
branches: | ||
- 'main' | ||
|
||
env: | ||
REGISTRY: ghcr.io | ||
POETRY_CACHE_DIR: ~/.cache/pypoetry | ||
IMAGE_NAME: ${{ github.repository }} | ||
PYTHON_VERSION: "3.11" | ||
|
||
jobs: | ||
lint: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Install poetry | ||
run: pipx install poetry | ||
|
||
- name: Set up Python ${{ env.python-version }} | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ env.PYTHON_VERSION }} | ||
cache: "poetry" | ||
|
||
- name: Install dependencies | ||
run: poetry install | ||
|
||
- name: run ruff | ||
run: poetry run ruff check --output-format=github | ||
|
||
- name: run format | ||
run: poetry run ruff format --check | ||
|
||
- name: run pyright | ||
run: poetry run pyright | ||
|
||
security: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Install poetry | ||
run: pipx install poetry | ||
|
||
- name: Set up Python ${{ env.PYTHON_VERSION }} | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ env.PYTHON_VERSION }} | ||
cache: "poetry" | ||
|
||
- name: Install dependencies | ||
run: poetry install | ||
|
||
- name: Generate SBOM | ||
run: poetry run cyclonedx-py poetry > sbom.json | ||
|
||
- name: Generace licenses file | ||
run: | | ||
poetry run pip-licenses --order=license --format=json --with-description > licenses.txt | ||
- name: Upload SBOM and licenses | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: sbom-licenses-${{ github.sha }}.json | ||
path: | | ||
sbom.json | ||
licenses.txt | ||
if-no-files-found: error | ||
overwrite: true | ||
|
||
- name: Run Trivy vulnerability scanner | ||
uses: aquasecurity/trivy-action@master | ||
with: | ||
scan-type: 'fs' | ||
scan-ref: '.' | ||
trivy-config: trivy.yaml | ||
|
||
test: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
python-version: ["3.10", "3.11", "3.12"] | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Install poetry | ||
run: pipx install poetry | ||
|
||
- name: Set up Python ${{ matrix.python-version }} | ||
uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
cache: "poetry" | ||
|
||
- name: Install dependencies | ||
run: poetry install | ||
|
||
- name: run pytest | ||
run: poetry run coverage run -m pytest | ||
|
||
- name: run coverage | ||
run: poetry run coverage report | ||
|
||
- name: run coverage | ||
run: poetry run coverage html | ||
|
||
- name: Upload code coverage report | ||
if: matrix.python-version == '3.11' | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: codecoverage-${{ github.sha }} | ||
path: htmlcov/ | ||
if-no-files-found: error | ||
overwrite: true | ||
|
||
|
||
build: | ||
needs: test | ||
runs-on: ubuntu-latest | ||
permissions: | ||
packages: write | ||
contents: read | ||
security-events: write | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Log in to the Container registry | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.REGISTRY }} | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Extract metadata for Docker | ||
id: meta | ||
uses: docker/metadata-action@v5 | ||
with: | ||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
|
||
- name: Build and push Docker image | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
push: true | ||
tags: ${{ steps.meta.outputs.tags }} | ||
labels: ${{ steps.meta.outputs.labels }} | ||
platforms: linux/amd64,linux/arm64,darwin/amd64 | ||
|
||
- name: Run Trivy vulnerability scanner | ||
uses: aquasecurity/trivy-action@master | ||
with: | ||
image-ref: ${{ steps.meta.outputs.tags }} | ||
trivy-config: trivy.yaml | ||
scan-type: image | ||
exit-code: 0 | ||
format: 'sarif' | ||
output: 'trivy-results.sarif' | ||
env: | ||
TRIVY_USERNAME: ${{ github.actor }} | ||
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Upload Trivy scan results to GitHub Security tab | ||
uses: github/codeql-action/upload-sarif@v3 | ||
with: | ||
sarif_file: 'trivy-results.sarif' | ||
|
||
# notifyMattermost: | ||
# runs-on: ubuntu-latest | ||
# if: failure() | ||
# steps: | ||
# - uses: mattermost/action-mattermost-notify@master | ||
# with: | ||
# MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} | ||
# MATTERMOST_CHANNEL: the-best-channel | ||
# TEXT: | | ||
# This is a message from ${{ github.repository }}. | ||
# [Pipeline](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) failed :fire: | ||
# MATTERMOST_USERNAME: ${{ github.triggering_actor }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,6 +22,5 @@ __pypackages__/ | |
# ruff linter | ||
.ruff_cache/ | ||
|
||
|
||
|
||
|
||
#mypyr | ||
.mypy_cache/ |
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# Buiding TAD | ||
|
||
There are several ways to build and run TAD. | ||
|
||
1. poetry | ||
2. container | ||
|
||
## Building TAD with Poetry | ||
|
||
Poetry is a python package and dependency manager. Before you can install poetry you first need to install python. Please follow [these](https://github.com/pyenv/pyenv?tab=readme-ov-file#installation) instructions. | ||
|
||
Once you have python available you can install poetry. See [here](https://python-poetry.org/docs/#installation). | ||
|
||
Once you have poetry and python install you can start installing the dependencies with the following shell command. | ||
|
||
```shell | ||
poetry install | ||
``` | ||
|
||
when poetry is done installing all dependencies you can start using the tool. | ||
|
||
```shell | ||
poetry run python -m tad | ||
``` | ||
|
||
## Building TAD with Containers | ||
|
||
Containers allow use to package software and make it portable and isolated. Before you can run container you first need a container runtime. There are several available but allot of users use [docker desktop](https://www.docker.com/products/docker-desktop/). | ||
|
||
Once you install a docker runtime like docker desktop you can start building the applications with this command: | ||
|
||
```shell | ||
docker compose build | ||
``` | ||
|
||
to run the application you use this command: | ||
|
||
```shell | ||
docker compose up | ||
``` | ||
|
||
## Testing, Linting etc | ||
|
||
For testing, linting and other feature we use several tools. You can look up the documentation on how to use these: | ||
|
||
* [pytest](https://docs.pytest.org/en/) `poetry run pytest` | ||
* [ruff](https://docs.astral.sh/ruff/) `poetry run ruff format` or `poetry run ruff check --fix` | ||
* [coverage](https://coverage.readthedocs.io/en/) `poetry run coverage report` | ||
* [pyright](https://microsoft.github.io/pyright/#/) `poetry run pyright` | ||
|
||
## Devcontainers | ||
|
||
[VSCode](https://code.visualstudio.com/) has great support for devcontainers. If your editor had support for devcontainers you can also use them to start the devcontainer. Devcontaines offer great standardized environments for development. |
Oops, something went wrong.