Skip to content

Commit

Permalink
Setup basic project config
Browse files Browse the repository at this point in the history
  • Loading branch information
berrydenhartog committed Apr 29, 2024
2 parents a86b65f + 94a7b92 commit fe4bd11
Show file tree
Hide file tree
Showing 22 changed files with 1,132 additions and 103 deletions.
1 change: 0 additions & 1 deletion .dockerignore
Original file line number Diff line number Diff line change
Expand Up @@ -12,4 +12,3 @@ __pycache__/
*$py.class

.venv

15 changes: 12 additions & 3 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,11 @@ updates:
time: "08:00"
timezone: "Europe/Amsterdam"
labels:
- "github-actions"
- "dependencies"
groups:
allgithubactions:
patterns:
- "*"

- package-ecosystem: "pip"
directory: "/"
Expand All @@ -19,8 +22,11 @@ updates:
time: "08:00"
timezone: "Europe/Amsterdam"
labels:
- "pip"
- "dependencies"
groups:
allpip:
patterns:
- "*"

- package-ecosystem: "devcontainers"
directory: "/"
Expand All @@ -30,5 +36,8 @@ updates:
time: "08:00"
timezone: "Europe/Amsterdam"
labels:
- "devcontainers"
- "dependencies"
groups:
alldevcontainers:
patterns:
- "*"
194 changes: 194 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,194 @@
name: CI

on:
push:
branches:
- main
tags:
- 'v*'
pull_request:
branches:
- 'main'

env:
REGISTRY: ghcr.io
POETRY_CACHE_DIR: ~/.cache/pypoetry
IMAGE_NAME: ${{ github.repository }}
PYTHON_VERSION: "3.11"

jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Install poetry
run: pipx install poetry

- name: Set up Python ${{ env.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "poetry"

- name: Install dependencies
run: poetry install

- name: run ruff
run: poetry run ruff check --output-format=github

- name: run format
run: poetry run ruff format --check

- name: run pyright
run: poetry run pyright

security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Install poetry
run: pipx install poetry

- name: Set up Python ${{ env.PYTHON_VERSION }}
uses: actions/setup-python@v5
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: "poetry"

- name: Install dependencies
run: poetry install

- name: Generate SBOM
run: poetry run cyclonedx-py poetry > sbom.json

- name: Generace licenses file
run: |
poetry run pip-licenses --order=license --format=json --with-description > licenses.txt
- name: Upload SBOM and licenses
uses: actions/upload-artifact@v4
with:
name: sbom-licenses-${{ github.sha }}.json
path: |
sbom.json
licenses.txt
if-no-files-found: error
overwrite: true

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: '.'
trivy-config: trivy.yaml

test:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.10", "3.11", "3.12"]

steps:
- uses: actions/checkout@v4

- name: Install poetry
run: pipx install poetry

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
cache: "poetry"

- name: Install dependencies
run: poetry install

- name: run pytest
run: poetry run coverage run -m pytest

- name: run coverage
run: poetry run coverage report

- name: run coverage
run: poetry run coverage html

- name: Upload code coverage report
if: matrix.python-version == '3.11'
uses: actions/upload-artifact@v4
with:
name: codecoverage-${{ github.sha }}
path: htmlcov/
if-no-files-found: error
overwrite: true


build:
needs: test
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
security-events: write
steps:
- uses: actions/checkout@v4

- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}

- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64,darwin/amd64

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: ${{ steps.meta.outputs.tags }}
trivy-config: trivy.yaml
scan-type: image
exit-code: 0
format: 'sarif'
output: 'trivy-results.sarif'
env:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}

- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'

# notifyMattermost:
# runs-on: ubuntu-latest
# if: failure()
# steps:
# - uses: mattermost/action-mattermost-notify@master
# with:
# MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
# MATTERMOST_CHANNEL: the-best-channel
# TEXT: |
# This is a message from ${{ github.repository }}.
# [Pipeline](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) failed :fire:
# MATTERMOST_USERNAME: ${{ github.triggering_actor }}
16 changes: 5 additions & 11 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,31 +8,25 @@ on:

jobs:
analyze:
name: Analyze (${{ matrix.language }})
name: Analyze (python)
runs-on: 'ubuntu-latest'
timeout-minutes: 360
permissions:
security-events: write
packages: read
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: python
build-mode: none

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
languages: python

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
category: "/language:python"
1 change: 1 addition & 0 deletions .github/workflows/first-interaction.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on: [pull_request, issues]
jobs:
greeting:
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
issues: write
pull-requests: write
Expand Down
3 changes: 2 additions & 1 deletion .github/workflows/stale.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ on:
jobs:
stale:
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: write # only for delete-branch option
contents: write
issues: write
pull-requests: write
steps:
Expand Down
5 changes: 2 additions & 3 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,5 @@ __pypackages__/
# ruff linter
.ruff_cache/




#mypyr
.mypy_cache/
File renamed without changes.
6 changes: 3 additions & 3 deletions .vscode/launch.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
"version": "0.2.0",
"configurations": [
{
"name": "Project",
"name": "tad",
"type": "debugpy",
"request": "launch",
"module": "python_project",
"module": "tad",
"justMyCode": false,
"args": []
},
Expand All @@ -16,7 +16,7 @@
"module": "pytest",
"cwd": "${workspaceFolder}",
"justMyCode": false,
"args": [],
"args": []
}
]
}
53 changes: 53 additions & 0 deletions BUILD.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Buiding TAD

There are several ways to build and run TAD.

1. poetry
2. container

## Building TAD with Poetry

Poetry is a python package and dependency manager. Before you can install poetry you first need to install python. Please follow [these](https://github.com/pyenv/pyenv?tab=readme-ov-file#installation) instructions.

Once you have python available you can install poetry. See [here](https://python-poetry.org/docs/#installation).

Once you have poetry and python install you can start installing the dependencies with the following shell command.

```shell
poetry install
```

when poetry is done installing all dependencies you can start using the tool.

```shell
poetry run python -m tad
```

## Building TAD with Containers

Containers allow use to package software and make it portable and isolated. Before you can run container you first need a container runtime. There are several available but allot of users use [docker desktop](https://www.docker.com/products/docker-desktop/).

Once you install a docker runtime like docker desktop you can start building the applications with this command:

```shell
docker compose build
```

to run the application you use this command:

```shell
docker compose up
```

## Testing, Linting etc

For testing, linting and other feature we use several tools. You can look up the documentation on how to use these:

* [pytest](https://docs.pytest.org/en/) `poetry run pytest`
* [ruff](https://docs.astral.sh/ruff/) `poetry run ruff format` or `poetry run ruff check --fix`
* [coverage](https://coverage.readthedocs.io/en/) `poetry run coverage report`
* [pyright](https://microsoft.github.io/pyright/#/) `poetry run pyright`

## Devcontainers

[VSCode](https://code.visualstudio.com/) has great support for devcontainers. If your editor had support for devcontainers you can also use them to start the devcontainer. Devcontaines offer great standardized environments for development.
Loading

0 comments on commit fe4bd11

Please sign in to comment.