diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..47c8511 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,61 @@ +# .github/workflows/build.yml +name: Build + +on: + workflow_run: + workflows: ["Test"] + types: + - completed + +jobs: + build: + runs-on: ubuntu-22.04 + env: + PY_COLORS: 1 + PYTHON_VERSION: '3.12.6' + steps: + - name: Dump select GitHub event context + run: | + echo "github.ref=${{ github.ref }}" + echo "github.event.head_commit=$HEAD_COMMIT" + env: + HEAD_COMMIT: ${{ toJson(github.event.head_commit) }} + + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{env.PYTHON_VERSION}} + + - name: Install and configure Poetry + uses: snok/install-poetry@v1 + with: + version: 1.8.3 + # Get from poetry.toml + # virtualenvs-create: false + # prefer-active-python: true + + - name: Install poetry dependencies + run: poetry install --no-root --with=dev --with=test + + - name: Add Dynamic Versioning Plugin + run: | + poetry self add poetry-dynamic-versioning[plugin] + + - name: Update the version + run: | + poetry dynamic-versioning + echo "VERSION=$(poetry version --short)" + + - name: Build artifacts + run: make twine-check + + - name: Store artifacts + uses: actions/upload-artifact@v4 + with: + name: dist-files + path: dist/* diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml new file mode 100644 index 0000000..bab2f48 --- /dev/null +++ b/.github/workflows/publish.yaml @@ -0,0 +1,44 @@ +# .github/workflows/publish.yml +name: Publish after Build + +on: + workflow_run: + workflows: ["Build"] + types: + - completed + +jobs: + publish: + if: ${{ github.event.workflow_run.conclusion == 'success' }} + runs-on: ubuntu-22.04 + env: + PY_COLORS: 1 + + steps: + - name: Download artifact + uses: actions/download-artifact@v4 + with: + name: dist-files + path: ./dist + + # [1-publish-workflow] + - name: Publish release candidate artifacts to TestPyPI + if: contains(github.ref, 'rc') == true + uses: pypa/gh-action-pypi-publish@release/v1 + with: + repository_url: https://test.pypi.org/legacy/ + user: __token__ + password: ${{ secrets.PSEC_TEST_PYPI_PASSWORD }} + packages-dir: ./dist + verify-metadata: false + + - name: Publish tagged artifacts to PyPI + if: contains(github.ref, 'rc') == false + uses: pypa/gh-action-pypi-publish@release/v1 + with: + user: __token__ + password: ${{ secrets.PSEC_PYPI_PASSWORD }} + packages-dir: ./dist + verify-metadata: false + # ![1-publish-workflow] + diff --git a/.github/workflows/test-build-publish.yml b/.github/workflows/test-build-publish.yml deleted file mode 100644 index e0feb81..0000000 --- a/.github/workflows/test-build-publish.yml +++ /dev/null @@ -1,165 +0,0 @@ -name: Test Build and Publish -on: [ push, pull_request ] - -jobs: - build-test: - name: Test and Build - runs-on: ubuntu-22.04 - env: - PY_COLORS: 1 - TOX_PARALLEL_NO_SPINNER: 1 - steps: - - name: Dump select GitHub event context - run: | - echo "github.ref=${{ github.ref }}" - echo "github.event.head_commit=$HEAD_COMMIT" - env: - HEAD_COMMIT: ${{ toJson(github.event.head_commit) }} - - - name: Check out src from GitHub - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: 3.10.9 - - - name: Set up Conda - uses: conda-incubator/setup-miniconda@v3 - with: - auto-activate-base: true - python-version: 3.10.9 - auto-update-conda: true - - - name: Install and configure Poetry - uses: snok/install-poetry@v1 - with: - version: 1.8.3 - # Get from poetry.toml - # virtualenvs-create: false - # prefer-active-python: true - - - name: Install poetry dependencies - run: poetry install --no-root --with=dev --with=test - - - name: Install remaining dependencies - run: | - conda config --set always_yes yes --set changeps1 no - make bats-libraries - # Useful for debugging any issues with conda - conda info -a - - - name: Add Dynamic Versioning Plugin - run: | - poetry self add poetry-dynamic-versioning[plugin] - - - name: Update the version - run: | - poetry dynamic-versioning - echo "VERSION=$(poetry version --short)" - - - name: Get variables - id: get_vars - run: | - REPO=$(basename ${{ github.repository }}) - echo "REPO=${REPO}" >> $GITHUB_OUTPUT - - BRANCH=${GITHUB_REF##*/} - echo "BRANCH=${BRANCH}" >> $GITHUB_OUTPUT - - VERSION=$(poetry version --short 2>/dev/null) - echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT - - TAG_VERSION=$(git describe --abbrev=0 --tags 2>/dev/null || true) - echo "TAG_VERSION=${TAG_VERSION}" >> $GITHUB_OUTPUT - - ARTIFACT="${REPO}-${BRANCH}" - echo "ARTIFACT=${ARTIFACT}" >> $GITHUB_OUTPUT - - # [1-test-build-publish] - - name: Run tests - run: make test - # ![1-test-build-publish] - - - name: Build artifacts - run: make twine-check - if: >- - github.event_name == 'push' && - startsWith(github.ref, 'refs/tags') - - - name: Display artifacts - run: ls -lR dist - if: >- - github.event_name == 'push' && - startsWith(github.ref, 'refs/tags') - - - name: Store artifacts - uses: actions/upload-artifact@v4 - with: - name: ${{ steps.get_vars.outputs.ARTIFACT }} - path: dist/* - if: >- - github.event_name == 'push' && - startsWith(github.ref, 'refs/tags') - - deploy: - name: Publish - if: >- - github.event_name == 'push' && - startsWith(github.ref, 'refs/tags') - needs: - - build-test - runs-on: ubuntu-22.04 - env: - PY_COLORS: 1 - TOX_PARALLEL_NO_SPINNER: 1 - steps: - - name: Download artifacts - uses: actions/download-artifact@v4 - - - name: Get variables - id: get_vars - run: | - REPO=$(basename ${{ github.repository }}) - echo "REPO=${REPO}" >> $GITHUB_OUTPUT - - BRANCH=${GITHUB_REF##*/} - echo "BRANCH=${BRANCH}" >> $GITHUB_OUTPUT - - ARTIFACT="${REPO}-${BRANCH}" - echo "ARTIFACT=${ARTIFACT}" >> $GITHUB_OUTPUT - - - name: Display artifacts - run: | - ls -lR - - # [2-test-build-publish] - - name: Publish release candidate artifacts to TestPyPI - if: >- - github.event_name == 'push' && - startsWith(github.ref, 'refs/tags') && - contains(github.ref, 'rc') == true - uses: pypa/gh-action-pypi-publish@release/v1 - with: - repository_url: https://test.pypi.org/legacy/ - user: __token__ - password: ${{ secrets.PSEC_TEST_PYPI_PASSWORD }} - packages-dir: ${{ steps.get_vars.outputs.ARTIFACT }} - verify-metadata: false - - - name: Publish tagged artifacts to PyPI - if: >- - github.event_name == 'push' && - startsWith(github.ref, 'refs/tags') && - contains(github.ref, 'rc') == false - uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: __token__ - password: ${{ secrets.PSEC_PYPI_PASSWORD }} - packages-dir: ${{ steps.get_vars.outputs.ARTIFACT }} - verify-metadata: false - # ![2-test-build-publish] - -# EOF diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 0000000..f72ba5e --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,70 @@ +# .github/workflows/test.yml +name: Test + +on: + push: + branches: + - main + - develop + - 'feature/*' + - 'hotfix/*' + pull_request: + +jobs: + test: + runs-on: ubuntu-22.04 + env: + PY_COLORS: 1 + TOX_PARALLEL_NO_SPINNER: 1 + PYTHON_VERSION: '3.12.6' + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{env.PYTHON_VERSION}} + + - name: Set up Conda + uses: conda-incubator/setup-miniconda@v3 + with: + auto-activate-base: true + python-version: ${{env.PYTHON_VERSION}} + auto-update-conda: true + + - name: Install and configure Poetry + uses: snok/install-poetry@v1 + with: + version: 1.8.3 + # Get from poetry.toml + # virtualenvs-create: false + # prefer-active-python: true + + - name: Install poetry dependencies + run: poetry install --no-root --with=dev --with=test + + - name: Install remaining dependencies + run: | + conda config --set always_yes yes --set changeps1 no + make bats-libraries + # Useful for debugging any issues with conda + conda info -a + + - name: Add Dynamic Versioning Plugin + run: | + poetry self add poetry-dynamic-versioning[plugin] + + - name: Update the version + run: | + poetry dynamic-versioning + echo "VERSION=$(poetry version --short)" + + # [1-test-workflow] + - name: Run tests + run: make test + # ![1-test-workflow] + diff --git a/HISTORY.rst b/HISTORY.rst index a084e78..f8d43d9 100644 --- a/HISTORY.rst +++ b/HISTORY.rst @@ -24,14 +24,15 @@ History .. Fixed for any bug fixes. .. Security in case of vulnerabilities. -24.10.3 (2024-10-03) +24.10.4 (2024-10-04) ~~~~~~~~~~~~~~~~~~~~ Changed ^^^^^^^ - Now using Poetry for package management and installation. - +- Refactored GitHub Actions workflows. +- (Versions 24.10.0 - 24.10.3 were fix attempts.) 23.4.2 (2023-04-20) ~~~~~~~~~~~~~~~~~~~ diff --git a/README.rst b/README.rst index cbf1f1c..809ba35 100644 --- a/README.rst +++ b/README.rst @@ -17,7 +17,7 @@ Python command line app for managing groups of secrets (passwords, API keys, etc other project variables. Reduces security risks from things like weak default passwords, secrets stored in files in the source code repository directory. -Version: 24.10.3 +Version: 24.10.4 * Free software: `Apache 2.0 License `_ * Documentation: https://python_secrets.readthedocs.org. @@ -1212,7 +1212,7 @@ Decrypted, it looks like this: myapp_app_password=brunt.outclass.alike.turbine -- - Sent using psec version 24.10.3 + Sent using psec version 24.10.4 https://pypi.org/project/python-secrets/ https://github.com/davedittrich/python_secrets diff --git a/VERSION b/VERSION index 7c77343..986f41d 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -24.10.3 +24.10.4 diff --git a/poetry.lock b/poetry.lock index 445247d..c9a52f3 100644 --- a/poetry.lock +++ b/poetry.lock @@ -890,22 +890,6 @@ docs = ["furo (>=2024.8.6)", "sphinx (>=8.0.2)", "sphinx-autodoc-typehints (>=2. testing = ["covdefaults (>=2.3)", "coverage (>=7.6.1)", "diff-cover (>=9.2)", "pytest (>=8.3.3)", "pytest-asyncio (>=0.24)", "pytest-cov (>=5)", "pytest-mock (>=3.14)", "pytest-timeout (>=2.3.1)", "virtualenv (>=20.26.4)"] typing = ["typing-extensions (>=4.12.2)"] -[[package]] -name = "flake8" -version = "3.9.2" -description = "the modular source code checker: pep8 pyflakes and co" -optional = false -python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,>=2.7" -files = [ - {file = "flake8-3.9.2-py2.py3-none-any.whl", hash = "sha256:bf8fd333346d844f616e8d47905ef3a3384edae6b4e9beb0c5101e25e3110907"}, - {file = "flake8-3.9.2.tar.gz", hash = "sha256:07528381786f2a6237b061f6e96610a4167b226cb926e2aa2b6b1d78057c576b"}, -] - -[package.dependencies] -mccabe = ">=0.6.0,<0.7.0" -pycodestyle = ">=2.7.0,<2.8.0" -pyflakes = ">=2.3.0,<2.4.0" - [[package]] name = "gnupg" version = "2.3.1" @@ -1326,17 +1310,6 @@ files = [ {file = "MarkupSafe-2.1.5.tar.gz", hash = "sha256:d283d37a890ba4c1ae73ffadf8046435c76e7bc2247bbb63c00bd1a709c6544b"}, ] -[[package]] -name = "mccabe" -version = "0.6.1" -description = "McCabe checker, plugin for flake8" -optional = false -python-versions = "*" -files = [ - {file = "mccabe-0.6.1-py2.py3-none-any.whl", hash = "sha256:ab8a6258860da4b6677da4bd2fe5dc2c659cff31b3ee4f7f5d64e79735b80d42"}, - {file = "mccabe-0.6.1.tar.gz", hash = "sha256:dd8d182285a0fe56bace7f45b5e7d1a6ebcbf524e8f3bd87eb0f125271b8831f"}, -] - [[package]] name = "mdurl" version = "0.1.2" @@ -1676,17 +1649,6 @@ files = [ {file = "ptyprocess-0.7.0.tar.gz", hash = "sha256:5c5d0a3b48ceee0b48485e0c26037c0acd7d29765ca3fbb5cb3831d347423220"}, ] -[[package]] -name = "pycodestyle" -version = "2.7.0" -description = "Python style guide checker" -optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -files = [ - {file = "pycodestyle-2.7.0-py2.py3-none-any.whl", hash = "sha256:514f76d918fcc0b55c6680472f0a37970994e07bbb80725808c17089be302068"}, - {file = "pycodestyle-2.7.0.tar.gz", hash = "sha256:c389c1d06bf7904078ca03399a4816f974a1d590090fecea0c63ec26ebaf1cef"}, -] - [[package]] name = "pycparser" version = "2.22" @@ -1698,17 +1660,6 @@ files = [ {file = "pycparser-2.22.tar.gz", hash = "sha256:491c8be9c040f5390f5bf44a5b07752bd07f56edf992381b05c701439eec10f6"}, ] -[[package]] -name = "pyflakes" -version = "2.3.1" -description = "passive checker of Python programs" -optional = false -python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" -files = [ - {file = "pyflakes-2.3.1-py2.py3-none-any.whl", hash = "sha256:7893783d01b8a89811dd72d7dfd4d84ff098e5eed95cfa8905b22bbffe52efc3"}, - {file = "pyflakes-2.3.1.tar.gz", hash = "sha256:f5bc8ecabc05bb9d291eb5203d6810b49040f6ff446a756326104746cc00c1db"}, -] - [[package]] name = "pygments" version = "2.18.0" @@ -2123,13 +2074,13 @@ idna2008 = ["idna"] [[package]] name = "rich" -version = "13.9.1" +version = "13.9.2" description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" optional = false python-versions = ">=3.8.0" files = [ - {file = "rich-13.9.1-py3-none-any.whl", hash = "sha256:b340e739f30aa58921dc477b8adaa9ecdb7cecc217be01d93730ee1bc8aa83be"}, - {file = "rich-13.9.1.tar.gz", hash = "sha256:097cffdf85db1babe30cc7deba5ab3a29e1b9885047dab24c57e9a7f8a9c1466"}, + {file = "rich-13.9.2-py3-none-any.whl", hash = "sha256:8c82a3d3f8dcfe9e734771313e606b39d8247bb6b826e196f4914b333b743cf1"}, + {file = "rich-13.9.2.tar.gz", hash = "sha256:51a2c62057461aaf7152b4d611168f93a9fc73068f8ded2790f29fe2b5366d0c"}, ] [package.dependencies] @@ -2140,6 +2091,33 @@ typing-extensions = {version = ">=4.0.0,<5.0", markers = "python_version < \"3.1 [package.extras] jupyter = ["ipywidgets (>=7.5.1,<9)"] +[[package]] +name = "ruff" +version = "0.6.9" +description = "An extremely fast Python linter and code formatter, written in Rust." +optional = false +python-versions = ">=3.7" +files = [ + {file = "ruff-0.6.9-py3-none-linux_armv6l.whl", hash = "sha256:064df58d84ccc0ac0fcd63bc3090b251d90e2a372558c0f057c3f75ed73e1ccd"}, + {file = "ruff-0.6.9-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:140d4b5c9f5fc7a7b074908a78ab8d384dd7f6510402267bc76c37195c02a7ec"}, + {file = "ruff-0.6.9-py3-none-macosx_11_0_arm64.whl", hash = "sha256:53fd8ca5e82bdee8da7f506d7b03a261f24cd43d090ea9db9a1dc59d9313914c"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:645d7d8761f915e48a00d4ecc3686969761df69fb561dd914a773c1a8266e14e"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:eae02b700763e3847595b9d2891488989cac00214da7f845f4bcf2989007d577"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7d5ccc9e58112441de8ad4b29dcb7a86dc25c5f770e3c06a9d57e0e5eba48829"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:417b81aa1c9b60b2f8edc463c58363075412866ae4e2b9ab0f690dc1e87ac1b5"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:3c866b631f5fbce896a74a6e4383407ba7507b815ccc52bcedabb6810fdb3ef7"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7b118afbb3202f5911486ad52da86d1d52305b59e7ef2031cea3425142b97d6f"}, + {file = "ruff-0.6.9-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a67267654edc23c97335586774790cde402fb6bbdb3c2314f1fc087dee320bfa"}, + {file = "ruff-0.6.9-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:3ef0cc774b00fec123f635ce5c547dac263f6ee9fb9cc83437c5904183b55ceb"}, + {file = "ruff-0.6.9-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:12edd2af0c60fa61ff31cefb90aef4288ac4d372b4962c2864aeea3a1a2460c0"}, + {file = "ruff-0.6.9-py3-none-musllinux_1_2_i686.whl", hash = "sha256:55bb01caeaf3a60b2b2bba07308a02fca6ab56233302406ed5245180a05c5625"}, + {file = "ruff-0.6.9-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:925d26471fa24b0ce5a6cdfab1bb526fb4159952385f386bdcc643813d472039"}, + {file = "ruff-0.6.9-py3-none-win32.whl", hash = "sha256:eb61ec9bdb2506cffd492e05ac40e5bc6284873aceb605503d8494180d6fc84d"}, + {file = "ruff-0.6.9-py3-none-win_amd64.whl", hash = "sha256:785d31851c1ae91f45b3d8fe23b8ae4b5170089021fbb42402d811135f0b7117"}, + {file = "ruff-0.6.9-py3-none-win_arm64.whl", hash = "sha256:a9641e31476d601f83cd602608739a0840e348bda93fec9f1ee816f8b6798b93"}, + {file = "ruff-0.6.9.tar.gz", hash = "sha256:b076ef717a8e5bc819514ee1d602bbdca5b4420ae13a9cf61a0c0a4f53a2baa2"}, +] + [[package]] name = "secretstorage" version = "3.3.3" @@ -2631,4 +2609,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = ">=3.10,<4.0" -content-hash = "8838b7e128cc54218815b05f8f4b4222d2cc9b7222c24cce03ac5af8ddfdc5c1" +content-hash = "31ece2809d8167085379ce6622e020aa36333970bbd090835b0fe45fab11b1cd" diff --git a/psec/__init__.py b/psec/__init__.py index 0b153b6..fe43acd 100755 --- a/psec/__init__.py +++ b/psec/__init__.py @@ -12,7 +12,7 @@ __author__ = 'Dave Dittrich' __email__ = 'dave.dittrich@gmail.com' -__release__ = '24.10.3' +__release__ = '24.10.4' if __version__ in ['0.0.0', '0.1.0']: try: diff --git a/pyproject.toml b/pyproject.toml index 3a68a29..c2eb077 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -137,12 +137,12 @@ requests = "^2.32.3" sphinx = "^8.0.2" setuptools = "^75.1.0" xkcdpass ="^1.19.9" +ruff = "^0.6.9" [tool.poetry.group.dev] optional = true [tool.poetry.group.dev.dependencies] -flake8 = "^3.9.2" tox = "^4.8.1" bandit = "^1.7.9" diff --git a/setup.cfg b/setup.cfg index e95658a..97629f3 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,5 +1,5 @@ [bumpversion] -current_version = 24.10.3 +current_version = 24.10.4 commit = False tag = False diff --git a/tox.ini b/tox.ini index 714c9d6..189a212 100644 --- a/tox.ini +++ b/tox.ini @@ -36,7 +36,7 @@ depends = report: py310,py311,py312 allowlist_externals = coverage - flake8 + ruff make poetry pytest @@ -78,13 +78,12 @@ commands = make twine-check [testenv:pep8] #allowlist_externals = -# flake8 +# ruff # poetry deps = -#commands = flake8 psec tests docs/conf.py +#commands = ruff psec tests docs/conf.py commands = -# poetry install --no-root --with=dev - flake8 -v --extend-exclude tests/libs/ tests/ docs/conf.py + ruff check -v --extend-exclude tests/libs/ tests/ docs/conf.py [testenv:bandit] ; Run security linter