From 9fee73167fe404405d706a17b31559a376144c43 Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Sun, 1 Sep 2024 15:40:16 +0530 Subject: [PATCH 01/13] feat: python ci --- .../python/code-quality/format/action.yaml | 36 ++++++++ actions/python/code-quality/lint/action.yaml | 36 ++++++++ .../code-quality/spell-check/action.yaml | 36 ++++++++ .../code-quality/type-check/action.yaml | 42 +++++++++ actions/python/setup/poetry/action.yaml | 92 +++++++++++++++++++ 5 files changed, 242 insertions(+) create mode 100644 actions/python/code-quality/format/action.yaml create mode 100644 actions/python/code-quality/lint/action.yaml create mode 100644 actions/python/code-quality/spell-check/action.yaml create mode 100644 actions/python/code-quality/type-check/action.yaml create mode 100644 actions/python/setup/poetry/action.yaml diff --git a/actions/python/code-quality/format/action.yaml b/actions/python/code-quality/format/action.yaml new file mode 100644 index 0000000..d338580 --- /dev/null +++ b/actions/python/code-quality/format/action.yaml @@ -0,0 +1,36 @@ +--- +name: Format Code +description: Checks and ensures the code is formatted according to the defined style guidelines. + +inputs: + python_version: + description: Python version to use + default: "3.12" + required: false + poetry_install_options: + description: Options for installing dependencies via poetry + required: false + default: "--only=code_quality --no-root" + poetry_export_options: + description: Options for exporting dependencies to check for hash + changes for cache invalidation + required: false + default: "--only=code_quality" + +runs: + using: composite + steps: + - name: Check out repository + uses: actions/checkout@v4 + + - name: Set up environment + uses: ./actions/python/setup/poetry + with: + python-version: ${{ inputs.python_version }} + poetry-install-options: ${{ inputs.poetry_install_options }} + poetry-export-options: ${{ inputs.poetry_export_options }} + + - name: Check code style + shell: bash + run: poetry run ruff format --check +... \ No newline at end of file diff --git a/actions/python/code-quality/lint/action.yaml b/actions/python/code-quality/lint/action.yaml new file mode 100644 index 0000000..24c6b53 --- /dev/null +++ b/actions/python/code-quality/lint/action.yaml @@ -0,0 +1,36 @@ +--- +name: Lint Code +description: Lints the code to ensure code quality and adherence to standards. + +inputs: + python_version: + description: Python version to use + default: "3.12" + required: false + poetry_install_options: + description: Options for installing dependencies via poetry + required: false + default: "--only=code_quality --no-root" + poetry_export_options: + description: Options for exporting dependencies to check for hash + changes for cache invalidation + required: false + default: "--only=code_quality" + +runs: + using: composite + steps: + - name: Check out repository + uses: actions/checkout@v4 + + - name: Set up environment + uses: ./actions/python/setup/poetry + with: + python-version: ${{ inputs.python_version }} + poetry-install-options: ${{ inputs.poetry_install_options }} + poetry-export-options: ${{ inputs.poetry_export_options }} + + - name: Check code quality + shell: bash + run: poetry run ruff check . +... \ No newline at end of file diff --git a/actions/python/code-quality/spell-check/action.yaml b/actions/python/code-quality/spell-check/action.yaml new file mode 100644 index 0000000..478b2b8 --- /dev/null +++ b/actions/python/code-quality/spell-check/action.yaml @@ -0,0 +1,36 @@ +--- +name: Spell Check +description: Runs a spell check on the codebase to identify spelling errors. + +inputs: + python_version: + description: Python version to use + default: "3.12" + required: false + poetry_install_options: + description: Options for installing dependencies via poetry + required: false + default: "--only=code_quality --no-root" + poetry_export_options: + description: Options for exporting dependencies to check for hash + changes for cache invalidation + required: false + default: "--only=code_quality" + +runs: + using: composite + steps: + - name: Check out repository + uses: actions/checkout@v4 + + - name: Set up environment + uses: ./.github/actions/setup/poetry + with: + python-version: ${{ inputs.python_version }} + poetry-install-options: ${{ inputs.poetry_install_options }} + poetry-export-options: ${{ inputs.poetry_export_options }} + + - name: Check spellings + shell: bash + run: poetry run typos . +... \ No newline at end of file diff --git a/actions/python/code-quality/type-check/action.yaml b/actions/python/code-quality/type-check/action.yaml new file mode 100644 index 0000000..badd7db --- /dev/null +++ b/actions/python/code-quality/type-check/action.yaml @@ -0,0 +1,42 @@ +--- +name: Type Check +description: Runs a type check on the codebase to ensure type safety and + correctness. + +inputs: + python_version: + description: Python version to use + default: "3.12" + required: false + poetry_install_options: + description: Options for installing dependencies via poetry + required: false + default: "--with=code_quality --with=types --no-root" + poetry_export_options: + description: Options for exporting dependencies to check for hash + changes for cache invalidation + required: false + default: "--with=code_quality --with=types" + file_path: + description: The path to the file or directory to type check + required: false + default: " . " + + +runs: + using: composite + steps: + - name: Check out repository + uses: actions/checkout@v4 + + - name: Set up environment + uses: ./.github/actions/setup/poetry + with: + python-version: ${{ inputs.python_version }} + poetry-install-options: ${{ inputs.poetry_install_options }} + poetry-export-options: ${{ inputs.poetry_export_options }} + + - name: Check types + shell: bash + run: poetry run mypy ${{ inputs.file_path }} +... \ No newline at end of file diff --git a/actions/python/setup/poetry/action.yaml b/actions/python/setup/poetry/action.yaml new file mode 100644 index 0000000..b08ced7 --- /dev/null +++ b/actions/python/setup/poetry/action.yaml @@ -0,0 +1,92 @@ +--- +name: Setup Python and Poetry Action +description: Configure system, Python, Poetry and deps and cache management. + +inputs: + os: + default: ubuntu-latest + description: The operating system to use + python_version: + default: '3.11' + description: The version of Python to use + poetry_version: + default: '1.8.2' + description: The version of Poetry to install + poetry_install_options: + default: '' + description: Additional options to pass to poetry install + poetry_export_options: + default: '' + description: Options to pass to poetry export for hash generation for cache + invalidation + +runs: + using: composite + steps: + - uses: 'actions/setup-python@v5' + id: setup-python + with: + python_version: '${{ inputs.python_version }}' + + - name: Setup pipx environment Variables + id: pipx-env-setup + # pipx default home and bin dir are not writable by the cache action + # so override them here and add the bin dir to PATH for later steps. + # This also ensures the pipx cache only contains poetry + run: | + SEP="${{ !startsWith(runner.os, 'windows') && '/' || '\\' }}" + PIPX_CACHE="${{ github.workspace }}${SEP}pipx_cache" + echo "pipx-cache-path=${PIPX_CACHE}" >> $GITHUB_OUTPUT + echo "pipx-version=$(pipx --version)" >> $GITHUB_OUTPUT + echo "PIPX_HOME=${PIPX_CACHE}${SEP}home" >> $GITHUB_ENV + echo "PIPX_BIN_DIR=${PIPX_CACHE}${SEP}bin" >> $GITHUB_ENV + echo "PIPX_MAN_DIR=${PIPX_CACHE}${SEP}man" >> $GITHUB_ENV + echo "${PIPX_CACHE}${SEP}bin" >> $GITHUB_PATH + shell: bash + + - name: Pipx cache + id: pipx-cache + uses: actions/cache@v4 + with: + path: ${{ steps.pipx-env-setup.outputs.pipx-cache-path }} + key: ${{ runner.os }}-python- + ${{ steps.setup-python.outputs.python_version }}- + pipx-${{ steps.pipx-env-setup.outputs.pipx-version }}- + poetry-${{ inputs.poetry_version }} + + - name: Install poetry + if: steps.pipx-cache.outputs.cache-hit != 'true' + id: install-poetry + shell: bash + run: | + pipx install poetry \ + --python "${{ steps.setup-python.outputs.python-path }}" + + - name: Read poetry cache location + id: poetry-cache-location + shell: bash + run: | + echo "poetry-venv-location=$(poetry config virtualenvs.path)" \ + >> $GITHUB_OUTPUT + + - name: Generate hash only for required deps + run: | + poetry export ${{ inputs.poetry_export_options }} \ + --format=requirements.txt --output=requirements.txt + echo "DEP_HASH=$(sha256sum requirements.txt | cut -d ' ' -f 1)" \ + >> $GITHUB_ENV + shell: bash + + - name: Poetry cache + uses: actions/cache@v4 + with: + path: ${{ steps.poetry-cache-location.outputs.poetry-venv-location }} + key: ${{ runner.os }}-[python- + ${{ steps.setup-python.outputs.python_version }}]-[ + ${{ env.DEP_HASH }}]-[${{ inputs.poetry_install_options }}] + + - name: Poetry install + if: steps.poetry-cache.outputs.cache-hit != 'true' + shell: bash + run: poetry install ${{ inputs.poetry_install_options }} --no-interaction +... \ No newline at end of file From c20ade47767024c7a008c466d34c61ffe0105ec6 Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Sun, 1 Sep 2024 16:36:35 +0530 Subject: [PATCH 02/13] fix variables --- actions/python/code-quality/format/action.yaml | 8 ++++---- actions/python/code-quality/lint/action.yaml | 8 ++++---- actions/python/code-quality/spell-check/action.yaml | 8 ++++---- actions/python/code-quality/type-check/action.yaml | 8 ++++---- actions/python/setup/poetry/action.yaml | 2 +- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/actions/python/code-quality/format/action.yaml b/actions/python/code-quality/format/action.yaml index d338580..9e4b55d 100644 --- a/actions/python/code-quality/format/action.yaml +++ b/actions/python/code-quality/format/action.yaml @@ -24,11 +24,11 @@ runs: uses: actions/checkout@v4 - name: Set up environment - uses: ./actions/python/setup/poetry + uses: elixir-cloud-aai/actions/python/setup/poetry@main with: - python-version: ${{ inputs.python_version }} - poetry-install-options: ${{ inputs.poetry_install_options }} - poetry-export-options: ${{ inputs.poetry_export_options }} + python_version: ${{ inputs.python_version }} + poetry_install_options: ${{ inputs.poetry_install_options }} + poetry_export_options: ${{ inputs.poetry_export_options }} - name: Check code style shell: bash diff --git a/actions/python/code-quality/lint/action.yaml b/actions/python/code-quality/lint/action.yaml index 24c6b53..19d80c9 100644 --- a/actions/python/code-quality/lint/action.yaml +++ b/actions/python/code-quality/lint/action.yaml @@ -24,11 +24,11 @@ runs: uses: actions/checkout@v4 - name: Set up environment - uses: ./actions/python/setup/poetry + uses: elixir-cloud-aai/actions/python/setup/poetry@main with: - python-version: ${{ inputs.python_version }} - poetry-install-options: ${{ inputs.poetry_install_options }} - poetry-export-options: ${{ inputs.poetry_export_options }} + python_version: ${{ inputs.python_version }} + poetry_install_options: ${{ inputs.poetry_install_options }} + poetry_export_options: ${{ inputs.poetry_export_options }} - name: Check code quality shell: bash diff --git a/actions/python/code-quality/spell-check/action.yaml b/actions/python/code-quality/spell-check/action.yaml index 478b2b8..8df3cba 100644 --- a/actions/python/code-quality/spell-check/action.yaml +++ b/actions/python/code-quality/spell-check/action.yaml @@ -24,11 +24,11 @@ runs: uses: actions/checkout@v4 - name: Set up environment - uses: ./.github/actions/setup/poetry + uses: elixir-cloud-aai/actions/python/setup/poetry@main with: - python-version: ${{ inputs.python_version }} - poetry-install-options: ${{ inputs.poetry_install_options }} - poetry-export-options: ${{ inputs.poetry_export_options }} + python_version: ${{ inputs.python_version }} + poetry_install_options: ${{ inputs.poetry_install_options }} + poetry_export_options: ${{ inputs.poetry_export_options }} - name: Check spellings shell: bash diff --git a/actions/python/code-quality/type-check/action.yaml b/actions/python/code-quality/type-check/action.yaml index badd7db..ee11bac 100644 --- a/actions/python/code-quality/type-check/action.yaml +++ b/actions/python/code-quality/type-check/action.yaml @@ -30,11 +30,11 @@ runs: uses: actions/checkout@v4 - name: Set up environment - uses: ./.github/actions/setup/poetry + uses: elixir-cloud-aai/actions/python/setup/poetry@main with: - python-version: ${{ inputs.python_version }} - poetry-install-options: ${{ inputs.poetry_install_options }} - poetry-export-options: ${{ inputs.poetry_export_options }} + python_version: ${{ inputs.python_version }} + poetry_install_options: ${{ inputs.poetry_install_options }} + poetry_export_options: ${{ inputs.poetry_export_options }} - name: Check types shell: bash diff --git a/actions/python/setup/poetry/action.yaml b/actions/python/setup/poetry/action.yaml index b08ced7..42b80a6 100644 --- a/actions/python/setup/poetry/action.yaml +++ b/actions/python/setup/poetry/action.yaml @@ -26,7 +26,7 @@ runs: - uses: 'actions/setup-python@v5' id: setup-python with: - python_version: '${{ inputs.python_version }}' + python-version: '${{ inputs.python_version }}' - name: Setup pipx environment Variables id: pipx-env-setup From 41da7d0150e8884f6de73406e5d406c7e204e529 Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Sun, 1 Sep 2024 17:03:20 +0530 Subject: [PATCH 03/13] add test ci --- .../python/code-quality/format/action.yaml | 7 +-- actions/python/code-quality/lint/action.yaml | 4 +- .../code-quality/spell-check/action.yaml | 4 +- .../code-quality/type-check/action.yaml | 6 +-- .../code-test/integration-test/action.yaml | 52 +++++++++++++++++++ .../python/code-test/unit-test/action.yaml | 52 +++++++++++++++++++ actions/python/setup/poetry/action.yaml | 4 +- 7 files changed, 117 insertions(+), 12 deletions(-) create mode 100644 actions/python/code-test/integration-test/action.yaml create mode 100644 actions/python/code-test/unit-test/action.yaml diff --git a/actions/python/code-quality/format/action.yaml b/actions/python/code-quality/format/action.yaml index 9e4b55d..8ebc963 100644 --- a/actions/python/code-quality/format/action.yaml +++ b/actions/python/code-quality/format/action.yaml @@ -1,6 +1,7 @@ --- name: Format Code -description: Checks and ensures the code is formatted according to the defined style guidelines. +description: Checks and ensures the code is formatted according to the defined + style guidelines. inputs: python_version: @@ -12,7 +13,7 @@ inputs: required: false default: "--only=code_quality --no-root" poetry_export_options: - description: Options for exporting dependencies to check for hash + description: Options for exporting dependencies to check for hash changes for cache invalidation required: false default: "--only=code_quality" @@ -33,4 +34,4 @@ runs: - name: Check code style shell: bash run: poetry run ruff format --check -... \ No newline at end of file +... diff --git a/actions/python/code-quality/lint/action.yaml b/actions/python/code-quality/lint/action.yaml index 19d80c9..b585cdb 100644 --- a/actions/python/code-quality/lint/action.yaml +++ b/actions/python/code-quality/lint/action.yaml @@ -12,7 +12,7 @@ inputs: required: false default: "--only=code_quality --no-root" poetry_export_options: - description: Options for exporting dependencies to check for hash + description: Options for exporting dependencies to check for hash changes for cache invalidation required: false default: "--only=code_quality" @@ -33,4 +33,4 @@ runs: - name: Check code quality shell: bash run: poetry run ruff check . -... \ No newline at end of file +... diff --git a/actions/python/code-quality/spell-check/action.yaml b/actions/python/code-quality/spell-check/action.yaml index 8df3cba..019c03c 100644 --- a/actions/python/code-quality/spell-check/action.yaml +++ b/actions/python/code-quality/spell-check/action.yaml @@ -12,7 +12,7 @@ inputs: required: false default: "--only=code_quality --no-root" poetry_export_options: - description: Options for exporting dependencies to check for hash + description: Options for exporting dependencies to check for hash changes for cache invalidation required: false default: "--only=code_quality" @@ -33,4 +33,4 @@ runs: - name: Check spellings shell: bash run: poetry run typos . -... \ No newline at end of file +... diff --git a/actions/python/code-quality/type-check/action.yaml b/actions/python/code-quality/type-check/action.yaml index ee11bac..c505510 100644 --- a/actions/python/code-quality/type-check/action.yaml +++ b/actions/python/code-quality/type-check/action.yaml @@ -1,6 +1,6 @@ --- name: Type Check -description: Runs a type check on the codebase to ensure type safety and +description: Runs a type check on the codebase to ensure type safety and correctness. inputs: @@ -13,7 +13,7 @@ inputs: required: false default: "--with=code_quality --with=types --no-root" poetry_export_options: - description: Options for exporting dependencies to check for hash + description: Options for exporting dependencies to check for hash changes for cache invalidation required: false default: "--with=code_quality --with=types" @@ -39,4 +39,4 @@ runs: - name: Check types shell: bash run: poetry run mypy ${{ inputs.file_path }} -... \ No newline at end of file +... diff --git a/actions/python/code-test/integration-test/action.yaml b/actions/python/code-test/integration-test/action.yaml new file mode 100644 index 0000000..3a26f8e --- /dev/null +++ b/actions/python/code-test/integration-test/action.yaml @@ -0,0 +1,52 @@ +--- +name: Integration Test +description: Set up environment, run integration tests, and upload coverage report. + +inputs: + os: + default: ubuntu-latest + description: The operating system to use + python_version: + default: '3.11' + description: The version of Python to use + poetry_install_options: + default: '--with=test' + description: Options for installing dependencies via poetry + poetry_export_options: + default: '--with=test' + description: Options for exporting dependencies for cache invalidation + codecov_token: + description: Codecov token for uploading coverage reports + required: true + +runs: + using: composite + steps: + - name: Check out repository + uses: actions/checkout@v4 + + - name: Set up environment + uses: elixir-cloud-aai/actions/python/setup/poetry@main + with: + os: ${{ inputs.os }} + python_version: ${{ inputs.python_version }} + poetry_install_options: ${{ inputs.poetry_install_options }} + poetry_export_options: ${{ inputs.poetry_export_options }} + + - name: Run integration tests and generate coverage report + shell: bash + run: | + poetry run pytest \ + --cov-report term \ + --cov-report xml:test_integration.xml \ + --cov=tests/test_integration + + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v4 + with: + token: ${{ inputs.codecov_token }} + flags: test_integration + files: ./test_integration.xml + fail_ci_if_error: true + verbose: true +... \ No newline at end of file diff --git a/actions/python/code-test/unit-test/action.yaml b/actions/python/code-test/unit-test/action.yaml new file mode 100644 index 0000000..2c53373 --- /dev/null +++ b/actions/python/code-test/unit-test/action.yaml @@ -0,0 +1,52 @@ +--- +name: Unit Test +description: Set up environment, run unit tests, and upload coverage report. + +inputs: + os: + default: ubuntu-latest + description: The operating system to use + python_version: + default: '3.11' + description: The version of Python to use + poetry_install_options: + default: '--with=test' + description: Options for installing dependencies via poetry + poetry_export_options: + default: '--with=test' + description: Options for exporting dependencies for cache invalidation + codecov_token: + description: Codecov token for uploading coverage reports + required: true + +runs: + using: composite + steps: + - name: Check out repository + uses: actions/checkout@v4 + + - name: Set up environment + uses: elixir-cloud-aai/actions/python/setup/poetry@main + with: + os: ${{ inputs.os }} + python_version: ${{ inputs.python_version }} + poetry_install_options: ${{ inputs.poetry_install_options }} + poetry_export_options: ${{ inputs.poetry_export_options }} + + - name: Run unit tests and generate coverage report + shell: bash + run: | + poetry run pytest \ + --cov-report term \ + --cov-report xml:test_unit.xml \ + --cov=tests/test_unit + + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v4 + with: + token: ${{ inputs.codecov_token }} + flags: test_unit + files: ./test_unit.xml + fail_ci_if_error: true + verbose: true +... \ No newline at end of file diff --git a/actions/python/setup/poetry/action.yaml b/actions/python/setup/poetry/action.yaml index 42b80a6..556c926 100644 --- a/actions/python/setup/poetry/action.yaml +++ b/actions/python/setup/poetry/action.yaml @@ -17,7 +17,7 @@ inputs: description: Additional options to pass to poetry install poetry_export_options: default: '' - description: Options to pass to poetry export for hash generation for cache + description: Options to pass to poetry export for hash generation for cache invalidation runs: @@ -89,4 +89,4 @@ runs: if: steps.poetry-cache.outputs.cache-hit != 'true' shell: bash run: poetry install ${{ inputs.poetry_install_options }} --no-interaction -... \ No newline at end of file +... From 3c7bd44aa37cc7c829c87d2cec07e56c43c35fff Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Sun, 1 Sep 2024 17:23:58 +0530 Subject: [PATCH 04/13] vul --- .yamllint | 15 ++++++ .../code-test/integration-test/action.yaml | 18 +++++-- .../python/code-test/unit-test/action.yaml | 18 +++++-- actions/python/setup/poetry/action.yaml | 12 ++--- .../code-vulnerability/action.yaml | 50 +++++++++++++++++++ .../dependency-vulnerability/action.yaml | 40 +++++++++++++++ 6 files changed, 137 insertions(+), 16 deletions(-) create mode 100644 .yamllint create mode 100644 actions/python/vulnerability/code-vulnerability/action.yaml create mode 100644 actions/python/vulnerability/dependency-vulnerability/action.yaml diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..8320e79 --- /dev/null +++ b/.yamllint @@ -0,0 +1,15 @@ +--- +extends: default + +rules: + # Rule to enforce the use of double quotes + quoted-strings: + quote-type: double + required: false + # Additional rules can be configured as needed + line-length: + max: 120 + indentation: + spaces: 2 + document-start: disable +... \ No newline at end of file diff --git a/actions/python/code-test/integration-test/action.yaml b/actions/python/code-test/integration-test/action.yaml index 3a26f8e..2909de2 100644 --- a/actions/python/code-test/integration-test/action.yaml +++ b/actions/python/code-test/integration-test/action.yaml @@ -6,18 +6,26 @@ inputs: os: default: ubuntu-latest description: The operating system to use + required: false python_version: - default: '3.11' + default: "3.12" description: The version of Python to use + required: false poetry_install_options: - default: '--with=test' + default: "--with=test" description: Options for installing dependencies via poetry + required: false poetry_export_options: - default: '--with=test' + default: "--with=test" description: Options for exporting dependencies for cache invalidation + required: false codecov_token: description: Codecov token for uploading coverage reports required: true + file_path: + description: The path to the file or directory to integration test + required: false + default: "tests/test_integration" runs: using: composite @@ -39,7 +47,7 @@ runs: poetry run pytest \ --cov-report term \ --cov-report xml:test_integration.xml \ - --cov=tests/test_integration + --cov=${{ inputs.file_path }} - name: Upload coverage to Codecov uses: codecov/codecov-action@v4 @@ -49,4 +57,4 @@ runs: files: ./test_integration.xml fail_ci_if_error: true verbose: true -... \ No newline at end of file +... diff --git a/actions/python/code-test/unit-test/action.yaml b/actions/python/code-test/unit-test/action.yaml index 2c53373..ad1827c 100644 --- a/actions/python/code-test/unit-test/action.yaml +++ b/actions/python/code-test/unit-test/action.yaml @@ -6,18 +6,26 @@ inputs: os: default: ubuntu-latest description: The operating system to use + required: false python_version: - default: '3.11' + default: "3.12" description: The version of Python to use + required: false poetry_install_options: - default: '--with=test' + default: "--with=test" description: Options for installing dependencies via poetry + required: false poetry_export_options: - default: '--with=test' + default: "--with=test" description: Options for exporting dependencies for cache invalidation + required: false codecov_token: description: Codecov token for uploading coverage reports required: true + file_path: + description: The path to the file or directory to unit test + required: false + default: "tests/test_unit" runs: using: composite @@ -39,7 +47,7 @@ runs: poetry run pytest \ --cov-report term \ --cov-report xml:test_unit.xml \ - --cov=tests/test_unit + --cov=${{ inputs.file_path }} - name: Upload coverage to Codecov uses: codecov/codecov-action@v4 @@ -49,4 +57,4 @@ runs: files: ./test_unit.xml fail_ci_if_error: true verbose: true -... \ No newline at end of file +... diff --git a/actions/python/setup/poetry/action.yaml b/actions/python/setup/poetry/action.yaml index 556c926..c8243f6 100644 --- a/actions/python/setup/poetry/action.yaml +++ b/actions/python/setup/poetry/action.yaml @@ -7,26 +7,26 @@ inputs: default: ubuntu-latest description: The operating system to use python_version: - default: '3.11' + default: "3.12" description: The version of Python to use poetry_version: - default: '1.8.2' + default: "1.8.2" description: The version of Poetry to install poetry_install_options: - default: '' + default: "" description: Additional options to pass to poetry install poetry_export_options: - default: '' + default: "" description: Options to pass to poetry export for hash generation for cache invalidation runs: using: composite steps: - - uses: 'actions/setup-python@v5' + - uses: "actions/setup-python@v5" id: setup-python with: - python-version: '${{ inputs.python_version }}' + python-version: "${{ inputs.python_version }}" - name: Setup pipx environment Variables id: pipx-env-setup diff --git a/actions/python/vulnerability/code-vulnerability/action.yaml b/actions/python/vulnerability/code-vulnerability/action.yaml new file mode 100644 index 0000000..428b849 --- /dev/null +++ b/actions/python/vulnerability/code-vulnerability/action.yaml @@ -0,0 +1,50 @@ +--- +name: Code Vulnerability Test +description: Set up environment, run code vulnerability checks, and report + findings. + +inputs: + os: + default: ubuntu-latest + description: The operating system to use + required: false + python_version: + default: "3.12" + description: The version of Python to use + required: false + poetry_install_options: + default: "--only=vulnerability --no-root" + description: Options for installing dependencies via poetry + required: false + poetry_export_options: + default: "--only=vulnerability" + description: Options for exporting dependencies for cache invalidation + required: false + config_path: + description: The path to the Bandit configuration file + default: "pyproject.toml" + required: false + file_path: + description: The path to the file or directory to check for vulnerabilities + required: true + +runs: + using: composite + steps: + - name: Check out repository + uses: actions/checkout@v4 + + - name: Set up environment + uses: elixir-cloud-aai/actions/python/setup/poetry@main + with: + os: ${{ inputs.os }} + python_version: ${{ inputs.python_version }} + poetry_install_options: ${{ inputs.poetry_install_options }} + poetry_export_options: ${{ inputs.poetry_export_options }} + + - name: Check code vulnerabilities with Bandit + shell: bash + run: poetry run bandit \ + -c ${{ inputs.config_path }} \ + -r ${{ inputs.file_path }} +... \ No newline at end of file diff --git a/actions/python/vulnerability/dependency-vulnerability/action.yaml b/actions/python/vulnerability/dependency-vulnerability/action.yaml new file mode 100644 index 0000000..e9a4ed5 --- /dev/null +++ b/actions/python/vulnerability/dependency-vulnerability/action.yaml @@ -0,0 +1,40 @@ +--- +name: Dependency Vulnerability Test +description: Set up environment, run dependency vulnerability checks, and report findings. + +inputs: + os: + default: ubuntu-latest + description: The operating system to use + required: false + python_version: + default: "3.12" + description: The version of Python to use + required: false + poetry_install_options: + default: "--only=vulnerability --no-root" + description: Options for installing dependencies via poetry + required: false + poetry_export_options: + default: "--only=vulnerability" + description: Options for exporting dependencies for cache invalidation + required: false + +runs: + using: composite + steps: + - name: Check out repository + uses: actions/checkout@v4 + + - name: Set up environment + uses: elixir-cloud-aai/actions/python/setup/poetry@main + with: + os: ${{ inputs.os }} + python_version: ${{ inputs.python_version }} + poetry_install_options: ${{ inputs.poetry_install_options }} + poetry_export_options: ${{ inputs.poetry_export_options }} + + - name: Check dependency vulnerabilities with Safety + shell: bash + run: poetry run safety check --full-report +... \ No newline at end of file From 7d699d8e516f15e3793a51cd261cfc326d7b1bfe Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Sun, 1 Sep 2024 17:45:17 +0530 Subject: [PATCH 05/13] docs check so that each pr has uptodate docs --- .yamllint | 2 +- .../docs/autogenerated-docs-check/action.yaml | 64 +++++++++++++++++++ actions/python/release/pypi/action.yaml | 42 ++++++++++++ .../code-vulnerability/action.yaml | 4 +- .../dependency-vulnerability/action.yaml | 2 +- 5 files changed, 110 insertions(+), 4 deletions(-) create mode 100644 actions/python/docs/autogenerated-docs-check/action.yaml create mode 100644 actions/python/release/pypi/action.yaml diff --git a/.yamllint b/.yamllint index 8320e79..b082d5a 100644 --- a/.yamllint +++ b/.yamllint @@ -12,4 +12,4 @@ rules: indentation: spaces: 2 document-start: disable -... \ No newline at end of file +... diff --git a/actions/python/docs/autogenerated-docs-check/action.yaml b/actions/python/docs/autogenerated-docs-check/action.yaml new file mode 100644 index 0000000..0bfbceb --- /dev/null +++ b/actions/python/docs/autogenerated-docs-check/action.yaml @@ -0,0 +1,64 @@ +--- +name: Documentation Check +description: Verifies that the API documentation is up to date. + +inputs: + os: + default: ubuntu-latest + description: The operating system to use + required: false + python_version: + default: "3.12" + description: The version of Python to use + required: false + poetry_install_options: + default: "--with=docs --with=types --no-root" + description: Options to pass to poetry install + required: false + poetry_export_options: + default: "--with=docs --with=types" + description: Options to pass to poetry export for cache invalidation + required: false + file_path: + description: File path for which the docs will be generated + required: true + auto_doc_dir: + description: Directory path that stores all the auto generated docs for + the packages + default: "/docs/source/pages" + required: false + +runs: + using: composite + steps: + - uses: actions/checkout@v4 + + - name: Set up environment + uses: elixir-cloud-aai/actions/python/setup/poetry@main + with: + os: ${{ inputs.os }} + python-version: ${{ inputs.python_version }} + poetry-install-options: ${{ inputs.poetry_install_options }} + poetry-export-options: ${{ inputs.poetry_export_options }} + + - name: Generate API docs + shell: bash + run: | + poetry run sphinx-apidoc \ + -o /tmp/docs/source/pages \ + ${{ inputs.file_path }}/ + + - name: Compare current docs with latest docs + shell: bash + run: | + shasum /tmp/docs/source/pages/* > /tmp/docs.sha + shasum ${{ inputs.auto_doc_dir }}/* > docs/project_doc.sha + awk '{print $1}' /tmp/docs.sha > /tmp/docs_hashes.sha + awk '{print $1}' docs/project_doc.sha > docs/project_doc_hashes.sha + diff=$(diff /tmp/docs_hashes.sha docs/project_doc_hashes.sha) || true + if [[ -n "$diff" ]]; then + echo "::error::API documentation is out of date." + exit 1 + else + echo "API documentation is up to date." +... diff --git a/actions/python/release/pypi/action.yaml b/actions/python/release/pypi/action.yaml new file mode 100644 index 0000000..25fecf9 --- /dev/null +++ b/actions/python/release/pypi/action.yaml @@ -0,0 +1,42 @@ +--- +name: Publish to PyPI +description: Publishes the Python package to PyPI when a release is made. + +inputs: + os: + default: ubuntu-latest + description: The operating system to use + required: false + python_version: + default: "3.12" + description: The version of Python to use + required: false + poetry_install_options: + default: "--only=main" + description: Additional options to pass to poetry install + required: false + poetry_export_options: + default: "--only=main" + description: Options to pass to poetry export for cache invalidation + required: false + pypi_token: + description: PYPI token for release the package + required: true + +runs: + using: composite + steps: + - uses: actions/checkout@v4 + + - name: Set up environment + uses: elixir-cloud-aai/actions/python/setup/poetry@main + with: + os: ${{ inputs.os }} + python-version: ${{ inputs.python_version }} + poetry-install-options: ${{ inputs.poetry_install_options }} + poetry-export-options: ${{ inputs.poetry_export_options }} + + - name: Publish package to PyPI + shell: bash + run: poetry publish --build -u __token__ -p ${{ inputs.pypi_token }} +... diff --git a/actions/python/vulnerability/code-vulnerability/action.yaml b/actions/python/vulnerability/code-vulnerability/action.yaml index 428b849..b3022f5 100644 --- a/actions/python/vulnerability/code-vulnerability/action.yaml +++ b/actions/python/vulnerability/code-vulnerability/action.yaml @@ -1,6 +1,6 @@ --- name: Code Vulnerability Test -description: Set up environment, run code vulnerability checks, and report +description: Set up environment, run code vulnerability checks, and report findings. inputs: @@ -47,4 +47,4 @@ runs: run: poetry run bandit \ -c ${{ inputs.config_path }} \ -r ${{ inputs.file_path }} -... \ No newline at end of file +... diff --git a/actions/python/vulnerability/dependency-vulnerability/action.yaml b/actions/python/vulnerability/dependency-vulnerability/action.yaml index e9a4ed5..a21026b 100644 --- a/actions/python/vulnerability/dependency-vulnerability/action.yaml +++ b/actions/python/vulnerability/dependency-vulnerability/action.yaml @@ -37,4 +37,4 @@ runs: - name: Check dependency vulnerabilities with Safety shell: bash run: poetry run safety check --full-report -... \ No newline at end of file +... From f38e1813000eb92169bf83af67eaaa99a038f6cc Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Sun, 1 Sep 2024 17:46:39 +0530 Subject: [PATCH 06/13] format --- actions/python/code-quality/type-check/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/python/code-quality/type-check/action.yaml b/actions/python/code-quality/type-check/action.yaml index c505510..34adb9e 100644 --- a/actions/python/code-quality/type-check/action.yaml +++ b/actions/python/code-quality/type-check/action.yaml @@ -20,7 +20,7 @@ inputs: file_path: description: The path to the file or directory to type check required: false - default: " . " + default: "." runs: From b2b2861f6c86b8236b62bc9e15f38b73ae2faf76 Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Mon, 16 Sep 2024 14:25:15 +0530 Subject: [PATCH 07/13] remove spell checker --- .../code-quality/spell-check/action.yaml | 36 ------------------- actions/python/release/pypi/action.yaml | 6 +++- 2 files changed, 5 insertions(+), 37 deletions(-) delete mode 100644 actions/python/code-quality/spell-check/action.yaml diff --git a/actions/python/code-quality/spell-check/action.yaml b/actions/python/code-quality/spell-check/action.yaml deleted file mode 100644 index 019c03c..0000000 --- a/actions/python/code-quality/spell-check/action.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -name: Spell Check -description: Runs a spell check on the codebase to identify spelling errors. - -inputs: - python_version: - description: Python version to use - default: "3.12" - required: false - poetry_install_options: - description: Options for installing dependencies via poetry - required: false - default: "--only=code_quality --no-root" - poetry_export_options: - description: Options for exporting dependencies to check for hash - changes for cache invalidation - required: false - default: "--only=code_quality" - -runs: - using: composite - steps: - - name: Check out repository - uses: actions/checkout@v4 - - - name: Set up environment - uses: elixir-cloud-aai/actions/python/setup/poetry@main - with: - python_version: ${{ inputs.python_version }} - poetry_install_options: ${{ inputs.poetry_install_options }} - poetry_export_options: ${{ inputs.poetry_export_options }} - - - name: Check spellings - shell: bash - run: poetry run typos . -... diff --git a/actions/python/release/pypi/action.yaml b/actions/python/release/pypi/action.yaml index 25fecf9..617a874 100644 --- a/actions/python/release/pypi/action.yaml +++ b/actions/python/release/pypi/action.yaml @@ -36,7 +36,11 @@ runs: poetry-install-options: ${{ inputs.poetry_install_options }} poetry-export-options: ${{ inputs.poetry_export_options }} + - name: Build package + shell: bash + run: poetry build + - name: Publish package to PyPI shell: bash - run: poetry publish --build -u __token__ -p ${{ inputs.pypi_token }} + run: poetry publish -u __token__ -p ${{ inputs.pypi_token }} ... From 9b45748cdaf0237a373111f0a4375f92d390bbd8 Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Wed, 2 Oct 2024 02:29:46 +0530 Subject: [PATCH 08/13] feat: add commenting functionality --- .../python/code-quality/format/action.yaml | 53 ++++++++++++ actions/python/code-quality/lint/action.yaml | 50 +++++++++++ .../code-quality/type-check/action.yaml | 73 +++++++++++++++++ .../code-test/integration-test/action.yaml | 56 ++++++++++++- .../python/code-test/unit-test/action.yaml | 54 +++++++++++- actions/python/comment/action.yaml | 76 +++++++++++++++++ .../docs/autogenerated-docs-check/action.yaml | 82 ++++++++++++++++++- .../code-vulnerability/action.yaml | 52 ++++++++++++ .../dependency-vulnerability/action.yaml | 52 ++++++++++++ 9 files changed, 542 insertions(+), 6 deletions(-) create mode 100644 actions/python/comment/action.yaml diff --git a/actions/python/code-quality/format/action.yaml b/actions/python/code-quality/format/action.yaml index 8ebc963..8f841ab 100644 --- a/actions/python/code-quality/format/action.yaml +++ b/actions/python/code-quality/format/action.yaml @@ -4,6 +4,10 @@ description: Checks and ensures the code is formatted according to the defined style guidelines. inputs: + os: + description: The operating system to use + default: ubuntu-latest + required: false python_version: description: Python version to use default: "3.12" @@ -26,12 +30,61 @@ runs: - name: Set up environment uses: elixir-cloud-aai/actions/python/setup/poetry@main + id: setup + continue-on-error: true with: + os: ${{ inputs.os }} python_version: ${{ inputs.python_version }} poetry_install_options: ${{ inputs.poetry_install_options }} poetry_export_options: ${{ inputs.poetry_export_options }} + - name: Comment on PR + if: steps.setup.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: format + step_name: setup + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Check your `pyproject.toml` and the dependency groups in them, + especially the `code_quality` group. + +
+ Env used for CI + OS: ${{ inputs.os }} + Python Version: ${{ inputs.python_version }} + Poetry Install Options: ${{ inputs.poetry_install_options }} + Poetry Export Options: ${{ inputs.poetry_export_options }} +
+ - name: Check code style + id: format + continue-on-error: true shell: bash run: poetry run ruff format --check + + - name: Comment on PR + if: steps.format.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: format + step_name: format + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + With the environment set up and dependencies installed, + run `poetry run ruff format` to check and fix some code style issues. + +
+ Use Makefile command + Default makefile from cookiecutter template has a command + `make fl` to run the check. + + Run make in the root directory of the project, to see all the + available commands. +
... +q \ No newline at end of file diff --git a/actions/python/code-quality/lint/action.yaml b/actions/python/code-quality/lint/action.yaml index b585cdb..e5132b9 100644 --- a/actions/python/code-quality/lint/action.yaml +++ b/actions/python/code-quality/lint/action.yaml @@ -3,6 +3,10 @@ name: Lint Code description: Lints the code to ensure code quality and adherence to standards. inputs: + os: + description: The operating system to use + default: ubuntu-latest + required: false python_version: description: Python version to use default: "3.12" @@ -25,12 +29,58 @@ runs: - name: Set up environment uses: elixir-cloud-aai/actions/python/setup/poetry@main + continue-on-error: true with: + os: ${{ inputs.os }} python_version: ${{ inputs.python_version }} poetry_install_options: ${{ inputs.poetry_install_options }} poetry_export_options: ${{ inputs.poetry_export_options }} + - name: Comment on PR + if: steps.setup.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: lint + step_name: setup + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Check your `pyproject.toml` and the dependency groups in them. + +
+ Env used for CI + OS: ${{ inputs.os }} + Python Version: ${{ inputs.python_version }} + Poetry Install Options: ${{ inputs.poetry_install_options }} + Poetry Export Options: ${{ inputs.poetry_export_options }} +
+ - name: Check code quality shell: bash + id: lint run: poetry run ruff check . + + - name: Comment on PR + if: steps.lint.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: format + step_name: format + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + With the environment set up and dependencies installed, + run `poetry run ruff check --fix` to check and fix some lint + issues. + +
+ Use Makefile command + Default makefile from cookiecutter template has a command + `make fl` to run the check. + + Run make in the root directory of the project, to see all the + available commands. +
... diff --git a/actions/python/code-quality/type-check/action.yaml b/actions/python/code-quality/type-check/action.yaml index 34adb9e..d17930a 100644 --- a/actions/python/code-quality/type-check/action.yaml +++ b/actions/python/code-quality/type-check/action.yaml @@ -4,6 +4,10 @@ description: Runs a type check on the codebase to ensure type safety and correctness. inputs: + os: + description: The operating system to use + required: false + default: "ubuntu-latest" python_version: description: Python version to use default: "3.12" @@ -31,12 +35,81 @@ runs: - name: Set up environment uses: elixir-cloud-aai/actions/python/setup/poetry@main + id: setup + continue-on-error: true with: + os: ${{ inputs.os }} python_version: ${{ inputs.python_version }} poetry_install_options: ${{ inputs.poetry_install_options }} poetry_export_options: ${{ inputs.poetry_export_options }} + - name: Comment on PR + if: steps.setup.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: type-check + step_name: setup + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Check your `pyproject.toml` and the dependency groups in them, + especially `code_quality` and `types` group. + +
+ Env used for CI + OS: ${{ inputs.os }} + Python Version: ${{ inputs.python_version }} + Poetry Install Options: ${{ inputs.poetry_install_options }} + Poetry Export Options: ${{ inputs.poetry_export_options }} +
+ - name: Check types + id: type-check + continue-on-error: true shell: bash run: poetry run mypy ${{ inputs.file_path }} + + - name: Comment on PR + if: steps.type-check.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: type-check + step_name: type-check + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + With the environment set up and dependencies installed, + run `run mypy ${{ inputs.file_path }}` to see mypy errors. + +
+ Missing stubs or types + If you see errors related to missing stubs or types, + try running `poetry add types- --group=types` or + `poetry add -stub --group=types` to add type stubs. + + If that fails, either the package does not have types/stubs + or they have different name. + + In that case you can seach for them and add them to types group. +
+ +
+ Ignore error + Add the module name in pyproject.toml under [tools.mypy.overrides] + section inside modules list. + + ```toml + [[tool.mypy.overrides]] + ignore_missing_imports = true + module = [ + "connexion.*", + ] + ``` + + Try to as granular as possible to avoid ignoring all errors. If + you are using `x.y.z` import, add `x.y.z.*` to the list instead + of `x.*`. +
... diff --git a/actions/python/code-test/integration-test/action.yaml b/actions/python/code-test/integration-test/action.yaml index 2909de2..aecf79f 100644 --- a/actions/python/code-test/integration-test/action.yaml +++ b/actions/python/code-test/integration-test/action.yaml @@ -35,13 +35,38 @@ runs: - name: Set up environment uses: elixir-cloud-aai/actions/python/setup/poetry@main + continue-on-error: true + id: setup with: os: ${{ inputs.os }} python_version: ${{ inputs.python_version }} poetry_install_options: ${{ inputs.poetry_install_options }} poetry_export_options: ${{ inputs.poetry_export_options }} + - name: Comment on PR + if: steps.setup.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: integration-test + step_name: setup + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Test depend on the main package dependecies and `test` + group in `pyproject.toml`. + +
+ Env used for CI + OS: ${{ inputs.os }} + Python Version: ${{ inputs.python_version }} + Poetry Install Options: ${{ inputs.poetry_install_options }} + Poetry Export Options: ${{ inputs.poetry_export_options }} +
+ - name: Run integration tests and generate coverage report + id: test + continue-on-error: true shell: bash run: | poetry run pytest \ @@ -49,12 +74,41 @@ runs: --cov-report xml:test_integration.xml \ --cov=${{ inputs.file_path }} + - name: Comment on PR + if: steps.upload.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: integration-test + step_name: test + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Check your integration tests in ${{ inputs.file_path }}, + and the dependencies in `pyproject.toml`. + + Run `poetry run pytest --cov=${{ inputs.file_path }}` to see the errors. + - name: Upload coverage to Codecov uses: codecov/codecov-action@v4 + id: upload with: token: ${{ inputs.codecov_token }} flags: test_integration files: ./test_integration.xml - fail_ci_if_error: true + fail_ci_if_error: false verbose: true + + - name: Comment on PR + if: ${{ inputs.codecov_token }} == null || ${{ inputs.codecov_token }} == '' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: integration-test + step_name: upload + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Codecov token is missing. Please ask admin to add the token to the + secrets. The coverage report was generated but not uploaded. ... diff --git a/actions/python/code-test/unit-test/action.yaml b/actions/python/code-test/unit-test/action.yaml index ad1827c..1bca36c 100644 --- a/actions/python/code-test/unit-test/action.yaml +++ b/actions/python/code-test/unit-test/action.yaml @@ -34,6 +34,7 @@ runs: uses: actions/checkout@v4 - name: Set up environment + id: setup uses: elixir-cloud-aai/actions/python/setup/poetry@main with: os: ${{ inputs.os }} @@ -41,7 +42,29 @@ runs: poetry_install_options: ${{ inputs.poetry_install_options }} poetry_export_options: ${{ inputs.poetry_export_options }} + - name: Comment on PR + if: steps.setup.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: unit-test + step_name: setup + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Test depend on the main package dependecies and `test` + group in `pyproject.toml`. + +
+ Env used for CI + OS: ${{ inputs.os }} + Python Version: ${{ inputs.python_version }} + Poetry Install Options: ${{ inputs.poetry_install_options }} + Poetry Export Options: ${{ inputs.poetry_export_options }} +
+ - name: Run unit tests and generate coverage report + id: unit-test shell: bash run: | poetry run pytest \ @@ -49,12 +72,41 @@ runs: --cov-report xml:test_unit.xml \ --cov=${{ inputs.file_path }} + - name: Comment on PR + if: steps.unit-test.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: unit-test + step_name: test + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Check your unit tests in ${{ inputs.file_path }}, + and the dependencies in `pyproject.toml`. + + Run `poetry run pytest --cov=${{ inputs.file_path }}` to see the errors. + - name: Upload coverage to Codecov + id: upload uses: codecov/codecov-action@v4 with: token: ${{ inputs.codecov_token }} flags: test_unit files: ./test_unit.xml - fail_ci_if_error: true + fail_ci_if_error: false verbose: true + + - name: Comment on PR + if: ${{ inputs.codecov_token }} == null || ${{ inputs.codecov_token }} == '' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: unit-test + step_name: upload + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Codecov token is missing. Please ask admin to add the token to the + secrets. The coverage report was generated but not uploaded. ... diff --git a/actions/python/comment/action.yaml b/actions/python/comment/action.yaml new file mode 100644 index 0000000..3edf603 --- /dev/null +++ b/actions/python/comment/action.yaml @@ -0,0 +1,76 @@ +--- +name: Commenting bot to report CI failures +description: | + This action is used to comment on a pull request with the CI failure details. + It checks if the comment is already present and updates the comment with the + latest CI failure details. + +inputs: + ci_name: + description: The name of the CI + required: true + commit_id: + description: The commit id to use + required: true + error-after-comment: + description: Stop the workflow after commenting + required: false + default: "true" + issue-number: + description: The issue number to comment on + required: true + message: + description: The message to include in the comment + required: true + step_name: + description: The name of the step the failed in the + required: true + username: + description: The username to tag in the message + default: jaeaeich + required: false + +runs: + using: composite + steps: + - name: Create the title of the comment + id: globals + shell: bash + run: echo "TITLE=Hey @$INPUT_USERNAME, \`$INPUT_CI_NAME\` CI failed at \`$INPUT_STEP_NAME\` step!" >> "${GITHUB_OUTPUT}" + env: + INPUT_USERNAME: ${{ inputs.username }} + INPUT_CI_NAME: ${{ inputs.ci_name }} + INPUT_STEP_NAME: ${{ inputs.step_name }} + + - name: Find if comment is already present + uses: peter-evans/find-comment@v3 + id: find-comment + with: + issue-number: ${{ inputs.issue-number }} + comment-author: 'github-actions[bot]' + body-includes: ${{ steps.globals.outputs.TITLE }} + + - name: Create a new comment if there hasn't been one + if: steps.find-comment.outputs.comment-id == '' + id: fresh-comment + uses: peter-evans/create-or-update-comment@v4 + with: + issue-number: ${{ inputs.issue-number }} + body: | + ${{ steps.globals.outputs.TITLE }} + ${{ inputs.message }} + + - name: Update the comment, to remind user + if: steps.find-comment.outputs.comment-id != '' + uses: peter-evans/create-or-update-comment@v4 + with: + comment-id: ${{ steps.find-comment.outputs.comment-id }} + issue-number: ${{ inputs.issue-number }} + body: | + Hey @${{ inputs.username }}, it failed again for commit ${{ inputs.commit_id }}! + + - name: Fail the workflow if error-after-comment is true + if: ${{ inputs.error-after-comment }} + shell: bash + run: exit 1 +... \ No newline at end of file diff --git a/actions/python/docs/autogenerated-docs-check/action.yaml b/actions/python/docs/autogenerated-docs-check/action.yaml index 0bfbceb..d13483c 100644 --- a/actions/python/docs/autogenerated-docs-check/action.yaml +++ b/actions/python/docs/autogenerated-docs-check/action.yaml @@ -20,8 +20,9 @@ inputs: description: Options to pass to poetry export for cache invalidation required: false file_path: - description: File path for which the docs will be generated - required: true + description: File path for which the docs will be generated, default to the + package name from the pyproject.toml + required: false auto_doc_dir: description: Directory path that stores all the auto generated docs for the packages @@ -31,25 +32,76 @@ inputs: runs: using: composite steps: - - uses: actions/checkout@v4 + - name: Check out repository + uses: actions/checkout@v4 - name: Set up environment + id: setup uses: elixir-cloud-aai/actions/python/setup/poetry@main + continue-on-error: true with: os: ${{ inputs.os }} python-version: ${{ inputs.python_version }} poetry-install-options: ${{ inputs.poetry_install_options }} poetry-export-options: ${{ inputs.poetry_export_options }} + - name: Comment on PR + if: steps.setup.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: docs + step_name: setup + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Check your `pyproject.toml` and the dependency groups in them, + especially `docs` and `types` group. + +
+ Env used for CI + OS: ${{ inputs.os }} + Python Version: ${{ inputs.python_version }} + Poetry Install Options: ${{ inputs.poetry_install_options }} + Poetry Export Options: ${{ inputs.poetry_export_options }} +
+ + - name: Get the file_path if user doesn't provide it + id: get-file-path + shell: bash + run: | + if [[ -z "${{ inputs.file_path }}" ]]; then + file_path=$(poetry version | awk '{print $1}') + else + file_path="${{ inputs.file_path }}" + fi + echo "file_path=$file_path" >> $GITHUB_ENV + + # This should not be possible, but just in case + - name: Comment on PR + if: ${{ env.file_path }} == "" + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: docs + step_name: get-file-path + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Couldn't retrieve project name from `pyproject.toml` and + `file_path`` is not provided for the workflow. + - name: Generate API docs shell: bash run: | poetry run sphinx-apidoc \ -o /tmp/docs/source/pages \ - ${{ inputs.file_path }}/ + ${{ env.file_path }}/ - name: Compare current docs with latest docs shell: bash + id: compare-docs + continue-on-error: true run: | shasum /tmp/docs/source/pages/* > /tmp/docs.sha shasum ${{ inputs.auto_doc_dir }}/* > docs/project_doc.sha @@ -61,4 +113,26 @@ runs: exit 1 else echo "API documentation is up to date." + + - name: Comment on PR + if: steps.compare-docs.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: docs + step_name: compare-docs + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + API documentation is out of date. Run + `poetry run sphinx-apidoc ${{ env.file_path }}` to update the docs. + + Note: You can also delete the auto generated docs and regenerate + them if there has been a major change in the codebase. + +
+ Use Makefile command + Default makefile from cookiecutter template has a command + `make docs` to run the sphinx-apidoc. +
... diff --git a/actions/python/vulnerability/code-vulnerability/action.yaml b/actions/python/vulnerability/code-vulnerability/action.yaml index b3022f5..37882a3 100644 --- a/actions/python/vulnerability/code-vulnerability/action.yaml +++ b/actions/python/vulnerability/code-vulnerability/action.yaml @@ -36,15 +36,67 @@ runs: - name: Set up environment uses: elixir-cloud-aai/actions/python/setup/poetry@main + id: setup + continue-on-error: false with: os: ${{ inputs.os }} python_version: ${{ inputs.python_version }} poetry_install_options: ${{ inputs.poetry_install_options }} poetry_export_options: ${{ inputs.poetry_export_options }} + - name: Comment on PR + if: steps.setup.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: bandit + step_name: setup + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Make sure bandit is in `vulnerability` group in `pyproject.toml`. + +
+ Env used for CI + OS: ${{ inputs.os }} + Python Version: ${{ inputs.python_version }} + Poetry Install Options: ${{ inputs.poetry_install_options }} + Poetry Export Options: ${{ inputs.poetry_export_options }} +
+ - name: Check code vulnerabilities with Bandit + id: check + continue-on-error: true shell: bash run: poetry run bandit \ -c ${{ inputs.config_path }} \ -r ${{ inputs.file_path }} + + - name: Comment on PR + if: steps.check.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: bandit + step_name: check + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Check your code for vulnerabilities using Bandit. + + Run `poetry run bandit -c ${{ inputs.config_path }} -r ${{ inputs.file_path }}` + to check for errors. + +
+ Ignore errors + If you are sure that the error is a false positive, you can add the + error code to the `skips` list in `pyproject.toml`. + + ```toml + [tool.bandit] + skips = [ + "B108" # Insecure usage of temp file/directory, false positive. + ] + ``` +
... diff --git a/actions/python/vulnerability/dependency-vulnerability/action.yaml b/actions/python/vulnerability/dependency-vulnerability/action.yaml index a21026b..119ab93 100644 --- a/actions/python/vulnerability/dependency-vulnerability/action.yaml +++ b/actions/python/vulnerability/dependency-vulnerability/action.yaml @@ -27,6 +27,8 @@ runs: uses: actions/checkout@v4 - name: Set up environment + id: setup + continue-on-error: true uses: elixir-cloud-aai/actions/python/setup/poetry@main with: os: ${{ inputs.os }} @@ -34,7 +36,57 @@ runs: poetry_install_options: ${{ inputs.poetry_install_options }} poetry_export_options: ${{ inputs.poetry_export_options }} + - name: Comment on PR + if: steps.setup.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: safety + step_name: setup + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Make sure bandit is in `vulnerability` group in `pyproject.toml`. + +
+ Env used for CI + OS: ${{ inputs.os }} + Python Version: ${{ inputs.python_version }} + Poetry Install Options: ${{ inputs.poetry_install_options }} + Poetry Export Options: ${{ inputs.poetry_export_options }} +
+ - name: Check dependency vulnerabilities with Safety shell: bash + id: check + continue-on-error: true run: poetry run safety check --full-report + + - name: Comment on PR + if: steps.check.outcome == 'failure' + uses: elixir-cloud-aai/actions/github/comment@main + with: + ci_name: safety + step_name: check + commit_id: ${{ github.sha }} + issue-number: ${{ github.event.number }} + username: ${{ github.actor}} + message: | + Check your code for vulnerabilities using safety cli. + + Run `poetry run safety check --full-report` to check for errors. + +
+ Ignore errors + If you are sure that the error is a false positive, you can add the + error code to `.safety-policy.yaml`. + + ```yaml + security: + ignore-vulnerabilities: + ERROR_CODE: + reason: 'REASON' + expires: 'DATE' + ``` +
... From ff60c28be78f9450af843378c3b40f257831096d Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Sun, 6 Oct 2024 21:31:52 +0530 Subject: [PATCH 09/13] format --- actions/python/code-quality/format/action.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/actions/python/code-quality/format/action.yaml b/actions/python/code-quality/format/action.yaml index 8f841ab..824d25a 100644 --- a/actions/python/code-quality/format/action.yaml +++ b/actions/python/code-quality/format/action.yaml @@ -86,5 +86,4 @@ runs: Run make in the root directory of the project, to see all the available commands. -... -q \ No newline at end of file +... \ No newline at end of file From 1c51094138f41a6e048132716f7330782fd6fb41 Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Tue, 15 Oct 2024 02:37:40 +0530 Subject: [PATCH 10/13] extend poetry action to accept list of deps --- .../python/code-quality/format/action.yaml | 19 ++-- actions/python/code-quality/lint/action.yaml | 17 ++-- .../code-quality/type-check/action.yaml | 20 ++-- .../code-test/integration-test/action.yaml | 19 ++-- .../python/code-test/unit-test/action.yaml | 19 ++-- actions/python/comment/action.yaml | 30 +++--- .../docs/autogenerated-docs-check/action.yaml | 17 ++-- actions/python/setup/poetry/action.yaml | 99 +++++++++++++++---- .../code-vulnerability/action.yaml | 15 ++- .../dependency-vulnerability/action.yaml | 13 ++- 10 files changed, 161 insertions(+), 107 deletions(-) diff --git a/actions/python/code-quality/format/action.yaml b/actions/python/code-quality/format/action.yaml index 824d25a..f2ec2ff 100644 --- a/actions/python/code-quality/format/action.yaml +++ b/actions/python/code-quality/format/action.yaml @@ -4,23 +4,23 @@ description: Checks and ensures the code is formatted according to the defined style guidelines. inputs: - os: + os: description: The operating system to use default: ubuntu-latest required: false python_version: description: Python version to use - default: "3.12" + default: '3.12' required: false poetry_install_options: description: Options for installing dependencies via poetry required: false - default: "--only=code_quality --no-root" + default: '--only=code_quality --no-root' poetry_export_options: description: Options for exporting dependencies to check for hash changes for cache invalidation required: false - default: "--only=code_quality" + default: '--only=code_quality' runs: using: composite @@ -45,12 +45,12 @@ runs: ci_name: format step_name: setup commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Check your `pyproject.toml` and the dependency groups in them, especially the `code_quality` group. - +
Env used for CI OS: ${{ inputs.os }} @@ -61,7 +61,6 @@ runs: - name: Check code style id: format - continue-on-error: true shell: bash run: poetry run ruff format --check @@ -72,12 +71,13 @@ runs: ci_name: format step_name: format commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + continue-on-error: true + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | With the environment set up and dependencies installed, run `poetry run ruff format` to check and fix some code style issues. - +
Use Makefile command Default makefile from cookiecutter template has a command @@ -86,4 +86,3 @@ runs: Run make in the root directory of the project, to see all the available commands.
-... \ No newline at end of file diff --git a/actions/python/code-quality/lint/action.yaml b/actions/python/code-quality/lint/action.yaml index e5132b9..16a20f2 100644 --- a/actions/python/code-quality/lint/action.yaml +++ b/actions/python/code-quality/lint/action.yaml @@ -3,23 +3,23 @@ name: Lint Code description: Lints the code to ensure code quality and adherence to standards. inputs: - os: + os: description: The operating system to use default: ubuntu-latest required: false python_version: description: Python version to use - default: "3.12" + default: '3.12' required: false poetry_install_options: description: Options for installing dependencies via poetry required: false - default: "--only=code_quality --no-root" + default: '--only=code_quality --no-root' poetry_export_options: description: Options for exporting dependencies to check for hash changes for cache invalidation required: false - default: "--only=code_quality" + default: '--only=code_quality' runs: using: composite @@ -43,11 +43,11 @@ runs: ci_name: lint step_name: setup commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Check your `pyproject.toml` and the dependency groups in them. - +
Env used for CI OS: ${{ inputs.os }} @@ -68,13 +68,13 @@ runs: ci_name: format step_name: format commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | With the environment set up and dependencies installed, run `poetry run ruff check --fix` to check and fix some lint issues. - +
Use Makefile command Default makefile from cookiecutter template has a command @@ -83,4 +83,3 @@ runs: Run make in the root directory of the project, to see all the available commands.
-... diff --git a/actions/python/code-quality/type-check/action.yaml b/actions/python/code-quality/type-check/action.yaml index d17930a..a6c2538 100644 --- a/actions/python/code-quality/type-check/action.yaml +++ b/actions/python/code-quality/type-check/action.yaml @@ -7,25 +7,24 @@ inputs: os: description: The operating system to use required: false - default: "ubuntu-latest" + default: 'ubuntu-latest' python_version: description: Python version to use - default: "3.12" + default: '3.12' required: false poetry_install_options: description: Options for installing dependencies via poetry required: false - default: "--with=code_quality --with=types --no-root" + default: '--with=code_quality --with=types --no-root' poetry_export_options: description: Options for exporting dependencies to check for hash changes for cache invalidation required: false - default: "--with=code_quality --with=types" + default: '--with=code_quality --with=types' file_path: description: The path to the file or directory to type check required: false - default: "." - + default: '.' runs: using: composite @@ -50,12 +49,12 @@ runs: ci_name: type-check step_name: setup commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Check your `pyproject.toml` and the dependency groups in them, especially `code_quality` and `types` group. - +
Env used for CI OS: ${{ inputs.os }} @@ -77,12 +76,12 @@ runs: ci_name: type-check step_name: type-check commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | With the environment set up and dependencies installed, run `run mypy ${{ inputs.file_path }}` to see mypy errors. - +
Missing stubs or types If you see errors related to missing stubs or types, @@ -112,4 +111,3 @@ runs: you are using `x.y.z` import, add `x.y.z.*` to the list instead of `x.*`.
-... diff --git a/actions/python/code-test/integration-test/action.yaml b/actions/python/code-test/integration-test/action.yaml index aecf79f..27d48b1 100644 --- a/actions/python/code-test/integration-test/action.yaml +++ b/actions/python/code-test/integration-test/action.yaml @@ -8,15 +8,15 @@ inputs: description: The operating system to use required: false python_version: - default: "3.12" + default: '3.12' description: The version of Python to use required: false poetry_install_options: - default: "--with=test" + default: '--with=test' description: Options for installing dependencies via poetry required: false poetry_export_options: - default: "--with=test" + default: '--with=test' description: Options for exporting dependencies for cache invalidation required: false codecov_token: @@ -25,7 +25,7 @@ inputs: file_path: description: The path to the file or directory to integration test required: false - default: "tests/test_integration" + default: 'tests/test_integration' runs: using: composite @@ -50,12 +50,12 @@ runs: ci_name: integration-test step_name: setup commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Test depend on the main package dependecies and `test` group in `pyproject.toml`. - +
Env used for CI OS: ${{ inputs.os }} @@ -81,12 +81,12 @@ runs: ci_name: integration-test step_name: test commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Check your integration tests in ${{ inputs.file_path }}, and the dependencies in `pyproject.toml`. - + Run `poetry run pytest --cov=${{ inputs.file_path }}` to see the errors. - name: Upload coverage to Codecov @@ -106,9 +106,8 @@ runs: ci_name: integration-test step_name: upload commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Codecov token is missing. Please ask admin to add the token to the secrets. The coverage report was generated but not uploaded. -... diff --git a/actions/python/code-test/unit-test/action.yaml b/actions/python/code-test/unit-test/action.yaml index 1bca36c..3050d7a 100644 --- a/actions/python/code-test/unit-test/action.yaml +++ b/actions/python/code-test/unit-test/action.yaml @@ -8,15 +8,15 @@ inputs: description: The operating system to use required: false python_version: - default: "3.12" + default: '3.12' description: The version of Python to use required: false poetry_install_options: - default: "--with=test" + default: '--with=test' description: Options for installing dependencies via poetry required: false poetry_export_options: - default: "--with=test" + default: '--with=test' description: Options for exporting dependencies for cache invalidation required: false codecov_token: @@ -25,7 +25,7 @@ inputs: file_path: description: The path to the file or directory to unit test required: false - default: "tests/test_unit" + default: 'tests/test_unit' runs: using: composite @@ -49,12 +49,12 @@ runs: ci_name: unit-test step_name: setup commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Test depend on the main package dependecies and `test` group in `pyproject.toml`. - +
Env used for CI OS: ${{ inputs.os }} @@ -79,12 +79,12 @@ runs: ci_name: unit-test step_name: test commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Check your unit tests in ${{ inputs.file_path }}, and the dependencies in `pyproject.toml`. - + Run `poetry run pytest --cov=${{ inputs.file_path }}` to see the errors. - name: Upload coverage to Codecov @@ -104,9 +104,8 @@ runs: ci_name: unit-test step_name: upload commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Codecov token is missing. Please ask admin to add the token to the secrets. The coverage report was generated but not uploaded. -... diff --git a/actions/python/comment/action.yaml b/actions/python/comment/action.yaml index 3edf603..2158a63 100644 --- a/actions/python/comment/action.yaml +++ b/actions/python/comment/action.yaml @@ -12,11 +12,11 @@ inputs: commit_id: description: The commit id to use required: true - error-after-comment: + error_after_comment: description: Stop the workflow after commenting required: false - default: "true" - issue-number: + default: 'true' + issue_number: description: The issue number to comment on required: true message: @@ -27,8 +27,7 @@ inputs: required: true username: description: The username to tag in the message - default: jaeaeich - required: false + required: true runs: using: composite @@ -41,12 +40,12 @@ runs: INPUT_USERNAME: ${{ inputs.username }} INPUT_CI_NAME: ${{ inputs.ci_name }} INPUT_STEP_NAME: ${{ inputs.step_name }} - + - name: Find if comment is already present uses: peter-evans/find-comment@v3 id: find-comment with: - issue-number: ${{ inputs.issue-number }} + issue_number: ${{ inputs.issue_number }} comment-author: 'github-actions[bot]' body-includes: ${{ steps.globals.outputs.TITLE }} @@ -55,7 +54,7 @@ runs: id: fresh-comment uses: peter-evans/create-or-update-comment@v4 with: - issue-number: ${{ inputs.issue-number }} + issue_number: ${{ inputs.issue_number }} body: | ${{ steps.globals.outputs.TITLE }} ${{ inputs.message }} @@ -65,12 +64,17 @@ runs: uses: peter-evans/create-or-update-comment@v4 with: comment-id: ${{ steps.find-comment.outputs.comment-id }} - issue-number: ${{ inputs.issue-number }} + issue_number: ${{ inputs.issue_number }} body: | Hey @${{ inputs.username }}, it failed again for commit ${{ inputs.commit_id }}! - - - name: Fail the workflow if error-after-comment is true - if: ${{ inputs.error-after-comment }} + + - name: Fail or pass the workflow based on the input shell: bash - run: exit 1 + run: | + if [[ "${{ inputs.error_after_comment }}" == "true" ]]; then + echo "Exiting the workflow as per the input" + exit 1 + else + echo "Continuing the workflow as per the input" + fi ... \ No newline at end of file diff --git a/actions/python/docs/autogenerated-docs-check/action.yaml b/actions/python/docs/autogenerated-docs-check/action.yaml index d13483c..3effc79 100644 --- a/actions/python/docs/autogenerated-docs-check/action.yaml +++ b/actions/python/docs/autogenerated-docs-check/action.yaml @@ -8,15 +8,15 @@ inputs: description: The operating system to use required: false python_version: - default: "3.12" + default: '3.12' description: The version of Python to use required: false poetry_install_options: - default: "--with=docs --with=types --no-root" + default: '--with=docs --with=types --no-root' description: Options to pass to poetry install required: false poetry_export_options: - default: "--with=docs --with=types" + default: '--with=docs --with=types' description: Options to pass to poetry export for cache invalidation required: false file_path: @@ -26,7 +26,7 @@ inputs: auto_doc_dir: description: Directory path that stores all the auto generated docs for the packages - default: "/docs/source/pages" + default: '/docs/source/pages' required: false runs: @@ -52,12 +52,12 @@ runs: ci_name: docs step_name: setup commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Check your `pyproject.toml` and the dependency groups in them, especially `docs` and `types` group. - +
Env used for CI OS: ${{ inputs.os }} @@ -85,7 +85,7 @@ runs: ci_name: docs step_name: get-file-path commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Couldn't retrieve project name from `pyproject.toml` and @@ -121,7 +121,7 @@ runs: ci_name: docs step_name: compare-docs commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | API documentation is out of date. Run @@ -135,4 +135,3 @@ runs: Default makefile from cookiecutter template has a command `make docs` to run the sphinx-apidoc.
-... diff --git a/actions/python/setup/poetry/action.yaml b/actions/python/setup/poetry/action.yaml index c8243f6..6cd5a30 100644 --- a/actions/python/setup/poetry/action.yaml +++ b/actions/python/setup/poetry/action.yaml @@ -1,6 +1,6 @@ --- name: Setup Python and Poetry Action -description: Configure system, Python, Poetry and deps and cache management. +description: Configure env, Python, Poetry, deps and cache management. inputs: os: @@ -9,15 +9,23 @@ inputs: python_version: default: "3.12" description: The version of Python to use + dependencies: + default: "" + description: > + A comma-separated list of dependencies to install via Poetry. + Example: "flask,black,flake8". If this option is provided, all other + Poetry options related to project dependencies will be ignored. + # Below are the options for installing and caching dependencies via poetry poetry_version: - default: "1.8.2" + default: "1.8.4" description: The version of Poetry to install poetry_install_options: default: "" description: Additional options to pass to poetry install poetry_export_options: default: "" - description: Options to pass to poetry export for hash generation for cache + description: > + Options to pass to poetry export for hash generation for cache invalidation runs: @@ -44,23 +52,25 @@ runs: echo "${PIPX_CACHE}${SEP}bin" >> $GITHUB_PATH shell: bash - - name: Pipx cache - id: pipx-cache + - name: Pipx poetry cache, check if poetry is cached + id: pipx-poetry-cache uses: actions/cache@v4 with: path: ${{ steps.pipx-env-setup.outputs.pipx-cache-path }} - key: ${{ runner.os }}-python- - ${{ steps.setup-python.outputs.python_version }}- - pipx-${{ steps.pipx-env-setup.outputs.pipx-version }}- - poetry-${{ inputs.poetry_version }} + key: > + ${{ runner.os }}- + py${{ inputs.python_version }}- + px${{ steps.pipx-env-setup.outputs.pipx-version }}- + pt${{ inputs.poetry_version }} - - name: Install poetry - if: steps.pipx-cache.outputs.cache-hit != 'true' + - name: Install poetry, if poetry is not cached + if: ${{ steps.pipx-poetry-cache.outputs.cache-hit != 'true' }} id: install-poetry shell: bash run: | pipx install poetry \ --python "${{ steps.setup-python.outputs.python-path }}" + pipx run poetry self add poetry-plugin-export@latest - name: Read poetry cache location id: poetry-cache-location @@ -69,24 +79,73 @@ runs: echo "poetry-venv-location=$(poetry config virtualenvs.path)" \ >> $GITHUB_OUTPUT - - name: Generate hash only for required deps + # Generate DEP_HASH based on dependencies or poetry export options + - name: Generate DEP_HASH run: | - poetry export ${{ inputs.poetry_export_options }} \ - --format=requirements.txt --output=requirements.txt - echo "DEP_HASH=$(sha256sum requirements.txt | cut -d ' ' -f 1)" \ - >> $GITHUB_ENV + if [ -n "${{ inputs.dependencies }}" ]; then + # Generate hash from dependencies list + echo "DEP_HASH=$( + echo '${{ inputs.dependencies }}' | + tr ',' '\n' | + sort | + sha256sum | + cut -d ' ' -f1 + )" >> $GITHUB_ENV + else + # Use poetry export options if provided + if [ -n "${{ inputs.poetry_export_options }}" ]; then + poetry export ${{ inputs.poetry_export_options }} \ + --format=requirements.txt \ + --output=requirements.txt + else + # Export all groups if no options provided + poetry export \ + --format=requirements.txt \ + --output=requirements.txt + fi + echo "DEP_HASH=$( + sha256sum requirements.txt | + cut -d ' ' -f 1 + )" >> $GITHUB_ENV + fi + shell: bash + + - name: Poetry dependency cache + uses: actions/cache@v4 + id: poetry-dep-cache + if: ${{ inputs.dependencies != '' }} + with: + path: ${{ steps.poetry-cache-location.outputs.poetry-venv-location }} + key: > + ${{ runner.os }}- + py${{ inputs.python_version }}- + hash${{ env.DEP_HASH }} + + - name: Install dependencies + if: ${{ inputs.dependencies != '' && steps.poetry-dep-cache.outputs.cache-hit != 'true' }} shell: bash + run: | + # Initialize poetry if no pyproject.toml file is found + if [ ! -f pyproject.toml ]; then + poetry init --no-interaction + fi + # Install dependencies + poetry add $(echo ${{ inputs.dependencies }} | tr "," " ") --no-interaction - name: Poetry cache + id: poetry-cache uses: actions/cache@v4 + if: ${{ inputs.dependencies == '' }} with: path: ${{ steps.poetry-cache-location.outputs.poetry-venv-location }} - key: ${{ runner.os }}-[python- - ${{ steps.setup-python.outputs.python_version }}]-[ - ${{ env.DEP_HASH }}]-[${{ inputs.poetry_install_options }}] + key: > + ${{ runner.os }}- + py${{ inputs.python_version }}- + hash${{ env.DEP_HASH }}- + options${{ inputs.poetry_install_options }} - name: Poetry install - if: steps.poetry-cache.outputs.cache-hit != 'true' + if: ${{ inputs.dependencies == '' && steps.poetry-cache.outputs.cache-hit != 'true' }} shell: bash run: poetry install ${{ inputs.poetry_install_options }} --no-interaction ... diff --git a/actions/python/vulnerability/code-vulnerability/action.yaml b/actions/python/vulnerability/code-vulnerability/action.yaml index 37882a3..731b04f 100644 --- a/actions/python/vulnerability/code-vulnerability/action.yaml +++ b/actions/python/vulnerability/code-vulnerability/action.yaml @@ -9,20 +9,20 @@ inputs: description: The operating system to use required: false python_version: - default: "3.12" + default: '3.12' description: The version of Python to use required: false poetry_install_options: - default: "--only=vulnerability --no-root" + default: '--only=vulnerability --no-root' description: Options for installing dependencies via poetry required: false poetry_export_options: - default: "--only=vulnerability" + default: '--only=vulnerability' description: Options for exporting dependencies for cache invalidation required: false config_path: description: The path to the Bandit configuration file - default: "pyproject.toml" + default: 'pyproject.toml' required: false file_path: description: The path to the file or directory to check for vulnerabilities @@ -51,11 +51,11 @@ runs: ci_name: bandit step_name: setup commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Make sure bandit is in `vulnerability` group in `pyproject.toml`. - +
Env used for CI OS: ${{ inputs.os }} @@ -79,7 +79,7 @@ runs: ci_name: bandit step_name: check commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Check your code for vulnerabilities using Bandit. @@ -99,4 +99,3 @@ runs: ] ```
-... diff --git a/actions/python/vulnerability/dependency-vulnerability/action.yaml b/actions/python/vulnerability/dependency-vulnerability/action.yaml index 119ab93..4f45d43 100644 --- a/actions/python/vulnerability/dependency-vulnerability/action.yaml +++ b/actions/python/vulnerability/dependency-vulnerability/action.yaml @@ -8,15 +8,15 @@ inputs: description: The operating system to use required: false python_version: - default: "3.12" + default: '3.12' description: The version of Python to use required: false poetry_install_options: - default: "--only=vulnerability --no-root" + default: '--only=vulnerability --no-root' description: Options for installing dependencies via poetry required: false poetry_export_options: - default: "--only=vulnerability" + default: '--only=vulnerability' description: Options for exporting dependencies for cache invalidation required: false @@ -43,11 +43,11 @@ runs: ci_name: safety step_name: setup commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Make sure bandit is in `vulnerability` group in `pyproject.toml`. - +
Env used for CI OS: ${{ inputs.os }} @@ -69,7 +69,7 @@ runs: ci_name: safety step_name: check commit_id: ${{ github.sha }} - issue-number: ${{ github.event.number }} + issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | Check your code for vulnerabilities using safety cli. @@ -89,4 +89,3 @@ runs: expires: 'DATE' ```
-... From 3acfc37df61d01f44d74db5cd7470ce84488a4aa Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Tue, 15 Oct 2024 03:28:49 +0530 Subject: [PATCH 11/13] extend comments --- .../python/code-quality/format/action.yaml | 78 ++++++-- actions/python/code-quality/lint/action.yaml | 79 ++++++-- .../code-quality/type-check/action.yaml | 186 ++++++++++++++---- .../code-test/integration-test/action.yaml | 118 +++++++++-- .../python/code-test/unit-test/action.yaml | 166 ++++++++++++++-- actions/python/comment/action.yaml | 9 - .../docs/autogenerated-docs-check/action.yaml | 87 ++++++-- .../code-vulnerability/action.yaml | 121 ++++++++++-- .../dependency-vulnerability/action.yaml | 115 +++++++++-- 9 files changed, 800 insertions(+), 159 deletions(-) diff --git a/actions/python/code-quality/format/action.yaml b/actions/python/code-quality/format/action.yaml index f2ec2ff..cce3d26 100644 --- a/actions/python/code-quality/format/action.yaml +++ b/actions/python/code-quality/format/action.yaml @@ -48,17 +48,29 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Check your `pyproject.toml` and the dependency groups in them, - especially the `code_quality` group. + **๐Ÿšจ CI Failure: Setup Step** + Hi @${{ inputs.username }}, + + The **`format`** CI has encountered a failure during the + **`setup`** step. + + **Action Required:** + Please review your `pyproject.toml` file to ensure that the dependency groups, + especially the `code_quality` group, are correctly defined. + + **Environment Details:**
- Env used for CI - OS: ${{ inputs.os }} - Python Version: ${{ inputs.python_version }} - Poetry Install Options: ${{ inputs.poetry_install_options }} - Poetry Export Options: ${{ inputs.poetry_export_options }} + Enviroment + - **Operating System:** ${{ inputs.os }} + - **Python Version:** ${{ inputs.python_version }} + - **Poetry Install Options:** `${{ inputs.poetry_install_options }}` + - **Poetry Export Options:** `${{ inputs.poetry_export_options }}`
+ If you need assistance, please refer to the [Poetry documentation](https://python-poetry.org/docs/), + or reach out to the maintainers. + - name: Check code style id: format shell: bash @@ -75,14 +87,50 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - With the environment set up and dependencies installed, - run `poetry run ruff format` to check and fix some code style issues. + **๐Ÿ Linting Issues Detected: Ruff Analysis** + + Hi @${{ inputs.username }}, + + The **Ruff** linter has identified code style issues in the PR. + + --- + + ### **๐Ÿ“Œ Action Required** + + 1. **Run Ruff Locally:** + + Execute the following command to check and automatically fix + linting issues: + + ```bash + poetry run ruff format ${{ inputs.file_path }} + ``` + --- + + ### **โ„น๏ธ Additional Information** +
- Use Makefile command - Default makefile from cookiecutter template has a command - `make fl` to run the check. - - Run make in the root directory of the project, to see all the - available commands. + Using the Makefile Command + + For convenience, you can use the predefined Makefile command + to run Ruff: + + ```bash + make fl + ``` + + **Note:** + - Ensure you are in the root directory of your project before + running this command. + - The default Makefile from the Cookiecutter template includes + the `make fl` command. You can view all available Makefile commands + by running `make` without any arguments. +
+ + --- + + ### **๐Ÿ”— Useful Resources** + + - [Ruff Documentation](https://docs.astral.sh/ruff/) \ No newline at end of file diff --git a/actions/python/code-quality/lint/action.yaml b/actions/python/code-quality/lint/action.yaml index 16a20f2..168b1d5 100644 --- a/actions/python/code-quality/lint/action.yaml +++ b/actions/python/code-quality/lint/action.yaml @@ -46,16 +46,29 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Check your `pyproject.toml` and the dependency groups in them. + **๐Ÿšจ CI Failure: Setup Step** + Hi @${{ inputs.username }}, + + The **`lint`** CI has encountered a failure during the + **`setup`** step. + + **Action Required:** + Please review your `pyproject.toml` file to ensure that the dependency groups, + especially the `code_quality` group, are correctly defined. + + **Environment Details:**
- Env used for CI - OS: ${{ inputs.os }} - Python Version: ${{ inputs.python_version }} - Poetry Install Options: ${{ inputs.poetry_install_options }} - Poetry Export Options: ${{ inputs.poetry_export_options }} + Enviroment + - **Operating System:** ${{ inputs.os }} + - **Python Version:** ${{ inputs.python_version }} + - **Poetry Install Options:** `${{ inputs.poetry_install_options }}` + - **Poetry Export Options:** `${{ inputs.poetry_export_options }}`
+ If you need assistance, please refer to the [Poetry documentation](https://python-poetry.org/docs/), + or reach out to the maintainers. + - name: Check code quality shell: bash id: lint @@ -71,15 +84,49 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - With the environment set up and dependencies installed, - run `poetry run ruff check --fix` to check and fix some lint - issues. - + **๐Ÿ Linting Issues Detected: Ruff Analysis** + + Hi @${{ inputs.username }}, + + The **Ruff** linter has identified issues in your codebase. + + --- + + ### **๐Ÿ“Œ Action Required** + + 1. **Run Ruff Locally:** + + Execute the following command to check and automatically fix + linting issues: + + ```bash + poetry run ruff check --fix ${{ inputs.file_path }} + + --- + + ### **โ„น๏ธ Additional Information** +
- Use Makefile command - Default makefile from cookiecutter template has a command - `make fl` to run the check. - - Run make in the root directory of the project, to see all the - available commands. + Using the Makefile Command + + For convenience, you can use the predefined Makefile command to run Ruff: + + ```bash + make fl + ``` + + **Note:** + - Ensure you are in the root directory of your project before running + this command. + - The default Makefile from the Cookiecutter template includes the + `make fl` command. You can view all available Makefile commands by + running `make` without any arguments. +
+ + --- + + ### **๐Ÿ”— Useful Resources** + + - [Ruff Documentation](https://docs.astral.sh/ruff/) + diff --git a/actions/python/code-quality/type-check/action.yaml b/actions/python/code-quality/type-check/action.yaml index a6c2538..e9d1ddd 100644 --- a/actions/python/code-quality/type-check/action.yaml +++ b/actions/python/code-quality/type-check/action.yaml @@ -52,17 +52,29 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Check your `pyproject.toml` and the dependency groups in them, - especially `code_quality` and `types` group. + **๐Ÿšจ CI Failure: Setup Step** + Hi @${{ inputs.username }}, + + The **`type check`** CI has encountered a failure during the + **`setup`** step. + + **Action Required:** + Please review your `pyproject.toml` file to ensure that the dependency groups, + especially the `types` group, are correctly defined. + + **Environment Details:**
- Env used for CI - OS: ${{ inputs.os }} - Python Version: ${{ inputs.python_version }} - Poetry Install Options: ${{ inputs.poetry_install_options }} - Poetry Export Options: ${{ inputs.poetry_export_options }} + Enviroment + - **Operating System:** ${{ inputs.os }} + - **Python Version:** ${{ inputs.python_version }} + - **Poetry Install Options:** `${{ inputs.poetry_install_options }}` + - **Poetry Export Options:** `${{ inputs.poetry_export_options }}`
+ If you need assistance, please refer to the [Poetry documentation](https://python-poetry.org/docs/), + or reach out to the maintainers. + - name: Check types id: type-check continue-on-error: true @@ -79,35 +91,139 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - With the environment set up and dependencies installed, - run `run mypy ${{ inputs.file_path }}` to see mypy errors. - -
- Missing stubs or types - If you see errors related to missing stubs or types, - try running `poetry add types- --group=types` or - `poetry add -stub --group=types` to add type stubs. - - If that fails, either the package does not have types/stubs - or they have different name. - - In that case you can seach for them and add them to types group. -
- + **โš ๏ธ Type Checking Failed: Mypy Analysis** + + Hi @${{ inputs.username }}, + + The **mypy** static type checker has identified type-related issues + in your codebase. + + --- + + ### **๐Ÿ“Œ Action Required** + + 1. **Run Mypy Locally:** + + Execute the following command to run **mypy** and view detailed + error reports: + + ```bash + poetry run mypy ${{ inputs.file_path }} + ``` + + 2. **Address Identified Issues:** + + - **Missing Stubs or Types:** Resolve any missing type annotations + or stubs as indicated by the error messages. + - **Type Inconsistencies:** Correct any type mismatches or + inconsistencies highlighted by **mypy**. + + --- + + ### **โ„น๏ธ Additional Information** +
- Ignore error - Add the module name in pyproject.toml under [tools.mypy.overrides] - section inside modules list. - + Handling Missing Stubs or Types + + If you encounter errors related to missing stubs or types, follow + these steps: + + 1. **Add Type Stubs:** + + Install type stubs for the affected packages using Poetry: + + ```bash + poetry add types- --group=types + ``` + + *Example:* + + ```bash + poetry add types-requests --group=types + ``` + + Alternatively, you can install stub packages if available: + + ```bash + poetry add -stub --group=types + ``` + + *Example:* + + ```bash + poetry add requests-stubs --group=types + ``` + + 2. **Manual Stub Creation:** + + If the package does not provide official stubs or if they are named + differently, you may need to create custom stubs or search for + third-party stubs. + + - **Search for Stubs:** Look for community-maintained stubs on + repositories like [Typeshed](https://github.com/python/typeshed) + or [Stub Packages](https://pypi.org/search/?q=stub). + + 3. **Update `pyproject.toml`:** + + Ensure your `pyproject.toml` includes the `types` group for + type stubs: + ```toml - [[tool.mypy.overrides]] - ignore_missing_imports = true - module = [ - "connexion.*", - ] + [tool.poetry.group.types.dependencies] + types- = "^" ``` - - Try to as granular as possible to avoid ignoring all errors. If - you are using `x.y.z` import, add `x.y.z.*` to the list instead - of `x.*`. + + *Example:* + + ```toml + [tool.poetry.group.types.dependencies] + types-requests = "^2.25.11" + ``` + +
+ +
+ Ignoring Specific Errors + + If certain type errors are not relevant or are false positives, you + can configure **mypy** to ignore them. Add the module names under the + `[tool.mypy.overrides]` section in your `pyproject.toml`: + + ```toml + [[tool.mypy.overrides]] + ignore_missing_imports = true + module = [ + "connexion.*", + ] + ``` + + - **Granular Ignoring:** To avoid ignoring all errors, specify the + modules as granularly as possible. For instance, if you are using `x.y.z` + imports, add `x.y.z.*` instead of `x.*`. + + *Example:* + + ```toml + [[tool.mypy.overrides]] + ignore_missing_imports = true + module = [ + "connexion.api.*", + "connexion.server.*", + ] + ``` + + **Best Practices:** + + - **Minimize Ignores:** Only ignore errors that you have verified as non-issues to maintain type safety. + - **Document Reasons:** Clearly comment on why each error is being ignored to aid future maintenance. +
+ + --- + + ### **๐Ÿ”— Useful Resources** + + - [Mypy Documentation](https://mypy.readthedocs.io/en/stable/) + - [Typeshed Repository](https://github.com/python/typeshed) + - [Best Practices for Type Checking](https://mypy.readthedocs.io/en/stable/cheat_sheet_py3.html) diff --git a/actions/python/code-test/integration-test/action.yaml b/actions/python/code-test/integration-test/action.yaml index 27d48b1..8d9786a 100644 --- a/actions/python/code-test/integration-test/action.yaml +++ b/actions/python/code-test/integration-test/action.yaml @@ -53,17 +53,29 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Test depend on the main package dependecies and `test` - group in `pyproject.toml`. + **๐Ÿšจ CI Failure: Setup Step** + Hi @${{ inputs.username }}, + + The **`integration test`** CI has encountered a failure during the + **`setup`** step. + + **Action Required:** + Please review your `pyproject.toml` file to ensure that the dependency groups, + especially the `test` and `main` groups, are correctly defined. + + **Environment Details:**
- Env used for CI - OS: ${{ inputs.os }} - Python Version: ${{ inputs.python_version }} - Poetry Install Options: ${{ inputs.poetry_install_options }} - Poetry Export Options: ${{ inputs.poetry_export_options }} + Enviroment + - **Operating System:** ${{ inputs.os }} + - **Python Version:** ${{ inputs.python_version }} + - **Poetry Install Options:** `${{ inputs.poetry_install_options }}` + - **Poetry Export Options:** `${{ inputs.poetry_export_options }}`
+ If you need assistance, please refer to the [Poetry documentation](https://python-poetry.org/docs/), + or reach out to the maintainers. + - name: Run integration tests and generate coverage report id: test continue-on-error: true @@ -84,10 +96,49 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Check your integration tests in ${{ inputs.file_path }}, - and the dependencies in `pyproject.toml`. + **๐Ÿงช Unit Tests and Dependency Check Failed** + + Hi @${{ inputs.username }}, + + The **integration tests** in have encountered failures. + + --- + + ### **๐Ÿ“Œ Action Required** + + Please address the following to resolve the issues: + + 1. **Review integration Tests:** + + - **File Path:** `${{ inputs.file_path }}` + - Examine the failing integration tests to identify the root + cause of the failures. + + 2. **Check Dependencies:** + + - Open your `pyproject.toml` file. + - Ensure that all dependencies are correctly specified and + there are no version conflicts or missing packages. + + 3. **Run Tests Locally:** + + Execute the following command to run the unit tests and view + detailed error reports: + + ```bash + poetry run pytest --cov=${{ inputs.file_path }} + ``` - Run `poetry run pytest --cov=${{ inputs.file_path }}` to see the errors. + --- + + ### **โ„น๏ธ Additional Information** + + --- + + ### **๐Ÿ”— Useful Resources** + + - [Pytest Documentation](https://docs.pytest.org/en/latest/) + - [Best Practices for Writing Tests](https://docs.pytest.org/en/latest/goodpractices.html) - name: Upload coverage to Codecov uses: codecov/codecov-action@v4 @@ -109,5 +160,48 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Codecov token is missing. Please ask admin to add the token to the - secrets. The coverage report was generated but not uploaded. + **๐Ÿšจ Codecov Token Missing** + + Hi @${{ inputs.username }}, + + The **Codecov** token is missing from your repository's secrets. As + a result, the coverage report was successfully generated but **was not + uploaded** to Codecov. + + --- + + ### **๐Ÿ“Œ Action Required** + + To ensure that coverage reports are uploaded correctly in future runs, + please follow these steps: + + 1. **Obtain the Codecov Token:** + + - If you do not have the Codecov token, you can retrieve it from + [Codecov account](https://codecov.io/). + - Navigate to repository settings within Codecov to find the token. + + 2. **Add the Token to GitHub Secrets:** + + - Go to your GitHub repository. + - Click on **Settings** > **Secrets and variables** > **Actions**. + - Click on **New repository secret**. + - Enter the following details: + - **Name:** `CODECOV_TOKEN` + - **Value:** *Your Codecov token* + - Click **Add secret** to save. + + 3. **Verify the Setup:** + + - After adding the secret, trigger the workflow again to ensure + that the coverage report is uploaded successfully. + - Check the GitHub Actions logs and Codecov dashboard for + confirmation. + + --- + + ### **๐Ÿ”— Useful Resources** + + - [Codecov Documentation](https://docs.codecov.io/docs) + - [GitHub Actions Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) + - [Managing Secrets in GitHub](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) \ No newline at end of file diff --git a/actions/python/code-test/unit-test/action.yaml b/actions/python/code-test/unit-test/action.yaml index 3050d7a..dde491e 100644 --- a/actions/python/code-test/unit-test/action.yaml +++ b/actions/python/code-test/unit-test/action.yaml @@ -52,17 +52,29 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Test depend on the main package dependecies and `test` - group in `pyproject.toml`. + **๐Ÿšจ CI Failure: Setup Step** + Hi @${{ inputs.username }}, + + The **`unit test`** CI has encountered a failure during the + **`setup`** step. + + **Action Required:** + Please review your `pyproject.toml` file to ensure that the dependency groups, + especially the `test` and main groups, are correctly defined. + + **Environment Details:**
- Env used for CI - OS: ${{ inputs.os }} - Python Version: ${{ inputs.python_version }} - Poetry Install Options: ${{ inputs.poetry_install_options }} - Poetry Export Options: ${{ inputs.poetry_export_options }} + Enviroment + - **Operating System:** ${{ inputs.os }} + - **Python Version:** ${{ inputs.python_version }} + - **Poetry Install Options:** `${{ inputs.poetry_install_options }}` + - **Poetry Export Options:** `${{ inputs.poetry_export_options }}`
+ If you need assistance, please refer to the [Poetry documentation](https://python-poetry.org/docs/), + or reach out to the maintainers. + - name: Run unit tests and generate coverage report id: unit-test shell: bash @@ -82,10 +94,93 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Check your unit tests in ${{ inputs.file_path }}, - and the dependencies in `pyproject.toml`. - - Run `poetry run pytest --cov=${{ inputs.file_path }}` to see the errors. + **๐Ÿงช Unit Tests and Dependency Check Failed** + + Hi @${{ inputs.username }}, + + The **unit tests** in your project have encountered failures, and + there might be issues with your dependencies as defined in + `pyproject.toml`. + + --- + + ### **๐Ÿ“Œ Action Required** + + Please address the following to resolve the issues: + + 1. **Review Unit Tests:** + + - **File Path:** `${{ inputs.file_path }}` + - Examine the failing unit tests to identify the root cause of + the failures. + + 2. **Check Dependencies:** + + - Open your `pyproject.toml` file. + - Ensure that all dependencies are correctly specified and + there are no version conflicts or missing packages. + + 3. **Run Unit Tests Locally:** + + Execute the following command to run the unit tests and view + detailed error reports: + + ```bash + poetry run pytest --cov=${{ inputs.file_path }} + ``` + + - **`--cov=${{ inputs.file_path }}`**: Generates a coverage + report for the specified file path. + - **Benefits:** + - Identifies untested parts of your code. + - Helps in understanding which tests are failing and why. + + 4. **Fix Identified Issues:** + + - Address the errors reported by the unit tests. + - Update or modify your code and dependencies as necessary to pass + all tests. + + --- + + ### **โ„น๏ธ Additional Information** + +
+ Running Tests with Coverage + + **Coverage Reports:** + + - **Purpose:** Coverage reports help you understand how much of your + codebase is exercised by your tests. + - **Benefits:** + - Ensures critical parts of your application are tested. + - Identifies untested code that might be prone to bugs. + + **Interpreting Test Results:** + + - **Failed Tests:** Review the stack traces and error messages to + identify and fix issues. + - **Coverage Metrics:** Aim for a high coverage percentage to + maintain code quality, but prioritize meaningful tests over sheer + coverage numbers. + + **Best Practices:** + + - **Write Descriptive Test Cases:** Ensure that each test clearly + describes what it's verifying. + - **Isolate Tests:** Each test should run independently to prevent + cascading failures. + - **Regularly Run Tests Locally:** Integrate test runs into your + local development workflow to catch issues early. + +
+ + --- + + ### **๐Ÿ”— Useful Resources** + + - [Pytest Documentation](https://docs.pytest.org/en/latest/) + - [Best Practices for Writing Tests](https://docs.pytest.org/en/latest/goodpractices.html) - name: Upload coverage to Codecov id: upload @@ -98,7 +193,7 @@ runs: verbose: true - name: Comment on PR - if: ${{ inputs.codecov_token }} == null || ${{ inputs.codecov_token }} == '' + if: ${{ inputs.codecov_token == null || inputs.codecov_token == '' }} uses: elixir-cloud-aai/actions/github/comment@main with: ci_name: unit-test @@ -107,5 +202,48 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Codecov token is missing. Please ask admin to add the token to the - secrets. The coverage report was generated but not uploaded. + **๐Ÿšจ Codecov Token Missing** + + Hi @${{ inputs.username }}, + + The **Codecov** token is missing from your repository's secrets. As + a result, the coverage report was successfully generated but **was not + uploaded** to Codecov. + + --- + + ### **๐Ÿ“Œ Action Required** + + To ensure that coverage reports are uploaded correctly in future runs, + please follow these steps: + + 1. **Obtain the Codecov Token:** + + - If you do not have the Codecov token, you can retrieve it from + [Codecov account](https://codecov.io/). + - Navigate to repository settings within Codecov to find the token. + + 2. **Add the Token to GitHub Secrets:** + + - Go to your GitHub repository. + - Click on **Settings** > **Secrets and variables** > **Actions**. + - Click on **New repository secret**. + - Enter the following details: + - **Name:** `CODECOV_TOKEN` + - **Value:** *Your Codecov token* + - Click **Add secret** to save. + + 3. **Verify the Setup:** + + - After adding the secret, trigger the workflow again to ensure + that the coverage report is uploaded successfully. + - Check the GitHub Actions logs and Codecov dashboard for + confirmation. + + --- + + ### **๐Ÿ”— Useful Resources** + + - [Codecov Documentation](https://docs.codecov.io/docs) + - [GitHub Actions Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) + - [Managing Secrets in GitHub](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) \ No newline at end of file diff --git a/actions/python/comment/action.yaml b/actions/python/comment/action.yaml index 2158a63..ae4357d 100644 --- a/actions/python/comment/action.yaml +++ b/actions/python/comment/action.yaml @@ -59,15 +59,6 @@ runs: ${{ steps.globals.outputs.TITLE }} ${{ inputs.message }} - - name: Update the comment, to remind user - if: steps.find-comment.outputs.comment-id != '' - uses: peter-evans/create-or-update-comment@v4 - with: - comment-id: ${{ steps.find-comment.outputs.comment-id }} - issue_number: ${{ inputs.issue_number }} - body: | - Hey @${{ inputs.username }}, it failed again for commit ${{ inputs.commit_id }}! - - name: Fail or pass the workflow based on the input shell: bash run: | diff --git a/actions/python/docs/autogenerated-docs-check/action.yaml b/actions/python/docs/autogenerated-docs-check/action.yaml index 3effc79..a3d2f21 100644 --- a/actions/python/docs/autogenerated-docs-check/action.yaml +++ b/actions/python/docs/autogenerated-docs-check/action.yaml @@ -55,17 +55,29 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Check your `pyproject.toml` and the dependency groups in them, - especially `docs` and `types` group. + **๐Ÿšจ CI Failure: Setup Step** + Hi @${{ inputs.username }}, + + The **`docs check`** CI has encountered a failure during the + **`setup`** step. + + **Action Required:** + Please review your `pyproject.toml` file to ensure that the dependency groups, + especially the `docs`, `main` and `types` group, are correctly defined. + + **Environment Details:**
- Env used for CI - OS: ${{ inputs.os }} - Python Version: ${{ inputs.python_version }} - Poetry Install Options: ${{ inputs.poetry_install_options }} - Poetry Export Options: ${{ inputs.poetry_export_options }} + Enviroment + - **Operating System:** ${{ inputs.os }} + - **Python Version:** ${{ inputs.python_version }} + - **Poetry Install Options:** `${{ inputs.poetry_install_options }}` + - **Poetry Export Options:** `${{ inputs.poetry_export_options }}`
+ If you need assistance, please refer to the [Poetry documentation](https://python-poetry.org/docs/), + or reach out to the maintainers. + - name: Get the file_path if user doesn't provide it id: get-file-path shell: bash @@ -124,14 +136,57 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - API documentation is out of date. Run - `poetry run sphinx-apidoc ${{ env.file_path }}` to update the docs. - - Note: You can also delete the auto generated docs and regenerate - them if there has been a major change in the codebase. - + **๐Ÿ”ง API Documentation Outdated** + + Hi @${{ inputs.username }}, + + The **API documentation** in the PR is outdated and needs to be + refreshed to reflect recent changes in the codebase. + + --- + + ### **๐Ÿ“Œ Action Required** + + Please update the API documentation by following these steps: + + 1. **Run Sphinx-Apidoc:** + + Execute the following command to regenerate the API documentation: + + ```bash + poetry run sphinx-apidoc ${{ env.file_path }} + ``` + + 2. **Verify Documentation:** + + After running the command, review the generated documentation to + ensure it accurately represents the current state of your codebase. + + --- + + ### **โ„น๏ธ Additional Information** +
- Use Makefile command - Default makefile from cookiecutter template has a command - `make docs` to run the sphinx-apidoc. + Using the Makefile Command + + For convenience, you can use the predefined Makefile command to + update the documentation: + + ```bash + make docs + ``` + + This command utilizes the `sphinx-apidoc` tool to regenerate the API + documentation based on your project's configuration. + + **Note:** The default Makefile from the Cookiecutter template + includes the `make docs` command. Ensure you are in the root + directory of your project before running this command. +
+ + --- + + ### **๐Ÿ”— Useful Resources** + + - [Sphinx-Apidoc Documentation](https://www.sphinx-doc.org/en/master/man/sphinx-apidoc.html) \ No newline at end of file diff --git a/actions/python/vulnerability/code-vulnerability/action.yaml b/actions/python/vulnerability/code-vulnerability/action.yaml index 731b04f..9436b4d 100644 --- a/actions/python/vulnerability/code-vulnerability/action.yaml +++ b/actions/python/vulnerability/code-vulnerability/action.yaml @@ -54,16 +54,29 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Make sure bandit is in `vulnerability` group in `pyproject.toml`. + **๐Ÿšจ CI Failure: Setup Step** + Hi @${{ inputs.username }}, + + The **`bandit`** CI has encountered a failure during the + **`setup`** step. + + **Action Required:** + Please review your `pyproject.toml` file to ensure that the dependency groups, + especially the `vulnerability` group, are correctly defined. + + **Environment Details:**
- Env used for CI - OS: ${{ inputs.os }} - Python Version: ${{ inputs.python_version }} - Poetry Install Options: ${{ inputs.poetry_install_options }} - Poetry Export Options: ${{ inputs.poetry_export_options }} + Enviroment + - **Operating System:** ${{ inputs.os }} + - **Python Version:** ${{ inputs.python_version }} + - **Poetry Install Options:** `${{ inputs.poetry_install_options }}` + - **Poetry Export Options:** `${{ inputs.poetry_export_options }}`
+ If you need assistance, please refer to the [Poetry documentation](https://python-poetry.org/docs/), + or reach out to the maintainers. + - name: Check code vulnerabilities with Bandit id: check continue-on-error: true @@ -82,20 +95,86 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Check your code for vulnerabilities using Bandit. - - Run `poetry run bandit -c ${{ inputs.config_path }} -r ${{ inputs.file_path }}` - to check for errors. - -
- Ignore errors - If you are sure that the error is a false positive, you can add the - error code to the `skips` list in `pyproject.toml`. - - ```toml - [tool.bandit] - skips = [ - "B108" # Insecure usage of temp file/directory, false positive. - ] + **๐Ÿ” Code Vulnerability Check Failed: Bandit Analysis** + + Hi @${{ inputs.username }}, + + The **`Bandit`** static analysis tool has identified potential + security vulnerabilities in your codebase during the **`bandit`** + analysis step. + + --- + + ### **๐Ÿ“Œ Action Required** + + Please review and address the identified vulnerabilities by following + these steps: + + 1. **Run Bandit Analysis:** + + Execute the following command to generate a detailed report of + the vulnerabilities: + + ```bash + poetry run bandit -c ${{ inputs.config_path }} -r ${{ inputs.file_path }} ``` + + 2. **Analyze the Report:** + + - **Critical Issues:** Prioritize fixing vulnerabilities that + are marked as critical. + - **Moderate/Low Issues:** Assess the impact of these + vulnerabilities and address them accordingly. + + 3. **Update Your Code:** + + - **Fix Vulnerabilities:** Modify your code to eliminate the + identified security issues. + - **Upgrade Dependencies:** Ensure all dependencies are up-to-date + to mitigate known vulnerabilities. + + --- + + ### **๐Ÿ“Œ Ignoring False Positives** + + If you have verified that a reported vulnerability is a false + positive or is not applicable to your project, you can safely ignore + it by updating the `skips` list in your `pyproject.toml` file. + +
+ How to Ignore Specific Vulnerabilities + + Add the following configuration to your `pyproject.toml`: + + ```toml + [tool.bandit] + skips = [ + "B108" # Insecure usage of temp file/directory, false positive. + ] + ``` + + - **`"B108"`**: Replace with the specific vulnerability identifier + you wish to ignore. + - **`'Insecure usage of temp file/directory, false positive.'`**: + Provide a clear and concise reason for ignoring this vulnerability. + + **Example:** + + ```toml + [tool.bandit] + skips = [ + "B108" # Insecure usage of temp file/directory, false positive. + ] + ``` + + **Note:** Ensure that you have thoroughly reviewed the + vulnerabilities before choosing to ignore them to maintain the + security integrity of your project. +
+ + --- + + ### **๐Ÿ”— Additional Resources** + + - [Bandit Documentation](https://bandit.readthedocs.io/en/latest/) \ No newline at end of file diff --git a/actions/python/vulnerability/dependency-vulnerability/action.yaml b/actions/python/vulnerability/dependency-vulnerability/action.yaml index 4f45d43..03db32f 100644 --- a/actions/python/vulnerability/dependency-vulnerability/action.yaml +++ b/actions/python/vulnerability/dependency-vulnerability/action.yaml @@ -46,16 +46,29 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Make sure bandit is in `vulnerability` group in `pyproject.toml`. + **๐Ÿšจ CI Failure: Setup Step** + Hi @${{ inputs.username }}, + + The **`safety`** CI has encountered a failure during the + **`setup`** step. + + **Action Required:** + Please review your `pyproject.toml` file to ensure that the dependency groups, + especially the `vulnerability` group, are correctly defined. + + **Environment Details:**
- Env used for CI - OS: ${{ inputs.os }} - Python Version: ${{ inputs.python_version }} - Poetry Install Options: ${{ inputs.poetry_install_options }} - Poetry Export Options: ${{ inputs.poetry_export_options }} + Enviroment + - **Operating System:** ${{ inputs.os }} + - **Python Version:** ${{ inputs.python_version }} + - **Poetry Install Options:** `${{ inputs.poetry_install_options }}` + - **Poetry Export Options:** `${{ inputs.poetry_export_options }}`
+ If you need assistance, please refer to the [Poetry documentation](https://python-poetry.org/docs/), + or reach out to the maintainers. + - name: Check dependency vulnerabilities with Safety shell: bash id: check @@ -72,20 +85,80 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Check your code for vulnerabilities using safety cli. - - Run `poetry run safety check --full-report` to check for errors. - + **๐Ÿ” Code Vulnerability Check Failed** + + Hi @${{ inputs.username }}, + + The **`safety`** CLI has identified potential vulnerabilities in + dependencies. + + ### **Action Required:** + + Please review and address these vulnerabilities by executing the + following command: + + ```bash + poetry run safety check --full-report + ``` + + This command will generate a comprehensive report detailing any + identified issues. + + ### **Next Steps:** + + 1. **Run the Safety Check:** + + Execute the command above to obtain a full report of vulnerabilities. + + 2. **Analyze the Report:** + + - **Critical Issues:** Prioritize fixing vulnerabilities marked as + critical. + - **Moderate/Low Issues:** Assess the impact and address as + necessary. + + 3. **Update Dependencies:** + + - Upgrade affected packages to versions where vulnerabilities are + resolved. + - If no fixes are available, consider alternative packages or + consult the package maintainers. + + ### **๐Ÿ“Œ Ignoring False Positives** + + If you have verified that a reported vulnerability is a false + positive or is not applicable to your project, you can safely + ignore it by updating your `.safety-policy.yaml` file. +
- Ignore errors - If you are sure that the error is a false positive, you can add the - error code to `.safety-policy.yaml`. - - ```yaml - security: - ignore-vulnerabilities: - ERROR_CODE: - reason: 'REASON' - expires: 'DATE' - ``` + How to Ignore Specific Vulnerabilities + + Add the following configuration to `.safety-policy.yaml`: + + ```yaml + security: + ignore-vulnerabilities: + ERROR_CODE: + reason: 'REASON_FOR_IGNORING' + expires: 'YYYY-MM-DD' + ``` + + - **`ERROR_CODE`**: Replace with the specific vulnerability identifier you wish to ignore. + - **`REASON_FOR_IGNORING`**: Provide a clear and concise explanation for ignoring this vulnerability. + - **`YYYY-MM-DD`**: Set an expiration date to review the ignore rule in the future. + + **Example:** + + ```yaml + security: + ignore-vulnerabilities: + CVE-2023-1234: + reason: 'False positive detected due to specific usage context.' + expires: '2024-12-31' + ``` +
+ + ### **Additional Resources:** + + - [Safety CLI Documentation](https://pyup.io/safety/) \ No newline at end of file From fa86ba3527912c48c06d74824d9cbaeefa1192cb Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Tue, 15 Oct 2024 04:23:01 +0530 Subject: [PATCH 12/13] fix comment and yamllimt --- .yamllint | 1 + .../python/code-quality/format/action.yaml | 52 +++---- actions/python/code-quality/lint/action.yaml | 47 +++---- .../code-quality/type-check/action.yaml | 119 ++++++++-------- .../code-test/integration-test/action.yaml | 88 ++++++------ .../python/code-test/unit-test/action.yaml | 132 ++++++------------ actions/python/comment/action.yaml | 11 +- .../docs/autogenerated-docs-check/action.yaml | 66 ++++----- actions/python/setup/poetry/action.yaml | 14 +- .../code-vulnerability/action.yaml | 84 +++++------ .../dependency-vulnerability/action.yaml | 71 +++------- 11 files changed, 295 insertions(+), 390 deletions(-) diff --git a/.yamllint b/.yamllint index b082d5a..811e0dd 100644 --- a/.yamllint +++ b/.yamllint @@ -9,6 +9,7 @@ rules: # Additional rules can be configured as needed line-length: max: 120 + level: warning indentation: spaces: 2 document-start: disable diff --git a/actions/python/code-quality/format/action.yaml b/actions/python/code-quality/format/action.yaml index cce3d26..c3abe9b 100644 --- a/actions/python/code-quality/format/action.yaml +++ b/actions/python/code-quality/format/action.yaml @@ -10,17 +10,17 @@ inputs: required: false python_version: description: Python version to use - default: '3.12' + default: "3.12" required: false poetry_install_options: description: Options for installing dependencies via poetry required: false - default: '--only=code_quality --no-root' + default: "--only=code_quality --no-root" poetry_export_options: description: Options for exporting dependencies to check for hash changes for cache invalidation required: false - default: '--only=code_quality' + default: "--only=code_quality" runs: using: composite @@ -52,7 +52,7 @@ runs: Hi @${{ inputs.username }}, - The **`format`** CI has encountered a failure during the + The **`format`** CI has encountered a failure during the **`setup`** step. **Action Required:** @@ -88,49 +88,49 @@ runs: username: ${{ github.actor}} message: | **๐Ÿ Linting Issues Detected: Ruff Analysis** - + Hi @${{ inputs.username }}, - - The **Ruff** linter has identified code style issues in the PR. - + + The **Ruff** linter has identified code style issues in the PR. + --- - + ### **๐Ÿ“Œ Action Required** - + 1. **Run Ruff Locally:** - - Execute the following command to check and automatically fix + + Execute the following command to check and automatically fix linting issues: - + ```bash poetry run ruff format ${{ inputs.file_path }} ``` --- - + ### **โ„น๏ธ Additional Information** - +
Using the Makefile Command - - For convenience, you can use the predefined Makefile command + + For convenience, you can use the predefined Makefile command to run Ruff: - + ```bash make fl ``` - + **Note:** - - Ensure you are in the root directory of your project before + - Ensure you are in the root directory of your project before running this command. - - The default Makefile from the Cookiecutter template includes + - The default Makefile from the Cookiecutter template includes the `make fl` command. You can view all available Makefile commands by running `make` without any arguments. - +
- + --- - + ### **๐Ÿ”— Useful Resources** - - - [Ruff Documentation](https://docs.astral.sh/ruff/) \ No newline at end of file + + - [Ruff Documentation](https://docs.astral.sh/ruff/) diff --git a/actions/python/code-quality/lint/action.yaml b/actions/python/code-quality/lint/action.yaml index 168b1d5..e931536 100644 --- a/actions/python/code-quality/lint/action.yaml +++ b/actions/python/code-quality/lint/action.yaml @@ -9,17 +9,17 @@ inputs: required: false python_version: description: Python version to use - default: '3.12' + default: "3.12" required: false poetry_install_options: description: Options for installing dependencies via poetry required: false - default: '--only=code_quality --no-root' + default: --only=code_quality --no-root poetry_export_options: description: Options for exporting dependencies to check for hash changes for cache invalidation required: false - default: '--only=code_quality' + default: --only=code_quality runs: using: composite @@ -50,7 +50,7 @@ runs: Hi @${{ inputs.username }}, - The **`lint`** CI has encountered a failure during the + The **`lint`** CI has encountered a failure during the **`setup`** step. **Action Required:** @@ -85,48 +85,47 @@ runs: username: ${{ github.actor}} message: | **๐Ÿ Linting Issues Detected: Ruff Analysis** - + Hi @${{ inputs.username }}, - + The **Ruff** linter has identified issues in your codebase. - + --- - + ### **๐Ÿ“Œ Action Required** - + 1. **Run Ruff Locally:** - - Execute the following command to check and automatically fix + + Execute the following command to check and automatically fix linting issues: - + ```bash poetry run ruff check --fix ${{ inputs.file_path }} - + --- - + ### **โ„น๏ธ Additional Information** - +
Using the Makefile Command - + For convenience, you can use the predefined Makefile command to run Ruff: - + ```bash make fl ``` - + **Note:** - Ensure you are in the root directory of your project before running this command. - - The default Makefile from the Cookiecutter template includes the + - The default Makefile from the Cookiecutter template includes the `make fl` command. You can view all available Makefile commands by running `make` without any arguments. - +
- + --- - + ### **๐Ÿ”— Useful Resources** - + - [Ruff Documentation](https://docs.astral.sh/ruff/) - diff --git a/actions/python/code-quality/type-check/action.yaml b/actions/python/code-quality/type-check/action.yaml index e9d1ddd..dc79929 100644 --- a/actions/python/code-quality/type-check/action.yaml +++ b/actions/python/code-quality/type-check/action.yaml @@ -7,24 +7,24 @@ inputs: os: description: The operating system to use required: false - default: 'ubuntu-latest' + default: ubuntu-latest python_version: description: Python version to use - default: '3.12' + default: "3.12" required: false poetry_install_options: description: Options for installing dependencies via poetry required: false - default: '--with=code_quality --with=types --no-root' + default: --with=code_quality --with=types --no-root poetry_export_options: description: Options for exporting dependencies to check for hash changes for cache invalidation required: false - default: '--with=code_quality --with=types' + default: --with=code_quality --with=types file_path: description: The path to the file or directory to type check required: false - default: '.' + default: "." runs: using: composite @@ -56,7 +56,7 @@ runs: Hi @${{ inputs.username }}, - The **`type check`** CI has encountered a failure during the + The **`type check`** CI has encountered a failure during the **`setup`** step. **Action Required:** @@ -92,104 +92,104 @@ runs: username: ${{ github.actor}} message: | **โš ๏ธ Type Checking Failed: Mypy Analysis** - + Hi @${{ inputs.username }}, - + The **mypy** static type checker has identified type-related issues in your codebase. - + --- - + ### **๐Ÿ“Œ Action Required** - + 1. **Run Mypy Locally:** - - Execute the following command to run **mypy** and view detailed + + Execute the following command to run **mypy** and view detailed error reports: - + ```bash poetry run mypy ${{ inputs.file_path }} ``` - + 2. **Address Identified Issues:** - + - **Missing Stubs or Types:** Resolve any missing type annotations or stubs as indicated by the error messages. - - **Type Inconsistencies:** Correct any type mismatches or + - **Type Inconsistencies:** Correct any type mismatches or inconsistencies highlighted by **mypy**. - + --- - + ### **โ„น๏ธ Additional Information** - +
Handling Missing Stubs or Types - - If you encounter errors related to missing stubs or types, follow + + If you encounter errors related to missing stubs or types, follow these steps: - + 1. **Add Type Stubs:** - + Install type stubs for the affected packages using Poetry: - + ```bash poetry add types- --group=types ``` - + *Example:* - + ```bash poetry add types-requests --group=types ``` - + Alternatively, you can install stub packages if available: - + ```bash poetry add -stub --group=types ``` - + *Example:* - + ```bash poetry add requests-stubs --group=types ``` - + 2. **Manual Stub Creation:** - + If the package does not provide official stubs or if they are named - differently, you may need to create custom stubs or search for + differently, you may need to create custom stubs or search for third-party stubs. - - - **Search for Stubs:** Look for community-maintained stubs on - repositories like [Typeshed](https://github.com/python/typeshed) + + - **Search for Stubs:** Look for community-maintained stubs on + repositories like [Typeshed](https://github.com/python/typeshed) or [Stub Packages](https://pypi.org/search/?q=stub). - + 3. **Update `pyproject.toml`:** - - Ensure your `pyproject.toml` includes the `types` group for + + Ensure your `pyproject.toml` includes the `types` group for type stubs: - + ```toml [tool.poetry.group.types.dependencies] types- = "^" ``` - + *Example:* - + ```toml [tool.poetry.group.types.dependencies] types-requests = "^2.25.11" ``` - +
- +
Ignoring Specific Errors - + If certain type errors are not relevant or are false positives, you - can configure **mypy** to ignore them. Add the module names under the + can configure **mypy** to ignore them. Add the module names under the `[tool.mypy.overrides]` section in your `pyproject.toml`: - + ```toml [[tool.mypy.overrides]] ignore_missing_imports = true @@ -197,13 +197,13 @@ runs: "connexion.*", ] ``` - - - **Granular Ignoring:** To avoid ignoring all errors, specify the - modules as granularly as possible. For instance, if you are using `x.y.z` + + - **Granular Ignoring:** To avoid ignoring all errors, specify the + modules as granularly as possible. For instance, if you are using `x.y.z` imports, add `x.y.z.*` instead of `x.*`. - + *Example:* - + ```toml [[tool.mypy.overrides]] ignore_missing_imports = true @@ -212,18 +212,13 @@ runs: "connexion.server.*", ] ``` - - **Best Practices:** - - - **Minimize Ignores:** Only ignore errors that you have verified as non-issues to maintain type safety. - - **Document Reasons:** Clearly comment on why each error is being ignored to aid future maintenance. - +
- + --- - + ### **๐Ÿ”— Useful Resources** - + - [Mypy Documentation](https://mypy.readthedocs.io/en/stable/) - [Typeshed Repository](https://github.com/python/typeshed) - [Best Practices for Type Checking](https://mypy.readthedocs.io/en/stable/cheat_sheet_py3.html) diff --git a/actions/python/code-test/integration-test/action.yaml b/actions/python/code-test/integration-test/action.yaml index 8d9786a..b0a5329 100644 --- a/actions/python/code-test/integration-test/action.yaml +++ b/actions/python/code-test/integration-test/action.yaml @@ -8,15 +8,15 @@ inputs: description: The operating system to use required: false python_version: - default: '3.12' + default: "3.12" description: The version of Python to use required: false poetry_install_options: - default: '--with=test' + default: --with=test description: Options for installing dependencies via poetry required: false poetry_export_options: - default: '--with=test' + default: --with=test description: Options for exporting dependencies for cache invalidation required: false codecov_token: @@ -25,7 +25,7 @@ inputs: file_path: description: The path to the file or directory to integration test required: false - default: 'tests/test_integration' + default: tests/test_integration runs: using: composite @@ -57,7 +57,7 @@ runs: Hi @${{ inputs.username }}, - The **`integration test`** CI has encountered a failure during the + The **`integration test`** CI has encountered a failure during the **`setup`** step. **Action Required:** @@ -97,46 +97,42 @@ runs: username: ${{ github.actor}} message: | **๐Ÿงช Unit Tests and Dependency Check Failed** - + Hi @${{ inputs.username }}, - + The **integration tests** in have encountered failures. - + --- - + ### **๐Ÿ“Œ Action Required** - + Please address the following to resolve the issues: - + 1. **Review integration Tests:** - + - **File Path:** `${{ inputs.file_path }}` - - Examine the failing integration tests to identify the root + - Examine the failing integration tests to identify the root cause of the failures. - + 2. **Check Dependencies:** - + - Open your `pyproject.toml` file. - - Ensure that all dependencies are correctly specified and + - Ensure that all dependencies are correctly specified and there are no version conflicts or missing packages. - + 3. **Run Tests Locally:** - - Execute the following command to run the unit tests and view + + Execute the following command to run the unit tests and view detailed error reports: - + ```bash poetry run pytest --cov=${{ inputs.file_path }} ``` --- - - ### **โ„น๏ธ Additional Information** - - --- - + ### **๐Ÿ”— Useful Resources** - + - [Pytest Documentation](https://docs.pytest.org/en/latest/) - [Best Practices for Writing Tests](https://docs.pytest.org/en/latest/goodpractices.html) @@ -161,28 +157,28 @@ runs: username: ${{ github.actor}} message: | **๐Ÿšจ Codecov Token Missing** - + Hi @${{ inputs.username }}, - - The **Codecov** token is missing from your repository's secrets. As - a result, the coverage report was successfully generated but **was not + + The **Codecov** token is missing from your repository's secrets. As + a result, the coverage report was successfully generated but **was not uploaded** to Codecov. - + --- - + ### **๐Ÿ“Œ Action Required** - + To ensure that coverage reports are uploaded correctly in future runs, please follow these steps: - + 1. **Obtain the Codecov Token:** - - - If you do not have the Codecov token, you can retrieve it from + + - If you do not have the Codecov token, you can retrieve it from [Codecov account](https://codecov.io/). - Navigate to repository settings within Codecov to find the token. - + 2. **Add the Token to GitHub Secrets:** - + - Go to your GitHub repository. - Click on **Settings** > **Secrets and variables** > **Actions**. - Click on **New repository secret**. @@ -190,18 +186,18 @@ runs: - **Name:** `CODECOV_TOKEN` - **Value:** *Your Codecov token* - Click **Add secret** to save. - + 3. **Verify the Setup:** - - - After adding the secret, trigger the workflow again to ensure + + - After adding the secret, trigger the workflow again to ensure that the coverage report is uploaded successfully. - - Check the GitHub Actions logs and Codecov dashboard for + - Check the GitHub Actions logs and Codecov dashboard for confirmation. - + --- - + ### **๐Ÿ”— Useful Resources** - + - [Codecov Documentation](https://docs.codecov.io/docs) - [GitHub Actions Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) - - [Managing Secrets in GitHub](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) \ No newline at end of file + - [Managing Secrets in GitHub](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) diff --git a/actions/python/code-test/unit-test/action.yaml b/actions/python/code-test/unit-test/action.yaml index dde491e..4450271 100644 --- a/actions/python/code-test/unit-test/action.yaml +++ b/actions/python/code-test/unit-test/action.yaml @@ -8,15 +8,15 @@ inputs: description: The operating system to use required: false python_version: - default: '3.12' + default: "3.12" description: The version of Python to use required: false poetry_install_options: - default: '--with=test' + default: --with=test description: Options for installing dependencies via poetry required: false poetry_export_options: - default: '--with=test' + default: --with=test description: Options for exporting dependencies for cache invalidation required: false codecov_token: @@ -25,7 +25,7 @@ inputs: file_path: description: The path to the file or directory to unit test required: false - default: 'tests/test_unit' + default: tests/test_unit runs: using: composite @@ -56,7 +56,7 @@ runs: Hi @${{ inputs.username }}, - The **`unit test`** CI has encountered a failure during the + The **`unit test`** CI has encountered a failure during the **`setup`** step. **Action Required:** @@ -95,90 +95,44 @@ runs: username: ${{ github.actor}} message: | **๐Ÿงช Unit Tests and Dependency Check Failed** - + Hi @${{ inputs.username }}, - - The **unit tests** in your project have encountered failures, and - there might be issues with your dependencies as defined in + + The **unit tests** in your project have encountered failures, and + there might be issues with your dependencies as defined in `pyproject.toml`. - + --- - + ### **๐Ÿ“Œ Action Required** - + Please address the following to resolve the issues: - + 1. **Review Unit Tests:** - + - **File Path:** `${{ inputs.file_path }}` - - Examine the failing unit tests to identify the root cause of + - Examine the failing unit tests to identify the root cause of the failures. - + 2. **Check Dependencies:** - + - Open your `pyproject.toml` file. - - Ensure that all dependencies are correctly specified and + - Ensure that all dependencies are correctly specified and there are no version conflicts or missing packages. - + 3. **Run Unit Tests Locally:** - - Execute the following command to run the unit tests and view + + Execute the following command to run the unit tests and view detailed error reports: - + ```bash poetry run pytest --cov=${{ inputs.file_path }} ``` - - - **`--cov=${{ inputs.file_path }}`**: Generates a coverage - report for the specified file path. - - **Benefits:** - - Identifies untested parts of your code. - - Helps in understanding which tests are failing and why. - - 4. **Fix Identified Issues:** - - - Address the errors reported by the unit tests. - - Update or modify your code and dependencies as necessary to pass - all tests. - - --- - - ### **โ„น๏ธ Additional Information** - -
- Running Tests with Coverage - - **Coverage Reports:** - - - **Purpose:** Coverage reports help you understand how much of your - codebase is exercised by your tests. - - **Benefits:** - - Ensures critical parts of your application are tested. - - Identifies untested code that might be prone to bugs. - - **Interpreting Test Results:** - - - **Failed Tests:** Review the stack traces and error messages to - identify and fix issues. - - **Coverage Metrics:** Aim for a high coverage percentage to - maintain code quality, but prioritize meaningful tests over sheer - coverage numbers. - - **Best Practices:** - - - **Write Descriptive Test Cases:** Ensure that each test clearly - describes what it's verifying. - - **Isolate Tests:** Each test should run independently to prevent - cascading failures. - - **Regularly Run Tests Locally:** Integrate test runs into your - local development workflow to catch issues early. - -
- + --- - + ### **๐Ÿ”— Useful Resources** - + - [Pytest Documentation](https://docs.pytest.org/en/latest/) - [Best Practices for Writing Tests](https://docs.pytest.org/en/latest/goodpractices.html) @@ -203,28 +157,28 @@ runs: username: ${{ github.actor}} message: | **๐Ÿšจ Codecov Token Missing** - + Hi @${{ inputs.username }}, - - The **Codecov** token is missing from your repository's secrets. As - a result, the coverage report was successfully generated but **was not + + The **Codecov** token is missing from your repository's secrets. As + a result, the coverage report was successfully generated but **was not uploaded** to Codecov. - + --- - + ### **๐Ÿ“Œ Action Required** - + To ensure that coverage reports are uploaded correctly in future runs, please follow these steps: - + 1. **Obtain the Codecov Token:** - - - If you do not have the Codecov token, you can retrieve it from + + - If you do not have the Codecov token, you can retrieve it from [Codecov account](https://codecov.io/). - Navigate to repository settings within Codecov to find the token. - + 2. **Add the Token to GitHub Secrets:** - + - Go to your GitHub repository. - Click on **Settings** > **Secrets and variables** > **Actions**. - Click on **New repository secret**. @@ -232,18 +186,18 @@ runs: - **Name:** `CODECOV_TOKEN` - **Value:** *Your Codecov token* - Click **Add secret** to save. - + 3. **Verify the Setup:** - - - After adding the secret, trigger the workflow again to ensure + + - After adding the secret, trigger the workflow again to ensure that the coverage report is uploaded successfully. - - Check the GitHub Actions logs and Codecov dashboard for + - Check the GitHub Actions logs and Codecov dashboard for confirmation. --- ### **๐Ÿ”— Useful Resources** - + - [Codecov Documentation](https://docs.codecov.io/docs) - [GitHub Actions Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) - - [Managing Secrets in GitHub](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) \ No newline at end of file + - [Managing Secrets in GitHub](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) diff --git a/actions/python/comment/action.yaml b/actions/python/comment/action.yaml index ae4357d..1e8be11 100644 --- a/actions/python/comment/action.yaml +++ b/actions/python/comment/action.yaml @@ -2,7 +2,7 @@ name: Commenting bot to report CI failures description: | This action is used to comment on a pull request with the CI failure details. - It checks if the comment is already present and updates the comment with the + It checks if the comment is already present and updates the comment with the latest CI failure details. inputs: @@ -15,7 +15,7 @@ inputs: error_after_comment: description: Stop the workflow after commenting required: false - default: 'true' + default: "true" issue_number: description: The issue number to comment on required: true @@ -35,7 +35,8 @@ runs: - name: Create the title of the comment id: globals shell: bash - run: echo "TITLE=Hey @$INPUT_USERNAME, \`$INPUT_CI_NAME\` CI failed at \`$INPUT_STEP_NAME\` step!" >> "${GITHUB_OUTPUT}" + run: | + echo "TITLE=Hey @$INPUT_USERNAME, \`$INPUT_CI_NAME\` CI failed at \`$INPUT_STEP_NAME\` step!" >> "${GITHUB_OUTPUT}" env: INPUT_USERNAME: ${{ inputs.username }} INPUT_CI_NAME: ${{ inputs.ci_name }} @@ -46,7 +47,7 @@ runs: id: find-comment with: issue_number: ${{ inputs.issue_number }} - comment-author: 'github-actions[bot]' + comment-author: github-actions[bot] body-includes: ${{ steps.globals.outputs.TITLE }} - name: Create a new comment if there hasn't been one @@ -68,4 +69,4 @@ runs: else echo "Continuing the workflow as per the input" fi -... \ No newline at end of file +... diff --git a/actions/python/docs/autogenerated-docs-check/action.yaml b/actions/python/docs/autogenerated-docs-check/action.yaml index a3d2f21..c452003 100644 --- a/actions/python/docs/autogenerated-docs-check/action.yaml +++ b/actions/python/docs/autogenerated-docs-check/action.yaml @@ -8,15 +8,15 @@ inputs: description: The operating system to use required: false python_version: - default: '3.12' + default: "3.12" description: The version of Python to use required: false poetry_install_options: - default: '--with=docs --with=types --no-root' + default: --with=docs --with=types --no-root description: Options to pass to poetry install required: false poetry_export_options: - default: '--with=docs --with=types' + default: --with=docs --with=types description: Options to pass to poetry export for cache invalidation required: false file_path: @@ -26,7 +26,7 @@ inputs: auto_doc_dir: description: Directory path that stores all the auto generated docs for the packages - default: '/docs/source/pages' + default: /docs/source/pages required: false runs: @@ -59,7 +59,7 @@ runs: Hi @${{ inputs.username }}, - The **`docs check`** CI has encountered a failure during the + The **`docs check`** CI has encountered a failure during the **`setup`** step. **Action Required:** @@ -100,7 +100,7 @@ runs: issue_number: ${{ github.event.number }} username: ${{ github.actor}} message: | - Couldn't retrieve project name from `pyproject.toml` and + Couldn't retrieve project name from `pyproject.toml` and `file_path`` is not provided for the workflow. - name: Generate API docs @@ -137,56 +137,56 @@ runs: username: ${{ github.actor}} message: | **๐Ÿ”ง API Documentation Outdated** - + Hi @${{ inputs.username }}, - - The **API documentation** in the PR is outdated and needs to be + + The **API documentation** in the PR is outdated and needs to be refreshed to reflect recent changes in the codebase. - + --- - + ### **๐Ÿ“Œ Action Required** - + Please update the API documentation by following these steps: - + 1. **Run Sphinx-Apidoc:** - + Execute the following command to regenerate the API documentation: - + ```bash poetry run sphinx-apidoc ${{ env.file_path }} ``` - + 2. **Verify Documentation:** - - After running the command, review the generated documentation to + + After running the command, review the generated documentation to ensure it accurately represents the current state of your codebase. - + --- - + ### **โ„น๏ธ Additional Information** - +
Using the Makefile Command - - For convenience, you can use the predefined Makefile command to + + For convenience, you can use the predefined Makefile command to update the documentation: - + ```bash make docs ``` - + This command utilizes the `sphinx-apidoc` tool to regenerate the API documentation based on your project's configuration. - - **Note:** The default Makefile from the Cookiecutter template - includes the `make docs` command. Ensure you are in the root + + **Note:** The default Makefile from the Cookiecutter template + includes the `make docs` command. Ensure you are in the root directory of your project before running this command. - +
- + --- - + ### **๐Ÿ”— Useful Resources** - - - [Sphinx-Apidoc Documentation](https://www.sphinx-doc.org/en/master/man/sphinx-apidoc.html) \ No newline at end of file + + - [Sphinx-Apidoc Documentation](https://www.sphinx-doc.org/en/master/man/sphinx-apidoc.html) diff --git a/actions/python/setup/poetry/action.yaml b/actions/python/setup/poetry/action.yaml index 6cd5a30..f9de61e 100644 --- a/actions/python/setup/poetry/action.yaml +++ b/actions/python/setup/poetry/action.yaml @@ -25,7 +25,7 @@ inputs: poetry_export_options: default: "" description: > - Options to pass to poetry export for hash generation for cache + Options to pass to poetry export for hash generation for cache invalidation runs: @@ -85,10 +85,10 @@ runs: if [ -n "${{ inputs.dependencies }}" ]; then # Generate hash from dependencies list echo "DEP_HASH=$( - echo '${{ inputs.dependencies }}' | - tr ',' '\n' | - sort | - sha256sum | + echo '${{ inputs.dependencies }}' | + tr ',' '\n' | + sort | + sha256sum | cut -d ' ' -f1 )" >> $GITHUB_ENV else @@ -104,7 +104,7 @@ runs: --output=requirements.txt fi echo "DEP_HASH=$( - sha256sum requirements.txt | + sha256sum requirements.txt | cut -d ' ' -f 1 )" >> $GITHUB_ENV fi @@ -121,7 +121,7 @@ runs: py${{ inputs.python_version }}- hash${{ env.DEP_HASH }} - - name: Install dependencies + - name: Install dependencies if: ${{ inputs.dependencies != '' && steps.poetry-dep-cache.outputs.cache-hit != 'true' }} shell: bash run: | diff --git a/actions/python/vulnerability/code-vulnerability/action.yaml b/actions/python/vulnerability/code-vulnerability/action.yaml index 9436b4d..03b3fd3 100644 --- a/actions/python/vulnerability/code-vulnerability/action.yaml +++ b/actions/python/vulnerability/code-vulnerability/action.yaml @@ -9,20 +9,20 @@ inputs: description: The operating system to use required: false python_version: - default: '3.12' + default: "3.12" description: The version of Python to use required: false poetry_install_options: - default: '--only=vulnerability --no-root' + default: --only=vulnerability --no-root description: Options for installing dependencies via poetry required: false poetry_export_options: - default: '--only=vulnerability' + default: --only=vulnerability description: Options for exporting dependencies for cache invalidation required: false config_path: description: The path to the Bandit configuration file - default: 'pyproject.toml' + default: pyproject.toml required: false file_path: description: The path to the file or directory to check for vulnerabilities @@ -58,7 +58,7 @@ runs: Hi @${{ inputs.username }}, - The **`bandit`** CI has encountered a failure during the + The **`bandit`** CI has encountered a failure during the **`setup`** step. **Action Required:** @@ -96,85 +96,71 @@ runs: username: ${{ github.actor}} message: | **๐Ÿ” Code Vulnerability Check Failed: Bandit Analysis** - + Hi @${{ inputs.username }}, - + The **`Bandit`** static analysis tool has identified potential - security vulnerabilities in your codebase during the **`bandit`** + security vulnerabilities in your codebase during the **`bandit`** analysis step. - + --- - + ### **๐Ÿ“Œ Action Required** - + Please review and address the identified vulnerabilities by following these steps: - + 1. **Run Bandit Analysis:** - - Execute the following command to generate a detailed report of + + Execute the following command to generate a detailed report of the vulnerabilities: - + ```bash poetry run bandit -c ${{ inputs.config_path }} -r ${{ inputs.file_path }} ``` - - 2. **Analyze the Report:** - - - **Critical Issues:** Prioritize fixing vulnerabilities that - are marked as critical. - - **Moderate/Low Issues:** Assess the impact of these - vulnerabilities and address them accordingly. - - 3. **Update Your Code:** - - - **Fix Vulnerabilities:** Modify your code to eliminate the - identified security issues. - - **Upgrade Dependencies:** Ensure all dependencies are up-to-date - to mitigate known vulnerabilities. - + --- - + ### **๐Ÿ“Œ Ignoring False Positives** - - If you have verified that a reported vulnerability is a false + + If you have verified that a reported vulnerability is a false positive or is not applicable to your project, you can safely ignore it by updating the `skips` list in your `pyproject.toml` file. - +
How to Ignore Specific Vulnerabilities - + Add the following configuration to your `pyproject.toml`: - + ```toml [tool.bandit] skips = [ "B108" # Insecure usage of temp file/directory, false positive. ] ``` - - - **`"B108"`**: Replace with the specific vulnerability identifier + + - **`"B108"`**: Replace with the specific vulnerability identifier you wish to ignore. - - **`'Insecure usage of temp file/directory, false positive.'`**: + - **`'Insecure usage of temp file/directory, false positive.'`**: Provide a clear and concise reason for ignoring this vulnerability. - + **Example:** - + ```toml [tool.bandit] skips = [ "B108" # Insecure usage of temp file/directory, false positive. ] ``` - - **Note:** Ensure that you have thoroughly reviewed the - vulnerabilities before choosing to ignore them to maintain the + + **Note:** Ensure that you have thoroughly reviewed the + vulnerabilities before choosing to ignore them to maintain the security integrity of your project. - +
- + --- - + ### **๐Ÿ”— Additional Resources** - - - [Bandit Documentation](https://bandit.readthedocs.io/en/latest/) \ No newline at end of file + + - [Bandit Documentation](https://bandit.readthedocs.io/en/latest/) diff --git a/actions/python/vulnerability/dependency-vulnerability/action.yaml b/actions/python/vulnerability/dependency-vulnerability/action.yaml index 03db32f..f27933e 100644 --- a/actions/python/vulnerability/dependency-vulnerability/action.yaml +++ b/actions/python/vulnerability/dependency-vulnerability/action.yaml @@ -8,15 +8,15 @@ inputs: description: The operating system to use required: false python_version: - default: '3.12' + default: 3.12 description: The version of Python to use required: false poetry_install_options: - default: '--only=vulnerability --no-root' + default: --only=vulnerability --no-root description: Options for installing dependencies via poetry required: false poetry_export_options: - default: '--only=vulnerability' + default: --only=vulnerability description: Options for exporting dependencies for cache invalidation required: false @@ -50,7 +50,7 @@ runs: Hi @${{ inputs.username }}, - The **`safety`** CI has encountered a failure during the + The **`safety`** CI has encountered a failure during the **`setup`** step. **Action Required:** @@ -86,55 +86,32 @@ runs: username: ${{ github.actor}} message: | **๐Ÿ” Code Vulnerability Check Failed** - + Hi @${{ inputs.username }}, - + The **`safety`** CLI has identified potential vulnerabilities in dependencies. - + ### **Action Required:** - - Please review and address these vulnerabilities by executing the + + Please review and address these vulnerabilities by executing the following command: - + ```bash poetry run safety check --full-report ``` - - This command will generate a comprehensive report detailing any - identified issues. - - ### **Next Steps:** - - 1. **Run the Safety Check:** - - Execute the command above to obtain a full report of vulnerabilities. - - 2. **Analyze the Report:** - - - **Critical Issues:** Prioritize fixing vulnerabilities marked as - critical. - - **Moderate/Low Issues:** Assess the impact and address as - necessary. - - 3. **Update Dependencies:** - - - Upgrade affected packages to versions where vulnerabilities are - resolved. - - If no fixes are available, consider alternative packages or - consult the package maintainers. - + ### **๐Ÿ“Œ Ignoring False Positives** - - If you have verified that a reported vulnerability is a false + + If you have verified that a reported vulnerability is a false positive or is not applicable to your project, you can safely ignore it by updating your `.safety-policy.yaml` file. - +
How to Ignore Specific Vulnerabilities - + Add the following configuration to `.safety-policy.yaml`: - + ```yaml security: ignore-vulnerabilities: @@ -142,13 +119,9 @@ runs: reason: 'REASON_FOR_IGNORING' expires: 'YYYY-MM-DD' ``` - - - **`ERROR_CODE`**: Replace with the specific vulnerability identifier you wish to ignore. - - **`REASON_FOR_IGNORING`**: Provide a clear and concise explanation for ignoring this vulnerability. - - **`YYYY-MM-DD`**: Set an expiration date to review the ignore rule in the future. - + **Example:** - + ```yaml security: ignore-vulnerabilities: @@ -156,9 +129,9 @@ runs: reason: 'False positive detected due to specific usage context.' expires: '2024-12-31' ``` - +
- + ### **Additional Resources:** - - - [Safety CLI Documentation](https://pyup.io/safety/) \ No newline at end of file + + - [Safety CLI Documentation](https://pyup.io/safety/) From 0bb6ff2e5f1b39b76d528f435a800b01f0b19eba Mon Sep 17 00:00:00 2001 From: Javed Habib Date: Tue, 15 Oct 2024 04:30:57 +0530 Subject: [PATCH 13/13] add closing yaml tags --- actions/python/code-quality/format/action.yaml | 1 + actions/python/code-quality/lint/action.yaml | 1 + actions/python/code-quality/type-check/action.yaml | 1 + actions/python/code-test/integration-test/action.yaml | 1 + actions/python/code-test/unit-test/action.yaml | 1 + actions/python/docs/autogenerated-docs-check/action.yaml | 1 + actions/python/vulnerability/code-vulnerability/action.yaml | 1 + .../python/vulnerability/dependency-vulnerability/action.yaml | 1 + 8 files changed, 8 insertions(+) diff --git a/actions/python/code-quality/format/action.yaml b/actions/python/code-quality/format/action.yaml index c3abe9b..1fa3b6e 100644 --- a/actions/python/code-quality/format/action.yaml +++ b/actions/python/code-quality/format/action.yaml @@ -134,3 +134,4 @@ runs: ### **๐Ÿ”— Useful Resources** - [Ruff Documentation](https://docs.astral.sh/ruff/) +... diff --git a/actions/python/code-quality/lint/action.yaml b/actions/python/code-quality/lint/action.yaml index e931536..0478e06 100644 --- a/actions/python/code-quality/lint/action.yaml +++ b/actions/python/code-quality/lint/action.yaml @@ -129,3 +129,4 @@ runs: ### **๐Ÿ”— Useful Resources** - [Ruff Documentation](https://docs.astral.sh/ruff/) +... diff --git a/actions/python/code-quality/type-check/action.yaml b/actions/python/code-quality/type-check/action.yaml index dc79929..4f465ae 100644 --- a/actions/python/code-quality/type-check/action.yaml +++ b/actions/python/code-quality/type-check/action.yaml @@ -222,3 +222,4 @@ runs: - [Mypy Documentation](https://mypy.readthedocs.io/en/stable/) - [Typeshed Repository](https://github.com/python/typeshed) - [Best Practices for Type Checking](https://mypy.readthedocs.io/en/stable/cheat_sheet_py3.html) +... diff --git a/actions/python/code-test/integration-test/action.yaml b/actions/python/code-test/integration-test/action.yaml index b0a5329..b8fda7f 100644 --- a/actions/python/code-test/integration-test/action.yaml +++ b/actions/python/code-test/integration-test/action.yaml @@ -201,3 +201,4 @@ runs: - [Codecov Documentation](https://docs.codecov.io/docs) - [GitHub Actions Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) - [Managing Secrets in GitHub](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) +... diff --git a/actions/python/code-test/unit-test/action.yaml b/actions/python/code-test/unit-test/action.yaml index 4450271..d0f731a 100644 --- a/actions/python/code-test/unit-test/action.yaml +++ b/actions/python/code-test/unit-test/action.yaml @@ -201,3 +201,4 @@ runs: - [Codecov Documentation](https://docs.codecov.io/docs) - [GitHub Actions Secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets) - [Managing Secrets in GitHub](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) +... diff --git a/actions/python/docs/autogenerated-docs-check/action.yaml b/actions/python/docs/autogenerated-docs-check/action.yaml index c452003..50dac72 100644 --- a/actions/python/docs/autogenerated-docs-check/action.yaml +++ b/actions/python/docs/autogenerated-docs-check/action.yaml @@ -190,3 +190,4 @@ runs: ### **๐Ÿ”— Useful Resources** - [Sphinx-Apidoc Documentation](https://www.sphinx-doc.org/en/master/man/sphinx-apidoc.html) +... diff --git a/actions/python/vulnerability/code-vulnerability/action.yaml b/actions/python/vulnerability/code-vulnerability/action.yaml index 03b3fd3..3a51655 100644 --- a/actions/python/vulnerability/code-vulnerability/action.yaml +++ b/actions/python/vulnerability/code-vulnerability/action.yaml @@ -164,3 +164,4 @@ runs: ### **๐Ÿ”— Additional Resources** - [Bandit Documentation](https://bandit.readthedocs.io/en/latest/) +... diff --git a/actions/python/vulnerability/dependency-vulnerability/action.yaml b/actions/python/vulnerability/dependency-vulnerability/action.yaml index f27933e..f53d937 100644 --- a/actions/python/vulnerability/dependency-vulnerability/action.yaml +++ b/actions/python/vulnerability/dependency-vulnerability/action.yaml @@ -135,3 +135,4 @@ runs: ### **Additional Resources:** - [Safety CLI Documentation](https://pyup.io/safety/) +...