Skip to content

Commit

Permalink
Merge pull request #29 from cisagov/lineage/skeleton
Browse files Browse the repository at this point in the history
⚠️ CONFLICT! Lineage pull request for: skeleton
  • Loading branch information
jsf9k authored Jul 31, 2023
2 parents 94ef101 + e437251 commit fffdfc2
Show file tree
Hide file tree
Showing 11 changed files with 86 additions and 54 deletions.
7 changes: 3 additions & 4 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
---
# See https://ansible-lint.readthedocs.io/en/latest/configuring.html
# for a list of the configuration elements that can exist in this
# file.
# See https://ansible-lint.readthedocs.io/configuring/ for a list of
# the configuration elements that can exist in this file.
enable_list:
# Useful checks that one must opt-into. See here for more details:
# https://ansible-lint.readthedocs.io/en/latest/rules.html
# https://ansible-lint.readthedocs.io/rules/
- fcqn-builtins
- no-log-password
- no-same-owner
Expand Down
4 changes: 2 additions & 2 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
# These owners will be the default owners for everything in the
# repo. Unless a later match takes precedence, these owners will be
# requested for review when someone opens a pull request.
* @dav3r @felddy @jsf9k @mcdonnnj
* @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj

# These folks own any files in the .github directory at the root of
# the repository and any of its subdirectories.
/.github/ @dav3r @felddy @jsf9k @mcdonnnj
/.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj
15 changes: 9 additions & 6 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,16 @@ jobs:
- id: setup-python
uses: actions/setup-python@v4
with:
python-version: "3.10"
python-version: "3.11"
# We need the Go version and Go cache location for the actions/cache step,
# so the Go installation must happen before that.
- id: setup-go
uses: actions/setup-go@v3
uses: actions/setup-go@v4
with:
go-version: "1.19"
# There is no expectation for actual Go code so we disable caching as
# it relies on the existence of a go.sum file.
cache: false
go-version: "1.20"
- name: Lookup Go cache directory
id: go-cache
run: |
Expand Down Expand Up @@ -113,7 +116,7 @@ jobs:
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade pip setuptools wheel
pip install --upgrade --requirement requirements-test.txt
- name: Set up pre-commit hook environments
run: pre-commit install-hooks
Expand Down Expand Up @@ -303,7 +306,7 @@ jobs:
- id: setup-python
uses: actions/setup-python@v4
with:
python-version: "3.10"
python-version: "3.11"
- name: Cache testing environments
uses: actions/cache@v3
env:
Expand All @@ -318,7 +321,7 @@ jobs:
${{ env.BASE_CACHE_KEY }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install --upgrade pip setuptools wheel
pip install --upgrade --requirement requirements-test.txt
- name: Download docker image artifact
uses: actions/download-artifact@v3
Expand Down
45 changes: 32 additions & 13 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,35 +31,54 @@ repos:

# Text file hooks
- repo: https://github.com/igorshubovych/markdownlint-cli
rev: v0.33.0
rev: v0.34.0
hooks:
- id: markdownlint
args:
- --config=.mdl_config.yaml
- repo: https://github.com/pre-commit/mirrors-prettier
rev: v3.0.0-alpha.4
rev: v3.0.0-alpha.9-for-vscode
hooks:
- id: prettier
- repo: https://github.com/adrienverge/yamllint
rev: v1.29.0
rev: v1.32.0
hooks:
- id: yamllint
args:
- --strict

# GitHub Actions hooks
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.21.0
rev: 0.23.1
hooks:
- id: check-github-actions
- id: check-github-workflows

# pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit
rev: v3.0.2
rev: v3.3.2
hooks:
- id: validate_manifest

# Go hooks
- repo: https://github.com/TekWizely/pre-commit-golang
rev: v1.0.0-rc.1
hooks:
# Style Checkers
- id: go-critic
# StaticCheck
- id: go-staticcheck-repo-mod
# Go Build
- id: go-build-repo-mod
# Go Mod Tidy
- id: go-mod-tidy-repo
# Go Test
- id: go-test-repo-mod
# Go Vet
- id: go-vet-repo-mod
# GoSec
- id: go-sec-repo-mod

# Shell script hooks
- repo: https://github.com/cisagov/pre-commit-shfmt
rev: v0.0.2
Expand All @@ -83,7 +102,7 @@ repos:
# Python hooks
# Run bandit on the "tests" tree with a configuration
- repo: https://github.com/PyCQA/bandit
rev: 1.7.4
rev: 1.7.5
hooks:
- id: bandit
name: bandit (tests tree)
Expand All @@ -92,13 +111,13 @@ repos:
- --config=.bandit.yml
# Run bandit on everything except the "tests" tree
- repo: https://github.com/PyCQA/bandit
rev: 1.7.4
rev: 1.7.5
hooks:
- id: bandit
name: bandit (everything else)
exclude: tests
- repo: https://github.com/psf/black
rev: 22.12.0
rev: 23.3.0
hooks:
- id: black
- repo: https://github.com/PyCQA/flake8
Expand All @@ -112,31 +131,31 @@ repos:
hooks:
- id: isort
- repo: https://github.com/pre-commit/mirrors-mypy
rev: v0.991
rev: v1.3.0
hooks:
- id: mypy
- repo: https://github.com/asottile/pyupgrade
rev: v3.3.1
rev: v3.4.0
hooks:
- id: pyupgrade

# Ansible hooks
- repo: https://github.com/ansible-community/ansible-lint
rev: v5.4.0
rev: v6.17.0
hooks:
- id: ansible-lint
# files: molecule/default/playbook.yml

# Terraform hooks
- repo: https://github.com/antonbabenko/pre-commit-terraform
rev: v1.77.0
rev: v1.80.0
hooks:
- id: terraform_fmt
- id: terraform_validate

# Docker hooks
- repo: https://github.com/IamTheFij/docker-pre-commit
rev: v2.1.1
rev: v3.0.1
hooks:
- id: docker-compose-check

Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ RUN groupadd --system --gid ${CISA_GID} ${CISA_GROUP} \
# will not be included in the final Docker image.
###
ENV DEPS \
libpq-dev=13.9-0+deb11u1
libpq-dev=13.11-0+deb11u1
# I'd like to pin the version of wget to keep the build reproducible,
# but it's tricky.
#
Expand Down Expand Up @@ -136,7 +136,7 @@ RUN groupadd --system --gid ${CISA_GID} ${CISA_GROUP} \
# Install everything we need
###
ENV DEPS \
libpq-dev=13.9-0+deb11u1
libpq-dev=13.11-0+deb11u1
# Note that we clean up aptitude cruft after installing dependencies.
# This must be done in one fell swoop to actually reduce the size of
# the resulting Docker image:
Expand Down
16 changes: 8 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ composition](https://docs.docker.com/compose/) alongside only the
To run the `cisagov/guacscanner` image via Docker:

```console
docker run cisagov/guacscanner:1.1.16
docker run cisagov/guacscanner:1.1.17
```

### Running with Docker Compose ###
Expand Down Expand Up @@ -82,7 +82,7 @@ Docker secrets.
1. Pull the new image:

```console
docker pull cisagov/guacscanner:1.1.16
docker pull cisagov/guacscanner:1.1.17
```

1. Recreate and run the container by following the [previous
Expand All @@ -93,11 +93,11 @@ Docker secrets.
The images of this container are tagged with [semantic
versions](https://semver.org) of the underlying example project that
they containerize. It is recommended that most users use a version
tag (e.g. `:1.1.16`).
tag (e.g. `:1.1.17`).

| Image:tag | Description |
|-----------|-------------|
|`cisagov/guacscanner:1.1.16`| An exact release version. |
|`cisagov/guacscanner:1.1.17`| An exact release version. |
|`cisagov/guacscanner:1.1`| The most recent release matching the major and minor version numbers. |
|`cisagov/guacscanner:1`| The most recent release matching the major version number. |
|`cisagov/guacscanner:edge` | The most recent image built from a merge into the `develop` branch of this repository. |
Expand Down Expand Up @@ -173,8 +173,8 @@ Build the image locally using this git repository as the [build context](https:/

```console
docker build \
--build-arg VERSION=1.1.16 \
--tag cisagov/guacscanner:1.1.16 \
--build-arg VERSION=1.1.17 \
--tag cisagov/guacscanner:1.1.17 \
https://github.com/cisagov/guacscanner.git#develop
```

Expand Down Expand Up @@ -204,9 +204,9 @@ Docker:
docker buildx build \
--file Dockerfile-x \
--platform linux/amd64 \
--build-arg VERSION=1.1.16 \
--build-arg VERSION=1.1.17 \
--output type=docker \
--tag cisagov/guacscanner:1.1.16 .
--tag cisagov/guacscanner:1.1.17 .
```

## Contributing ##
Expand Down
2 changes: 1 addition & 1 deletion requirements-test.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
--requirement requirements.txt
pre-commit
pytest
pytest-dockerc
python-on-whales
4 changes: 2 additions & 2 deletions setup-env
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ done
eval set -- "$PARAMS"

# Check to see if pyenv is installed
if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then
if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then
echo "pyenv and pyenv-virtualenv are required."
if [[ "$OSTYPE" == "darwin"* ]]; then
cat << 'END_OF_LINE'
Expand Down Expand Up @@ -186,5 +186,5 @@ else:
END_OF_LINE
)"

# Qapla
# Qapla'
echo "Success!"
2 changes: 1 addition & 1 deletion src/version.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = "1.1.16"
__version__ = "1.1.17"
13 changes: 11 additions & 2 deletions tests/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,25 @@
"""
# Third-Party Libraries
import pytest
from python_on_whales import docker

MAIN_SERVICE_NAME = "guacscanner"
VERSION_SERVICE_NAME = f"{MAIN_SERVICE_NAME}-version"


@pytest.fixture(scope="session")
def dockerc():
"""Start up the Docker composition."""
docker.compose.up(detach=True)
yield docker
docker.compose.down()


@pytest.fixture(scope="session")
def main_container(dockerc):
"""Return the main container from the Docker composition."""
# find the container by name even if it is stopped already
return dockerc.containers(service_names=[MAIN_SERVICE_NAME], stopped=True)[0]
return dockerc.compose.ps(services=[MAIN_SERVICE_NAME], all=True)[0]


@pytest.fixture(scope="session")
Expand All @@ -23,7 +32,7 @@ def version_container(dockerc):
The version container should just output the version of its underlying contents.
"""
# find the container by name even if it is stopped already
return dockerc.containers(service_names=[VERSION_SERVICE_NAME], stopped=True)[0]
return dockerc.compose.ps(services=[VERSION_SERVICE_NAME], all=True)[0]


def pytest_addoption(parser):
Expand Down
28 changes: 15 additions & 13 deletions tests/container_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ def test_container_count(dockerc):
"""Verify the test composition and container."""
# stopped parameter allows non-running containers in results
assert (
len(dockerc.containers(stopped=True)) == 2
len(dockerc.compose.ps(all=True)) == 2
), "Wrong number of containers were started."


Expand All @@ -25,7 +25,7 @@ def test_container_count(dockerc):
# """Wait for container to be ready."""
# TIMEOUT = 10
# for i in range(TIMEOUT):
# if READY_MESSAGE in main_container.logs().decode("utf-8"):
# if READY_MESSAGE in main_container.logs():
# break
# time.sleep(1)
# else:
Expand All @@ -35,23 +35,23 @@ def test_container_count(dockerc):
# )


def test_wait_for_exits(main_container, version_container):
def test_wait_for_exits(dockerc, main_container, version_container):
"""Wait for containers to exit."""
# assert main_container.wait() == 0, "Container service (main) did not exit cleanly"
assert (
main_container.wait() == 1
dockerc.wait(main_container.id) == 1
), "Container service (main) did not exit as expected"
assert (
version_container.wait() == 0
dockerc.wait(version_container.id) == 0
), "Container service (version) did not exit cleanly"


# TODO: Implement this test. See cisagov/guacscanner-docker#3 for
# more details.
# def test_output(main_container):
# def test_output(dockerc, main_container):
# """Verify the container had the correct output."""
# main_container.wait() # make sure container exited if running test isolated
# log_output = main_container.logs().decode("utf-8")
# # make sure container exited if running test isolated
# dockerc.wait(main_container.id)
# log_output = main_container.logs()
# assert SECRET_QUOTE in log_output, "Secret not found in log output."


Expand All @@ -69,10 +69,11 @@ def test_release_version():
), "RELEASE_TAG does not match the project version"


def test_log_version(version_container):
def test_log_version(dockerc, version_container):
"""Verify the container outputs the correct version to the logs."""
version_container.wait() # make sure container exited if running test isolated
log_output = version_container.logs().decode("utf-8").strip()
# make sure container exited if running test isolated
dockerc.wait(version_container.id)
log_output = version_container.logs().strip()
pkg_vars = {}
with open(VERSION_FILE) as f:
exec(f.read(), pkg_vars) # nosec
Expand All @@ -89,5 +90,6 @@ def test_container_version_label_matches(version_container):
exec(f.read(), pkg_vars) # nosec
project_version = pkg_vars["__version__"]
assert (
version_container.labels["org.opencontainers.image.version"] == project_version
version_container.config.labels["org.opencontainers.image.version"]
== project_version
), "Dockerfile version label does not match project version"

0 comments on commit fffdfc2

Please sign in to comment.