Squash all into new skeleton base commit

Author: coretl

.containerignore

@@ -0,0 +1,7 @@
+Dockerfile
+build/
+dist/
+.mypy_cache
+.tox
+.venv*
+venv*

.devcontainer.json

@@ -0,0 +1,39 @@
+// For format details, see https://aka.ms/devcontainer.json
+{
+    "name": "Python 3 Developer Container",
+    "build": {
+        "dockerfile": "Dockerfile",
+        "target": "build",
+        "context": ".",
+        "args": {}
+    },
+    "remoteEnv": {
+        "DISPLAY": "${localEnv:DISPLAY}"
+    },
+    // Set *default* container specific settings.json values on container create.
+    "settings": {
+        "python.defaultInterpreterPath": "/venv/bin/python",
+        "python.linting.enabled": true
+    },
+    // Add the IDs of extensions you want installed when the container is created.
+    "extensions": [
+        "ms-python.python",
+        "ms-python.vscode-pylance"
+    ],
+    // Make sure the files we are mapping into the container exist on the host
+    "initializeCommand": "bash -c 'for i in $HOME/.inputrc; do [ -f $i ] || touch $i; done'",
+    "runArgs": [
+        "--net=host",
+        "-v=${localEnv:HOME}/.ssh:/root/.ssh",
+        "-v=${localEnv:HOME}/.inputrc:/root/.inputrc"
+    ],
+    "mounts": [
+        // map in home directory - not strictly necessary but useful
+        "source=${localEnv:HOME},target=${localEnv:HOME},type=bind,consistency=cached"
+    ],
+    // make the workspace folder the same inside and outside of the container
+    "workspaceMount": "source=${localWorkspaceFolder},target=${localWorkspaceFolder},type=bind",
+    "workspaceFolder": "${localWorkspaceFolder}",
+    // After the container is created, install the python project in editable form
+    "postCreateCommand": "pip install $([ -f requirements_dev.txt ] && echo -r requirements_dev.txt ) -e .[dev]"
+}

.gitattributes

@@ -0,0 +1,16 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/dependabot.yml

@@ -1,9 +1,11 @@
 <!DOCTYPE html>
 <html>
-  <head>
-    <title>Redirecting to master branch</title>
+
+<head>
+    <title>Redirecting to main branch</title>
     <meta charset="utf-8">
-    <meta http-equiv="refresh" content="0; url=./master/index.html">
-    <link rel="canonical" href="master/index.html">
-  </head>
-</html>
+    <meta http-equiv="refresh" content="0; url=./main/index.html">
+    <link rel="canonical" href="main/index.html">
+</head>
+
+</html>

.github/pages/index.html

@@ -2,111 +2,176 @@ name: Code CI
 
 on:
   push:
-    branches:
-      # Restricting to these branches and tags stops duplicate jobs on internal
-      # PRs but stops CI running on internal branches without a PR. Delete the
-      # next 5 lines to restore the original behaviour
-      - master
-      - main
-    tags:
-      - "*"
   pull_request:
   schedule:
     # Run every Monday at 8am to check latest versions of dependencies
-    - cron: '0 8 * * MON'
+    - cron: "0 8 * * WED"
 
 jobs:
   lint:
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Run black, flake8, mypy
-        uses: dls-controls/pipenv-run-action@v1
-        with:
-          pipenv-run: lint
+    # pull requests are a duplicate of a branch push if within the same repo.
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
+    runs-on: ubuntu-latest
 
-  wheel:
-    runs-on: "ubuntu-latest"
     steps:
-      - uses: actions/checkout@v2
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup python
+        uses: actions/setup-python@v4
         with:
-          fetch-depth: 0
+          python-version: "3.10"
 
-      - name: Create Sdist and Wheel
-        # Set SOURCE_DATE_EPOCH from git commit for reproducible build
-        # https://reproducible-builds.org/
-        # Set group writable and umask to do the same to match inside DLS
+      - name: Lint
         run: |
-          chmod -R g+w .
-          umask 0002
-          SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct) pipx run build --sdist --wheel
-
-      - name: Test cli works from the installed wheel
-        # Can remove the repository reference after https://github.com/pypa/pipx/pull/733
-        run: pipx run --spec dist/*.whl ${GITHUB_REPOSITORY##*/} --version
-
-      - name: Upload Wheel and Sdist as artifacts
-        uses: actions/upload-artifact@v2
-        with:
-          name: dist
-          path: dist/*
+          touch requirements_dev.txt requirements.txt
+          pip install -r requirements.txt -r requirements_dev.txt -e .[dev]
+          tox -e pre-commit,mypy
 
   test:
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
     strategy:
       fail-fast: false
       matrix:
-        os: ["ubuntu-latest"]  # can add windows-latest, macos-latest
-        python: ["3.7", "3.8", "3.9"]
-        pipenv: ["skip-lock"]
-
-        include:
-          # Add an extra Python3.7 runner to use the lockfile
-          - os: "ubuntu-latest"
-            python: "3.7"
-            pipenv: "deploy"
+        os: ["ubuntu-latest"] # can add windows-latest, macos-latest
+        python: ["3.8", "3.9", "3.10"]
 
     runs-on: ${{ matrix.os }}
     env:
       # https://github.com/pytest-dev/pytest/issues/2042
       PY_IGNORE_IMPORTMISMATCH: "1"
 
     steps:
-      - name: Setup repo and test
-        uses: dls-controls/pipenv-run-action@v1
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Setup python ${{ matrix.python }}
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python }}
-          pipenv-install: --dev --${{ matrix.pipenv }}
-          allow-editable-installs: ${{ matrix.pipenv == 'deploy' }}
-          pipenv-run: tests
+
+      - name: Install with latest dependencies
+        run: pip install .[dev]
+
+      - name: Run tests
+        run: pytest tests
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2
+        uses: codecov/codecov-action@v3
         with:
-          name: ${{ matrix.python }}/${{ matrix.os }}/${{ matrix.pipenv }}
+          name: ${{ matrix.python }}/${{ matrix.os }}
           files: cov.xml
 
-  release:
-    needs: [lint, wheel, test]
+  container:
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.repository
     runs-on: ubuntu-latest
-    # upload to PyPI and make a release on every tag
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+    permissions:
+      contents: read
+      packages: write
+
     steps:
-      - uses: actions/download-artifact@v2
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Log in to GitHub Docker Registry
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=tag
+
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Build developer image for testing
+        uses: docker/build-push-action@v3
+        with:
+          tags: build:latest
+          context: .
+          target: build
+          load: true
+
+      - name: Run tests in the container locked with requirements_dev.txt
+        run: |
+          docker run --name test build bash /project/.github/workflows/container_tests.sh
+          docker cp test:/project/dist .
+          docker cp test:/project/cov.xml .
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          name: 3.10-locked/ubuntu-latest
+          files: cov.xml
+
+      - name: Build runtime image
+        uses: docker/build-push-action@v3
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          context: .
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Check runtime
+        run: for i in ${{ steps.meta.outputs.tags }}; do docker run ${i} --version; done
+
+      - name: Upload build files
+        uses: actions/upload-artifact@v3
         with:
           name: dist
-          path: dist
+          path: dist/*
+
+  sdist:
+    needs: container
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/download-artifact@v3
+
+      - name: Install sdist in a venv and check cli works
+        # ${GITHUB_REPOSITORY##*/} is the repo name without org
+        # Replace this with the cli command if different to the repo name
+        run: |
+          pip install dist/*.gz
+          ${GITHUB_REPOSITORY##*/} --version
+
+  release:
+    # upload to PyPI and make a release on every tag
+    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
+    needs: container
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/download-artifact@v3
 
       - name: Github Release
         # We pin to the SHA, not the tag, for security reasons.
         # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
-        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5  # v0.1.14
+        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14
         with:
-          files: dist/*
+          prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }}
+          files: |
+            dist/*
           generate_release_notes: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish to PyPI
         env:
           TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.pypi_token }}
-        run: pipx run twine upload dist/*
+          TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+        run: pipx run twine upload dist/*/whl dist/*.tar.gz

.github/workflows/code.yml

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -x
+
+cd /project
+source /venv/bin/activate
+
+touch requirements_dev.txt
+pip install -r requirements_dev.txt -e .[dev]
+pip freeze --exclude-editable > dist/requirements_dev.txt
+
+pipdeptree
+
+pytest tests