Add tox linting and placeholder unit test (#399)

Author: bertiethorpe

.codespellignore

@@ -0,0 +1 @@
+rackit

.github/workflows/test-pr.yaml

@@ -18,6 +18,12 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
+  # Run the unit tests on every PR, even from external repos
+  unit_tests:
+    uses: ./.github/workflows/tox.yaml
+    with:
+      ref: ${{ github.event.pull_request.head.sha }}
+
   # This job exists so that PRs from outside the main repo are rejected
   fail_on_remote:
     runs-on: ubuntu-latest
@@ -26,7 +32,7 @@ jobs:
         run: exit ${{ github.event.pull_request.head.repo.full_name == 'azimuth-cloud/azimuth' && '0' || '1' }}
 
   publish_artifacts:
-    needs: [fail_on_remote]
+    needs: [unit_tests, fail_on_remote]
     uses: ./.github/workflows/build-push-artifacts.yaml
     with:
       ref: ${{ github.event.pull_request.head.sha }}

.github/workflows/tox.yaml

@@ -0,0 +1,45 @@
+name: Tox unit tests
+
+on:
+  workflow_call:
+    inputs:
+      ref:
+        type: string
+        description: The ref to build.
+        required: true
+
+jobs:
+  build:
+    name: Tox unit tests and linting
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.10','3.12']
+
+    steps:
+    - name: Check out the repository
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ inputs.ref || github.ref }}
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install tox
+
+    - name: Test with tox
+      run: tox
+
+    - name: Generate coverage reports
+      run: tox -e cover
+
+    - name: Archive code coverage results
+      uses: actions/upload-artifact@v4
+      with:
+        name: "code-coverage-report-${{ matrix.python-version }}"
+        path: cover/

.stestr.conf

@@ -0,0 +1,3 @@
+[DEFAULT]
+test_path=./api/tests
+top_dir=./

api/azimuth/acls/__init__.py

@@ -1 +1 @@
-from .acls import allowed_by_acls
+from .acls import allowed_by_acls  # noqa: F401

api/azimuth/acls/acls.py

@@ -1,5 +1,5 @@
-import re
 import logging
+import re
 
 LOG = logging.getLogger(__name__)
 
@@ -61,6 +61,5 @@ def allowed_by_acls(raw, tenancy):
 
     # If either 'allow' annotation is present and non-empty then default to deny
     return not (
-        annotations.get(ACL_ALLOW_IDS_KEY) or
-        annotations.get(ACL_ALLOW_PATTERN_KEY)
+        annotations.get(ACL_ALLOW_IDS_KEY) or annotations.get(ACL_ALLOW_PATTERN_KEY)
     )

api/azimuth/acls/test_acls.py

@@ -1,18 +1,17 @@
 from unittest import TestCase
+
+from ..provider.dto import Tenancy  # noqa: TID252
 from .acls import (
-    ACL_KEYS,
     ACL_ALLOW_IDS_KEY,
     ACL_ALLOW_PATTERN_KEY,
     ACL_DENY_IDS_KEY,
     ACL_DENY_PATTERN_KEY,
+    ACL_KEYS,
     allowed_by_acls,
 )
 
-from ..provider.dto import Tenancy
-
 
 class ACLTestCase(TestCase):
-
     def assert_allowed(self, resource, tenancy):
         """Helper method to make logic clearer"""
         self.assertTrue(allowed_by_acls(resource, tenancy))
@@ -28,7 +27,8 @@ def test_no_annotations(self):
         for t in tenancies:
             self.assert_allowed(test_resource, t)
 
-    # Check that all tenancies are allowed when all ACL annotations are present but empty
+    # Check that all tenancies are allowed when all ACL annotations are present but
+    # empty
     def test_empty_annotations(self):
         tenancies = [Tenancy(id=f"test-id-{i}", name=f"name-{i}") for i in range(3)]
         test_resource = {"metadata": {"annotations": {k: "" for k in ACL_KEYS}}}
@@ -61,16 +61,16 @@ def test_allow_ids(self):
     # Check that filtering by allowed name pattern works
     def test_allow_pattern(self):
         test_resource = {"metadata": {"annotations": {ACL_ALLOW_PATTERN_KEY: "prod-"}}}
-        self.assert_allowed(test_resource, Tenancy(id="", name=f"prod-123"))
-        self.assert_allowed(test_resource, Tenancy(id="", name=f"test-prod-2"))
-        self.assert_denied(test_resource, Tenancy(id="", name=f"staging"))
+        self.assert_allowed(test_resource, Tenancy(id="", name="prod-123"))
+        self.assert_allowed(test_resource, Tenancy(id="", name="test-prod-2"))
+        self.assert_denied(test_resource, Tenancy(id="", name="staging"))
 
     # Check that filtering by denied name patterm works
     def test_deny_pattern(self):
         test_resource = {"metadata": {"annotations": {ACL_DENY_PATTERN_KEY: "prod-"}}}
         self.assert_denied(test_resource, Tenancy(id="", name="prod-123"))
-        self.assert_denied(test_resource, Tenancy(id="", name=f"test-prod-2"))
-        self.assert_allowed(test_resource, Tenancy(id="", name=f"staging-123"))
+        self.assert_denied(test_resource, Tenancy(id="", name="test-prod-2"))
+        self.assert_allowed(test_resource, Tenancy(id="", name="staging-123"))
 
     # Check that presence of any 'allow' key triggers deny by default
     def test_default_deny_with_allows(self):