IC: uv + ruff

.github/workflows/tests.yml

@@ -24,7 +24,7 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v5
       with:
-        go-version: '1.22'
+        go-version-file: go.mod
 
     - name: Build
       run: |
@@ -38,19 +38,21 @@ jobs:
       env:
         RICHGO_FORCE_COLOR: 1
 
-    - name: "Setup Python"
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        version: 0.5.24
+        enable-cache: true
+        cache-dependency-glob: "test/uv.lock"
+
+    - name: "Set up Python"
       uses: actions/setup-python@v5
       with:
-        python-version: "3.x"
-        cache: 'pipenv'
+        python-version-file: "test/.python-version"
 
-    - name: "Install python dependencies"
-      run: |
-        python -m pip install --upgrade pipenv wheel
-        pipenv install --deploy
-        # some tests need root, so we have to install pytest twice
-        sudo python3 -m pip install --upgrade pipenv wheel
-        sudo pipenv install --deploy
+    - name: Install the project
+      working-directory: ./test
+      run: uv sync --all-extras --dev
 
     - name: Install functional test dependencies
       run: |
@@ -63,18 +65,26 @@ jobs:
         CROWDSEC_TEST_NETWORK: net-test
         CROWDSEC_TEST_TIMEOUT: 60
         PYTEST_ADDOPTS: --durations=0 -vv --color=yes -m "not (deb or rpm)"
+      working-directory: ./test
       run: |
         # everything except for
         # - install (requires root, ignored by default)
         # - deb/rpm (on their own workflows)
-        pipenv run pytest
+        uv run pytest
         # these need root
-        sudo -E pipenv run pytest ./test/install/no_crowdsec
+        sudo -E $(which uv) run pytest ./tests/install/no_crowdsec
         # these need a running crowdsec
-        docker run -d --name crowdsec -e CI_TESTING=true -e DISABLE_ONLINE_API=true -ti crowdsecurity/crowdsec
+        docker run -d --name crowdsec -e CI_TESTING=true -e DISABLE_ONLINE_API=true -p 8080:8080 -ti crowdsecurity/crowdsec
         install -m 0755 /dev/stdin /usr/local/bin/cscli <<'EOT'
         #!/bin/sh
         docker exec crowdsec cscli "$@"
         EOT
         sleep 5
-        sudo -E pipenv run pytest ./test/install/with_crowdsec
+        sudo -E $(which uv) run pytest ./tests/install/with_crowdsec
+
+    - name: Lint
+      working-directory: ./test
+      run: |
+        uv run ruff check
+        uv run basedpyright
+

.github/workflows/tests_deb.yml

@@ -24,21 +24,23 @@ jobs:
     - name: Set up Go
       uses: actions/setup-go@v5
       with:
-        go-version: '1.22'
+        go-version-file: go.mod
 
-    - name: "Setup Python"
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        version: 0.5.24
+        enable-cache: true
+        cache-dependency-glob: "test/uv.lock"
+
+    - name: "Set up Python"
       uses: actions/setup-python@v5
       with:
-        python-version: "3.x"
-        cache: 'pipenv'
+        python-version-file: "test/.python-version"
 
-    - name: "Install python dependencies"
-      run: |
-        python -m pip install --upgrade pipenv wheel
-        pipenv install --deploy
-        # some tests need root, so we have to install pytest twice
-        sudo python3 -m pip install --upgrade pipenv wheel
-        sudo pipenv install --deploy
+    - name: Install the project
+      run: uv sync --all-extras --dev
+      working-directory: ./test
 
     - name: Install functional test dependencies
       run: |
@@ -53,6 +55,7 @@ jobs:
         CROWDSEC_TEST_NETWORK: net-test
         CROWDSEC_TEST_TIMEOUT: 60
         PYTEST_ADDOPTS: --durations=0 -vv --color=yes
+      working-directory: ./test
       run: |
-        pipenv run pytest test/pkg/test_build_deb.py
-        sudo -E pipenv run pytest -m deb ./test/install/no_crowdsec
+        uv run pytest ./tests/pkg/test_build_deb.py
+        sudo -E $(which uv) run pytest -m deb ./tests/install/no_crowdsec

test/.python-version

@@ -0,0 +1 @@
+3.12

test/pyproject.toml

@@ -0,0 +1,78 @@
+[project]
+name = "cs-cloudflare-bouncer-tests"
+version = "0.1.0"
+description = "Tests for cs-cloudflare-bouncer"
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "pexpect>=4.9.0",
+    "pytest>=8.3.5",
+    "pytest-cs>=0.7.21",
+    "pytest-dependency>=0.6.0",
+    "pytest-dotenv>=0.5.2",
+    "zxcvbn>=4.5.0",
+]
+
+[tool.uv.sources]
+pytest-cs = { git = "https://github.com/crowdsecurity/pytest-cs" }
+
+[dependency-groups]
+dev = [
+    "basedpyright>=1.28.4",
+    "ipdb>=0.13.13",
+    "ruff>=0.11.2",
+]
+
+[tool.ruff]
+
+line-length = 120
+
+[tool.ruff.lint]
+select = [
+  "ALL"
+]
+
+ignore = [
+    "ANN",      # Missing type annotations
+    "ARG001",   # Unused function argument: `...`
+    "COM812",   # Trailing comma missing
+    "D100",     # Missing docstring in public module
+    "D103",     # Missing docstring in public function
+    "D104",     # Missing docstring in public package
+    "D203",     # incorrect-blank-line-before-class
+    "D212",     # Multi-line docstring summary should start at the first line
+    "D400",     # First line should end with a period
+    "D415",     # First line should end with a period, question mark, or exclamation point
+    "ERA001",
+    "FIX002",   # Line contains TODO, consider resolving the issue
+    "FIX003",   # Line contains XXX, consider resolving the issue
+    "PLW1510",  # `subprocess.run` without explicit `check` argument
+    "S101",     # Use of 'assert' detected
+    "S603",     # `subprocess` call: check for execution of untrusted input
+    "S607",     # Starting a process with a partial executable path
+    "TD",
+    "PLR2004",  # Magic value used in comparison, consider replacing `...` with a constant variable
+    "PLR0913",  # Too many arguments in function definition (6 > 5)
+    "PTH107",   # `os.remove()` should be replaced by `Path.unlink()`
+    "PTH108",   # `os.unlink()` should be replaced by `Path.unlink()`
+    "PTH110",   # `os.path.exists()` should be replaced by `Path.exists()`
+    "PTH116",   # `os.stat()` should be replaced by `Path.stat()`, `Path.owner()`, or `Path.group()`
+    "PTH123",   # `open()` should be replaced by `Path.open()`
+    "PT022",    # No teardown in fixture `fw_cfg_factory`, use `return` instead of `yield`
+    "UP022",    # Prefer `capture_output` over sending `stdout` and `stderr` to `PIPE`
+    "Q000",
+]
+
+[tool.basedpyright]
+reportAny = "none"
+reportArgumentType = "none"
+reportAttributeAccessIssue = "none"
+reportMissingParameterType = "none"
+reportMissingTypeStubs = "none"
+reportOptionalMemberAccess = "none"
+reportUnknownArgumentType = "none"
+reportUnknownMemberType = "none"
+reportUnknownParameterType = "none"
+reportUnknownVariableType = "none"
+reportUnusedCallResult = "none"
+reportUnusedParameter = "none"

pytest.ini → test/pytest.ini

@@ -1,7 +1,7 @@
 [pytest]
 addopts =
     --pdbcls=IPython.terminal.debugger:Pdb
-    --ignore=test/install
+    --ignore=tests/install
     --strict-markers
 markers:
     deb: mark tests related to deb packaging

test/bouncer/test_cloudflare_bouncer.py → test/tests/bouncer/test_cloudflare_bouncer.py

@@ -1,5 +1,3 @@
-import pytest
-
 
 def test_no_api_key(crowdsec, bouncer, cf_cfg_factory):
     cfg = cf_cfg_factory()

test/bouncer/test_tls.py → test/tests/bouncer/test_tls.py

@@ -1,8 +1,8 @@
 import json
 
+
 def test_tls_server(crowdsec, certs_dir, api_key_factory, bouncer, cf_cfg_factory):
     """TLS with server-only certificate"""
-
     api_key = api_key_factory()
 
     lapi_env = {
@@ -48,7 +48,6 @@ def test_tls_server(crowdsec, certs_dir, api_key_factory, bouncer, cf_cfg_factor
 
 def test_tls_mutual(crowdsec, certs_dir, api_key_factory, bouncer, cf_cfg_factory, bouncer_under_test):
     """TLS with two-way bouncer/lapi authentication"""
-
     lapi_env = {
         'CACERT_FILE': '/etc/ssl/crowdsec/ca.crt',
         'LAPI_CERT_FILE': '/etc/ssl/crowdsec/lapi.crt',

test/conftest.py → test/tests/conftest.py

@@ -2,9 +2,9 @@
 
 import pytest
 
-from pytest_cs import plugin
+# from pytest_cs import plugin
 
-pytest_exception_interact = plugin.pytest_exception_interact
+# pytest_exception_interact = plugin.pytest_exception_interact
 
 
 # provide the name of the bouncer binary to test

test/install/no_crowdsec/test_no_crowdsec_scripts.py → test/tests/install/no_crowdsec/test_no_crowdsec_scripts.py

@@ -1,14 +1,14 @@
 import os
-import pexpect
-import yaml
 
+import pexpect
 import pytest
+import yaml
 
 BOUNCER = "crowdsec-cloudflare-bouncer"
 CONFIG = f"/etc/crowdsec/bouncers/{BOUNCER}.yaml"
 
 
-@pytest.mark.dependency()
+@pytest.mark.dependency
 def test_install_no_crowdsec(project_repo, bouncer_binary, must_be_root):
     c = pexpect.spawn(
         '/usr/bin/sh', ['scripts/install.sh'],

test/install/with_crowdsec/test_crowdsec_deb.py → test/tests/install/with_crowdsec/test_crowdsec_deb.py

@@ -1,9 +1,9 @@
 import os
 import subprocess
-import yaml
 from pathlib import Path
 
 import pytest
+import yaml
 from zxcvbn import zxcvbn
 
 pytestmark = pytest.mark.deb
@@ -84,7 +84,6 @@ def test_deb_install_purge_yaml_local(deb_package_path, bouncer_under_test, must
 
     => the configuration files are not touched (no new api key)
     """
-
     assert deb_package_path.exists(), f'This test requires {deb_package_path}'
 
     p = subprocess.check_output(

test/install/with_crowdsec/test_crowdsec_scripts.py → test/tests/install/with_crowdsec/test_crowdsec_scripts.py

@@ -1,16 +1,16 @@
 import os
-import pexpect
-import yaml
 
+import pexpect
 import pytest
+import yaml
 from pytest_cs.lib import cscli, text
 
 BOUNCER = "crowdsec-cloudflare-bouncer"
 CONFIG = f"/etc/crowdsec/bouncers/{BOUNCER}.yaml"
 
 
 @pytest.mark.systemd_debug(BOUNCER)
-@pytest.mark.dependency()
+@pytest.mark.dependency
 def test_install_crowdsec(project_repo, bouncer_binary, must_be_root):
     c = pexpect.spawn(
         '/usr/bin/sh', ['scripts/install.sh'],