new: added publish-to-pypi workflow (ENG-186) (#11)

* new: added publish-to-pypi workflow (ENG-186)

* Refactor workflows. Update README. Add LICENSE.

* Small README update

* bugfix: fix CI job project name
- updated project name in CI job poetry check
- added pre-commit to check yaml and Github Actions

* bugfix: poetry lock update

* Updating workflow and preparing secrets+access

* Add concurrency checks to workflow

* Simplify workflow to only run on PRs and v-tag pushes

* Separate CI and publish into separate workflows

* Focus workflows down to just the main branch

---------

Co-authored-by: monoxgas <[email protected]>
Co-authored-by: Brian Greunke <[email protected]>
Co-authored-by: Brian Greunke <[email protected]>

Author: 3 people

.github/workflows/ci.yml

@@ -1,64 +1,69 @@
-name: Lint, Typecheck, and Test
+name: CI
 
 on:
-  push:
-    branches: [ main, dev ]
   pull_request:
-    branches: [ main, dev ]
+    branches: [main]
+  push:
+    branches: [main]
 
 jobs:
-  ci:
+  validate:
+    name: Validate
     strategy:
-        fail-fast: false
-        matrix:
-          python-version: ["3.9", "3.10", "3.11"]
-
+      fail-fast: false
+      matrix:
+        python-version: ["3.9", "3.10", "3.11"]
     runs-on: ubuntu-latest
-
     steps:
-    - uses: actions/checkout@v2
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: Setup Python ${{ matrix.python-version }}
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
+        with:
+          python-version: ${{ matrix.python-version }}
 
-    - name: Set up Python
-      uses: actions/setup-python@v2
-      with:
-        python-version: ${{ matrix.python-version }}
+      - name: Install Poetry
+        uses: abatilo/actions-poetry@e78f54a89cb052fff327414dd9ff010b5d2b4dbd
 
-    - name: Setup Poetry
-      uses: abatilo/actions-poetry@v2
+      - name: Configure Poetry
+        run: |
+          poetry config virtualenvs.create true --local
+          poetry config virtualenvs.in-project true --local
 
-    - name: Configure local .venv
-      run: |
-        poetry config virtualenvs.create true --local
-        poetry config virtualenvs.in-project true --local
+      - name: Cache dependencies
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a
+        with:
+          path: ./.venv
+          key: venv-${{ runner.os }}-py${{ matrix.python-version }}-${{ hashFiles('poetry.lock') }}
+          restore-keys: |
+            venv-${{ runner.os }}-py${{ matrix.python-version }}-
 
-    - uses: actions/cache@v3
-      name: Cache Dependencies
-      with:
-        path: ./.venv
-        key: venv-${{ hashFiles('poetry.lock') }}
+      - name: Install package
+        run: |
+          poetry install --all-extras
 
-    - name: Install dependencies
-      run: poetry install --all-extras
+      - name: Validate version
+        run: |
+          POETRY_VERSION=$(poetry version -s)
+          INIT_VERSION=$(python -c "import dreadnode_cli; print(dreadnode_cli.__version__)")
+          if [ "$POETRY_VERSION" != "$INIT_VERSION" ]; then
+            echo "Version mismatch: pyproject.toml ($POETRY_VERSION) != __init__.py ($INIT_VERSION)"
+            exit 1
+          fi
 
-    - name: Verify version match
-      run: |
-        toml_version=$(grep -oP '(?<=version = ")[^"]+' pyproject.toml | head -1)
-        package_version=$(grep -oP '(?<=__version__ = ")[^"]+' dreadnode_cli/__init__.py)
-        
-        if [ "$toml_version" != "$package_version" ]; then
-          echo "Version mismatch detected!"
-          echo "Version in pyproject.toml: $toml_version"
-          echo "Version in package: $package_version"
-          exit 1
-        else
-          echo "Versions match: $toml_version"
-        fi
+      - name: Lint
+        run: poetry run ruff check --output-format=github dreadnode_cli
 
-    - name: Linting
-      run: poetry run ruff dreadnode_cli/
+      - name: Type check
+        run: poetry run mypy --no-error-summary dreadnode_cli
 
-    - name: Typecheck
-      run: poetry run mypy dreadnode_cli/
+      - name: Test
+        run: poetry run pytest --junitxml=pytest.xml dreadnode_cli
 
-    - name: Tests
-      run: poetry run pytest dreadnode_cli/
+      - name: Upload test results
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
+        if: always()
+        with:
+          name: test-results-${{ matrix.python-version }}
+          path: pytest.xml

.github/workflows/docker-build.yml

@@ -0,0 +1,95 @@
+name: Publish
+
+on:
+  push:
+    tags: ["v*"]
+
+jobs:
+  publish-package:
+    name: Publish Package
+    environment: protected
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: Setup Python
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b
+        with:
+          python-version: "3.11"
+
+      - name: Install Poetry
+        uses: abatilo/actions-poetry@e78f54a89cb052fff327414dd9ff010b5d2b4dbd
+
+      - name: Configure Poetry
+        run: |
+          poetry config virtualenvs.create true --local
+          poetry config virtualenvs.in-project true --local
+
+      - name: Install package
+        run: poetry install --no-dev
+
+      - name: Validate version
+        run: |
+          TAG_VERSION=${GITHUB_REF#refs/tags/v}
+          POETRY_VERSION=$(poetry version -s)
+          INIT_VERSION=$(python -c "import dreadnode_cli; print(dreadnode_cli.__version__)")
+
+          if ! [[ $TAG_VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Invalid tag format: $TAG_VERSION. Must be vX.X.X"
+            exit 1
+          fi
+
+          if [ "$POETRY_VERSION" != "$INIT_VERSION" ]; then
+            echo "Version mismatch: pyproject.toml ($POETRY_VERSION) != __init__.py ($INIT_VERSION)"
+            exit 1
+          fi
+
+          if [ "$TAG_VERSION" != "$POETRY_VERSION" ]; then
+            echo "Tag ($TAG_VERSION) doesn't match pyproject.toml ($POETRY_VERSION)"
+            exit 1
+          fi
+
+      - name: Build and publish
+        run: |
+          poetry build
+          poetry publish
+
+  publish-docker:
+    name: Publish Docker
+    environment: protected
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set Docker tags
+        id: tags
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/v}
+          echo "tags=dreadnode/cli:latest,dreadnode/cli:$VERSION" >> $GITHUB_OUTPUT
+
+      - name: Build and push
+        uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.tags.outputs.tags }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/publish.yml

@@ -0,0 +1,14 @@
+repos:
+  # Standard pre-commit hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: check-yaml
+      - id: trailing-whitespace
+
+  # Github actions
+  - repo: https://github.com/rhysd/actionlint
+    rev: v1.7.1
+    hooks:
+      - id: actionlint
+        name: Check Github Actions

.pre-commit-config.yaml

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 dreadnode
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

LICENSE

@@ -1,7 +1,34 @@
-Dreadnode command line interface.
+<p align="center">
+    <img
+    src="https://d1lppblt9t2x15.cloudfront.net/logos/5714928f3cdc09503751580cffbe8d02.png"
+    alt="Logo"
+    align="center"
+    width="144px"
+    height="144px"
+    />
+</p>
+
+<h3 align="center">
+Dreadnode command line interface
+</h3>
+
+<h4 align="center">
+    <img alt="PyPI - Python Version" src="https://img.shields.io/pypi/pyversions/dreadnode-cli">
+    <img alt="PyPI - Version" src="https://img.shields.io/pypi/v/dreadnode-cli">
+    <img alt="GitHub License" src="https://img.shields.io/github/license/dreadnode/cli">
+    <img alt="GitHub Actions Workflow Status" src="https://img.shields.io/github/actions/workflow/status/dreadnode/cli/ci.yml">
+</h4>
+
+</br>
 
 ## Installation
 
+### From PyPi:
+
+```bash
+pip install dreadnode-cli
+```
+
 ### With Poetry:
 
 This project is packaged for and meant to be used with the [Poetry package management tool](https://python-poetry.org/).