Infrastructure update (#78)

febus982 · web-flow · commit c61660d6675b · 2024-01-27T20:54:23.000Z
* CI workflows update

* Add  and configure mkdocs-adr-summary-macro

Signed-off-by: Federico Busetti &lt;729029+febus982@users.noreply.github.com&gt;
diff --git a/.bandit.yml b/.bandit.yml
diff --git a/.codeclimate.yml b/.codeclimate.yml
@@ -0,0 +1,24 @@
+version: "2"
+plugins:
+  bandit:
+    enabled: true
+  sonar-python:
+    enabled: true
+exclude_patterns:
+  - "spec/"
+  - "!spec/support/helpers"
+  - "config/"
+  - "alembic/"
+  - "grpc_app/generated/"
+  - "db/"
+  - "dist/"
+  - "features/"
+  - "**/node_modules/"
+  - "script/"
+  - "**/spec/"
+  - "**/test/"
+  - "**/tests/"
+  - "Tests/"
+  - "**/vendor/"
+  - "**/*_test.go"
+  - "**/*.d.ts"
diff --git a/.github/workflows/github-pages.yml b/.github/workflows/github-pages.yml
@@ -37,7 +37,7 @@ jobs:
           python -m pip install --upgrade pip
           python -m pip install poetry
           poetry config virtualenvs.create false
-          poetry install --no-root --with dev
+          make dev-dependencies
 
       - name: Build static pages
         run: make docs-build
diff --git a/.github/workflows/python-3.11.yml b/.github/workflows/python-3.11.yml
diff --git a/.github/workflows/python-3.9.yml b/.github/workflows/python-3.9.yml
diff --git a/.github/workflows/python-bandit.yml b/.github/workflows/python-bandit.yml
@@ -0,0 +1,32 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Bandit checks
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  bandit:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Security check - Bandit
+      uses: ioggstream/bandit-report-artifacts@v1.7.4
+      with:
+        project_path: .
+        config_file: .bandit.yml
+
+    # This is optional
+    - name: Security check report artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: Security report
+        path: output/security_report.txt
diff --git a/.github/workflows/python-code-style.yml b/.github/workflows/python-code-style.yml
@@ -8,15 +8,17 @@ on:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
 jobs:
-  quality:
+  format:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python 3.11
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5
       with:
         python-version: "3.11"
     - name: Install dependencies
diff --git a/.github/workflows/python-lint.yml b/.github/workflows/python-lint.yml
@@ -8,15 +8,17 @@ on:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
 jobs:
-  quality:
+  lint:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python 3.11
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5
       with:
         python-version: "3.11"
     - name: Install dependencies
diff --git a/.github/workflows/python-quality.yml b/.github/workflows/python-quality.yml
@@ -8,15 +8,17 @@ on:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
 jobs:
   quality:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python 3.11
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5
       with:
         python-version: "3.11"
     - name: Install dependencies
@@ -26,8 +28,7 @@ jobs:
         poetry config virtualenvs.create false
         make dev-dependencies
     - name: Test & publish code coverage
-      uses: paambaati/codeclimate-action@v3.2.0
-      if: env.CC_TEST_REPORTER_ID != null
+      uses: paambaati/codeclimate-action@v5.0.0
       env:
         CC_TEST_REPORTER_ID: ${{ secrets.CODECLIMATE_REPORTER_ID }}
       with:
diff --git a/.github/workflows/python-tests.yml b/.github/workflows/python-tests.yml
@@ -1,24 +1,29 @@
 # This workflow will install Python dependencies, run tests and lint with a variety of Python versions
 # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
 
-name: Python 3.10
+name: Python tests
 
 on:
   push:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
 
 jobs:
   test:
-    runs-on: ubuntu-latest
-
+    strategy:
+      matrix:
+        version: ["3.9", "3.10", "3.11"]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v3
-    - name: Set up Python 3.10
-      uses: actions/setup-python@v3
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.version }}
+      uses: actions/setup-python@v5
       with:
-        python-version: "3.10"
+        python-version: "${{ matrix.version }}"
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
diff --git a/Makefile b/Makefile
@@ -56,6 +56,9 @@ lint:
 lint-fix:
 	poetry run ruff . --fix
 
+bandit:
+	poetry run bandit -c .bandit.yml -r .
+
 # There are issues on how python imports are generated when using nested
 # packages. The following setup appears to work, however it might need
 # to be reviewed. https://github.com/protocolbuffers/protobuf/issues/1491
@@ -74,7 +77,7 @@ generate-proto:
 	git add ./grpc_app/generated
 
 fix:  format-fix lint-fix
-check: typing test format lint
+check: format lint typing bandit test
 
 docs:
 	poetry run mkdocs serve
diff --git a/README.md b/README.md
@@ -1,8 +1,7 @@
 # Bootstrap python service
 [![CI Pipeline](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/ci-pipeline.yml/badge.svg)](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/ci-pipeline.yml)
-[![Python 3.9](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-3.9.yml/badge.svg?event=push)](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-3.9.yml)
-[![Python 3.10](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-3.10.yml/badge.svg?event=push)](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-3.10.yml)
-[![Python 3.11](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-3.11.yml/badge.svg?event=push)](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-3.11.yml)
+[![Python tests](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-tests.yml/badge.svg?branch=main)](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-tests.yml)
+[![Bandit checks](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-bandit.yml/badge.svg?branch=main)](https://github.com/febus982/bootstrap-python-fastapi/actions/workflows/python-bandit.yml)
 
 [![Maintainability](https://api.codeclimate.com/v1/badges/a2ab183e64778e21ae14/maintainability)](https://codeclimate.com/github/febus982/bootstrap-python-fastapi/maintainability)
 [![Test Coverage](https://api.codeclimate.com/v1/badges/a2ab183e64778e21ae14/test_coverage)](https://codeclimate.com/github/febus982/bootstrap-python-fastapi/test_coverage)
diff --git a/alembic/versions/2022-11-09-203313-52b1246eda46_create_tables.py b/alembic/versions/2022-11-09-203313-52b1246eda46_create_tables.py
@@ -5,6 +5,7 @@
 Create Date: 2022-11-09 20:33:13.035514
 
 """
+
 import sqlalchemy as sa
 
 from alembic import op
diff --git a/celery_worker/__init__.py b/celery_worker/__init__.py
@@ -3,6 +3,7 @@
 application layers (storage, logs) when running standalone workers
 without having to initialise the HTTP framework (or other ones)
 """
+
 from common.bootstrap import application_init
 from common.config import AppConfig
 
diff --git a/docs/adr/.pages b/docs/adr/.pages
@@ -1 +1,3 @@
-order: desc
+nav:
+  - Summary: summary.md
+  - ...
diff --git a/docs/adr/summary.md b/docs/adr/summary.md
@@ -1,3 +1,3 @@
-# Summary
+# ADR Summary
 
-TODO: Generate summary here
+{{ adr_summary(adr_path="docs/adr", adr_style="nygard", template_file="docs/adr_summary.jinja") }}
diff --git a/docs/adr_summary.jinja b/docs/adr_summary.jinja
@@ -0,0 +1,4 @@
+| Date | Decision | Status |
+|------|----------|--------|
+{% for d in documents %}| {{ d.date.strftime('%d-%m-%Y') }} | [{{ d.title }}]({{ d.filename }}) | {{ d.status }}  |
+{% endfor %}
diff --git a/domains/books/_data_access_interfaces.py b/domains/books/_data_access_interfaces.py
@@ -8,17 +8,14 @@
 
 
 class BookRepositoryInterface(Protocol):
-    async def save(self, book: BookModel) -> BookModel:
-        ...
+    async def save(self, book: BookModel) -> BookModel: ...
 
     async def find(
         self,
         search_params: Union[None, Mapping[str, Any]] = None,
         order_by: Union[None, Iterable[Union[str, Tuple[str, SortDirection]]]] = None,
-    ) -> List[BookModel]:
-        ...
+    ) -> List[BookModel]: ...
 
 
 class BookEventGatewayInterface(Protocol):
-    async def emit(self, event: BaseEvent) -> None:
-        ...
+    async def emit(self, event: BaseEvent) -> None: ...
diff --git a/domains/books/tasks.py b/domains/books/tasks.py
@@ -17,6 +17,7 @@
 
 https://docs.celeryq.dev/en/stable/userguide/tasks.html#avoid-launching-synchronous-subtasks
 """
+
 from celery import shared_task
 
 from domains.books.dto import BookData
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -10,6 +10,9 @@ repo_url: 'https://github.com/febus982/bootstrap-python-fastapi'
 plugins:
   - search
   - awesome-pages
+  - macros:
+      modules:
+        - mkdocs_macros_adr_summary
 
 # Do not use the nav section in this file but reference to the .pages files
 # in the docs/ directory and subdirectories (awesome-pages plugin)
@@ -25,21 +28,28 @@ theme:
     - content.code.copy
 
   palette:
-
-    # Palette toggle for light mode
-    - scheme: default
-      primary: teal
+    # Palette toggle for automatic mode
+    - media: "(prefers-color-scheme)"
       toggle:
-        icon: material/brightness-7
+        icon: material/brightness-auto
         name: Switch to dark mode
 
     # Palette toggle for dark mode
     - scheme: slate
+      media: "(prefers-color-scheme: dark)"
       primary: teal
       toggle:
         icon: material/brightness-4
         name: Switch to light mode
 
+    # Palette toggle for light mode
+    - scheme: default
+      media: "(prefers-color-scheme: light)"
+      primary: teal
+      toggle:
+        icon: material/brightness-7
+        name: Switch to auto mode
+
 extra:
   social:
     - icon: fontawesome/brands/linkedin
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
