chore: remove legacy files and update project standards

- Delete obsolete configuration and metadata  (tox.ini, etc)
- Replace `README.rst` with `README.md`
- Remove unused Makefile and entrypoint script
- Update `.dockerignore` to include commonly ignored artifacts
- Modernize and clean up `compose.yml` setup
- Upgrade Python and dependency versions in `uv.lock`
- Enhance token generator script with new helper functions

Author: fed1337

.dockerignore

@@ -1,12 +1,18 @@
 **/__pycache__
 .git
+.github
 .idea
 .mypy_cache
 .pytest_cache
 .ruff_cache
 .venv
+.tmp
+dist
+docs
+htmlcov
+lemur.egg-info
 lemur/static/dist
 node_modules
 bower_components
-.tmp
-migrations
+*.md
+*.rst

.github/workflows/ci.yml

@@ -0,0 +1,81 @@
+name: CI
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  check:
+    name: Run checks on codebase
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Install system deps
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            libsasl2-dev \
+            libldap2-dev
+      - uses: actions/checkout@v6
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+      - name: Sync dev dependencies
+        run: uv sync --frozen --dev --group tests
+      - name: Ruff check
+        run: uv run ruff check lemur
+      - name: Ruff format check
+        run: uv run ruff format --check lemur
+      - name: mypy check
+        run: uv run mypy lemur
+
+  test:
+    needs: check
+    name: Tests (py${{ matrix.python }} / pg${{ matrix.postgres }})
+    runs-on: ubuntu-22.04
+
+    strategy:
+      matrix:
+        python: [ "3.10", "3.11", "3.12" ]
+        postgres: [ 14, 15, 16, 17, 18 ]
+
+    services:
+      postgres:
+        image: postgres:${{ matrix.postgres }}
+        env:
+          POSTGRES_USER: lemur
+          POSTGRES_PASSWORD: lemur
+          POSTGRES_DB: lemur
+        options: >-
+          --health-cmd "pg_isready -U lemur"
+          --health-interval 5s
+          --health-timeout 5s
+          --health-retries 3
+        ports:
+          - 5432:5432
+
+    env:
+      SQLALCHEMY_DATABASE_URI: postgresql://lemur:lemur@localhost:5432/lemur
+      BOTO_CONFIG: /doesnotexist
+      PY_COLORS: "1"
+      FORCE_COLOR: "1"
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v7
+
+      - name: Set Python ${{ matrix.python }}
+        run: uv python install ${{ matrix.python }}
+
+      - name: Install system deps
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            libsasl2-dev \
+            libldap2-dev
+
+      - name: Sync runtime + dev deps
+        run: uv sync --frozen --dev --group tests
+
+      - name: Run tests
+        run: |
+          uv run pytest --cov=lemur --cov-report=xml

.hadolint.yaml

@@ -0,0 +1,2 @@
+ignored:
+  - DL3018

.pre-commit-config.yaml

@@ -2,16 +2,19 @@
 default_language_version:
   python: python3.10
 
+exclude: ^(\.git|\.[^/]+|lemur/migrations|docs|lemur/static/dist)(/|$)|.*\.(md|rst)$
+
 repos:
-#  - repo: https://github.com/pre-commit/pre-commit-hooks
-#    rev: v6.0.0
-#    hooks:
-#      - id: trailing-whitespace
-#      - id: check-merge-conflict
-#      - id: mixed-line-ending
-#      - id: end-of-file-fixer
-#      - id: check-yaml
-#      - id: check-toml
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: check-added-large-files
+      - id: check-executables-have-shebangs
+      - id: check-shebang-scripts-are-executable
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+      - id: end-of-file-fixer
+      - id: fix-byte-order-marker
 
   - repo: https://github.com/gitleaks/gitleaks
     rev: v8.30.0

.python-version

@@ -1,3 +1,2 @@
 - Kevin Glisson <[email protected]>
 - Jeremy Heffner <[email protected]>
-

AUTHORS

@@ -1,75 +1,69 @@
-FROM python:3.10-slim-bookworm AS builder
+FROM python:3.10-alpine3.22 AS builder
 
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-
-# Install build dependencies
-RUN apt update && apt upgrade -y && apt install -y --no-install-recommends \
-    curl \
-    git \
-    build-essential \
-    libldap2-dev \
-    libsasl2-dev && \
-    rm -rf /var/lib/apt/lists/*
-
-# Install nodejs 18 with npm
-RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
-    apt update && \
-    apt install -y --no-install-recommends nodejs && \
-    rm -rf /var/lib/apt/lists/*
-
-# Download the latest uv installer
-ADD https://astral.sh/uv/install.sh /uv-installer.sh
-
-# Run the installer then remove it
-RUN sh /uv-installer.sh && rm /uv-installer.sh
+COPY --from=ghcr.io/astral-sh/uv:0.9 /uv /uvx /bin/
 
-# Ensure the installed uv binary is on the `PATH`
-ENV PATH="/root/.local/bin/:$PATH"
+ENV PATH="/root/.local/bin/:$PATH" \
+    CFLAGS="-Os -fomit-frame-pointer" \
+    LDFLAGS="-Wl,--strip-all"
 
-# Copy dependency files & set workdir
 WORKDIR /opt/lemur
 COPY . .
 
-# Install Python dependencies with uv
-RUN uv sync --frozen
-
-RUN npm install \
-    && npm run build_static \
-    && node_modules/.bin/gulp package --urlContextPath="" \
-    && rm -rf node_modules bower_components .tmp
+RUN apk add --update --no-cache --virtual build-dependencies \
+    curl \
+    bash \
+    git \
+    tar \
+    musl-dev \
+    gcc \
+    openldap-dev \
+    binutils \
+    npm \
+    && uv sync --no-dev --frozen --compile-bytecode
 
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-FROM python:3.10-slim-bookworm AS runtime
+RUN curl -sSL https://github.com/caddyserver/caddy/releases/download/v2.10.2/caddy_2.10.2_linux_amd64.tar.gz | tar xz -C /usr/bin \
+    && npm config set cache /tmp/npm-cache \
+    && npm install \
+    && node_modules/.bin/gulp build \
+    && node_modules/.bin/gulp package --urlContextPath="" \
+    && rm -rf node_modules bower_components .tmp /tmp/npm-cache \
+    /usr/lib/python3.10/ensurepip \
+    /usr/lib/python3.10/idlelib \
+    /usr/lib/python3.10/test \
+    /usr/lib/python3.10/lib2to3 \
+    /usr/lib/python3.10/pydoc_data \
+    /usr/lib/python3.10/tkinter \
+    && strip /usr/bin/caddy \
+    && strip /opt/lemur/.venv/lib/python*/site-packages/**/*.so || true \
+    && find /opt/lemur/.venv -name "*.so" -exec strip --strip-unneeded {} + || true \
+    && apk del build-dependencies
+
+
+FROM python:3.10-alpine3.22 AS runtime
+
+ENV uid=1337
+ENV gid=1337
+ENV user=lemur
+ENV group=lemur
 
 ENV PATH="/opt/lemur/.venv/bin:${PATH}" \
     PYTHONUNBUFFERED=1 \
     PYTHONDONTWRITEBYTECODE=1
 
-RUN apt update && apt upgrade -y && apt install -y --no-install-recommends \
-    debian-keyring debian-archive-keyring apt-transport-https curl libldap-2.5-0 make gnupg && \
-    rm -rf /var/lib/apt/lists/*
-
-RUN curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/gpg.key | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg && \
-    curl -1sLf https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt | tee /etc/apt/sources.list.d/caddy-stable.list && \
-    chmod o+r /usr/share/keyrings/caddy-stable-archive-keyring.gpg && \
-    chmod o+r /etc/apt/sources.list.d/caddy-stable.list && \
-    apt update && apt install caddy && \
-    rm -rf /var/lib/apt/lists/*
+RUN apk add --no-cache curl libldap bash openssl
 
-# Create lemur user
-RUN useradd --create-home --shell /bin/bash lemur
+RUN addgroup -S ${group} -g ${gid} \
+    && adduser -D -S ${user} -G ${group} -u ${uid}
 
-# Copy built project
-COPY --from=builder --chown=lemur:lemur /opt/lemur /opt/lemur
+COPY --from=builder --chown=${uid}:${gid} /opt/lemur /opt/lemur
+COPY --from=builder --chown=${uid}:${gid} /usr/bin/caddy /usr/bin/caddy
 
-# Ensure entrypoint is executable
-RUN chmod +x /opt/lemur/entrypoint
+RUN chmod +x /opt/lemur/docker/entrypoint.sh
 
-# Switch to the user
 USER lemur
 
-# Expose port
 EXPOSE 80
 
-# Default command
-ENTRYPOINT ["/opt/lemur/entrypoint"]
+ENTRYPOINT ["/opt/lemur/docker/entrypoint.sh"]

Dockerfile

@@ -198,4 +198,4 @@
    distributed under the License is distributed on an "AS IS" BASIS,
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
-   limitations under the License.
+   limitations under the License.

LICENSE

@@ -0,0 +1,4 @@
+include pyproject.toml package.json bower.json gulpfile.js README.md MANIFEST.in LICENSE AUTHORS
+recursive-include lemur/plugins/lemur_email/templates *
+recursive-include lemur/static *
+global-exclude *~