enable local CI tests

Author: yeoldegrove

.github/workflows/bandit.yml

@@ -1,41 +1,37 @@
 name: security checks
 on:
-  push:
-    paths-ignore:
-      - 'README.md'
-      - 'docs/**'
-      - '**/README.md'
-  pull_request:
-    paths-ignore:
-      - 'README.md'
-      - 'docs/**'
-      - '**/README.md'
+    push:
+        paths-ignore:
+            - "README.md"
+            - "docs/**"
+            - "**/README.md"
+    pull_request:
+        paths-ignore:
+            - "README.md"
+            - "docs/**"
+            - "**/README.md"
 permissions:
-  contents: read
+    contents: read
 jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
-      with:
-        python-version: "3.12"
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install bandit
-
-    - name: Simple bandit security checks
-      run: bandit -ll -ii -r . -f json -o bandit-report.json
-
-    - name: Show Report in Action Output
-      if: always()
-      run: cat bandit-report.json
-
-    - name: Upload Bandit Scan Artifact
-      uses: actions/upload-artifact@v4
-      if: always()
-      with:
-        name: bandit-findings
-        path: bandit-report.json
-
+    build:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v4
+            - uses: actions/setup-python@v5
+              with:
+                  python-version: "3.13"
+            - name: Install dependencies
+              run: |
+                  python -m pip install --upgrade pip
+                  pip install poetry
+            - name: Simple bandit security checks
+              run: make security
+            - name: Show Report in Action Output
+              if: always()
+              run: cat bandit-report.json
+            - name: Upload Bandit Scan Artifact
+              uses: actions/upload-artifact@v4
+              if: always()
+              with:
+                  name: bandit-findings
+                  path: bandit-report.json

.github/workflows/black.yml

@@ -3,8 +3,15 @@ name: Lint
 on: [push, pull_request]
 
 jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: psf/black@stable
+    lint:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v4
+            - uses: actions/setup-python@v5
+              with:
+                  python-version: "3.13"
+            - name: Install dependencies
+              run: |
+                  python -m pip install --upgrade pip
+                  pip install poetry
+            - run: make lint

.github/workflows/build.yml

@@ -1,29 +1,28 @@
 name: Build
 on:
-  push:
-    paths-ignore:
-      - 'README.md'
-      - 'docs/**'
-      - '**/README.md'
-  pull_request:
-    paths-ignore:
-      - 'README.md'
-      - 'docs/**'
-      - '**/README.md'
+    push:
+        paths-ignore:
+            - "README.md"
+            - "docs/**"
+            - "**/README.md"
+    pull_request:
+        paths-ignore:
+            - "README.md"
+            - "docs/**"
+            - "**/README.md"
 permissions:
-  contents: read
+    contents: read
 jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
-      with:
-        python-version: "3.12"
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install poetry
-    - name: Simple poetry build no package
-      run: poetry build
-
+    build:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v4
+            - uses: actions/setup-python@v5
+              with:
+                  python-version: "3.12"
+            - name: Install dependencies
+              run: |
+                  python -m pip install --upgrade pip
+                  pip install poetry
+            - name: Simple poetry build no package
+              run: make build

.github/workflows/docs.yml

@@ -3,28 +3,26 @@ name: Update Sphinx documentation
 on: [push, pull_request, workflow_dispatch]
 
 permissions:
-  contents: write
+    contents: write
 
 jobs:
-  docs:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-      - name: Install dependencies
-        run: |
-          pip install sphinx poetry
-      - name: Sphinx build
-        run: |
-          python -m venv venv
-          source venv/bin/activate
-          poetry install
-          sphinx-build docs _build
-      - name: Deploy to GitHub Pages
-        uses: peaceiris/actions-gh-pages@v4
-        if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
-        with:
-          publish_branch: gh-pages
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: _build
-          force_orphan: true
+    docs:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v4
+            - uses: actions/setup-python@v5
+              with:
+                  python-version: "3.12"
+            - name: Install dependencies
+              run: |
+                  python -m pip install --upgrade pip
+                  pip install poetry
+            - run: make docs
+            - name: Deploy to GitHub Pages
+              uses: peaceiris/actions-gh-pages@v4
+              if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+              with:
+                  publish_branch: gh-pages
+                  github_token: ${{ secrets.GITHUB_TOKEN }}
+                  publish_dir: _build
+                  force_orphan: true

.gitignore

@@ -162,3 +162,9 @@ cython_debug/
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
 .idea/
+
+# bandit
+bandit-report.json
+
+# zot
+test-data/zot

Makefile

@@ -0,0 +1,64 @@
+.PHONY: build install install-dev install-docs test format lint security docs clean help
+
+POETRY := poetry
+
+help:
+	@echo "Available targets:"
+	@echo "  build        - Build the package"
+	@echo "  install      - Install the package and dependencies"
+	@echo "  install-dev  - Install the package and dev dependencies"
+	@echo "  test         - Run tests"
+	@echo "  format       - Format code with black"
+	@echo "  lint         - Run linting checks"
+	@echo "  security     - Run security checks with bandit"
+	@echo "  docs         - Build the documentation"
+	@echo "  clean        - Clean build artifacts and cache"
+	@echo "  help         - Show this help message"
+
+build:
+	$(POETRY) build
+
+install:
+	$(POETRY) install
+
+install-dev:
+	$(POETRY) install --with dev
+
+install-docs:
+	$(POETRY) install --with dev,docs
+
+test-deps:
+	test -f ./test-data/zot || curl -o ./test-data/zot https://github.com/project-zot/zot/releases/download/v2.1.0/zot-linux-amd64
+	chmod +x ./test-data/zot
+
+test: install-dev test-deps
+	$(POETRY) run pytest
+
+format: install-dev
+	$(POETRY) run black .
+
+lint: install-dev
+	$(POETRY) run black --check .
+
+security: install-dev
+	@if [ "$(CI)" = "true" ]; then \
+		$(POETRY) run bandit -ll -ii -r . -f json -o bandit-report.json ; \
+	else \
+		$(POETRY) run bandit -r . ; \
+	fi
+
+docs: install-docs
+	$(POETRY) run sphinx-build docs _build
+
+clean:
+	rm -rf build/
+	rm -rf dist/
+	rm -rf *.egg-info/
+	rm -rf .eggs/
+	rm -rf .pytest_cache/
+	rm -rf .coverage
+	rm -rf htmlcov/
+	find . -type d -name __pycache__ -exec rm -rf {} +
+	find . -type f -name "*.pyc" -delete
+	find . -type f -name "*.pyo" -delete
+	find . -type f -name "*.pyd" -delete