Merge pull request #3 from camptocamp/first-build

First build
camptocamp · Nov 6, 2024 · ce3501b · ce3501b
2 parents 41ac205 + 6f072f2
commit ce3501b
Show file tree

Hide file tree

Showing 22 changed files with 1,373 additions and 997 deletions.
diff --git a/.bandit.yaml b/.bandit.yaml
@@ -1,2 +1,4 @@
 skips:
   - B101 # Use of assert detected.
+  - B603 # subprocess call - check for execution of untrusted input.
+  - B607 # Starting a process with a partial executable path.
diff --git a/.github/dpkg-versions.yaml b/.github/dpkg-versions.yaml
@@ -0,0 +1 @@
+{}
diff --git a/.github/publish.yaml b/.github/publish.yaml
@@ -4,4 +4,8 @@ pypi:
   versions:
     - version_tag
     - version_branch
-    - rebuild
+  packages:
+    - path: .
+docker:
+  images:
+    - name: camptocamp/tag-publish
diff --git a/.github/requirements.txt b/.github/requirements.txt
@@ -0,0 +1 @@
+c2cciutils==1.7.1
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -16,8 +16,8 @@ env:
   HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
 
 jobs:
-  main:
-    name: Continuous integration
+  pre-commit:
+    name: Pre commit checks
     runs-on: ubuntu-24.04
     timeout-minutes: 20
     if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
@@ -27,17 +27,10 @@ jobs:
         with:
           fetch-depth: 0
 
-      - uses: camptocamp/initialise-gopass-summon-action@v2
-        with:
-          ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
-          github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
-          patterns: pypi
-        if: env.HAS_SECRETS == 'HAS_SECRETS'
-
       - uses: actions/setup-python@v5
         with:
           python-version: '3.13'
-      - run: python3 -m pip install --requirement=requirements.txt
+      - run: python3 -m pip install $(grep pre-commit== requirements.txt)
 
       - uses: actions/cache@v4
         with:
@@ -54,18 +47,45 @@ jobs:
           retention-days: 1
         if: failure()
 
+  main:
+    name: Continuous integration
+    runs-on: ubuntu-24.04
+    timeout-minutes: 20
+    needs: pre-commit
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: camptocamp/initialise-gopass-summon-action@v2
+        with:
+          ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
+          github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
+          patterns: pypi
+        if: env.HAS_SECRETS == 'HAS_SECRETS'
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+      - run: python3 -m pip install --requirement=.github/requirements.txt
+      - run: python3 -m pip install --requirement=requirements.txt
+
       - name: Print the environment
         run: c2cciutils-env
         env:
           GITHUB_EVENT: ${{ toJson(github) }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - run: poetry install
       - name: Prospector
         run: poetry run prospector --die-on-tool-error --output-format=pylint
 
+      - run: docker build --tag camptocamp/tag-publish .
+
       - name: Publish
-        run: tag-publish
+        run: poetry run tag-publish
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true
         if: failure()

diff --git a/.github/workflows/repository-dispatch.yaml b/.github/workflows/repository-dispatch.yaml
@@ -0,0 +1,40 @@
+name: Print repository dispatch event
+
+on:
+  repository_dispatch:
+    types:
+      - published
+    inputs:
+      type:
+        description: The type of the event
+        required: true
+      name:
+        description: The package name
+      path:
+        description: The package path
+      version:
+        description: The package version
+      tag:
+        description: The package tag
+      repository:
+        description: The repository name or URL
+      version_type:
+        description: The version type
+        required: true
+
+jobs:
+  print:
+    runs-on: ubuntu-24.04
+    name: Print repository dispatch event
+    timeout-minutes: 10
+
+    steps:
+      - name: Print the event
+        run: |
+          echo "Event type: ${{ github.event.client_payload.type }}"
+          echo "Package name: ${{ github.event.client_payload.name }}"
+          echo "Package path: ${{ github.event.client_payload.path }}"
+          echo "Package version: ${{ github.event.client_payload.version }}"
+          echo "Package tag: ${{ github.event.client_payload.tag }}"
+          echo "Repository: ${{ github.event.client_payload.repository }}"
+          echo "Version type: ${{ github.event.client_payload.version_type }}"
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,3 @@
+FROM ubuntu
+
+RUN echo Just for a test
diff --git a/README.md b/README.md
@@ -37,7 +37,11 @@ It can also contain the following sentences:
 
 See also [GitHub Documentation](https://docs.github.com/en/github/managing-security-vulnerabilities/adding-a-security-policy-to-your-repository)
 
-## Publishing
+## Configuration
+
+### Dry run
+
+Dry run publish: `GITHUB_REF=... c2cciutils-publish --dry-run ...`
 
 ### To pypi
 

diff --git a/config.md b/config.md
@@ -7,63 +7,55 @@ _Tag Publish configuration file_
 - **`version`** _(object)_: The version configurations.
   - **`branch_to_version_re`**: Refer to _[#/definitions/version_transform](#definitions/version_transform)_.
   - **`tag_to_version_re`**: Refer to _[#/definitions/version_transform](#definitions/version_transform)_.
-- **`docker`**: Refer to _[#/definitions/publish_docker](#definitions/publish_docker)_.
-- **`pypi`**: Refer to _[#/definitions/publish_pypi](#definitions/publish_pypi)_.
-- **`helm`**: Refer to _[#/definitions/publish_helm](#definitions/publish_helm)_.
+- **`docker`**: Refer to _[#/definitions/docker](#definitions/docker)_.
+- **`pypi`**: Refer to _[#/definitions/pypi](#definitions/pypi)_.
+- **`helm`**: Refer to _[#/definitions/helm](#definitions/helm)_.
+- **`dispatch`** _(array)_: Default: `[{}]`.
+  - **Items** _(object)_: Send a dispatch event to an other repository. Default: `{}`.
+    - **`repository`** _(string)_: The repository name to be triggered. Default: `"camptocamp/argocd-gs-gmf-apps"`.
+    - **`event-type`** _(string)_: The event type to be triggered. Default: `"published"`.
 
 ## Definitions
 
-- <a id="definitions/publish_docker"></a>**`publish_docker`**: The configuration used to publish on Docker.
-  - **One of**
-    - _object_: The configuration used to publish on Docker.
-      - **`latest`** _(boolean)_: Publish the latest version on tag latest. Default: `true`.
-      - **`images`** _(array)_: List of images to be published.
-        - **Items** _(object)_
-          - **`group`** _(string)_: The image is in the group, should be used with the --group option of tag-publish script. Default: `"default"`.
-          - **`name`** _(string)_: The image name.
-          - **`tags`** _(array)_: The tag name, will be formatted with the version=<the version>, the image with version=latest should be present when we call the tag-publish script. Default: `["{version}"]`.
-            - **Items** _(string)_
-      - **`repository`** _(object)_: The repository where we should publish the images. Can contain additional properties. Default: `{"github": {"server": "ghcr.io", "versions": ["version_tag", "version_branch", "rebuild"]}, "dockerhub": {}}`.
-        - **Additional properties** _(object)_
-          - **`server`** _(string)_: The server URL.
-          - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script. Default: `["version_tag", "version_branch", "rebuild", "feature_branch"]`.
-            - **Items** _(string)_
-      - **`dispatch`**: Send a dispatch event to an other repository. Default: `{}`.
-        - **One of**
-          - _object_: Send a dispatch event to an other repository.
-            - **`repository`** _(string)_: The repository name to be triggered. Default: `"camptocamp/argocd-gs-gmf-apps"`.
-            - **`event-type`** _(string)_: The event type to be triggered. Default: `"image-update"`.
-          - : Must be: `false`.
-      - **`snyk`** _(object)_: Checks the published images with Snyk.
-        - **`monitor_args`**: The arguments to pass to the Snyk container monitor command. Default: `["--app-vulns"]`.
-          - **One of**
-            - _array_
-              - **Items** _(string)_
-            - : Must be: `false`.
-        - **`test_args`**: The arguments to pass to the Snyk container test command. Default: `["--app-vulns", "--severity-threshold=critical"]`.
-          - **One of**
-            - _array_
-              - **Items** _(string)_
-            - : Must be: `false`.
-    - : Must be: `false`.
-- <a id="definitions/publish_pypi"></a>**`publish_pypi`**: Configuration to publish on pypi. Default: `{}`.
-  - **One of**
-    - _object_: Configuration to publish on pypi.
-      - **`packages`** _(array)_: The configuration of packages that will be published.
-        - **Items** _(object)_: The configuration of package that will be published.
-          - **`group`** _(string)_: The image is in the group, should be used with the --group option of tag-publish script. Default: `"default"`.
-          - **`path`** _(string)_: The path of the pypi package.
-          - **`build_command`** _(array)_: The command used to do the build.
-            - **Items** _(string)_
-      - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script.
+- <a id="definitions/docker"></a>**`docker`** _(object)_: The configuration used to publish on Docker.
+  - **`latest`** _(boolean)_: Publish the latest version on tag latest. Default: `true`.
+  - **`images`** _(array)_: List of images to be published.
+    - **Items** _(object)_
+      - **`group`** _(string)_: The image is in the group, should be used with the --group option of tag-publish script. Default: `"default"`.
+      - **`name`** _(string)_: The image name.
+      - **`tags`** _(array)_: The tag name, will be formatted with the version=<the version>, the image with version=latest should be present when we call the tag-publish script. Default: `["{version}"]`.
         - **Items** _(string)_
-    - : Must be: `false`.
-- <a id="definitions/publish_helm"></a>**`publish_helm`**: Configuration to publish Helm charts on GitHub release.
+  - **`repository`** _(object)_: The repository where we should publish the images. Can contain additional properties. Default: `{"github": {"server": "ghcr.io", "versions": ["version_tag", "version_branch", "rebuild"]}, "dockerhub": {}}`.
+    - **Additional properties** _(object)_
+      - **`server`** _(string)_: The server URL.
+      - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script. Default: `["version_tag", "version_branch", "rebuild", "feature_branch"]`.
+        - **Items** _(string)_
+  - **`snyk`** _(object)_: Checks the published images with Snyk.
+    - **`monitor_args`**: The arguments to pass to the Snyk container monitor command. Default: `["--app-vulns"]`.
+      - **One of**
+        - _array_
+          - **Items** _(string)_
+        - : Must be: `false`.
+    - **`test_args`**: The arguments to pass to the Snyk container test command. Default: `["--app-vulns", "--severity-threshold=critical"]`.
+      - **One of**
+        - _array_
+          - **Items** _(string)_
+        - : Must be: `false`.
+- <a id="definitions/pypi"></a>**`pypi`** _(object)_: Configuration to publish on pypi.
+  - **`packages`** _(array)_: The configuration of packages that will be published.
+    - **Items** _(object)_: The configuration of package that will be published.
+      - **`group`** _(string)_: The image is in the group, should be used with the --group option of tag-publish script. Default: `"default"`.
+      - **`path`** _(string)_: The path of the pypi package. Default: `"."`.
+      - **`build_command`** _(array)_: The command used to do the build.
+        - **Items** _(string)_
+  - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script. Default: `["version_tag"]`.
+    - **Items** _(string)_
+- <a id="definitions/helm"></a>**`helm`**: Configuration to publish Helm charts on GitHub release.
   - **One of**
     - _object_: Configuration to publish on Helm charts on GitHub release.
       - **`folders`** _(array)_: The folders that will be published.
         - **Items** _(string)_
-      - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script.
+      - **`versions`** _(array)_: The kind or version that should be published, tag, branch or value of the --version argument of the tag-publish script. Default: `["version_tag"]`.
         - **Items** _(string)_
     - : Must be: `false`.
 - <a id="definitions/version_transform"></a>**`version_transform`** _(array)_: A version transformer definition.