ci(github): update secrets

.github/workflows/base_ci_workflow.yaml

@@ -63,13 +63,12 @@ jobs:
 
       - name: Install required dependencies for ${{ inputs.command }}
         if: ${{ inputs.command == 'publish' }}
-        env:
-          TWINE_PASSWORD: ${{ secrets.pypi_token }}
         run: |
           python -m pip install --upgrade --disable-pip-version-check pip
           python -m pip install --upgrade build twine
           pip install poetry
 
       - name: Run ${{ inputs.command }}
-        run: |
-          make ${{ inputs.command }}
+        env:
+          TWINE_PASSWORD: ${{ secrets.pypi_token }}
+        run: make ${{ inputs.command }}

.github/workflows/release.yml

@@ -22,4 +22,4 @@ jobs:
       - name: Release
         run: npx semantic-release
         env:
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitlab-ci.yml

@@ -0,0 +1,60 @@
+# You can override the included template(s) by including variable overrides
+# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
+# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
+# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
+# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
+# Note that environment variables can be set in several places
+# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
+
+image: python:3.10.4
+
+include:
+  - template: Security/SAST.gitlab-ci.yml
+
+stages:
+  - lint
+  - test
+  - build
+  - publish
+  - release
+
+before_script:
+  - export POETRY_HOME=/opt/poetry
+  - python3 -m venv $POETRY_HOME
+  - pip install --upgrade pip
+  - pip install poetry
+  - cd tictacai && poetry install
+
+lint:
+  stage: lint
+  script:
+    - pip install black
+    - black tictacai
+    - black clients
+
+sast:
+  stage: test
+
+test:
+  stage: test
+  needs:
+    - lint
+  script:
+    - pip install pytest
+    - pip install pytest-cov
+    - pytest
+
+build:
+  stage: build
+  needs:
+    - test
+  script: poetry build
+
+package:
+  stage: publish
+  needs:
+    - build
+  script:
+    - pip install build twine
+    - poetry build
+    - TWINE_PASSWORD=${CI_JOB_TOKEN} TWINE_USERNAME=gitlab-ci-token twine upload --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi --verbose -u '__token__' dist/*

README.md

@@ -1,5 +1,11 @@
 # Konsensus
 
+[![Lint](https://github.com/BrianLusina/konsensus/actions/workflows/lint.yml/badge.svg)](https://github.com/BrianLusina/konsensus/actions/workflows/lint.yml)
+[![Tests](https://github.com/BrianLusina/konsensus/actions/workflows/tests.yaml/badge.svg)](https://github.com/BrianLusina/konsensus/actions/workflows/tests.yaml)
+[![Build](https://github.com/BrianLusina/konsensus/actions/workflows/build.yaml/badge.svg)](https://github.com/BrianLusina/konsensus/actions/workflows/build.yaml)
+[![Publish](https://github.com/BrianLusina/konsensus/actions/workflows/publish.yaml/badge.svg)](https://github.com/BrianLusina/konsensus/actions/workflows/publish.yaml)
+[![CodeQL](https://github.com/BrianLusina/konsensus/actions/workflows/codeql.yaml/badge.svg)](https://github.com/BrianLusina/konsensus/actions/workflows/codeql.yaml)
+
 A simple clustering by consensus library in Python. This is a simple implementation of a replicated state machine
 using a Paxos-derived algorithm.