Merge pull request #33 from asacristani/use_trunk_and_format_the_curr…

…ent_code

use_trunk_and_format_the_current_code

.github/workflows/ci.yml

@@ -1,56 +1,42 @@
+# trunk-ignore-all(checkov/CKV2_GHA_1)
 name: CI
 
 on:
   push:
     branches:
-    - main
+      - main
   pull_request:
     branches:
-    - '*'
+      - "*"
 
 jobs:
   build:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-
-    - name: Build Docker Compose
-      run: make build
+      - name: Checkout code
+        uses: actions/checkout@v4
 
+      - name: Build Docker Compose
+        run: make build
 
   unit-test:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-
-    - name: Set up Python
-      uses: actions/setup-python@v4
-      with:
-        python-version: 3.11
-
-    - name: Install dependencies
-      run: pip install .
-
-    - name: Install pytest
-      run: pip install pytest pytest-cov pytest-asyncio pytest-mock
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-    - name: Run Unit Tests
-      run: make test
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
 
+      - name: Install dependencies
+        run: pip install .
 
-  style:
-    runs-on: ubuntu-latest
-
-    steps:
-    - name: Checkout code
-      uses: actions/checkout@v4
-
-    - name: Install pre-commit
-      run: pip install pre-commit
+      - name: Install pytest
+        run: pip install pytest pytest-cov pytest-asyncio pytest-mock
 
-    - name: Run pre-commit hooks
-      run: pre-commit run --all-files
+      - name: Run Unit Tests
+        run: make test

.github/workflows/trunk-check.yaml

@@ -0,0 +1,22 @@
+name: Pull Request
+on: [pull_request]
+concurrency:
+  group: ${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+permissions: read-all
+
+jobs:
+  trunk_check:
+    name: Trunk Check Runner
+    runs-on: ubuntu-latest
+    permissions:
+      checks: write # For trunk to post annotations
+      contents: read # For repo checkout
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Trunk Check
+        uses: trunk-io/trunk-action@v1

.trunk/.gitignore

@@ -0,0 +1,9 @@
+*out
+*logs
+*actions
+*notifications
+*tools
+plugins
+user_trunk.yaml
+user.yaml
+tmp

.trunk/configs/.hadolint.yaml

@@ -0,0 +1,4 @@
+# Following source doesn't work in most setups
+ignored:
+  - SC1090
+  - SC1091

.trunk/configs/.markdownlint.yaml

@@ -0,0 +1,2 @@
+# Prettier friendly markdownlint config (all formatting rules disabled)
+extends: markdownlint/style/prettier

.trunk/configs/.shellcheckrc

@@ -0,0 +1,7 @@
+enable=all
+source-path=SCRIPTDIR
+disable=SC2154
+
+# If you're having issues with shellcheck following source, disable the errors via:
+# disable=SC1090
+# disable=SC1091

.trunk/configs/.yamllint.yaml

@@ -0,0 +1,7 @@
+rules:
+  quoted-strings:
+    required: only-when-needed
+    extra-allowed: ["{|}"]
+  key-duplicates: {}
+  octal-values:
+    forbid-implicit-octal: true

.trunk/configs/ruff.toml

@@ -0,0 +1,5 @@
+# Generic, formatter-friendly config.
+select = ["B", "D3", "E", "F"]
+
+# Never enforce `E501` (line length violations). This should be handled by formatters.
+ignore = ["E501"]

.trunk/trunk.yaml

@@ -0,0 +1,46 @@
+# This file controls the behavior of Trunk: https://docs.trunk.io/cli
+# To learn more about the format of this file, see https://docs.trunk.io/reference/trunk-yaml
+version: 0.1
+cli:
+  version: 1.21.0
+# Trunk provides extensibility via plugins. (https://docs.trunk.io/plugins)
+plugins:
+  sources:
+    - id: trunk
+      ref: v1.4.5
+      uri: https://github.com/trunk-io/plugins
+# Many linters and tools depend on runtimes - configure them here. (https://docs.trunk.io/runtimes)
+runtimes:
+  enabled:
+    - go@1.21.0
+    - node@18.12.1
+    - python@3.10.8
+# This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
+lint:
+  disabled:
+  enabled:
+    - osv-scanner@1.7.0
+    - actionlint@1.6.27
+    - bandit@1.7.8
+    - black@24.3.0
+    - checkov@3.2.53
+    - flake8@7.0.0
+    - git-diff-check
+    - hadolint@2.12.0
+    - isort@5.13.2
+    - markdownlint@0.39.0
+    - prettier@3.2.5
+    - ruff@0.3.5
+    - shellcheck@0.10.0
+    - shfmt@3.6.0
+    - taplo@0.8.1
+    - terrascan@1.19.1
+    - trivy@0.50.1
+    - trufflehog@3.71.0
+    - yamllint@1.35.1
+actions:
+  enabled:
+    - trunk-announce
+    - trunk-check-pre-push
+    - trunk-fmt-pre-commit
+    - trunk-upgrade-available

Dockerfile

@@ -1,12 +1,23 @@
+# trunk-ignore-all(terrascan/AC_DOCKER_0047)
 FROM python:3.11
 
 WORKDIR /app
 
 COPY . /app
 
-RUN pip install .
+# Install dependencies following best practices
+RUN pip install --no-cache-dir .
 
 # Port
 EXPOSE 8000
 
-CMD ./entrypoint.sh
+# Health Check
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
+  CMD [ "curl", "-f", "http://localhost:8000/check_health" ]
+
+# Create a non-root user 'appuser' and switch to this user
+RUN useradd --create-home appuser
+USER appuser
+
+# CMD with JSON notation
+CMD ["./entrypoint.sh"]

Makefile

@@ -1,6 +1,9 @@
 install:
+	# Requirements 
 	pip install poetry && \
 	poetry install
+	# pre-commit
+	curl https://get.trunk.io -fsSL | bash
 
 run:
 	docker-compose build && \