ci: Initial version of build-publish workflow for python-sshnpd

.github/dependabot.yml

@@ -23,10 +23,10 @@ updates:
     schedule:
       interval: "daily"
   - package-ecosystem: "pip"
-    directory: "/packages/sshnoports_sdk_python/"
+    directory: "/packages/python/sshnoports_sdk/"
     schedule:
       interval: "daily"
   - package-ecosystem: "pip"
-    directory: "/packages/sshnpdpy/"
+    directory: "/packages/python/sshnpdpy/"
     schedule:
       interval: "daily"

.github/workflows/python-sshnpd-build-publish.yml

@@ -0,0 +1,122 @@
+name: Build and publish sshnpd PyPI package
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - 'p*.*.*'
+    branches:
+      - trunk
+
+permissions:  # added using https://github.com/step-security/secure-repo
+  contents: read
+
+jobs:
+  build:
+    name: Build package
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout this repo
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+    - name: Set up Python
+      uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+      with:
+          python-version: '3.11'
+
+    - name: Install Poetry
+      uses: abatilo/actions-poetry@192395c0d10c082a7c62294ab5d9a9de40e48974 # v2.3.0
+      with:
+        poetry-version: '1.7.1'
+
+    - name: Build using Poetry
+      working-directory: packages/python/sshnpd
+      run: |
+        poetry build
+
+    - name: Store the distribution packages
+      uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
+      with:
+        name: sshnpd-python-package
+        path: dist/
+
+  publish-to-testpypi:
+    name: Publish package to TestPyPI
+    needs:
+    - build
+    runs-on: ubuntu-latest
+
+    environment:
+      name: testpypi
+      url: https://test.pypi.org/p/sshnpd
+
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@7a1cd3216ca9260cd8022db641d960b1db4d1be4 # v4.0.0
+      with:
+        name: sshnpd-python-package
+        path: dist/
+    - name: Publish distribution to TestPyPI
+      uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # v1.8.11
+      with:
+        skip-existing: true
+        repository-url: https://test.pypi.org/legacy/
+
+  publish-to-pypi:
+    name: Publish package to PyPI
+    if: startsWith(github.ref, 'refs/tags/p')  # only publish to PyPI on tag pushes
+    needs:
+    - build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/sshnpd
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@7a1cd3216ca9260cd8022db641d960b1db4d1be4 # v4.0.0
+      with:
+        name: sshnpd-python-package
+        path: dist/
+    - name: Publish distribution to PyPI
+      uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # v1.8.11
+
+  github-release:
+    name: >-
+      Sign the Python distribution with Sigstore
+      and upload them to GitHub Release
+    needs:
+    - publish-to-pypi
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
+
+    steps:
+    - name: Download all the dists
+      uses: actions/download-artifact@7a1cd3216ca9260cd8022db641d960b1db4d1be4 # v4.0.0
+      with:
+        name: sshnpd-python-package
+        path: dist/
+    - name: Sign the dists with Sigstore
+      uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 # v2.1.1
+      with:
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl
+    - name: Upload artifact signatures to GitHub Release
+      env:
+        GITHUB_TOKEN: ${{ github.token }}
+      # Upload to GitHub Release using the `gh` CLI.
+      # `dist/` contains the built packages, and the
+      # sigstore-produced signatures and certificates.
+      run: >-
+        gh release upload
+        '${{ github.ref_name }}' dist/**
+        --repo '${{ github.repository }}'

.github/workflows/update_python_requirements.yaml

@@ -2,7 +2,8 @@ name: Bump requirements.txt
 on:
   pull_request:
     paths:
-      - 'pyproject.toml'
+      - 'packages/python/sshnpd/pyproject.toml'
+      - 'packages/python/sshnoports_sdk/pyproject.toml'
   workflow_dispatch:
 
 permissions:
@@ -33,7 +34,8 @@ jobs:
       with:
         poetry-version: '1.7.1'
 
-    - name: Bump Python dependencies
+    - name: Bump sshnpd Python dependencies
+      working-directory: packages/python/sshnpd
       if: ${{ github.actor == 'dependabot[bot]' }}
       run: |
         poetry update
@@ -45,6 +47,23 @@ jobs:
           echo 'No changes to commit on this run'
           exit 0
         else
-          git commit -m "build(deps): Bump requirements.txt"
+          git commit -m "build(deps): Bump sshnpd requirements.txt"
           git push
-        fi
+        fi
+
+    - name: Bump sshnoports_sdk Python dependencies
+      working-directory: packages/python/sshnoports_sdk
+      if: ${{ github.actor == 'dependabot[bot]' }}
+      run: |
+        poetry update
+        poetry export --format requirements.txt --output requirements.txt
+        git config --global user.name 'dependabot[bot]'
+        git config --global user.email 'dependabot[bot]@users.noreply.github.com'
+        git add requirements.txt
+        if [ -z "$(git status --porcelain)" ]; then 
+          echo 'No changes to commit on this run'
+          exit 0
+        else
+          git commit -m "build(deps): Bump sshnoports_sdk requirements.txt"
+          git push
+        fi

packages/python/sshnpd/LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2022, The Atsign Foundation
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

packages/python/sshnpd/README.md

@@ -0,0 +1,50 @@
+<h1><img width=250px src="https://atsign.dev/assets/img/atPlatform_logo_gray.svg?sanitize=true" alt="The atPlatform logo"></h1>
+
+[![GitHub License](https://img.shields.io/badge/license-BSD3-blue.svg)](./LICENSE)
+
+# SSHNPD Python
+
+SSH No Ports provides a way to ssh to a remote linux host/device without that
+device or the client having any open ports (not even 22) on external
+interfaces. All network connectivity is outbound and there is no need to
+know the IP address the device has been given. As long as the device and
+client has an IP address (public or private 1918), DNS and Internet access,
+you will be able to connect to it.
+
+This version is SSHNP Daemon written in Python, it is still in its beta
+stage of developement.
+
+## Prerequisites
+
+SSHNPD Python requires the following:
+
+* 2 atsigns, one for the client and one for the device
+* any machine with sshd running and python3 installed
+* atsdk installed
+
+## Installation
+
+This package can be installed from PyPI with:
+
+```sh
+pip install sshnpd
+```
+
+Alternatively clone this repo and from the repo root:
+
+```sh
+cd packages/python/sshnpd
+pip install -r requirements.txt
+pip install .
+```
+
+## Running the program
+
+```sh
+sshnpd -m @{clientAtsign} -a @{deviceAtsign} -d {deviceName}
+```
+
+## No Ports SDK Python (experimental)
+
+There is a simple python SDK which allows you to create scripts for common
+administrative patterns via SSH No Ports.

packages/sshnoports_python/sshnpd/pyproject.toml → packages/python/sshnpd/pyproject.toml

@@ -1,15 +1,18 @@
 [tool.poetry]
-name = "sshnpdpy"
-version = "0.3.0"
-description = ""
-authors = ["Xavier Lin <@Xlin123>"]
+name = "sshnpd"
+version = "0.4.0"
+description = "Python implementation of SSH No Ports daemon"
+authors = ["Xavier Lin <xavier.lin@atsign.com >"]
+maintainers = ["Chris Swan <chris@atsign.com>"]
 readme = "README.md"
+homepage = "https://github.com/atsign-foundation/sshnoports"
 
 [tool.poetry.scripts]
-sshnpdpy = 'sshnpdpy:main'
+sshnpd = 'sshnpd:main'
 
 [tool.poetry.dependencies]
 python = "^3.10"
+atsdk = "^0.1.0"
 bcrypt = "^4.0.1"
 cffi = "^1.15.1"
 cryptography = "^41.0.3"
@@ -18,9 +21,6 @@ pycparser = "^2.21"
 PyNaCl = "^1.5.0"
 setuptools = "^69.0.0"
 
-
-
-
 [build-system]
 requires = ["poetry-core"]
 build-backend = "poetry.core.masonry.api"