Skip to content

Commit

Permalink
Merge f009703 into 327dad5
Browse files Browse the repository at this point in the history
  • Loading branch information
@dav3r
dav3r committed Apr 20, 2022
2 parents 327dad5 + f009703 commit 765195b
Show file tree
Hide file tree
Showing 14 changed files with 415 additions and 177 deletions.
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
View file
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,4 @@
# the repo. Unless a later match takes precedence,
# these owners will be requested for review when someone
# opens a pull request.
* @dav3r @felddy @jsf9k @mcdonnnj @cisagov/team-ois
* @dav3r @felddy @jsf9k @mcdonnnj
241 changes: 186 additions & 55 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
@@ -1,70 +1,144 @@
---
name: build

on: [
push,
pull_request
]
on:
push:
pull_request:
repository_dispatch:
types: [apb]

env:
CURL_CACHE_DIR: ~/.cache/curl
PIP_CACHE_DIR: ~/.cache/pip
PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit
RUN_TMATE: ${{ secrets.RUN_TMATE }}

jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
- id: setup-env
uses: cisagov/setup-env-github-action@develop
- uses: actions/checkout@v3
- id: setup-python
uses: actions/setup-python@v3
with:
python-version: 3.8
- name: Store installed Python version
python-version: "3.10"
# We need the Go version and Go cache location for the actions/cache step,
# so the Go installation must happen before that.
- uses: actions/setup-go@v2
with:
go-version: "1.16"
- name: Store installed Go version
id: go-version
run: |
echo "::set-output name=version::"\
"$(go version | sed 's/^go version go\([0-9.]\+\) .*/\1/')"
- name: Lookup Go cache directory
id: go-cache
run: |
echo "::set-env name=PY_VERSION::"\
"$(python -c "import platform;print(platform.python_version())")"
- name: Cache pip test requirements
uses: actions/cache@v1
echo "::set-output name=dir::$(go env GOCACHE)"
- uses: actions/cache@v3
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-\
go${{ steps.go-version.outputs.version }}-\
packer${{ steps.setup-env.outputs.packer-version }}-\
tf${{ steps.setup-env.outputs.terraform-version }}-"
with:
path: ${{ env.PIP_CACHE_DIR }}
key: "${{ runner.os }}-pip-test-py${{ env.PY_VERSION }}-\
${{ hashFiles('**/requirements-test.txt') }}"
# Note that the .terraform directory IS NOT included in the
# cache because if we were caching, then we would need to use
# the `-upgrade=true` option. This option blindly pulls down the
# latest modules and providers instead of checking to see if an
# update is required. That behavior defeats the benefits of caching.
# so there is no point in doing it for the .terraform directory.
path: |
${{ env.PIP_CACHE_DIR }}
${{ env.PRE_COMMIT_CACHE_DIR }}
${{ env.CURL_CACHE_DIR }}
${{ steps.go-cache.outputs.dir }}
# We do not use '**/setup.py' in the cache key so only the 'setup.py'
# file in the root of the repository is used. This is in case a Python
# package were to have a 'setup.py' as part of its internal codebase.
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('**/.pre-commit-config.yaml') }}-\
${{ hashFiles('setup.py') }}"
restore-keys: |
${{ runner.os }}-pip-test-py${{ env.PY_VERSION }}-
${{ runner.os }}-pip-test-
${{ runner.os }}-pip-
- name: Cache pre-commit hooks
uses: actions/cache@v1
${{ env.BASE_CACHE_KEY }}
- name: Setup curl cache
run: mkdir -p ${{ env.CURL_CACHE_DIR }}
- name: Install Packer
env:
PACKER_VERSION: ${{ steps.setup-env.outputs.packer-version }}
run: |
PACKER_ZIP="packer_${PACKER_VERSION}_linux_amd64.zip"
curl --output ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--time-cond ${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}" \
--location \
"https://releases.hashicorp.com/packer/${PACKER_VERSION}/${PACKER_ZIP}"
sudo unzip -d /opt/packer \
${{ env.CURL_CACHE_DIR }}/"${PACKER_ZIP}"
sudo mv /usr/local/bin/packer /usr/local/bin/packer-default
sudo ln -s /opt/packer/packer /usr/local/bin/packer
- uses: hashicorp/setup-terraform@v1
with:
path: ${{ env.PRE_COMMIT_CACHE_DIR }}
key: "${{ runner.os }}-pre-commit-py${{ env.PY_VERSION }}-\
${{ hashFiles('**/.pre-commit-config.yaml') }}"
terraform_version: ${{ steps.setup-env.outputs.terraform-version }}
- name: Install shfmt
env:
PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt
PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install Terraform-docs
env:
PACKAGE_URL: github.com/terraform-docs/terraform-docs
PACKAGE_VERSION: ${{ steps.setup-env.outputs.terraform-docs-version }}
run: go install ${PACKAGE_URL}@${PACKAGE_VERSION}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install --upgrade --requirement requirements-test.txt
- name: Set up pre-commit hook environments
run: pre-commit install-hooks
- name: Run pre-commit on all files
run: pre-commit run --all-files
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
test:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
python-version:
- "2.7"
- "3.6"
- "3.7"
- "3.8"
- "3.9"
- "3.10"
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
- uses: actions/checkout@v3
- id: setup-python
uses: actions/setup-python@v3
with:
python-version: 3.8
- name: Store installed Python version
run: |
echo "::set-env name=PY_VERSION::"\
"$(python -c "import platform;print(platform.python_version())")"
- name: Cache pip test requirements
uses: actions/cache@v1
python-version: ${{ matrix.python-version }}
- uses: actions/cache@v3
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-"
with:
path: ${{ env.PIP_CACHE_DIR }}
key: "${{ runner.os }}-pip-test-py${{ env.PY_VERSION }}-\
${{ hashFiles('**/requirements-test.txt') }}"
# We do not use '**/setup.py' in the cache key so only the 'setup.py'
# file in the root of the repository is used. This is in case a Python
# package were to have a 'setup.py' as part of its internal codebase.
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('setup.py') }}"
restore-keys: |
${{ runner.os }}-pip-test-py${{ env.PY_VERSION }}-
${{ runner.os }}-pip-test-
${{ runner.os }}-pip-
${{ env.BASE_CACHE_KEY }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
Expand All @@ -76,38 +150,95 @@ jobs:
- name: Upload coverage report
run: coveralls
env:
COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
if: success()
COVERALLS_FLAG_NAME: "py${{ matrix.python-version }}"
COVERALLS_PARALLEL: true
COVERALLS_SERVICE_NAME: github
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Skip this step for Python 2.7 because coveralls uploads
# are no longer supported
if: ${{ (matrix.python-version != '2.7') && success() }}
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
coveralls-finish:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v3
- id: setup-python
uses: actions/setup-python@v3
with:
python-version: "3.10"
- uses: actions/cache@v3
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-"
with:
path: ${{ env.PIP_CACHE_DIR }}
# We do not use '**/setup.py' in the cache key so only the 'setup.py'
# file in the root of the repository is used. This is in case a Python
# package were to have a 'setup.py' as part of its internal codebase.
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements-test.txt') }}-\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('setup.py') }}"
restore-keys: |
${{ env.BASE_CACHE_KEY }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install --upgrade --requirement requirements-test.txt
- name: Finished coveralls reports
run: coveralls --finish
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
build:
runs-on: ubuntu-latest
needs: [lint, test]
strategy:
fail-fast: false
matrix:
python-version:
- "2.7"
- "3.6"
- "3.7"
- "3.8"
- "3.9"
- "3.10"
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v1
- uses: actions/checkout@v3
- id: setup-python
uses: actions/setup-python@v3
with:
python-version: 3.8
- name: Store installed Python version
run: |
echo "::set-env name=PY_VERSION::"\
"$(python -c "import platform;print(platform.python_version())")"
- name: Cache pip build requirements
uses: actions/cache@v1
python-version: ${{ matrix.python-version }}
- uses: actions/cache@v3
env:
BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
py${{ steps.setup-python.outputs.python-version }}-"
with:
path: ${{ env.PIP_CACHE_DIR }}
key: "${{ runner.os }}-pip-build-py${{ env.PY_VERSION }}-\
${{ hashFiles('**/requirements.txt') }}"
# We do not use '**/setup.py' in the cache key so only the 'setup.py'
# file in the root of the repository is used. This is in case a Python
# package were to have a 'setup.py' as part of its internal codebase.
key: "${{ env.BASE_CACHE_KEY }}\
${{ hashFiles('**/requirements.txt') }}-\
${{ hashFiles('setup.py') }}"
restore-keys: |
${{ runner.os }}-pip-build-py${{ env.PY_VERSION }}-
${{ runner.os }}-pip-build-
${{ runner.os }}-pip-
${{ env.BASE_CACHE_KEY }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip wheel
pip install --upgrade --requirement requirements.txt
- name: Build artifacts
run: python3 setup.py sdist bdist_wheel
- name: Upload artifacts
uses: actions/upload-artifact@v1
uses: actions/upload-artifact@v2
with:
name: dist
name: dist-${{ matrix.python-version }}
path: dist
- name: Setup tmate debug session
uses: mxschmitt/action-tmate@v3
if: env.RUN_TMATE
13 changes: 7 additions & 6 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
*.egg-info
*.pyc
._*
# This file specifies intentionally untracked files that Git should ignore.
# Files already tracked by Git are not affected.
# See: https://git-scm.com/docs/gitignore

## Python ##
__pycache__
.coverage
.DS_Store
.ipynb_checkpoints
.mypy_cache
.pytest_cache
.python-version
__pycache__
*.egg-info
9 changes: 5 additions & 4 deletions .isort.cfg
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
[settings]
combine_star=true
extra_standard_library=ConfigParser
force_sort_within_sections=true

import_heading_stdlib=Standard Python Libraries
import_heading_thirdparty=Third-Party Libraries
import_heading_firstparty=cisagov Libraries

# Should be auto-populated by seed-isort-config hook
known_third_party=boto3,botocore,bson,dateutil,docopt,gnupg,netaddr,pytest,pytz,requests,requests_aws4auth,setuptools
# These must be manually set to correctly separate them from third party libraries
known_first_party=dmarc,mongo_db_from_config
known_first_party=dmarc, mongo_db_from_config

# Run isort under the black profile to align with our other Python linting
profile=black
7 changes: 0 additions & 7 deletions .mdl_config.json
View file

This file was deleted.

0 comments on commit 765195b

Please sign in to comment.