diff --git a/.bandit.yml b/.bandit.yml deleted file mode 100644 index 3215b91..0000000 --- a/.bandit.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Configuration file for the Bandit python security scanner -# https://bandit.readthedocs.io/en/latest/config.html -# This config is applied to bandit when scanning the "tests" tree - -# Tests are first included by `tests`, and then excluded by `skips`. -# If `tests` is empty, all tests are considered included. - -tests: -# - B101 -# - B102 - -skips: - - B101 # skip "assert used" check since assertions are required in pytests diff --git a/.flake8 b/.flake8 deleted file mode 100644 index 92ff826..0000000 --- a/.flake8 +++ /dev/null @@ -1,25 +0,0 @@ -[flake8] -max-line-length = 80 -# Select (turn on) -# * Complexity violations reported by mccabe (C) - -# http://flake8.pycqa.org/en/latest/user/error-codes.html#error-violation-codes -# * Documentation conventions compliance reported by pydocstyle (D) - -# http://www.pydocstyle.org/en/stable/error_codes.html -# * Default errors and warnings reported by pycodestyle (E and W) - -# https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes -# * Default errors reported by pyflakes (F) - -# http://flake8.pycqa.org/en/latest/glossary.html#term-pyflakes -# * Default warnings reported by flake8-bugbear (B) - -# https://github.com/PyCQA/flake8-bugbear#list-of-warnings -# * The B950 flake8-bugbear opinionated warning - -# https://github.com/PyCQA/flake8-bugbear#opinionated-warnings -select = C,D,E,F,W,B,B950 -# Ignore flake8's default warning about maximum line length, which has -# a hard stop at the configured value. Instead we use -# flake8-bugbear's B950, which allows up to 10% overage. -# -# Also ignore flake8's warning about line breaks before binary -# operators. It no longer agrees with PEP8. See, for example, here: -# https://github.com/ambv/black/issues/21. Guido agrees here: -# https://github.com/python/peps/commit/c59c4376ad233a62ca4b3a6060c81368bd21e85b. -ignore = E501,W503 diff --git a/.github/labeler.yml b/.github/labeler.yml index 0826a4d..eeea8f5 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -18,7 +18,7 @@ dependencies: # Add any dependency files used. - .pre-commit-config.yaml - requirements*.txt - - setup.py + - pyproject.toml docker: - changed-files: - any-glob-to-any-file: @@ -45,6 +45,14 @@ python: - changed-files: - any-glob-to-any-file: - "**/*.py" +shell script: + - changed-files: + - any-glob-to-any-file: + # If this project has any shell scripts that do not end in the ".sh" + # extension, add them below. + - "**/*.sh" + - bump-version + - setup-env terraform: - changed-files: - any-glob-to-any-file: @@ -54,12 +62,9 @@ test: - any-glob-to-any-file: # Add any test-related files or paths. - .ansible-lint - - .bandit.yml - - .flake8 - - .isort.cfg - .mdl_config.yaml - .yamllint - - pytest.ini + - pyproject.toml - tests/** typescript: - changed-files: diff --git a/.github/labels.yml b/.github/labels.yml index 650ed7c..69f0a2d 100644 --- a/.github/labels.yml +++ b/.github/labels.yml @@ -2,7 +2,7 @@ # Rather than breaking up descriptions into multiline strings we disable that # specific rule in yamllint for this file. # yamllint disable rule:line-length -- color: f15a53 +- color: ff5850 description: Pull requests that update Ansible code name: ansible - color: eb6420 @@ -20,7 +20,7 @@ - color: 0366d6 description: Pull requests that update a dependency file name: dependencies -- color: 2497ed +- color: 1d63ed description: Pull requests that update Docker code name: docker - color: 5319e7 @@ -47,7 +47,7 @@ - color: fef2c0 description: This issue or pull request is not applicable, incorrect, or obsolete name: invalid -- color: f1d642 +- color: f0db4f description: Pull requests that update JavaScript code name: javascript - color: ce099a @@ -62,7 +62,7 @@ - color: 02a8ef description: Pull requests that update Packer code name: packer -- color: 3772a4 +- color: 3776ab description: Pull requests that update Python code name: python - color: ef476c @@ -71,13 +71,16 @@ - color: d73a4a description: This issue or pull request addresses a security issue name: security +- color: 4eaa25 + description: Pull requests that update shell scripts + name: shell script - color: 7b42bc description: Pull requests that update Terraform code name: terraform - color: 00008b description: This issue or pull request adds or otherwise modifies test code name: test -- color: 2b6ebf +- color: 2678c5 description: Pull requests that update TypeScript code name: typescript - color: 1d76db diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6e896ba..c572bfd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -416,7 +416,7 @@ jobs: - name: Build artifacts run: python -m build - name: Upload artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v5 with: name: dist-${{ matrix.python-version }} path: dist @@ -501,7 +501,7 @@ jobs: restore-keys: | ${{ env.BASE_CACHE_KEY }} - name: Retrieve the built wheel - uses: actions/download-artifact@v5 + uses: actions/download-artifact@v6 with: name: dist-${{ matrix.python-version }} path: dist diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 79b3045..8fe64b5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -118,7 +118,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v3 + uses: github/codeql-action/init@v4 with: languages: ${{ matrix.language }} @@ -126,7 +126,7 @@ jobs: # Java). If this step fails, then you should remove it and run the build # manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@v3 + uses: github/codeql-action/autobuild@v4 # ℹī¸ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -140,4 +140,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 + uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/label-prs.yml b/.github/workflows/label-prs.yml index 9d78e39..412cc4a 100644 --- a/.github/workflows/label-prs.yml +++ b/.github/workflows/label-prs.yml @@ -59,7 +59,6 @@ jobs: permissions: # Permissions required by actions/labeler contents: read - issues: write pull-requests: write runs-on: ubuntu-latest steps: diff --git a/.gitignore b/.gitignore index 242b4aa..579601b 100644 --- a/.gitignore +++ b/.gitignore @@ -9,4 +9,5 @@ __pycache__ .pytest_cache .python-version *.egg-info +build dist diff --git a/.isort.cfg b/.isort.cfg deleted file mode 100644 index 46d45f3..0000000 --- a/.isort.cfg +++ /dev/null @@ -1,10 +0,0 @@ -[settings] -combine_star=true -force_sort_within_sections=true - -import_heading_stdlib=Standard Python Libraries -import_heading_thirdparty=Third-Party Libraries -import_heading_firstparty=cisagov Libraries - -# Run isort under the black profile to align with our other Python linting -profile=black diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index a88d739..cac1be2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -63,20 +63,20 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.33.3 + rev: 0.35.0 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v4.3.0 + rev: v4.4.0 hooks: - id: validate_manifest # Go hooks - repo: https://github.com/TekWizely/pre-commit-golang - rev: v1.0.0-rc.2 + rev: v1.0.0-rc.4 hooks: # Go Build - id: go-build-repo-mod @@ -130,22 +130,24 @@ repos: # Python hooks # Run bandit on the "tests" tree with a configuration - repo: https://github.com/PyCQA/bandit - rev: 1.8.6 + rev: 1.9.1 hooks: - id: bandit name: bandit (tests tree) files: tests args: - - --config=.bandit.yml + # Skip "assert used" check since assertions are used + # frequently in pytests. + - --skip=B101 # Run bandit on everything except the "tests" tree - repo: https://github.com/PyCQA/bandit - rev: 1.8.6 + rev: 1.9.1 hooks: - id: bandit name: bandit (everything else) exclude: tests - repo: https://github.com/psf/black-pre-commit-mirror - rev: 25.1.0 + rev: 25.11.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -154,12 +156,15 @@ repos: - id: flake8 additional_dependencies: - flake8-docstrings==1.7.0 + # This is necessary to read the flake8 configuration from + # the pyproject.toml file. + - flake8-pyproject==1.2.3 - repo: https://github.com/PyCQA/isort - rev: 6.0.1 + rev: 7.0.0 hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.18.1 + rev: v1.18.2 hooks: - id: mypy # IMPORTANT: Keep type hinting-related dependencies of the @@ -168,7 +173,6 @@ repos: # checking between environments. additional_dependencies: - types-PyYAML - - types-setuptools - repo: https://github.com/pypa/pip-audit rev: v2.9.0 hooks: @@ -182,13 +186,13 @@ repos: - --requirement - requirements.txt - repo: https://github.com/asottile/pyupgrade - rev: v3.20.0 + rev: v3.21.1 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible/ansible-lint - rev: v25.9.0 + rev: v25.11.0 hooks: - id: ansible-lint additional_dependencies: @@ -232,7 +236,7 @@ repos: # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.100.0 + rev: v1.103.0 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index 033c2a5..a55f0a6 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,10 @@ # mongo-db-from-config ⚙ī¸ # [![GitHub Build Status](https://github.com/cisagov/mongo-db-from-config/workflows/build/badge.svg)](https://github.com/cisagov/mongo-db-from-config/actions) +[![License](https://img.shields.io/github/license/cisagov/mongo-db-from-config)](https://spdx.org/licenses/) [![CodeQL](https://github.com/cisagov/mongo-db-from-config/workflows/CodeQL/badge.svg)](https://github.com/cisagov/mongo-db-from-config/actions/workflows/codeql-analysis.yml) [![Coverage Status](https://coveralls.io/repos/github/cisagov/mongo-db-from-config/badge.svg?branch=develop)](https://coveralls.io/github/cisagov/mongo-db-from-config?branch=develop) +[![Code Style](https://img.shields.io/badge/Code%20Style-black-black)](https://github.com/psf/black) This is a small utility library that can be used to easily create a MongoDB connection based on the data in a simple YAML configuration file. diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 0000000..11ede57 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,136 @@ +# For more information about configuring project metadata for the +# setuptools build backend, please see +# https://setuptools.pypa.io/en/latest/userguide/pyproject_config.html +[build-system] +build-backend = "setuptools.build_meta" +requires = ["setuptools"] + +[project] +authors = [ + { name = "Cybersecurity and Infrastructure Security Agency", email = "github@cisa.dhs.gov" } +] +# See https://pypi.python.org/pypi?%3Aaction=list_classifiers +classifiers = [ + # How mature is this project? Common values are + # 3 - Alpha + # 4 - Beta + # 5 - Production/Stable + "Development Status :: 3 - Alpha", + "Environment :: Console", + # Indicate who your project is intended for + "Intended Audience :: Developers", + "Natural Language :: English", + "Operating System :: OS Independent", + # Specify the Python versions you support here. In particular, ensure + # that you indicate whether you support Python 2, Python 3 or both. + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only", + "Programming Language :: Python :: 3.7", + "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", + "Programming Language :: Python :: 3.14", + "Programming Language :: Python :: Implementation :: CPython", +] +dependencies = [ + # Version 4.9 introduces the pymongo.synchronous and + # pymongo.asynchronous namespaces, which are incompatible with + # this code. Furthermore, version 4.11 drops support for MongoDB + # 3.6. + "pymongo>=3.7.2,<4.9", + "PyYAML>=5.1", +] +description = "Create a Mongo database connection from a YAML config file" +dynamic = ["readme", "version"] +keywords = ["config", "mongo", "yaml"] +# Although PEP 639 allows us to specify teh license via a simple SPDX +# string, the versions of setuptools we have to use for Python 3.7 and +# 3.8 do not allow this; hence, this antiquated format from the +# deprecated PEP 621. +license = { text = "CC0-1.0" } +name = "mongo_db_from_config" +requires-python = ">=3.7" + +[project.optional-dependencies] +# IMPORTANT: Keep type hinting-related dependencies of the dev section +# in sync with the mypy pre-commit hook configuration (see +# .pre-commit-config.yaml). Any changes to type hinting-related +# dependencies here should be reflected in the additional_dependencies +# field of the mypy pre-commit hook to avoid discrepancies in type +# checking between environments. +dev = [ + "types-PyYAML", +] +test = [ + "coverage", + "coveralls", + # mongomock started using importlib.metadata (added in Python 3.8) + # in version 4.2.0. Since we must support Python 3.7 for now we + # must pin mongomock. + "mongomock<4.2.0", + "pre-commit", + "pyfakefs", + "pytest-cov", + "pytest", + # This is a hidden dependency of mongomock, and it is not + # otherwise present under Python 3.12 and later. + "setuptools; python_version >= '3.12'", +] + +[project.urls] +homepage = "https://github.com/cisagov/mongo-db-from-config" +issues = "https://github.com/cisagov/mongo-db-from-config/issues" +# Landing page for CISA's cybersecurity mission +mission = "https://www.cisa.gov/cybersecurity" +source = "https://github.com/cisagov/mongo-db-from-config" + +[tool.flake8] +max-line-length = 80 +# Select (turn on) +# * Complexity violations reported by mccabe (C) - +# http://flake8.pycqa.org/en/latest/user/error-codes.html#error-violation-codes +# * Documentation conventions compliance reported by pydocstyle (D) - +# http://www.pydocstyle.org/en/stable/error_codes.html +# * Default errors and warnings reported by pycodestyle (E and W) - +# https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes +# * Default errors reported by pyflakes (F) - +# http://flake8.pycqa.org/en/latest/glossary.html#term-pyflakes +# * Default warnings reported by flake8-bugbear (B) - +# https://github.com/PyCQA/flake8-bugbear#list-of-warnings +# * The B950 flake8-bugbear opinionated warning - +# https://github.com/PyCQA/flake8-bugbear#opinionated-warnings +select = ["C", "D", "E", "F", "W", "B", "B950"] +# Ignore flake8's default warning about maximum line length, which has +# a hard stop at the configured value. Instead we use +# flake8-bugbear's B950, which allows up to 10% overage. +# +# Also ignore flake8's warning about line breaks before binary +# operators. It no longer agrees with PEP8. See, for example, here: +# https://github.com/ambv/black/issues/21. Guido agrees here: +# https://github.com/python/peps/commit/c59c4376ad233a62ca4b3a6060c81368bd21e85b. +extend-ignore = ["E501", "W503"] + +[tool.isort] +combine_star = true +force_sort_within_sections = true + +import_heading_stdlib = "Standard Python Libraries" +import_heading_thirdparty = "Third-Party Libraries" +import_heading_firstparty = "cisagov Libraries" + +# Run isort under the black profile to align with our other Python +# linting +profile = "black" + +[tool.pytest.ini_options] +# Increase verbosity, display extra test summary info for tests that +# did not pass, display code coverage results, and enable debug +# logging. +addopts = "--verbose -ra --cov --log-cli-level=DEBUG" + +[tool.setuptools.dynamic] +readme = {file = ["README.md"], content-type = "text/markdown"} +version = {attr = "mongo_db_from_config._version.__version__"} diff --git a/pytest.ini b/pytest.ini deleted file mode 100644 index a1c266e..0000000 --- a/pytest.ini +++ /dev/null @@ -1,4 +0,0 @@ -[pytest] -# Increase verbosity, display extra test summary info for tests that did not pass, -# display code coverage results, and enable debug logging -addopts = --verbose -ra --cov --log-cli-level=DEBUG diff --git a/setup.py b/setup.py deleted file mode 100644 index 951a396..0000000 --- a/setup.py +++ /dev/null @@ -1,126 +0,0 @@ -""" -This is the setup module for mongo-db-from-config. - -Based on: -- https://packaging.python.org/distributing/ -- https://github.com/pypa/sampleproject/blob/master/setup.py -- https://blog.ionelmc.ro/2014/05/25/python-packaging/#the-structure -""" - -# Standard Python Libraries -import codecs -from glob import glob -from os.path import abspath, basename, dirname, join, splitext - -# Third-Party Libraries -from setuptools import find_packages, setup - - -def readme(): - """Read in and return the contents of the project's README.md file.""" - with open("README.md", encoding="utf-8") as f: - return f.read() - - -# Below two methods were pulled from: -# https://packaging.python.org/guides/single-sourcing-package-version/ -def read(rel_path): - """Open a file for reading from a given relative path.""" - here = abspath(dirname(__file__)) - with codecs.open(join(here, rel_path), "r") as fp: - return fp.read() - - -def get_version(version_file): - """Extract a version number from the given file path.""" - for line in read(version_file).splitlines(): - if line.startswith("__version__"): - delim = '"' if '"' in line else "'" - return line.split(delim)[1] - raise RuntimeError("Unable to find version string.") - - -setup( - name="mongo_db_from_config", - # Versions should comply with PEP440 - version=get_version("src/mongo_db_from_config/_version.py"), - description="Create a Mongo database connection from a YAML config file", - long_description=readme(), - long_description_content_type="text/markdown", - # Landing page for CISA's cybersecurity mission - url="https://www.cisa.gov/cybersecurity", - # Additional URLs for this project per - # https://packaging.python.org/guides/distributing-packages-using-setuptools/#project-urls - project_urls={ - "Source": "https://github.com/cisagov/mongo-db-from-config", - "Tracker": "https://github.com/cisagov/mongo-db-from-config/issues", - }, - # Author details - author="Cybersecurity and Infrastructure Security Agency", - author_email="github@cisa.dhs.gov", - license="License :: CC0 1.0 Universal (CC0 1.0) Public Domain Dedication", - # See https://pypi.python.org/pypi?%3Aaction=list_classifiers - classifiers=[ - # How mature is this project? Common values are - # 3 - Alpha - # 4 - Beta - # 5 - Production/Stable - "Development Status :: 4 - Beta", - # Indicate who your project is intended for - "Intended Audience :: Developers", - # Pick your license as you wish (should match "license" above) - "License :: CC0 1.0 Universal (CC0 1.0) Public Domain Dedication", - # Specify the Python versions you support here. In particular, ensure - # that you indicate whether you support Python 2, Python 3 or both. - "Programming Language :: Python :: 3", - "Programming Language :: Python :: 3 :: Only", - "Programming Language :: Python :: 3.7", - "Programming Language :: Python :: 3.8", - "Programming Language :: Python :: 3.9", - "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.11", - "Programming Language :: Python :: 3.12", - "Programming Language :: Python :: 3.13", - "Programming Language :: Python :: 3.14", - "Programming Language :: Python :: Implementation :: CPython", - ], - python_requires=">=3.7", - # What does your project relate to? - keywords="mongo yaml config", - packages=find_packages(where="src"), - package_dir={"": "src"}, - py_modules=[splitext(basename(path))[0] for path in glob("src/*.py")], - include_package_data=True, - install_requires=[ - # Version 4.9 introduces the pymongo.synchronous and - # pymongo.asynchronous namespaces, which are incompatible with this - # code. Furthermore, version 4.11 drops support for MongoDB 3.6. - "pymongo>=3.7.2,<4.9", - "PyYAML>=5.1", - "setuptools", - ], - extras_require={ - # IMPORTANT: Keep type hinting-related dependencies of the dev section - # in sync with the mypy pre-commit hook configuration (see - # .pre-commit-config.yaml). Any changes to type hinting-related - # dependencies here should be reflected in the additional_dependencies - # field of the mypy pre-commit hook to avoid discrepancies in type - # checking between environments. - "dev": [ - "types-PyYAML", - "types-setuptools", - ], - "test": [ - "coverage", - "coveralls", - # mongomock started using importlib.metadata (added in Python 3.8) - # in version 4.2.0. Since we must support Python 3.7 for now we - # must pin mongomock. - "mongomock<4.2.0", - "pre-commit", - "pyfakefs", - "pytest-cov", - "pytest", - ], - }, -) diff --git a/src/mongo_db_from_config/_version.py b/src/mongo_db_from_config/_version.py index 337deea..e85f160 100644 --- a/src/mongo_db_from_config/_version.py +++ b/src/mongo_db_from_config/_version.py @@ -1,3 +1,3 @@ """This file defines the version of this module.""" -__version__ = "1.2.0" +__version__ = "1.2.1-rc.1"