diff --git a/.bandit.yml b/.bandit.yml index 0b53a96..3215b91 100644 --- a/.bandit.yml +++ b/.bandit.yml @@ -4,7 +4,7 @@ # This config is applied to bandit when scanning the "tests" tree # Tests are first included by `tests`, and then excluded by `skips`. -# If `tests` is empty, all tests are are considered included. +# If `tests` is empty, all tests are considered included. tests: # - B101 diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f8e8d44..aa8d905 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,30 +5,37 @@ # these updates when the pull request(s) in the appropriate skeleton are merged # and Lineage processes these changes. -version: 2 updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" + - directory: / ignore: # Managed by cisagov/skeleton-generic - dependency-name: actions/cache - dependency-name: actions/checkout - dependency-name: actions/setup-go - dependency-name: actions/setup-python + - dependency-name: crazy-max/ghaction-dump-context + - dependency-name: crazy-max/ghaction-github-labeler + - dependency-name: crazy-max/ghaction-github-status - dependency-name: hashicorp/setup-terraform - dependency-name: mxschmitt/action-tmate + - dependency-name: step-security/harden-runner # Managed by cisagov/skeleton-python-library - dependency-name: actions/download-artifact - dependency-name: actions/upload-artifact + - dependency-name: github/codeql-action/analyze + - dependency-name: github/codeql-action/autobuild + - dependency-name: github/codeql-action/init + package-ecosystem: github-actions + schedule: + interval: weekly - - package-ecosystem: "pip" - directory: "/" + - directory: / + package-ecosystem: pip schedule: - interval: "weekly" + interval: weekly - - package-ecosystem: "terraform" - directory: "/" + - directory: / + package-ecosystem: terraform schedule: - interval: "weekly" + interval: weekly +version: 2 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 49781ed..cdb7c8a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,12 +14,36 @@ env: RUN_TMATE: ${{ secrets.RUN_TMATE }} jobs: + diagnostics: + name: Run diagnostics + runs-on: ubuntu-latest + steps: + # Note that a duplicate of this step must be added at the top of + # each job. + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - id: github-status + name: Check GitHub status + uses: crazy-max/ghaction-github-status@v3 + - id: dump-context + name: Dump context + uses: crazy-max/ghaction-dump-context@v2 lint: + needs: + - diagnostics runs-on: ubuntu-latest steps: + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit - id: setup-env uses: cisagov/setup-env-github-action@develop - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - id: setup-python uses: actions/setup-python@v4 with: @@ -84,11 +108,26 @@ jobs: - uses: hashicorp/setup-terraform@v2 with: terraform_version: ${{ steps.setup-env.outputs.terraform-version }} + - name: Install go-critic + env: + PACKAGE_URL: github.com/go-critic/go-critic/cmd/gocritic + PACKAGE_VERSION: ${{ steps.setup-env.outputs.go-critic-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + - name: Install gosec + env: + PACKAGE_URL: github.com/securego/gosec/v2/cmd/gosec + PACKAGE_VERSION: ${{ steps.setup-env.outputs.gosec-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install shfmt env: PACKAGE_URL: mvdan.cc/sh/v3/cmd/shfmt PACKAGE_VERSION: ${{ steps.setup-env.outputs.shfmt-version }} run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} + - name: Install staticcheck + env: + PACKAGE_URL: honnef.co/go/tools/cmd/staticcheck + PACKAGE_VERSION: ${{ steps.setup-env.outputs.staticcheck-version }} + run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install Terraform-docs env: PACKAGE_URL: github.com/terraform-docs/terraform-docs @@ -107,6 +146,8 @@ jobs: if: env.RUN_TMATE test: name: test source - py${{ matrix.python-version }} + needs: + - diagnostics runs-on: ${{ matrix.os }} strategy: fail-fast: false @@ -114,16 +155,22 @@ jobs: os: - ubuntu-latest python-version: - - "3.7" - "3.8" - "3.9" - "3.10" - "3.11" - include: - - os: ubuntu-20.04 - python-version: "3.6" + # gophish-tools cannot support Python 3.12 until the gophish + # Python package supports a newer version of the urllib3 + # library. The reason is identical to what is discussed + # here: https://bugzilla.mozilla.org/show_bug.cgi?id=1857492 + # - "3.12" steps: - - uses: actions/checkout@v3 + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - uses: actions/checkout@v4 - id: setup-python uses: actions/setup-python@v4 with: @@ -165,9 +212,15 @@ jobs: coveralls-finish: runs-on: ubuntu-latest needs: + - diagnostics - test steps: - - uses: actions/checkout@v3 + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - uses: actions/checkout@v4 - id: setup-python uses: actions/setup-python@v4 with: @@ -201,6 +254,7 @@ jobs: build: name: build wheel - py${{ matrix.python-version }} needs: + - diagnostics - lint - test runs-on: ${{ matrix.os }} @@ -210,16 +264,22 @@ jobs: os: - ubuntu-latest python-version: - - "3.7" - "3.8" - "3.9" - "3.10" - "3.11" - include: - - os: ubuntu-20.04 - python-version: "3.6" + # gophish-tools cannot support Python 3.12 until the gophish + # Python package supports a newer version of the urllib3 + # library. The reason is identical to what is discussed + # here: https://bugzilla.mozilla.org/show_bug.cgi?id=1857492 + # - "3.12" steps: - - uses: actions/checkout@v3 + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - uses: actions/checkout@v4 - id: setup-python uses: actions/setup-python@v4 with: @@ -255,6 +315,7 @@ jobs: test-build: name: test built wheel - py${{ matrix.python-version }} needs: + - diagnostics - build runs-on: ${{ matrix.os }} strategy: @@ -263,16 +324,22 @@ jobs: os: - ubuntu-latest python-version: - - "3.7" - "3.8" - "3.9" - "3.10" - "3.11" - include: - - os: ubuntu-20.04 - python-version: "3.6" + # gophish-tools cannot support Python 3.12 until the gophish + # Python package supports a newer version of the urllib3 + # library. The reason is identical to what is discussed + # here: https://bugzilla.mozilla.org/show_bug.cgi?id=1857492 + # - "3.12" steps: - - uses: actions/checkout@v3 + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - uses: actions/checkout@v4 - id: setup-python uses: actions/setup-python@v4 with: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5e344d1..14ec38e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -4,7 +4,7 @@ # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. -name: "CodeQL" +name: CodeQL on: push: @@ -20,8 +20,27 @@ on: - cron: '0 14 * * 6' jobs: + diagnostics: + name: Run diagnostics + runs-on: ubuntu-latest + steps: + # Note that a duplicate of this step must be added at the top of + # each job. + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - id: github-status + name: Check GitHub status + uses: crazy-max/ghaction-github-status@v3 + - id: dump-context + name: Dump context + uses: crazy-max/ghaction-dump-context@v2 analyze: name: Analyze + needs: + - diagnostics runs-on: ubuntu-latest permissions: # required for all workflows @@ -37,8 +56,14 @@ jobs: # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection steps: + - id: harden-runner + name: Harden the runner + uses: step-security/harden-runner@v2 + with: + egress-policy: audit + - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index ae7c091..44e8e19 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -19,10 +19,10 @@ jobs: issues: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Sync repository labels if: success() - uses: crazy-max/ghaction-github-labeler@v4 + uses: crazy-max/ghaction-github-labeler@v5 with: # This is a hideous ternary equivalent so we only do a dry run unless # this workflow is triggered by the develop branch. diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 62147cd..64946c1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -32,13 +32,13 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.34.0 + rev: v0.36.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.9-for-vscode + rev: v3.0.3 hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint @@ -50,14 +50,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.23.1 + rev: 0.26.3 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.3.2 + rev: v3.4.0 hooks: - id: validate_manifest @@ -80,6 +80,12 @@ repos: # GoSec - id: go-sec-repo-mod + # Nix hooks + - repo: https://github.com/nix-community/nixpkgs-fmt + rev: v1.3.0 + hooks: + - id: nixpkgs-fmt + # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt rev: v0.0.2 @@ -113,17 +119,17 @@ repos: - --config=.bandit.yml # Run bandit on everything except the "tests" tree - repo: https://github.com/PyCQA/bandit - rev: 1.7.4 + rev: 1.7.5 hooks: - id: bandit name: bandit (everything else) exclude: tests - - repo: https://github.com/psf/black - rev: 23.3.0 + - repo: https://github.com/psf/black-pre-commit-mirror + rev: 23.9.1 hooks: - id: black - repo: https://github.com/PyCQA/flake8 - rev: 6.0.0 + rev: 6.1.0 hooks: - id: flake8 additional_dependencies: @@ -133,26 +139,26 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.3.0 + rev: v1.5.1 hooks: - id: mypy additional_dependencies: - types-setuptools - repo: https://github.com/asottile/pyupgrade - rev: v3.4.0 + rev: v3.10.1 hooks: - id: pyupgrade # Ansible hooks - - repo: https://github.com/ansible-community/ansible-lint - rev: v6.17.0 + - repo: https://github.com/ansible/ansible-lint + rev: v6.19.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.80.0 + rev: v1.83.2 hooks: - id: terraform_fmt - id: terraform_validate diff --git a/README.md b/README.md index d7a7f2e..d0a1af2 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ sending profiles for the two servers as listed below: The `mailhog` email testing tool can be accessed at [http://localhost:8025](http://localhost:8025) ⚠️ **NOTE**: Do not use the sample certificates in a production environment. -They are include to simplify testing. +They are included to simplify testing. ### Ports ### diff --git a/setup.py b/setup.py index b0aed6b..3b60834 100644 --- a/setup.py +++ b/setup.py @@ -75,12 +75,15 @@ def get_version(version_file): # that you indicate whether you support Python 2, Python 3 or both. "Programming Language :: Python :: 3", "Programming Language :: Python :: 3 :: Only", - "Programming Language :: Python :: 3.6", - "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", "Programming Language :: Python :: 3.9", "Programming Language :: Python :: 3.10", "Programming Language :: Python :: 3.11", + # gophish-tools cannot support Python 3.12 until the gophish + # Python package supports a newer version of the urllib3 + # library. The reason is identical to what is discussed here: + # https://bugzilla.mozilla.org/show_bug.cgi?id=1857492 + # "Programming Language :: Python :: 3.12", "Programming Language :: Python :: Implementation :: CPython", ], # What does your project relate to? @@ -103,7 +106,7 @@ def get_version(version_file): "pre-commit", "pytest", "pytest-cov", - "pytest-dockerc", + "python-on-whales", ] }, # Conveniently allows one to run the CLI tool as `gophish-init` diff --git a/src/gophish_init/_version.py b/src/gophish_init/_version.py index 202d1e1..3f0e4fa 100644 --- a/src/gophish_init/_version.py +++ b/src/gophish_init/_version.py @@ -1,2 +1,2 @@ """This file defines the version of this module.""" -__version__ = "0.3.0" +__version__ = "0.4.0" diff --git a/tests/conftest.py b/tests/conftest.py index 5c3f429..483b253 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,34 +4,43 @@ """ # Third-Party Libraries import pytest +from python_on_whales import docker + + +@pytest.fixture(scope="session") +def dockerc(): + """Start up the Docker composition.""" + docker.compose.up(detach=True) + yield docker + docker.compose.down() @pytest.fixture(scope="session") def gophish_container(dockerc): - """Return the gophish container from the docker composition.""" + """Return the gophish container from the Docker composition.""" # find the container by name even if it is stopped already - return dockerc.containers(service_names=["gophish"], stopped=True)[0] + return dockerc.compose.ps(services=["gophish"], all=True)[0] @pytest.fixture(scope="session") def gophish_tools_container(dockerc): - """Return the gophish-tools container from the docker composition.""" + """Return the gophish-tools container from the Docker composition.""" # find the container by name even if it is stopped already - return dockerc.containers(service_names=["gophish-tools"], stopped=True)[0] + return dockerc.compose.ps(services=["gophish-tools"], all=True)[0] @pytest.fixture(scope="session") def postfix_container(dockerc): - """Return the postfix container from the docker composition.""" + """Return the postfix container from the Docker composition.""" # find the container by name even if it is stopped already - return dockerc.containers(service_names=["postfix"], stopped=True)[0] + return dockerc.compose.ps(services=["postfix"], all=True)[0] @pytest.fixture(scope="session") def mailhog_container(dockerc): - """Return the mailhog container from the docker composition.""" + """Return the mailhog container from the Docker composition.""" # find the container by name even if it is stopped already - return dockerc.containers(service_names=["mailhog"], stopped=True)[0] + return dockerc.compose.ps(services=["mailhog"], all=True)[0] def pytest_addoption(parser): diff --git a/tests/container_test.py b/tests/container_test.py index cec001b..f9f35b3 100644 --- a/tests/container_test.py +++ b/tests/container_test.py @@ -15,7 +15,7 @@ def test_container_count(dockerc): """Verify the test composition and container.""" # stopped parameter allows non-running containers in results assert ( - len(dockerc.containers(stopped=True)) == 4 + len(dockerc.compose.ps(all=True)) == 4 ), "Wrong number of containers were started." @@ -24,7 +24,7 @@ def test_successful_exit_gophish_tools(gophish_tools_container): SUCCESSFUL_EXIT = 0 TIMEOUT = 10 for i in range(TIMEOUT): - if gophish_tools_container.exit_code == SUCCESSFUL_EXIT: + if gophish_tools_container.state.exit_code == SUCCESSFUL_EXIT: break time.sleep(1) else: @@ -39,7 +39,7 @@ def test_wait_for_ready_gophish(gophish_container): TIMEOUT = 10 ready_message = READY_MESSAGES["gophish"] for i in range(TIMEOUT): - if ready_message in gophish_container.logs().decode("utf-8"): + if ready_message in gophish_container.logs(): break time.sleep(1) else: @@ -54,7 +54,7 @@ def test_wait_for_ready_postfix(postfix_container): TIMEOUT = 10 ready_message = READY_MESSAGES["postfix"] for i in range(TIMEOUT): - if ready_message in postfix_container.logs().decode("utf-8"): + if ready_message in postfix_container.logs(): break time.sleep(1) else: @@ -69,7 +69,7 @@ def test_wait_for_ready_mailhog(mailhog_container): TIMEOUT = 10 ready_message = READY_MESSAGES["mailhog"] for i in range(TIMEOUT): - if ready_message in mailhog_container.logs().decode("utf-8"): + if ready_message in mailhog_container.logs(): break time.sleep(1) else: