Merge 431218d into d8d033e

.coveragerc

@@ -2,7 +2,7 @@
 # https://coverage.readthedocs.io/en/latest/config.html
 
 [run]
-source = src/
+source = src/pca_report_library
 omit =
 branch = true
 

.github/workflows/build.yml

@@ -72,48 +72,42 @@ jobs:
         env:
           RELEASE_TAG: ${{ github.event.release.tag_name }}
         run: pytest
-  # coveralls is failing (we think) because the "src/" directory does not
-  # conform to Python standards.
-  # TODO: Re-enable the coveralls-related steps below once this repository
-  # has been modified to be a descendant of cisagov/skeleton-python-library
-  # and the "src/" directory conforms to Python library standards.
-  # See https://github.com/cisagov/pca-report-library/issues/8
-  #     - name: Upload coverage report
-  #       run: coveralls
-  #       env:
-  #         COVERALLS_FLAG_NAME: "py${{ matrix.python-version }}"
-  #         COVERALLS_PARALLEL: true
-  #         COVERALLS_SERVICE_NAME: github
-  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  #       if: success()
-  # coveralls-finish:
-  #   runs-on: ubuntu-latest
-  #   needs: test
-  #   steps:
-  #     - uses: actions/checkout@v2
-  #     - id: setup-python
-  #       uses: actions/setup-python@v2
-  #       with:
-  #         python-version: 3.9
-  #     - uses: actions/cache@v2
-  #       env:
-  #         BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
-  #           py${{ steps.setup-python.outputs.python-version }}-"
-  #       with:
-  #         path: ${{ env.PIP_CACHE_DIR }}
-  #         key: "${{ env.BASE_CACHE_KEY }}\
-  #           ${{ hashFiles('**/requirements-test.txt') }}-\
-  #           ${{ hashFiles('**/requirements.txt') }}"
-  #         restore-keys: |
-  #           ${{ env.BASE_CACHE_KEY }}
-  #     - name: Install dependencies
-  #       run: |
-  #         python -m pip install --upgrade pip
-  #         pip install --upgrade --requirement requirements-test.txt
-  #     - name: Finished coveralls reports
-  #       run: coveralls --finish
-  #       env:
-  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload coverage report
+        run: coveralls
+        env:
+          COVERALLS_FLAG_NAME: "py${{ matrix.python-version }}"
+          COVERALLS_PARALLEL: true
+          COVERALLS_SERVICE_NAME: github
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        if: success()
+  coveralls-finish:
+    runs-on: ubuntu-latest
+    needs: test
+    steps:
+      - uses: actions/checkout@v2
+      - id: setup-python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.9
+      - uses: actions/cache@v2
+        env:
+          BASE_CACHE_KEY: "${{ github.job }}-${{ runner.os }}-\
+            py${{ steps.setup-python.outputs.python-version }}-"
+        with:
+          path: ${{ env.PIP_CACHE_DIR }}
+          key: "${{ env.BASE_CACHE_KEY }}\
+            ${{ hashFiles('**/requirements-test.txt') }}-\
+            ${{ hashFiles('**/requirements.txt') }}"
+          restore-keys: |
+            ${{ env.BASE_CACHE_KEY }}
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install --upgrade --requirement requirements-test.txt
+      - name: Finished coveralls reports
+        run: coveralls --finish
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   build:
     runs-on: ubuntu-latest
     needs: [lint, test]

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,68 @@
+---
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "CodeQL"
+
+on:
+  push:
+    # Dependabot triggered push events have read-only access, but uploading code
+    # scanning requires write access.
+    branches-ignore: [dependabot/**]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [develop]
+  schedule:
+    - cron: '0 14 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection by changing the below list
+        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript',
+        # 'python']
+        language: ['python']
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a
+          # config file. By default, queries listed here will override any
+          # specified in a config file. Prefix the list here with "+" to use
+          # these queries and those in the config file. queries:
+          # ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or
+      # Java). If this step fails, then you should remove it and run the build
+      # manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following
+      # three lines and modify them (or add more) to build your code if your
+      # project uses a compiled language
+
+      # - run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.pre-commit-config.yaml

@@ -61,6 +61,7 @@ repos:
       - id: shell-lint
 
   # Python hooks
+  # Run bandit on "tests" tree with a configuration
   - repo: https://github.com/PyCQA/bandit
     rev: 1.7.0
     hooks:
@@ -69,6 +70,13 @@ repos:
         files: tests
         args:
           - --config=.bandit.yml
+  # Run bandit everything but tests directory
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.0
+    hooks:
+      - id: bandit
+        name: bandit (everything else)
+        exclude: tests
   - repo: https://github.com/psf/black
     rev: 21.5b2
     hooks:

Dockerfile

@@ -22,7 +22,7 @@ RUN addgroup --system --gid $CISA_UID cisa \
   && adduser --system --uid $CISA_UID --ingroup cisa cisa
 
 # Install fonts
-COPY src/assets/fonts /usr/share/fonts/truetype/ncats
+COPY src/pca_report_library/assets/fonts /usr/share/fonts/truetype/ncats
 RUN fc-cache -fsv
 
 

requirements-dev.txt

@@ -1,3 +1,4 @@
 --requirement requirements-test.txt
 ipython
+mypy
 semver

requirements-test.txt

@@ -1,2 +1,2 @@
+--editable .[test]
 --requirement requirements.txt
--e .[test]

requirements.txt

@@ -1,2 +1,3 @@
--e .
+# Note: Add any additional requirements to setup.py's install_requires field
+--editable .
 wheel

setup.py

@@ -1,5 +1,5 @@
 """
-This is the setup module for the example project.
+This is the setup module for the pca-report-library project.
 
 Based on:
 
@@ -9,9 +9,9 @@
 """
 
 # Standard Python Libraries
+import codecs
 from glob import glob
-from os import walk
-from os.path import basename, join, splitext
+from os.path import abspath, basename, dirname, join, splitext
 
 # Third-Party Libraries
 from setuptools import find_packages, setup
@@ -23,40 +23,42 @@ def readme():
         return f.read()
 
 
-def package_vars(version_file):
-    """Read in and return the variables defined by the version_file."""
-    pkg_vars = {}
-    with open(version_file) as f:
-        exec(f.read(), pkg_vars)  # nosec
-    return pkg_vars
+# Below two methods were pulled from:
+# https://packaging.python.org/guides/single-sourcing-package-version/
+def read(rel_path):
+    """Open a file for reading from a given relative path."""
+    here = abspath(dirname(__file__))
+    with codecs.open(join(here, rel_path), "r") as fp:
+        return fp.read()
 
 
-def package_files(directory):
-    """Read in and return package files from directory."""
-    paths = []
-    for (path, directories, filenames) in walk(directory):
-        for filename in filenames:
-            paths.append("../" + join(path, filename))
-    return paths
-
-
-extra_files = package_files("pca_report/assets")
+def get_version(version_file):
+    """Extract a version number from the given file path."""
+    for line in read(version_file).splitlines():
+        if line.startswith("__version__"):
+            delim = '"' if '"' in line else "'"
+            return line.split(delim)[1]
+    raise RuntimeError("Unable to find version string.")
 
 
 setup(
     name="pca-report-library",
     # Versions should comply with PEP440
-    version=package_vars("src/_version.py")["__version__"],
-    description="PCA Report generation library",
+    version=get_version("src/pca_report_library/_version.py"),
+    description="PCA report library",
     long_description=readme(),
     long_description_content_type="text/markdown",
-    # NCATS "homepage"
-    url="https://www.us-cert.gov/resources/ncats",
-    # The project's main homepage
-    download_url="https://github.com/bjb28/pca-report-library",
+    # Landing page for CISA's cybersecurity mission
+    url="https://www.cisa.gov/cybersecurity",
+    # Additional URLs for this project per
+    # https://packaging.python.org/guides/distributing-packages-using-setuptools/#project-urls
+    project_urls={
+        "Source": "https://github.com/cisagov/pca-report-library",
+        "Tracker": "https://github.com/cisagov/pca-report-library/issues",
+    },
     # Author details
-    author="Cyber and Infrastructure Security Agency",
-    author_email="ncats@hq.dhs.gov",
+    author="Cybersecurity and Infrastructure Security Agency",
+    author_email="github@cisa.dhs.gov",
     license="License :: CC0 1.0 Universal (CC0 1.0) Public Domain Dedication",
     # See https://pypi.python.org/pypi?%3Aaction=list_classifiers
     classifiers=[
@@ -75,17 +77,14 @@ def package_files(directory):
         "Programming Language :: Python :: 3.6",
         "Programming Language :: Python :: 3.7",
         "Programming Language :: Python :: 3.8",
+        "Programming Language :: Python :: 3.9",
     ],
     python_requires=">=3.6",
     # What does your project relate to?
     keywords="pca report automation",
     packages=find_packages(where="src"),
     package_dir={"": "src"},
-    package_data={
-        "": extra_files,
-        "customer": ["*.mustache"],
-        "templates": ["*.json"],
-    },
+    package_data={"pca_report_library": ["assets/*", "assets/*/*"]},
     py_modules=[splitext(basename(path))[0] for path in glob("src/*.py")],
     include_package_data=True,
     install_requires=[
@@ -94,32 +93,33 @@ def package_files(directory):
         "matplotlib >= 3.1.1",
         "numpy >= 1.17.2",
         "pystache >= 0.5.4",
-        "pytz >= 2019.2",
         "pytimeparse >= 1.1.8",
-        "setuptools >= 24.2.0",
+        "pytz >= 2019.2",
         "schema",
+        "setuptools >= 24.2.0",
     ],
     extras_require={
         "test": [
-            "pre-commit",
+            "coverage",
             # coveralls 1.11.0 added a service number for calls from
             # GitHub Actions. This caused a regression which resulted in a 422
             # response from the coveralls API with the message:
             # Unprocessable Entity for url: https://coveralls.io/api/v1/jobs
             # 1.11.1 fixed this issue, but to ensure expected behavior we'll pin
             # to never grab the regression version.
             "coveralls != 1.11.0",
-            "coverage",
+            "pre-commit",
             "pytest-cov",
             "pytest",
         ]
     },
-    # Conveniently allows one to run the CLI tool as `example`
+    # Conveniently allows one to run the CLI tools as `pca-report-compiler`,
+    # `pca-report-generator`, and `pca-report-templates`
     entry_points={
         "console_scripts": [
-            "pca-report-compiler = compiler.xelatex:main",
-            "pca-report-generator = customer.generate_report:main",
-            "pca-report-templates = templates.generate_template:main",
+            "pca-report-compiler = pca_report_library.compiler.xelatex:main",
+            "pca-report-generator = pca_report_library.customer.generate_report:main",
+            "pca-report-templates = pca_report_library.templates.generate_template:main",
         ]
     },
 )

src/pca_report_library/__init__.py

@@ -0,0 +1,16 @@
+"""The pca-report-library library."""
+
+from . import compiler, customer, templates, utility
+
+# We disable a Flake8 check for "Module imported but unused (F401)" here because
+# although this import is not directly used, it populates the value
+# package_name.__version__, which is used to get version information about this
+# Python package.
+from ._version import __version__  # noqa: F401
+
+__all__ = [
+    "compiler",
+    "customer",
+    "templates",
+    "utility",
+]

src/pca_report_library/__main__.py

@@ -0,0 +1,5 @@
+"""Code to run if this package is used as a Python module."""
+
+from .customer.generate_report import main
+
+main()

src/customer/report.mustache → src/pca_report_library/assets/report.mustache

@@ -49,7 +49,7 @@
 
 %%%%% Sets the fonts %%%%
 \usepackage{fontspec}
-\fontspec [Path = assets/fonts/ ]
+\fontspec [Path = assets/fonts/]
 {Franklin Gothic.ttf}
 
 \setmainfont[Path = assets/fonts/,

src/pca_report_library/compiler/__init__.py

@@ -0,0 +1,6 @@
+"""The compiler library."""
+from . import xelatex
+
+__all__ = [
+    "xelatex",
+]