From 5d92f68c57d62e899decaecec0ddb53a3452e72e Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 28 Sep 2020 16:47:52 -0400 Subject: [PATCH 1/8] Add support to run this package as a module Also use the long form of -e in requirements-test.txt. --- requirements-test.txt | 2 +- src/example/__main__.py | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 src/example/__main__.py diff --git a/requirements-test.txt b/requirements-test.txt index 0a6d7d6..1d0a5a4 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,2 +1,2 @@ +--editable .[test] --requirement requirements.txt --e .[test] diff --git a/src/example/__main__.py b/src/example/__main__.py new file mode 100644 index 0000000..11a3238 --- /dev/null +++ b/src/example/__main__.py @@ -0,0 +1,5 @@ +"""Code to run if this package is used as a Python module.""" + +from .example import main + +main() From b072dc459fbc6b8aab1c4691e23c7a0f7b168559 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 6 Oct 2020 14:04:11 -0400 Subject: [PATCH 2/8] Change execution status of example.py Remove the execute bit in file permissions and remove the shebang line. Since this is configured as a Python package that is installed using pip, it should only use `python -m example` or the `example` console script to be run. --- src/example/example.py | 2 -- 1 file changed, 2 deletions(-) mode change 100755 => 100644 src/example/example.py diff --git a/src/example/example.py b/src/example/example.py old mode 100755 new mode 100644 index 556e8b5..73faa33 --- a/src/example/example.py +++ b/src/example/example.py @@ -1,5 +1,3 @@ -#!/usr/bin/env python - """example is an example Python library and tool. Divide one integer by another and log the result. Also log some information From 5c83a56a947a559f6e76b44b7fbaff5190e377e7 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Tue, 6 Oct 2020 16:23:17 -0400 Subject: [PATCH 3/8] Add support for Python 3.9 --- .github/workflows/build.yml | 4 ++-- setup.py | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index fe25063..dcb7e02 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,7 +48,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - python-version: [3.6, 3.7, 3.8] + python-version: [3.6, 3.7, 3.8, 3.9] steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 @@ -82,7 +82,7 @@ jobs: needs: [lint, test] strategy: matrix: - python-version: [3.6, 3.7, 3.8] + python-version: [3.6, 3.7, 3.8, 3.9] steps: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 diff --git a/setup.py b/setup.py index ac0d34e..e5122c3 100644 --- a/setup.py +++ b/setup.py @@ -62,6 +62,7 @@ def package_vars(version_file): "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7", "Programming Language :: Python :: 3.8", + "Programming Language :: Python :: 3.9", ], python_requires=">=3.6", # What does your project relate to? From 6a4164dfbac372fde6babd98ece2ab61c9b5e380 Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 7 Oct 2020 12:41:47 -0400 Subject: [PATCH 4/8] Bump build workflow python-version to 3.9 --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 7a92841..3493928 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -18,7 +18,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-python@v2 with: - python-version: 3.8 + python-version: 3.9 - name: Store installed Python version run: | echo "::set-env name=PY_VERSION::"\ From c9c00f1d03d2185dfa4a7cab0ec45bd76387c95a Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 7 Oct 2020 12:42:59 -0400 Subject: [PATCH 5/8] Replace deprecated set-env workflow syntax See: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ --- .github/workflows/build.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3493928..d0563b8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,8 +21,9 @@ jobs: python-version: 3.9 - name: Store installed Python version run: | - echo "::set-env name=PY_VERSION::"\ - "$(python -c "import platform;print(platform.python_version())")" + echo "PY_VERSION="\ + "$(python -c "import platform;print(platform.python_version())")" \ + >> $GITHUB_ENV - name: Cache linting environments uses: actions/cache@v2 with: From 7389a1b0cfa7e6d1b50fccef2381d3c28d31e49c Mon Sep 17 00:00:00 2001 From: Felddy Date: Wed, 7 Oct 2020 12:43:54 -0400 Subject: [PATCH 6/8] Enable weekly dependabot scans of github-actions and pip --- .github/dependabot.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..1fd2ed3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +--- + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + + - package-ecosystem: "pip" + directory: "/" + schedule: + interval: "weekly" From d79989a34e4d39fea0cd2eafbc37f17c0cde992b Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 7 Oct 2020 15:12:16 -0400 Subject: [PATCH 7/8] Add testing for __main__.py in pursuit of glorious 100% coverage --- tests/test_example.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/test_example.py b/tests/test_example.py index 689385d..ba79ccf 100644 --- a/tests/test_example.py +++ b/tests/test_example.py @@ -44,6 +44,18 @@ def test_stdout_version(capsys): ), "standard output by '--version' should agree with module.__version__" +def test___main__(capsys): + """Verify that the __main__.py file loads correctly.""" + with pytest.raises(SystemExit): + with patch.object(sys, "argv", ["bogus", "--version"]): + # cisagov Libraries + import example.__main__ # noqa: F401 + captured = capsys.readouterr() + assert ( + captured.out == f"{PROJECT_VERSION}\n" + ), "standard output by '--version' should agree with module.__version__" + + @pytest.mark.skipif( RELEASE_TAG in [None, ""], reason="this is not a release (RELEASE_TAG not set)" ) From db59fc1e6bd1d8937b7eb0c5c9a2e604764e9b19 Mon Sep 17 00:00:00 2001 From: Felddy Date: Thu, 8 Oct 2020 15:08:24 -0400 Subject: [PATCH 8/8] Enable CodeQL scanning for Python. See: https://securitylab.github.com/tools/codeql --- .github/workflows/codeql-analysis.yml | 76 +++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..2efa411 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,76 @@ +--- +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +name: "CodeQL" + +on: + push: + # Push on all branches + # branches: [develop] + pull_request: + # The branches below must be a subset of the branches above + branches: [develop] + schedule: + - cron: '0 14 * * 6' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + # Override automatic language detection by changing the below list + # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', + # 'python'] + language: ['python'] + # Learn more... + # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + with: + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a + # config file. By default, queries listed here will override any + # specified in a config file. Prefix the list here with "+" to use + # these queries and those in the config file. queries: + # ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or + # Java). If this step fails, then you should remove it and run the build + # manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following + # three lines and modify them (or add more) to build your code if your + # project uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1