modernize CI (#4)

- use GitHub Actions for CI
- use pre-commit (pyupgrade, flake8, black)

.github/workflows/main.yml

@@ -0,0 +1,50 @@
+name: CI
+
+# Controls when the action will run. 
+on:
+  # Triggers the workflow on push or pull request events
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 12 * * 0'  # run once a week on Sunday
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  tests:
+    name: "Python ${{ matrix.python-version }}"
+    runs-on: "ubuntu-latest"
+
+    strategy:
+      matrix:
+        python-version: ["3.6", "3.7", "3.8", "3.9", "pypy3"]
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: "actions/checkout@v2"
+      - uses: "actions/setup-python@v2"
+        with:
+          python-version: "${{ matrix.python-version }}"
+      - name: "Install dependencies"
+        run: |
+          set -xe
+          python -VV
+          python -m site
+          python -m pip install --upgrade pip setuptools wheel
+          python -m pip install --upgrade virtualenv tox tox-gh-actions          
+      - name: "Run tox targets for ${{ matrix.python-version }}"
+        run: "python -m tox"
+
+      - name: "Report to coveralls"
+        # coverage is only created in the py39 environment
+        # --service=github is a workaround for bug
+        # https://github.com/coveralls-clients/coveralls-python/issues/251
+        if: "matrix.python-version == '3.9'"
+        run: |
+          pip install coveralls
+          coveralls --service=github
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.pre-commit-config.yaml

@@ -0,0 +1,14 @@
+repos:
+  - repo: https://github.com/psf/black
+    rev: 20.8b1
+    hooks:
+      - id: black
+  - repo: https://gitlab.com/pycqa/flake8
+    rev: "3.8.4"
+    hooks:
+      - id: flake8
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v2.7.4
+    hooks:
+    - id: pyupgrade
+      args: [--py36-plus]

HISTORY.rst

@@ -7,6 +7,9 @@ unreleased
 - Update supported Python versions.
   [jugmac00]
 
+- Use GitHub Actions for CI.
+  [jugmac00
+
 0.2.0 (2018-02-02)
 ~~~~~~~~~~~~~~~~~~~~~
 

README.rst

@@ -1,3 +1,18 @@
+.. image:: https://github.com/morepath/more.content_security/workflows/CI/badge.svg?branch=master
+   :target: https://github.com/morepath/more.content_security/actions?workflow=CI
+   :alt: CI Status
+
+.. image:: https://coveralls.io/repos/github/morepath/more.content_security/badge.svg?branch=master
+    :target: https://coveralls.io/github/morepath/more.content_security?branch=master
+
+.. image:: https://img.shields.io/pypi/v/more.content_security.svg
+  :target: https://pypi.org/project/more.content_security/
+
+.. image:: https://img.shields.io/pypi/pyversions/more.content_security.svg
+  :target: https://pypi.org/project/more.content_security/
+
+
+
 more.content_security
 =====================
 
@@ -106,27 +121,6 @@ more.content_security follows PEP8 as close as possible. To test for it run::
 
 more.content_security uses `Semantic Versioning <http://semver.org/>`_
 
-Build Status
-------------
-
-.. image:: https://travis-ci.com/morepath/more.content_security.png
-  :target: https://travis-ci.com/morepath/more.content_security
-  :alt: Build Status
-
-Coverage
---------
-
-.. image:: https://coveralls.io/repos/morepath/more.content_security/badge.png?branch=master
-  :target: https://coveralls.io/r/morepath/more.content_security?branch=master
-  :alt: Project Coverage
-
-Latest PyPI Release
--------------------
-
-.. image:: https://badge.fury.io/py/more.content_security.svg
-    :target: https://badge.fury.io/py/more.content_security
-    :alt: Latest PyPI Release
-
 License
 -------
 more.content_security is released unter the revised BSD license

more/__init__.py

@@ -1 +1 @@
-__import__('pkg_resources').declare_namespace(__name__)
+__import__("pkg_resources").declare_namespace(__name__)

more/content_security/__init__.py

@@ -8,12 +8,12 @@
 from more.content_security.core import ContentSecurityRequest
 
 __all__ = (
-    'ContentSecurityApp',
-    'ContentSecurityPolicy',
-    'ContentSecurityRequest',
-    'NONE',
-    'SELF',
-    'STRICT_DYNAMIC',
-    'UNSAFE_INLINE',
-    'UNSAFE_EVAL',
+    "ContentSecurityApp",
+    "ContentSecurityPolicy",
+    "ContentSecurityRequest",
+    "NONE",
+    "SELF",
+    "STRICT_DYNAMIC",
+    "UNSAFE_INLINE",
+    "UNSAFE_EVAL",
 )

more/content_security/core.py

@@ -10,24 +10,24 @@
 
 
 def random_nonce():
-    return base64.b64encode(os.urandom(NONCE_LENGTH)).decode('utf-8')
+    return base64.b64encode(os.urandom(NONCE_LENGTH)).decode("utf-8")
 
 
 class ContentSecurityRequest(Request):
-
     @property
     def content_security_policy(self):
-        """ Provides access to a request-local version of the content
+        """Provides access to a request-local version of the content
         security policy.
 
         This policy may be modified without having any effect on the default
         security policy.
 
         """
 
-        if not hasattr(self, '_content_security_policy'):
-            self._content_security_policy\
-                = self.app.settings.content_security_policy.default.copy()
+        if not hasattr(self, "_content_security_policy"):
+            self._content_security_policy = (
+                self.app.settings.content_security_policy.default.copy()
+            )
 
         return self._content_security_policy
 
@@ -36,7 +36,7 @@ def content_security_policy(self, policy):
         self._content_security_policy = policy
 
     def content_security_policy_nonce(self, target):
-        """ Generates a nonce that's random once per request, adds it to
+        """Generates a nonce that's random once per request, adds it to
         either 'style-src' or 'script-src' and returns its value.
 
         This can be used to whitelist inline scripts/styles with nonces.
@@ -46,19 +46,19 @@ def content_security_policy_nonce(self, target):
 
         """
 
-        assert target in ('script', 'style')
+        assert target in ("script", "style")
 
         policy = self.content_security_policy
         nonce = self.content_security_policy_nonce_value
-        directive = '{}_src'.format(target)
+        directive = f"{target}_src"
 
-        getattr(policy, directive).add("'nonce-{}'".format(nonce))
+        getattr(policy, directive).add(f"'nonce-{nonce}'")
 
         return nonce
 
     @property
     def content_security_policy_nonce_value(self):
-        """ Returns the request-bound content security nonce. It is secure
+        """Returns the request-bound content security nonce. It is secure
         to keep this once per request. It is only dangerous to use nonces
         over more than one request.
 
@@ -67,7 +67,7 @@ def content_security_policy_nonce_value(self):
 
         """
 
-        if not hasattr(self, '_nonce_value'):
+        if not hasattr(self, "_nonce_value"):
             self._nonce_value = random_nonce()
 
         return self._nonce_value
@@ -77,14 +77,13 @@ class ContentSecurityApp(App):
     request_class = ContentSecurityRequest
 
 
-@ContentSecurityApp.setting('content_security_policy', 'default')
+@ContentSecurityApp.setting("content_security_policy", "default")
 def default_policy():
     return ContentSecurityPolicy()
 
 
-@ContentSecurityApp.setting('content_security_policy', 'apply_policy')
+@ContentSecurityApp.setting("content_security_policy", "apply_policy")
 def default_policy_apply_factory():
-
     def apply_policy(policy, request, response):
         policy.apply(response)
 
@@ -98,7 +97,7 @@ def content_security_policy_tween_factory(app, handler):
     def content_security_policy_tween(request):
         response = handler(request)
 
-        if hasattr(request, '_content_security_policy'):
+        if hasattr(request, "_content_security_policy"):
             # a custom security policy is used
             policy = request._content_security_policy
         else: