-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #45 from pablosnt/develop
Release 2.0.0
- Loading branch information
Showing
88 changed files
with
2,766 additions
and
1,060 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
name: SAST | ||
on: | ||
workflow_dispatch: | ||
pull_request: | ||
paths: | ||
- '.github/workflows/**' | ||
- 'src/rekono/**' | ||
|
||
jobs: | ||
semgrep: | ||
name: Semgrep | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: Setup Python 3 | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: 3.7 | ||
|
||
- name: Install Semgrep | ||
run: pip install semgrep | ||
|
||
- name: Scan code | ||
run: semgrep --config=auto --error --json -o semgrep_code.json src/rekono/ | ||
|
||
- name: Scan workflows | ||
run: semgrep --config=auto --error --json -o semgrep_cicd.json .github/workflows/ | ||
|
||
- name: Upload Semgrep report as GitHub artifact | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: Semgrep | ||
path: semgrep_*.json | ||
if-no-files-found: warn |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
name: Unit testing | ||
on: | ||
workflow_dispatch: | ||
pull_request: | ||
paths: | ||
- 'src/rekono/**' | ||
- 'src/tests/**' | ||
- 'src/requirements.txt' | ||
|
||
env: | ||
REQUIRED_COVERAGE: 95 | ||
|
||
jobs: | ||
unit-testing: | ||
name: Unit testing | ||
runs-on: ubuntu-latest | ||
defaults: | ||
run: | ||
working-directory: ./src | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
|
||
- uses: actions/setup-python@v4 | ||
with: | ||
python-version: '3.9' | ||
|
||
- name: Install Python dependencies | ||
run: python3 -m pip install -r requirements.txt | ||
|
||
- name: Run unit tests | ||
run: coverage run -m pytest | ||
|
||
- name: Check coverage | ||
run: coverage report -m --skip-covered --omit="tests/*,rekono/client/*" --fail-under=$REQUIRED_COVERAGE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,43 +1,75 @@ | ||
Thank you for making Rekono greater. | ||
**Thank you for making Rekono greater!** | ||
|
||
|
||
## Branches | ||
|
||
**Create Pull Requests to the `develop` branch of this project**. All the Pull Requests should be reviewed and approved before been merged and after that, your code will be included in the next release. | ||
|
||
```mermaid | ||
gitGraph | ||
commit | ||
commit tag: "1.0.0" | ||
branch develop | ||
checkout develop | ||
commit | ||
commit | ||
branch feature/new-contribution | ||
checkout feature/new-contribution | ||
commit | ||
checkout develop | ||
merge feature/new-contribution | ||
commit | ||
checkout main | ||
merge develop tag: "1.1.0" | ||
``` | ||
|
||
|
||
## Issues | ||
|
||
You can create different kinds of [Issues](https://github.com/pablosnt/rekono-cli/issues/new/choose) to report bugs, request new features or ask for help. | ||
## Development environment | ||
|
||
Please, don't report security vulnerabilities in GitHub Issues. See our [Security Policy](https://github.com/pablosnt/rekono-cli/security/policy). | ||
You can follow the [from source installation](https://github.com/pablosnt/rekono-cli#from-source) installation guide to prepare your development environment. | ||
|
||
|
||
## Contributing to Rekono | ||
### Unit Tests | ||
|
||
You can create Pull Requests to the `develop` branch of this project. All the Pull Requests should be reviewed and approved before been merged. After that, your code will be included on the next Rekono release. | ||
Unit tests can be executed using this command: | ||
|
||
In this section you can see how to achieve that and the things that you should to take into account. | ||
``` | ||
# pwd: src/ | ||
coverage run -m pytest | ||
``` | ||
|
||
### Development environment | ||
New Rekono contributions should tested using unit tests. | ||
|
||
You can follow the [`From Source`](https://github.com/pablosnt/rekono-cli#from-source) installation guide to prepare your development environment. | ||
|
||
### CI/CD | ||
|
||
This project has the following checks in _Continuous Integration_: | ||
|
||
1. `Code style`: check the source code style using the tools `mypy`, `flake8` and `eslint`. | ||
1. `Code style`: check the source code style using `mypy` and `flake8`. | ||
|
||
2. `SCA`: check the project dependencies to find libraries with known vulnerabilities. Software Composition Analysis. | ||
2. `SAST`: scan source code using `semgrep` to find vulnerabilities. This is a Static Application Security Testing. | ||
|
||
3. `Secrets scanning`: check the source code to find leaked passwords, tokens or other credentials that could be exposed in the GitHub repository. | ||
3. `Secrets scanning`: check the source code using `detect-secrets` to find leaked passwords, tokens or other credentials that could be exposed. | ||
|
||
**All CI/CD checks should be passed before merging any Pull Request**, so it's advised to install the pre-commit hooks in your local repositories using this commands: | ||
4. `Unit testing`: check if the project works executing the unit tests. | ||
|
||
5. `Snyk`: check the project dependencies to find libraries with known vulnerabilities. This is a Software Composition Analysis (SCA). | ||
|
||
**All CI/CD checks should be passed before merging any Pull Request**, so it's advised to install the pre-commit hooks in your local repositories to check your changes before commit them: | ||
|
||
``` | ||
# pwd: root directory | ||
python3 -m pip install pre-commit | ||
pre-commit install | ||
``` | ||
|
||
|
||
### Way of Code | ||
|
||
There are some guidelines to keep the code clean and ensure the correct working of the application: | ||
|
||
- Comment your code, specially to document the classes and methods. | ||
- Keep code style | ||
- Comment your code, specially classes and methods. | ||
- Make unit tests for all your code to ensure its correct working. | ||
- Don't include code vulnerabilities or vulnerable libraries. |
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.