Merge pull request #45 from pablosnt/develop

Release 2.0.0

.github/workflows/code-style.yml

@@ -8,38 +8,39 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        if: github.event_name == 'pull_request'
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
-          ref: refs/pull/${{ github.event.pull_request.number }}/merge
-
-      - name: Checkout
-        if: github.event_name != 'pull_request'
-        uses: actions/checkout@v2
 
       - name: Flake8 check
-        uses: valentijnscholten/flake8-your-pr@master
+        uses: julianwachholz/flake8-action@v2
+        with:
+          checkName: "flake8"
+          path: ./src
+          config: ./src/.flake8
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   mypy:
     runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./src
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
           python-version: '3.7'
 
       - name: Install Python dependencies
         run: |
           python -m pip install -U pip
+          python -m pip install mypy==0.931
           python -m pip install -r requirements.txt
-
-      - name: Install MyPy
-        run: python3 -m pip install mypy==0.931
       
       - name: MyPy check
-        run: mypy --namespace-packages --package rekono --install-types --non-interactive
+        run: |
+          mypy --namespace-packages --package rekono --install-types --non-interactive
+          mypy --namespace-packages --package tests --install-types --non-interactive

.github/workflows/release.yml

@@ -9,13 +9,16 @@ jobs:
     name: Publish Release
     runs-on: ubuntu-latest
     environment: Release
+    defaults:
+      run:
+        working-directory: ./src
     steps:
       - name: Checkout
         uses: actions/checkout@v3
         with:
-          ref: main
+          fetch-depth: 0
 
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         with:
           python-version: '3.7'
 

.github/workflows/security-sast.yml

@@ -0,0 +1,38 @@
+name: SAST
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - '.github/workflows/**'
+      - 'src/rekono/**'
+
+jobs:
+  semgrep:
+    name: Semgrep
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Python 3
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.7
+
+      - name: Install Semgrep
+        run: pip install semgrep
+
+      - name: Scan code
+        run: semgrep --config=auto --error --json -o semgrep_code.json src/rekono/
+
+      - name: Scan workflows
+        run: semgrep --config=auto --error --json -o semgrep_cicd.json .github/workflows/
+
+      - name: Upload Semgrep report as GitHub artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: Semgrep
+          path: semgrep_*.json
+          if-no-files-found: warn

.github/workflows/security-secrets.yml

@@ -9,15 +9,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Setup Python 3
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: 3.7
 
       - name: Install detect-secrets
-        run: pip install detect-secrets==1.2.0
+        run: pip install detect-secrets==1.4.0
 
       - name: Scan
         id: scan

.github/workflows/unit-testing.yml

@@ -0,0 +1,35 @@
+name: Unit testing
+on:
+  workflow_dispatch:
+  pull_request:
+    paths:
+      - 'src/rekono/**'
+      - 'src/tests/**'
+      - 'src/requirements.txt'
+
+env:
+  REQUIRED_COVERAGE: 95
+
+jobs:
+  unit-testing:
+    name: Unit testing
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./src
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+
+      - name: Install Python dependencies
+        run: python3 -m pip install -r requirements.txt
+
+      - name: Run unit tests
+        run: coverage run -m pytest
+
+      - name: Check coverage
+        run: coverage report -m --skip-covered --omit="tests/*,rekono/client/*" --fail-under=$REQUIRED_COVERAGE

.pre-commit-config.yaml

@@ -9,11 +9,12 @@ repos:
             require_serial: true
             verbose: true
     - repo: https://github.com/Yelp/detect-secrets
-      rev: v1.2.0
+      rev: v1.4.0
       hooks:
           - id: detect-secrets
             args: ["--baseline", ".secrets.baseline"]
     - repo: https://github.com/PyCQA/flake8
       rev: 4.0.1
       hooks:
           - id: flake8
+            args: ["--config", "src/.flake8", "src/rekono/", "src/tests/"]

.secrets.baseline

@@ -1,5 +1,5 @@
 {
-  "version": "1.2.0",
+  "version": "1.4.0",
   "plugins_used": [
     {
       "name": "ArtifactoryDetector"
@@ -72,6 +72,10 @@
     {
       "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
     },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
     {
       "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
       "min_level": 2
@@ -110,11 +114,11 @@
         "type": "Secret Keyword",
         "filename": ".github/workflows/security-secrets.yml",
         "hashed_secret": "108b310facc1a193833fc2971fd83081f775ea0c",
-        "is_secret": false,
         "is_verified": false,
-        "line_number": 24
+        "line_number": 24,
+        "is_secret": false
       }
     ]
   },
-  "generated_at": "2022-03-26T13:41:59Z"
+  "generated_at": "2023-01-28T13:02:57Z"
 }

CHANGELOG.md

@@ -3,6 +3,17 @@ All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.0] - 2023-05-07
+
+### Added
+
+- [**BREAKING**] Remove `install`, `update`, `uninstall` and `services` commands (https://github.com/pablosnt/rekono-cli/issues/34)
+- [**BREAKING**] Remove support for Rekono basic authentication (https://github.com/pablosnt/rekono-cli/issues/38)
+- [**BREAKING**] Change `rekono` command by `rekono-cli` command (https://github.com/pablosnt/rekono-cli/issues/46)
+- Optimize, improve, clean and test source code (https://github.com/pablosnt/rekono-cli/issues/36)
+- Specific commands to manage specific Rekono entities (https://github.com/pablosnt/rekono-cli/issues/40)
+
+
 ## [1.1.0] - 2023-01-11
 
 ### Added

CONTRIBUTING.md

@@ -1,43 +1,75 @@
-Thank you for making Rekono greater.
+**Thank you for making Rekono greater!**
+
+
+## Branches
+
+**Create Pull Requests to the `develop` branch of this project**. All the Pull Requests should be reviewed and approved before been merged and after that, your code will be included in the next release.
+
+```mermaid
+gitGraph
+    commit
+    commit tag: "1.0.0"
+    branch develop
+    checkout develop
+    commit
+    commit
+    branch feature/new-contribution
+    checkout feature/new-contribution
+    commit
+    checkout develop
+    merge feature/new-contribution
+    commit
+    checkout main
+    merge develop tag: "1.1.0"
+```
+
 
-## Issues
 
-You can create different kinds of [Issues](https://github.com/pablosnt/rekono-cli/issues/new/choose) to report bugs, request new features or ask for help.
+## Development environment
 
-Please, don't report security vulnerabilities in GitHub Issues. See our [Security Policy](https://github.com/pablosnt/rekono-cli/security/policy).
+You can follow the [from source installation](https://github.com/pablosnt/rekono-cli#from-source) installation guide to prepare your development environment.
 
 
-## Contributing to Rekono
+### Unit Tests
 
-You can create Pull Requests to the `develop` branch of this project. All the Pull Requests should be reviewed and approved before been merged. After that, your code will be included on the next Rekono release.
+Unit tests can be executed using this command:
 
-In this section you can see how to achieve that and the things that you should to take into account.
+```
+# pwd: src/
+coverage run -m pytest
+```
 
-### Development environment
+New Rekono contributions should tested using unit tests.
 
-You can follow the [`From Source`](https://github.com/pablosnt/rekono-cli#from-source) installation guide to prepare your development environment.
 
 ### CI/CD
 
 This project has the following checks in _Continuous Integration_:
 
-1. `Code style`: check the source code style using the tools `mypy`, `flake8` and `eslint`.
+1. `Code style`: check the source code style using `mypy` and `flake8`.
 
-2. `SCA`: check the project dependencies to find libraries with known vulnerabilities. Software Composition Analysis.
+2. `SAST`: scan source code using `semgrep` to find vulnerabilities. This is a Static Application Security Testing.
 
-3. `Secrets scanning`: check the source code to find leaked passwords, tokens or other credentials that could be exposed in the GitHub repository.
+3. `Secrets scanning`: check the source code using `detect-secrets` to find leaked passwords, tokens or other credentials that could be exposed.
 
-**All CI/CD checks should be passed before merging any Pull Request**, so it's advised to install the pre-commit hooks in your local repositories using this commands:
+4. `Unit testing`: check if the project works executing the unit tests.
+
+5. `Snyk`: check the project dependencies to find libraries with known vulnerabilities. This is a Software Composition Analysis (SCA).
+
+**All CI/CD checks should be passed before merging any Pull Request**, so it's advised to install the pre-commit hooks in your local repositories to check your changes before commit them:
 
 ```
 # pwd: root directory
 python3 -m pip install pre-commit
 pre-commit install
 ```
 
+
 ### Way of Code
 
 There are some guidelines to keep the code clean and ensure the correct working of the application:
 
-- Comment your code, specially to document the classes and methods.
+- Keep code style
+- Comment your code, specially classes and methods.
+- Make unit tests for all your code to ensure its correct working.
 - Don't include code vulnerabilities or vulnerable libraries.