This project is a task runner to help automate common development tasks for projects using Python.
The goal of this effort is help implement DevSecOps practices consistly with the Software Development Lifecycle (SDLC) without burdening developers.
The objectives for achieving this goal are:
- Enforce use of commit signing
- Introduce QA tools early in development
- SAST, SCA, and DAST integration
- Encapulate processes for seamless integration with CI/CD systems
- Make TUF compliant packages for PyPI
The project can be installed using the following command:
pip install proman-workflows
The above will only install the workflows but not all dependencies. The additional dependencies can be install with:
pip install proman-workflow[all]
Currently, there are three command line utilities included with this install. This is due to the primary CLI tool being under heavy development.
The workflow-tools command provides direct access to each of integrations
provided by the task runner. It can either be used directory or extended as
a library for additional workflows.
The workflow-setup command
The workflow command is the intended CLI for the task runner but is still
under development. It will allow control of integrated tools through abstracted
phases accessible to a developer. The functionality is still imited at this time.
Setup a signing key for development:
workflow-tools setup
Q: Why should developers use this? A: Coodinating procedures and setup for multiple team members and projects is difficult and error prone. Task runners are purpose built to solve this problem.
Q: Why not include this using project templates? A: Since this is distributed as a library updates and changes can be much more easilly distributed.
Q: Why not use Invocations A: While this project is inspired by Invocations, it does not support a pluggable architecture.