Skip to content

Commit

Permalink
Merge 8c3e603 into 4e1994f
Browse files Browse the repository at this point in the history
  • Loading branch information
hluk authored Apr 29, 2022
2 parents 4e1994f + 8c3e603 commit f9ab1f9
Show file tree
Hide file tree
Showing 8 changed files with 145 additions and 12 deletions.
9 changes: 9 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "daily"
114 changes: 114 additions & 0 deletions .github/workflows/gating.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
name: Gating

on:
pull_request:
push:
workflow_dispatch:
inputs: {}

jobs:
tests:
name: Unit tests
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.9"]

steps:
- uses: actions/checkout@v2

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python-version }}

- name: Install system dependencies
uses: nick-invision/retry@v2
with:
timeout_minutes: 10
retry_wait_seconds: 30
max_attempts: 3
command: >-
sudo apt-get update
&& sudo apt-get install
libkrb5-dev
libldap2-dev
libsasl2-dev
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install tox tox-gh-actions
- name: Test with tox
run: tox -e py

- name: Run coveralls-python
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
COVERALLS_FLAG_NAME: python-${{ matrix.python-version }}
COVERALLS_PARALLEL: true
run: |
pip3 install --upgrade pip
pip3 install --upgrade setuptools
pip3 install --upgrade coveralls==3.2.0
coveralls --service=github
coveralls-finish:
name: Finish coveralls-python
needs: tests
runs-on: ubuntu-latest
steps:
- name: Finished
run: |
pip3 install --upgrade pip
pip3 install --upgrade setuptools
pip3 install --upgrade coveralls
coveralls --finish --service=github
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

linters:
name: Linters
strategy:
matrix:
tox_env:
- bandit
- lint

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v2

- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: "3.9"

- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install tox
- name: Test '${{ matrix.tox_env }}' with tox
run: tox -e ${{ matrix.tox_env }}

hadolint:
name: Hadolint
runs-on: ubuntu-latest
strategy:
matrix:
dockerfile:
- Dockerfile

steps:
- uses: actions/checkout@v2

- uses: hadolint/hadolint-action@v1.5.0
with:
dockerfile: ${{ matrix.dockerfile }}
# Ignore list:
# * DL3041 - Specify version with dnf install -y <package>-<version>
ignore: DL3041
failure-threshold: warning
9 changes: 5 additions & 4 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,17 @@ FROM registry.fedoraproject.org/fedora:34 AS builder
RUN dnf -y install --nodocs --setopt=install_weak_deps=false \
'dnf-command(builddep)' \
git-core \
rpm-build
rpm-build \
&& dnf -y clean all

COPY .git /src/.git

RUN cd /src \
&& git reset --hard HEAD \
WORKDIR /src
RUN git reset --hard HEAD \
&& dnf -y builddep waiverdb.spec \
&& ./rpmbuild.sh -bb \
&& rm /src/rpmbuild-output/*/waiverdb-cli-*

WORKDIR /

FROM registry.fedoraproject.org/fedora:34
LABEL \
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Flask
Flask-RESTful!=0.3.6
Flask-SQLAlchemy
flask-cors
SQLAlchemy
SQLAlchemy==1.3.22
gssapi
Flask-Migrate

Expand Down
15 changes: 12 additions & 3 deletions tox.ini
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[tox]
envlist = lint,py39,docs
envlist = bandit,lint,py39,docs

# If the user is missing an interpreter, don't fail
skip_missing_interpreters = True
Expand All @@ -15,8 +15,14 @@ commands =
find -name *.pyc -delete
py.test {posargs}

[pytest]
testpaths = tests/
[testenv:bandit]
skip_install = true
deps =
bandit
commands =
bandit \
--exclude functional-tests,tests \
--recursive waiverdb

[testenv:docs]
changedir = docs
Expand All @@ -36,6 +42,9 @@ deps =
commands =
python -m flake8 {posargs}

[pytest]
testpaths = tests/

[flake8]
show-source = True
max-line-length = 100
Expand Down
2 changes: 1 addition & 1 deletion waiverdb/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ def create_app(config_obj=None):
app.config.from_object(config_obj)
else:
load_config(app)
if app.config['PRODUCTION'] and app.secret_key == 'replace-me-with-something-random':
if app.config['PRODUCTION'] and app.secret_key == 'replace-me-with-something-random': # nosec
raise Warning("You need to change the app.secret_key value for production")

# register error handlers
Expand Down
2 changes: 1 addition & 1 deletion waiverdb/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ def process_gssapi_request(token):
sc = gssapi.SecurityContext(usage="accept")

stage = "step context"
token = sc.step(token if token != "" else None)
token = sc.step(token if token != "" else None) # nosec
token = token if token is not None else ""

# The current architecture cannot support continuation here
Expand Down
4 changes: 2 additions & 2 deletions waiverdb/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,11 @@ class Config(object):
DATABASE_URI = 'postgresql+psycopg2:///waiverdb'
# We configure logging explicitly, turn off the Flask-supplied log handler.
LOGGER_HANDLER_POLICY = 'never'
HOST = '0.0.0.0'
HOST = '127.0.0.1'
PORT = 5004
PRODUCTION = False
SHOW_DB_URI = False
SECRET_KEY = 'replace-me-with-something-random'
SECRET_KEY = 'replace-me-with-something-random' # nosec

RESULTSDB_API_URL = 'https://taskotron.fedoraproject.org/resultsdb_api/api/v2.0'
# need to explicitly turn this off
Expand Down

0 comments on commit f9ab1f9

Please sign in to comment.