Merge pull request #109 from sonatype-nexus-community/dev

BREAKING CHANGE: Feature Release

.circleci/config.yml

@@ -1,4 +1,5 @@
-# Copyright 2019-present Sonatype Inc.
+#
+# Copyright 2019-Present Sonatype Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,19 +12,22 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-
+#
 version: 2.1
 
 commands:
   ensure_poetry_installed:
-    description: "Installs Poetry ready for use"
+    description: "Install Poetry"
     steps:
       - run: |
           python -m ensurepip --default-pip
           pip install --upgrade pip
-          pip install poetry
+          pip install poetry==1.1.11
 
 executors:
+  python310:
+    docker:
+      - image: cimg/python:3.10
   python39:
     docker:
       - image: cimg/python:3.9
@@ -48,13 +52,13 @@ jobs:
       - checkout
       - restore_cache: # ensure this step occurs *before* installing dependencies
           name: "Restore any valid cache"
-          key: dependencies-{{ .Branch }}-{{ parameters.python_version }}-{{ checksum "poetry.lock" }}
+          key: dependencies-{{ .Branch }}-<< parameters.python_version >>-{{ checksum "poetry.lock" }}
       - run:
           command: |
             poetry install
       - save_cache:
           name: "Cache dependencies"
-          key: dependencies-{{ .Branch }}-{{ parameters.python_version }}-{{ checksum "poetry.lock" }}
+          key: dependencies-{{ .Branch }}-<< parameters.python_version >>-{{ checksum "poetry.lock" }}
           paths:
             - /home/circleci/.cache/pypoetry/virtualenvs
       - run:
@@ -74,27 +78,27 @@ jobs:
             poetry run jake ddt
 
   coding_standards:
-    executor: python39
+    executor: python310
     steps:
       - ensure_poetry_installed
       - checkout
       - restore_cache: # ensure this step occurs *before* installing dependencies
           name: "Restore any valid cache"
-          key: dependencies-{{ .Branch }}-{{ parameters.python_version }}-{{ checksum "poetry.lock" }}
+          key: dependencies-{{ .Branch }}-310-{{ checksum "poetry.lock" }}
       - run:
           command: |
             poetry install
       - save_cache:
           name: "Cache dependencies"
-          key: dependencies-{{ .Branch }}-{{ parameters.python_version }}-{{ checksum "poetry.lock" }}
+          key: dependencies-{{ .Branch }}-310-{{ checksum "poetry.lock" }}
           paths:
             - /home/circleci/.cache/pypoetry/virtualenvs
       - run:
           command: |
             poetry run tox -eflake8
 
   release_and_pypi_publish:
-    executor: python39
+    executor: python310
     steps:
       - add_ssh_keys:
           fingerprints:
@@ -103,12 +107,11 @@ jobs:
       - run:
           name: "Install python-semantic-release"
           command: |
-            export
             pip install python-semantic-release
       - checkout
       - restore_cache: # ensure this step occurs *before* installing dependencies
           name: "Restore any valid cache"
-          key: dependencies-{{ .Branch }}-39-{{ checksum "poetry.lock" }}
+          key: dependencies-{{ .Branch }}-310-{{ checksum "poetry.lock" }}
       - run:
           name: "Build for release"
           command: |
@@ -121,14 +124,36 @@ jobs:
             git config user.email "$GITHUB_EMAIL"
             semantic-release publish
 
+  static_code_analysis:
+    parameters:
+      python_version:
+        type: string
+      toxenv_factor:
+        type: string
+    executor: python<< parameters.python_version >>
+    steps:
+      - checkout
+      - ensure_poetry_installed
+      - run:
+          command: |
+            poetry install --no-root
+      - run:
+          command: |
+            poetry run tox -e mypy-<< parameters.toxenv_factor >>
+
 workflows:
   cicd:
     jobs:
       - build_and_test:
           matrix:
             parameters:
-              python_version: ["39", "38", "37", "36"]
+              python_version: ["310", "39", "38", "37", "36"]
       - coding_standards
+      - static_code_analysis:
+          matrix:
+            parameters:
+              python_version: [ "310", "36" ]
+              toxenv_factor: [ "locked", "lowest" ]
   release:
     jobs:
       - manual_release:

.mypy.ini

@@ -0,0 +1,51 @@
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+[mypy]
+
+files = jake/
+
+show_error_codes = True
+pretty = True
+
+warn_unreachable = True
+allow_redefinition = False
+
+# ignore_missing_imports = False
+# follow_imports = normal
+# follow_imports_for_stubs = True
+
+### Strict mode ###
+warn_unused_configs         = True
+disallow_subclassing_any    = True
+disallow_any_generics       = True
+disallow_untyped_calls      = True
+disallow_untyped_defs       = True
+disallow_incomplete_defs    = True
+check_untyped_defs          = True
+disallow_untyped_decorators = True
+no_implicit_optional        = True
+warn_redundant_casts        = True
+warn_return_any             = True
+no_implicit_reexport        = True
+
+# needed to silence some py37|py38 differences
+warn_unused_ignores         = False
+
+[mypy-pytest.*]
+ignore_missing_imports = True
+
+[mypy-tests.*]
+disallow_untyped_decorators = False

.readthedocs.yaml

@@ -0,0 +1,47 @@
+# encoding: utf-8
+
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Set the version of Python and other tools you might need
+build:
+  os: ubuntu-20.04
+  tools:
+    python: "3.9"
+    # You can also specify other tool versions:
+    # nodejs: "16"
+    # rust: "1.55"
+    # golang: "1.17"
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+   configuration: docs/conf.py
+
+# Formats
+formats: all
+
+# Optionally declare the Python requirements required to build your docs
+python:
+   install:
+     - method: pip
+       path: .
+     - requirements: docs/requirements.txt

docs/Makefile

@@ -0,0 +1,20 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line, and also
+# from the environment for the first two.
+SPHINXOPTS    ?=
+SPHINXBUILD   ?= sphinx-build
+SOURCEDIR     = .
+BUILDDIR      = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help Makefile
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile
+	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)

docs/changelog.rst

@@ -0,0 +1,17 @@
+.. #
+   # Copyright 2019-Present Sonatype Inc.
+   #
+   # Licensed under the Apache License, Version 2.0 (the "License");
+   # you may not use this file except in compliance with the License.
+   # You may obtain a copy of the License at
+   #
+   #     http://www.apache.org/licenses/LICENSE-2.0
+   #
+   # Unless required by applicable law or agreed to in writing, software
+   # distributed under the License is distributed on an "AS IS" BASIS,
+   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   # See the License for the specific language governing permissions and
+   # limitations under the License.
+   #
+
+.. mdinclude:: ../CHANGELOG.md

docs/conf.py

@@ -0,0 +1,66 @@
+# encoding: utf-8
+
+#
+# Copyright 2019-Present Sonatype Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+import pkg_resources
+
+# -- Project information -----------------------------------------------------
+
+project = 'Jake'
+copyright = '2019-Present Sonatype Inc.'
+author = 'Paul Horton, Jeffry Hesse, Dan Rollo'
+
+# The full version, including alpha/beta/rc tags
+release = pkg_resources.get_distribution("jake").version
+
+# -- General configuration ---------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    "sphinx.ext.autodoc",
+    "sphinx.ext.viewcode",
+    "autoapi.extension",
+    "sphinx_rtd_theme",
+    "m2r2"
+]
+
+# Document Python Code
+autoapi_type = 'python'
+autoapi_dirs = ['../jake']
+
+source_suffix = ['.rst', '.md']
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = 'sphinx_rtd_theme'
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = ['_static']

docs/index.rst

@@ -0,0 +1,44 @@
+.. #
+   # Copyright 2019-Present Sonatype Inc.
+   #
+   # Licensed under the Apache License, Version 2.0 (the "License");
+   # you may not use this file except in compliance with the License.
+   # You may obtain a copy of the License at
+   #
+   #     http://www.apache.org/licenses/LICENSE-2.0
+   #
+   # Unless required by applicable law or agreed to in writing, software
+   # distributed under the License is distributed on an "AS IS" BASIS,
+   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   # See the License for the specific language governing permissions and
+   # limitations under the License.
+   #
+
+Jake's Documentation
+====================================================
+
+``jake`` is a tool to check for your Python environments and applications that can:
+
+1. produce CycloneDX software bill-of-materials
+2. report on known vulnerabilities
+
+``jake`` is powered by `Sonatype OSS Index`_ and can also be used with `Sonatype's Nexus IQ Server`_.
+
+Internally, ``jake`` utilises libraries from `CycloneDX`_ when producing Software Bill of Materials.
+
+CycloneDX is a lightweight BOM specification that is easily created, human-readable, and simple to parse.
+
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Contents:
+
+   install
+   usage
+   support
+   changelog
+
+
+.. _Sonatype OSS Index: https://ossindex.sonatype.org/
+.. _Sonatype's Nexus IQ Server: https://www.sonatype.com/products/open-source-security-dependency-management
+.. _CycloneDX: https://cyclonedx.org/tool-center/