From 1c278df3178b9ddb2a6cab500baa3977cff24b0e Mon Sep 17 00:00:00 2001 From: ShrijaDubey Date: Wed, 15 Jul 2026 00:19:43 +0530 Subject: [PATCH 1/2] fix: declare pytest-mock as dev dependency instead of installing ad hoc in CI --- .github/workflows/coverage.yml | 2 +- .github/workflows/python-app.yml | 204 +++++++++++++++---------------- CONTRIBUTING.md | 11 +- setup.py | 11 ++ 4 files changed, 117 insertions(+), 111 deletions(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 001d15b..06a1d9b 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -26,7 +26,7 @@ jobs: - name: Install dependencies run: | python -m pip install --upgrade pip - pip install pytest pytest-cov pytest-mock + pip install -e ".[dev]" pip install -r requirements.txt - name: Install package diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index 0e2bb10..d63068f 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -1,102 +1,102 @@ -name: Python Application CI - -on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - workflow_dispatch: - -permissions: - contents: read - -jobs: - build-and-test: - runs-on: ubuntu-latest - - strategy: - matrix: - python-version: ['3.12', '3.13'] - - steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 - with: - python-version: ${{ matrix.python-version }} - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r requirements.txt - - - name: Build and install package - run: | - pip install build - python -m build - pip install -e . - - - name: Setup Hadolint - run: | - curl -sL -o hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 - chmod +x hadolint - sudo mv hadolint /usr/local/bin/ - - - name: Setup Trivy - run: | - sudo apt-get update -qq - sudo apt-get install -y wget apt-transport-https gnupg lsb-release - wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo gpg --dearmor -o /usr/share/keyrings/trivy.gpg - echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/trivy.list - sudo apt-get update -qq - sudo apt-get install -y trivy - - - name: Run unit tests - run: | - pip install pytest pytest-mock - pytest tests/ -v - - - name: Lint Python code with ruff - run: | - pip install ruff - ruff check . - - - name: Lint Dockerfiles with Hadolint - run: | - find . -name "Dockerfile*" -exec hadolint {} \; - - - name: Scan Dockerfiles with Trivy - run: | - find . -name "Dockerfile*" -exec trivy config {} \; - - - name: Verify CLI installs correctly - run: | - docksec --version - docksec --help - - - name: Run scan-only mode (no AI required) - run: | - mkdir -p test_dir - cat > test_dir/Dockerfile << 'EOF' - FROM alpine:latest - RUN apk add --no-cache curl - WORKDIR /app - COPY . . - CMD ["sh"] - EOF - docker pull alpine:latest - docksec test_dir/Dockerfile --scan-only -i alpine:latest - rm -rf test_dir - - - name: Run image-only scan - run: | - docksec --image-only -i alpine:latest - - - name: Upload scan results - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 - if: always() - with: - name: scan-results - path: results/ - if-no-files-found: ignore + name: Python Application CI + + on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + workflow_dispatch: + + permissions: + contents: read + + jobs: + build-and-test: + runs-on: ubuntu-latest + + strategy: + matrix: + python-version: ['3.12', '3.13'] + + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 + with: + python-version: ${{ matrix.python-version }} + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Build and install package + run: | + pip install build + python -m build + pip install -e . + + - name: Setup Hadolint + run: | + curl -sL -o hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 + chmod +x hadolint + sudo mv hadolint /usr/local/bin/ + + - name: Setup Trivy + run: | + sudo apt-get update -qq + sudo apt-get install -y wget apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo gpg --dearmor -o /usr/share/keyrings/trivy.gpg + echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/trivy.list + sudo apt-get update -qq + sudo apt-get install -y trivy + + - name: Run unit tests + run: | + pip install -e ".[dev]" + pytest tests/ -v + + - name: Lint Python code with ruff + run: | + pip install ruff + ruff check . + + - name: Lint Dockerfiles with Hadolint + run: | + find . -name "Dockerfile*" -exec hadolint {} \; + + - name: Scan Dockerfiles with Trivy + run: | + find . -name "Dockerfile*" -exec trivy config {} \; + + - name: Verify CLI installs correctly + run: | + docksec --version + docksec --help + + - name: Run scan-only mode (no AI required) + run: | + mkdir -p test_dir + cat > test_dir/Dockerfile << 'EOF' + FROM alpine:latest + RUN apk add --no-cache curl + WORKDIR /app + COPY . . + CMD ["sh"] + EOF + docker pull alpine:latest + docksec test_dir/Dockerfile --scan-only -i alpine:latest + rm -rf test_dir + + - name: Run image-only scan + run: | + docksec --image-only -i alpine:latest + + - name: Upload scan results + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + if: always() + with: + name: scan-results + path: results/ + if-no-files-found: ignore diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b7fc584..c841a73 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -134,21 +134,16 @@ Unsure where to begin? Look for issues labeled: 3. **Install dependencies**: ```bash - pip install -e . + pip install -e ".[dev]" pip install -r requirements.txt ``` -4. **Install development dependencies**: - ```bash - pip install pytest pytest-cov black isort flake8 mypy - ``` - -5. **Install external tools** (optional, for full testing): +4. **Install external tools** (optional, for full testing): ```bash python -m docksec.setup_external_tools ``` -6. **Set up environment variables**: +5. **Set up environment variables**: ```bash cp .env.example .env # Edit .env and add your OpenAI API key if testing AI features diff --git a/setup.py b/setup.py index fd70696..4b462c2 100644 --- a/setup.py +++ b/setup.py @@ -41,6 +41,17 @@ "setuptools>=65.0.0", "ruamel.yaml>=0.18.6", ], + extras_require={ + "dev": [ + "pytest", + "pytest-cov", + "pytest-mock", + "black", + "isort", + "flake8", + "mypy", + ], + }, classifiers=[ "Programming Language :: Python :: 3", "License :: OSI Approved :: MIT License", From d313025772c5d9fa9ff28025c96025bd60b4c58f Mon Sep 17 00:00:00 2001 From: ShrijaDubey Date: Wed, 15 Jul 2026 00:31:42 +0530 Subject: [PATCH 2/2] fix: correct indentation in python-app.yml workflow --- .github/workflows/python-app.yml | 204 +++++++++++++++---------------- 1 file changed, 102 insertions(+), 102 deletions(-) diff --git a/.github/workflows/python-app.yml b/.github/workflows/python-app.yml index d63068f..f69b6f2 100644 --- a/.github/workflows/python-app.yml +++ b/.github/workflows/python-app.yml @@ -1,102 +1,102 @@ - name: Python Application CI - - on: - push: - branches: [ main ] - pull_request: - branches: [ main ] - workflow_dispatch: - - permissions: - contents: read - - jobs: - build-and-test: - runs-on: ubuntu-latest - - strategy: - matrix: - python-version: ['3.12', '3.13'] - - steps: - - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 - - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 - with: - python-version: ${{ matrix.python-version }} - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install -r requirements.txt - - - name: Build and install package - run: | - pip install build - python -m build - pip install -e . - - - name: Setup Hadolint - run: | - curl -sL -o hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 - chmod +x hadolint - sudo mv hadolint /usr/local/bin/ - - - name: Setup Trivy - run: | - sudo apt-get update -qq - sudo apt-get install -y wget apt-transport-https gnupg lsb-release - wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo gpg --dearmor -o /usr/share/keyrings/trivy.gpg - echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/trivy.list - sudo apt-get update -qq - sudo apt-get install -y trivy - - - name: Run unit tests - run: | - pip install -e ".[dev]" - pytest tests/ -v - - - name: Lint Python code with ruff - run: | - pip install ruff - ruff check . - - - name: Lint Dockerfiles with Hadolint - run: | - find . -name "Dockerfile*" -exec hadolint {} \; - - - name: Scan Dockerfiles with Trivy - run: | - find . -name "Dockerfile*" -exec trivy config {} \; - - - name: Verify CLI installs correctly - run: | - docksec --version - docksec --help - - - name: Run scan-only mode (no AI required) - run: | - mkdir -p test_dir - cat > test_dir/Dockerfile << 'EOF' - FROM alpine:latest - RUN apk add --no-cache curl - WORKDIR /app - COPY . . - CMD ["sh"] - EOF - docker pull alpine:latest - docksec test_dir/Dockerfile --scan-only -i alpine:latest - rm -rf test_dir - - - name: Run image-only scan - run: | - docksec --image-only -i alpine:latest - - - name: Upload scan results - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 - if: always() - with: - name: scan-results - path: results/ - if-no-files-found: ignore +name: Python Application CI + +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + workflow_dispatch: + +permissions: + contents: read + +jobs: + build-and-test: + runs-on: ubuntu-latest + + strategy: + matrix: + python-version: ['3.12', '3.13'] + + steps: + - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 + + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 + with: + python-version: ${{ matrix.python-version }} + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install -r requirements.txt + + - name: Build and install package + run: | + pip install build + python -m build + pip install -e . + + - name: Setup Hadolint + run: | + curl -sL -o hadolint https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 + chmod +x hadolint + sudo mv hadolint /usr/local/bin/ + + - name: Setup Trivy + run: | + sudo apt-get update -qq + sudo apt-get install -y wget apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo gpg --dearmor -o /usr/share/keyrings/trivy.gpg + echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/trivy.list + sudo apt-get update -qq + sudo apt-get install -y trivy + + - name: Run unit tests + run: | + pip install -e ".[dev]" + pytest tests/ -v + + - name: Lint Python code with ruff + run: | + pip install ruff + ruff check . + + - name: Lint Dockerfiles with Hadolint + run: | + find . -name "Dockerfile*" -exec hadolint {} \; + + - name: Scan Dockerfiles with Trivy + run: | + find . -name "Dockerfile*" -exec trivy config {} \; + + - name: Verify CLI installs correctly + run: | + docksec --version + docksec --help + + - name: Run scan-only mode (no AI required) + run: | + mkdir -p test_dir + cat > test_dir/Dockerfile << 'EOF' + FROM alpine:latest + RUN apk add --no-cache curl + WORKDIR /app + COPY . . + CMD ["sh"] + EOF + docker pull alpine:latest + docksec test_dir/Dockerfile --scan-only -i alpine:latest + rm -rf test_dir + + - name: Run image-only scan + run: | + docksec --image-only -i alpine:latest + + - name: Upload scan results + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + if: always() + with: + name: scan-results + path: results/ + if-no-files-found: ignore