Merge pull request #165 from dynatrace-oss/issue-164

Implements #164
dynatrace-oss · Feb 22, 2024 · fea25b5 · fea25b5
2 parents 769ca07 + 79c809d
commit fea25b5
Show file tree

Hide file tree

Showing 5 changed files with 122 additions and 79 deletions.
diff --git a/.github/workflows/build-test-release.yml → .github/workflows/release.yml b/.github/workflows/build-test-release.yml → .github/workflows/release.yml
@@ -1,74 +1,21 @@
-name: Build Test Release
+name: Release
 on:
-  pull_request:
-    branches:
-      - main
-  push:
-    # this works as an OR
-    branches:
-      - main
-    tags:
-      - "v*"
   workflow_dispatch:
 
 jobs:
-  check-line-endings:
-    name: Check CRLF line endings
-    runs-on: ubuntu-latest
-    timeout-minutes: 2
-    steps:
-      - name: Checkout repository contents
-        uses: actions/checkout@v4
-
-      - name: Use action to check for CRLF endings
-        uses: erclu/check-crlf@v1
-
-  run-tests:
-    name: Run tests
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    needs: check-line-endings
-    steps:
-      - name: Checkout repository contents
-        uses: actions/checkout@v4
-
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v5
-        with:
-          python-version: '3.10'
-
-      - name: Install poetry
-        run: |
-          pip install poetry
-          poetry install
-
-      - name: Run pytest tests
-        run: |
-          poetry run pytest
-
-      # Disabled by vduseev on 2024-02-21
-      # because it's clear we are not using mypy here
-      #- name: Run mypy tests
-      #  run: |
-      #    bash -c '! poetry run mypy --strict dtcli | grep "Module has no attribute"'
-
-      - name: Run flake8 lint checker
-        run: |
-          poetry run flake8 dtcli
-
-      - name: Run test coverage report
-        run: |
-          poetry run pytest --cov . --cov-report html || true
-
   build-package:
     name: Build package
-    #
-    # Builds python package using poetry.
-    #
     runs-on: ubuntu-latest
     timeout-minutes: 5
-    needs: run-tests
     steps:
+      - id: check_ref
+        run: echo "::set-output name=match::$(echo '${{ github.ref }}' | grep -Pq '^refs/tags/v\d+\.\d+\.\d+$' && echo true || echo false)"
+        shell: bash
+
+      - name: Check if tag is valid
+        if: steps.check_ref.outputs.match != 'true'
+        run: exit 1
+
       - name: Checkout repository contents
         uses: actions/checkout@v4
 
@@ -95,17 +42,12 @@ jobs:
 
   github-release:
     name: Create GitHub release
-    #
-    # Creates GitHub release with binaries and packages.
-    #
-    # Only happens for tags.
-    #
-    if: startsWith(github.ref, 'refs/tags/')
+    if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-latest
     needs:
       - build-package
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Generate changelog
         run: |
@@ -138,11 +80,10 @@ jobs:
 
   publish-to-pypi:
     name: Publish to PyPI
-    if: startsWith(github.ref, 'refs/tags/')
+    if: startsWith(github.ref, 'refs/tags/v')
     runs-on: ubuntu-latest
     needs:
       - build-package
-      - run-tests
     steps:
       - uses: actions/checkout@v4
 

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,70 @@
+name: Test
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  check-line-endings:
+    name: Check CRLF line endings
+    runs-on: ubuntu-latest
+    timeout-minutes: 2
+    steps:
+      - name: Checkout repository contents
+        uses: actions/checkout@v4
+
+      - name: Use action to check for CRLF endings
+        uses: erclu/check-crlf@v1
+
+  run-tests:
+    name: Run tests
+    strategy:
+      fail-fast: true
+      matrix:
+        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
+        os: [ubuntu-latest, windows-latest, macos-latest]
+
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 5
+    needs: check-line-endings
+    steps:
+      - name: Checkout repository contents
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.10
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install poetry
+        run: |
+          pip install poetry
+          poetry install
+
+      - name: Run pytest tests
+        run: |
+          poetry run pytest
+
+      # Disabled by vduseev on 2024-02-21
+      # because it's clear we are not using mypy here
+      #- name: Run mypy tests
+      #  run: |
+      #    bash -c '! poetry run mypy --strict dtcli | grep "Module has no attribute"'
+
+      - name: Run flake8 lint checker
+        run: |
+          poetry run flake8 dtcli
+
+      - name: Run test coverage report
+        run: |
+          poetry run pytest --cov . --cov-report html || true
+
+      - name: Check that the package can be built
+        run: |
+          poetry build
+
+      - name: Check that we can generate a CA certificate
+        run: |
+          poetry run dt ext genca --ca-cert ./ca.pem --ca-key ./ca.key --ca-subject "/CN=Default/O=Company/OU=Extension" --no-ca-passphrase --force
diff --git a/dtcli/click_helpers.py b/dtcli/click_helpers.py
@@ -55,8 +55,11 @@ def deprecated(alternative: Optional[str], alternative_help: Optional[str] = Non
     it the hacky way.
     """
     if alternative:
-        alt_text = f"\nPlease consider using {click.style(alternative,fg='bright_cyan')} instead." \
-                   f"{' ' + alternative_help.capitalize() + '.' if alternative_help else ''}\n"
+        alt_text = (
+            f"\nPlease consider using {click.style(alternative, fg='bright_cyan')} "
+            f"instead. "
+            f"{' ' + alternative_help.capitalize() + '.' if alternative_help else ''}\n"
+        )
     else:
         alt_text = ""
     warning = f"{click.style('This function is deprecated', fg='red')}.{alt_text}"

diff --git a/dtcli/scripts/dt.py b/dtcli/scripts/dt.py
@@ -518,8 +518,11 @@ def gencerts(**kwargs):
 
 @_deprecate_above
 @extension.command(
-    help=f"Build and sign extension package from the given extension directory (default: {const.DEFAULT_EXTENSION_DIR})"
-         f" that contains extension.yaml and additional asset directories"
+    help=(
+        f"Build and sign extension package from the given extension directory "
+        f"(default: {const.DEFAULT_EXTENSION_DIR}) "
+        f"that contains extension.yaml and additional asset directories"
+    )
 )
 @_deprecate_below
 @click.option(
@@ -686,10 +689,16 @@ def is_key_permissions_ok():
             return permissions == const.REQUIRED_PRIVATE_KEY_PERMISSIONS
 
     if not is_key_permissions_ok() and not force:
-        raise click.BadParameter(f"key {certkey} has too lax permissions - we recommend "
-                                 f"{oct(const.REQUIRED_PRIVATE_KEY_PERMISSIONS)}, please fix the permissions via "
-                                 f"`chmod {oct(const.REQUIRED_PRIVATE_KEY_PERMISSIONS)[-3:]} {certkey}` "
-                                 f"and try again or try again with --force to proceed irregardless", param_hint="--key")
+        raise click.BadParameter(
+            (
+                f"key {certkey} has permissions that are too relaxes - we recommend "
+                f"{oct(const.REQUIRED_PRIVATE_KEY_PERMISSIONS)}, please fix the "
+                f"permissions via "
+                f"chmod {oct(const.REQUIRED_PRIVATE_KEY_PERMISSIONS)[-3:]} {certkey} "
+                f"and try again or try again with --force to proceed irregardless"
+            ),
+            param_hint="--key",
+        )
 
     if destination.exists():
         if force:

diff --git a/tests/test_signing.py b/tests/test_signing.py
@@ -42,6 +42,10 @@ def test_generate_ca():
         not_valid_after,
         passphrase,
     )
+
+    os.chmod(cert_path, 0o644)
+    os.chmod(key_path, 0o644)
+
     assert os.path.exists(cert_path)
     assert os.path.exists(key_path)
 
@@ -79,6 +83,10 @@ def test_generate_ca_empty_attributes():
     key_path = "test_ca_key.key"
 
     signing.generate_ca(cert_path, key_path, {}, datetime.datetime.today() + datetime.timedelta(days=1))
+
+    os.chmod(cert_path, 0o644)
+    os.chmod(key_path, 0o644)
+
     assert os.path.exists(cert_path)
     assert os.path.exists(key_path)
 
@@ -128,6 +136,10 @@ def test_generate_cert():
         datetime.datetime.today() + datetime.timedelta(days=1),
         ca_passphrase,
     )
+
+    os.chmod(ca_cert_path, 0o644)
+    os.chmod(ca_key_path, 0o644)
+
     assert os.path.exists(ca_cert_path)
     assert os.path.exists(ca_key_path)
 
@@ -153,6 +165,10 @@ def test_generate_cert():
         ca_passphrase,
         dev_passphrase,
     )
+
+    os.chmod(dev_cert_path, 0o644)
+    os.chmod(dev_key_path, 0o644)
+
     assert os.path.exists(dev_cert_path)
     assert os.path.exists(dev_key_path)
 
@@ -204,6 +220,10 @@ def test_generate_cert_issuer_eq_subject():
         },
         datetime.datetime.today() + datetime.timedelta(days=1),
     )
+
+    os.chmod(ca_cert_path, 0o644)
+    os.chmod(ca_key_path, 0o644)
+
     assert os.path.exists(ca_cert_path)
     assert os.path.exists(ca_key_path)