Merge pull request #15 from myoung34/tests

Fix workflows

.github/workflows/deploy.yml

@@ -14,30 +14,25 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v2
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
     - name: Setup python
       uses: actions/setup-python@v1
       with:
         python-version: ${{ matrix.python-version }}
         architecture: x64
+    - name: Get short Python version
+      id: full-python-version
+      shell: bash
+      run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')")
     - name: install pre-reqs
-      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install -r requirements.txt && pip install -r requirements-dev.txt
-    - name: isort
-      run: isort -c -rc tilty -sp .
-    - name: pylint
-      run: pylint --rcfile .pylintrc -r n tilty
-    - name: set pythonpath
-      run: echo "::set-env name=PYTHONPATH::$(pwd)"
-    - name: pytest
-      run: py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: python
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit
+    - name: lint
+      run: pre-commit run --all-files
+    - name: Configure poetry
+      run: poetry config virtualenvs.in-project true
+    - name: Install dependencies
+      run: poetry install
+    - name: Run tox
+      run: poetry run tox -e ${{ steps.full-python-version.outputs.version }}
   latest_deploy:
     runs-on: ubuntu-latest
     needs: [test]

.github/workflows/release.yml

@@ -18,25 +18,40 @@ jobs:
       with:
         python-version: ${{ matrix.python-version }}
         architecture: x64
+    - name: Get short Python version
+      id: full-python-version
+      shell: bash
+      run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')")
     - name: install pre-reqs
-      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install -r requirements.txt && pip install -r requirements-dev.txt
-    - name: isort
-      run: isort -c -rc tilty -sp .
-    - name: pylint
-      run: pylint --rcfile .pylintrc -r n tilty
-    - name: set pythonpath
-      run: echo "::set-env name=PYTHONPATH::$(pwd)"
-    - name: pytest
-      run: py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit
+    - name: lint
+      run: pre-commit run --all-files
+    - name: Configure poetry
+      run: poetry config virtualenvs.in-project true
+    - name: Install dependencies
+      run: poetry install
+    - name: Run tox
+      run: poetry run tox -e ${{ steps.full-python-version.outputs.version }}
+  create-release:
+    name: Create Release
+    needs: [test]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+    - name: Create Release
+      id: create_release
+      uses: actions/create-release@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        languages: python
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+        tag_name: ${{ github.ref }}
+        release_name: Release ${{ github.ref }}
+        draft: false
+        prerelease: false
   upload_to_pypi:
     runs-on: ubuntu-latest
-    needs: [test]
+    needs: [create-release]
     steps:
     - name: Copy Repo Files
       uses: actions/checkout@v2
@@ -56,7 +71,7 @@ jobs:
         TWINE_PASSWORD : ${{ secrets.TWINE_PASSWORD }}
   ubuntu_tag_deploy:
     runs-on: ubuntu-latest
-    needs: [test]
+    needs: [create-release]
     steps:
     - name: Copy Repo Files
       uses: actions/checkout@v2

.github/workflows/sast.yml

@@ -1,4 +1,4 @@
-name: "Code scanning - action"
+name: "Security"
 
 on:
   push:
@@ -21,3 +21,36 @@ jobs:
       uses: github/codeql-action/autobuild@v1
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v1
+  clair:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Prep clair
+        run: docker-compose -f docker-compose-clair.yml up -d
+      - name: Download Clair-Scanner
+        run: curl -Ls https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 -o clair-scanner && chmod +x clair-scanner
+      - name: Build
+        run: docker build -t myoung34/tilty:latest .
+      - name: Test
+        run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest
+  bandit:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [ '3.6', '3.7', '3.8' ]
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+    - name: Setup python
+      uses: actions/setup-python@v1
+      with:
+        python-version: ${{ matrix.python-version }}
+        architecture: x64
+    - name: install pre-reqs
+      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit
+    - name: Configure poetry
+      run: poetry config virtualenvs.in-project true
+    - name: Install dependencies
+      run: poetry install
+    - name: Run bandit
+      run: poetry run bandit .

.github/workflows/tests.yml

@@ -5,7 +5,6 @@ on:
     branches-ignore:
       - 'master'
       - 'refs/tags/*'
-#on: [push]
 
 jobs:
   test:
@@ -21,35 +20,21 @@ jobs:
       with:
         python-version: ${{ matrix.python-version }}
         architecture: x64
+    - name: Get short Python version
+      id: full-python-version
+      shell: bash
+      run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')")
     - name: install pre-reqs
-      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install -r requirements.txt && pip install -r requirements-dev.txt
-    - name: isort
-      run: isort -c -rc tilty -sp .
-    - name: pylint
-      run: pylint --rcfile .pylintrc -r n tilty
-    - name: set pythonpath
-      run: echo "::set-env name=PYTHONPATH::$(pwd)"
-    - name: pytest
-      run: py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests
+      run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit
+    - name: lint
+      run: pre-commit run --all-files
+    - name: Configure poetry
+      run: poetry config virtualenvs.in-project true
+    - name: Install dependencies
+      run: poetry install
+    - name: Run tox
+      run: poetry run tox -e ${{ steps.full-python-version.outputs.version }}
     - name: coveralls
-      run: coveralls
+      run: poetry run coveralls
       env:
         COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }}
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: python
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
-  clair:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Prep clair
-        run: docker-compose -f docker-compose-clair.yml up -d
-      - name: Download Clair-Scanner
-        run: curl -Ls https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 -o clair-scanner && chmod +x clair-scanner
-      - name: Build
-        run: docker build -t myoung34/tilty:latest .
-      - name: Test
-        run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest

SECURITY.md

@@ -0,0 +1,23 @@
+## Security
+
+If you believe you have found a security vulnerability, please report it to me as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to me directly at [[email protected]](mailto:[email protected]).  
+
+If you'd like to communicate securely, my keybase is [here](https://keybase.io/3vilpenguin)
+
+Please include the requested information listed below (as much as you can provide) to help better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+## Preferred Languages
+
+I prefer all communications to be in English.