From 1892d61f1d9866da3893b8336ac883009c79e33a Mon Sep 17 00:00:00 2001 From: Marcus Young Date: Fri, 10 Jul 2020 07:11:48 -0500 Subject: [PATCH 1/2] Fix workflows --- .github/workflows/deploy.yml | 16 +---- .github/workflows/release.yml | 30 +++++---- .github/workflows/tests.yml | 45 ++++++++----- poetry.lock | 119 ++++++++++++++++++++++++++++++++-- pyproject.toml | 23 +------ tilty/utils.py | 1 + tox.ini | 16 +++++ 7 files changed, 182 insertions(+), 68 deletions(-) create mode 100644 tox.ini diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 9656580..fa0416c 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -23,21 +23,11 @@ jobs: python-version: ${{ matrix.python-version }} architecture: x64 - name: install pre-reqs - run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install -r requirements.txt && pip install -r requirements-dev.txt - - name: isort - run: isort -c -rc tilty -sp . - - name: pylint - run: pylint --rcfile .pylintrc -r n tilty + run: sudo apt-get update && sudo apt-get install libbluetooth-dev python3-venv && pip install poetry tox-gh-actions && pip install -r requirements.txt && pip install -r requirements-dev.txt - name: set pythonpath run: echo "::set-env name=PYTHONPATH::$(pwd)" - - name: pytest - run: py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: python - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + - name: tests + run: poetry run tox latest_deploy: runs-on: ubuntu-latest needs: [test] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index be857c5..790ac9a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,21 +19,27 @@ jobs: python-version: ${{ matrix.python-version }} architecture: x64 - name: install pre-reqs - run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install -r requirements.txt && pip install -r requirements-dev.txt - - name: isort - run: isort -c -rc tilty -sp . - - name: pylint - run: pylint --rcfile .pylintrc -r n tilty + run: sudo apt-get update && sudo apt-get install libbluetooth-dev python3-venv && pip install poetry tox-gh-actions && pip install -r requirements.txt && pip install -r requirements-dev.txt - name: set pythonpath run: echo "::set-env name=PYTHONPATH::$(pwd)" - - name: pytest - run: py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + - name: tests + run: poetry run tox + create-release: + name: Create Release + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Create Release + id: create_release + uses: actions/create-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - languages: python - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + tag_name: ${{ github.ref }} + release_name: Release ${{ github.ref }} + draft: false + prerelease: false upload_to_pypi: runs-on: ubuntu-latest needs: [test] diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 2d475c1..a7f6ce3 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -5,9 +5,24 @@ on: branches-ignore: - 'master' - 'refs/tags/*' -#on: [push] jobs: + lint: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: [ '3.6', '3.7', '3.8' ] + steps: + - uses: actions/checkout@v2 + - name: Setup python + uses: actions/setup-python@v1 + with: + python-version: ${{ matrix.python-version }} + architecture: x64 + - name: lint + run: | + pip install pre-commit + pre-commit run --all-files test: runs-on: ubuntu-latest strategy: @@ -21,26 +36,22 @@ jobs: with: python-version: ${{ matrix.python-version }} architecture: x64 + - name: Get short Python version + id: full-python-version + shell: bash + run: echo ::set-output name=version::$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info))"| sed 's/\([0-9]\)-\([0-9]\).*/py\1\2/g') - name: install pre-reqs - run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install -r requirements.txt && pip install -r requirements-dev.txt - - name: isort - run: isort -c -rc tilty -sp . - - name: pylint - run: pylint --rcfile .pylintrc -r n tilty - - name: set pythonpath - run: echo "::set-env name=PYTHONPATH::$(pwd)" - - name: pytest - run: py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests + run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry + - name: Configure poetry + run: poetry config virtualenvs.in-project true + - name: Install dependencies + run: poetry install + - name: Run tox + run: poetry run tox -e ${{ steps.full-python-version.outputs.version }} - name: coveralls - run: coveralls + run: poetry run coveralls env: COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: python - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 clair: runs-on: ubuntu-latest steps: diff --git a/poetry.lock b/poetry.lock index f270b53..2258801 100644 --- a/poetry.lock +++ b/poetry.lock @@ -46,6 +46,21 @@ dev = ["coverage", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.int docs = ["sphinx", "zope.interface"] tests = ["coverage", "hypothesis", "pympler", "pytest (>=4.3.0)", "six", "zope.interface"] +[[package]] +category = "dev" +description = "Security oriented static analyser for python code." +name = "bandit" +optional = false +python-versions = "*" +version = "1.6.2" + +[package.dependencies] +GitPython = ">=1.0.1" +PyYAML = ">=3.13" +colorama = ">=0.3.9" +six = ">=1.10.0" +stevedore = ">=1.20.0" + [[package]] category = "main" description = "Python package for providing Mozilla's CA Bundle." @@ -167,6 +182,28 @@ pyflakes = ">=2.2.0,<2.3.0" python = "<3.8" version = "*" +[[package]] +category = "dev" +description = "Git Object Database" +name = "gitdb" +optional = false +python-versions = ">=3.4" +version = "4.0.5" + +[package.dependencies] +smmap = ">=3.0.1,<4" + +[[package]] +category = "dev" +description = "Python Git Library" +name = "gitpython" +optional = false +python-versions = ">=3.4" +version = "3.1.3" + +[package.dependencies] +gitdb = ">=4.0.1,<5" + [[package]] category = "main" description = "Internationalized Domain Names in Applications (IDNA)" @@ -306,6 +343,14 @@ version = "20.4" pyparsing = ">=2.0.2" six = "*" +[[package]] +category = "dev" +description = "Python Build Reasonableness" +name = "pbr" +optional = false +python-versions = "*" +version = "5.4.5" + [[package]] category = "dev" description = "plugin and hook calling mechanisms for python" @@ -440,6 +485,14 @@ optional = false python-versions = "*" version = "2020.1" +[[package]] +category = "dev" +description = "YAML parser and emitter for Python" +name = "pyyaml" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" +version = "5.3.1" + [[package]] category = "main" description = "Python HTTP for Humans." @@ -466,6 +519,25 @@ optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*" version = "1.15.0" +[[package]] +category = "dev" +description = "A pure Python implementation of a sliding window memory map manager" +name = "smmap" +optional = false +python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*" +version = "3.0.4" + +[[package]] +category = "dev" +description = "Manage dynamic plugins for Python applications" +name = "stevedore" +optional = false +python-versions = ">=3.6" +version = "2.0.1" + +[package.dependencies] +pbr = ">=2.0.0,<2.1.0 || >2.1.0" + [[package]] category = "dev" description = "Python Library for Tom's Obvious, Minimal Language" @@ -528,11 +600,11 @@ description = "Virtual Python Environment builder" name = "virtualenv" optional = false python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,>=2.7" -version = "20.0.25" +version = "20.0.26" [package.dependencies] appdirs = ">=1.4.3,<2" -distlib = ">=0.3.0,<1" +distlib = ">=0.3.1,<1" filelock = ">=3.0.0,<4" six = ">=1.9.0,<2" @@ -578,7 +650,7 @@ docs = ["sphinx", "jaraco.packaging (>=3.2)", "rst.linker (>=1.9)"] testing = ["jaraco.itertools", "func-timeout"] [metadata] -content-hash = "e084eb1f3eb871f0d6408f9e0b3a3894022668413461dd6038f2c08467ea4003" +content-hash = "2334b20bc520493f5dc854af1da2668a7187567709e7c08d258f29e35d4e3822" python-versions = ">=3.6,<3.8" [metadata.files] @@ -598,6 +670,10 @@ attrs = [ {file = "attrs-19.3.0-py2.py3-none-any.whl", hash = "sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c"}, {file = "attrs-19.3.0.tar.gz", hash = "sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72"}, ] +bandit = [ + {file = "bandit-1.6.2-py2.py3-none-any.whl", hash = "sha256:336620e220cf2d3115877685e264477ff9d9abaeb0afe3dc7264f55fa17a3952"}, + {file = "bandit-1.6.2.tar.gz", hash = "sha256:41e75315853507aa145d62a78a2a6c5e3240fe14ee7c601459d0df9418196065"}, +] certifi = [ {file = "certifi-2020.6.20-py2.py3-none-any.whl", hash = "sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41"}, {file = "certifi-2020.6.20.tar.gz", hash = "sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3"}, @@ -677,6 +753,14 @@ flake8 = [ {file = "flake8-3.8.3-py2.py3-none-any.whl", hash = "sha256:15e351d19611c887e482fb960eae4d44845013cc142d42896e9862f775d8cf5c"}, {file = "flake8-3.8.3.tar.gz", hash = "sha256:f04b9fcbac03b0a3e58c0ab3a0ecc462e023a9faf046d57794184028123aa208"}, ] +gitdb = [ + {file = "gitdb-4.0.5-py3-none-any.whl", hash = "sha256:91f36bfb1ab7949b3b40e23736db18231bf7593edada2ba5c3a174a7b23657ac"}, + {file = "gitdb-4.0.5.tar.gz", hash = "sha256:c9e1f2d0db7ddb9a704c2a0217be31214e91a4fe1dea1efad19ae42ba0c285c9"}, +] +gitpython = [ + {file = "GitPython-3.1.3-py3-none-any.whl", hash = "sha256:ef1d60b01b5ce0040ad3ec20bc64f783362d41fa0822a2742d3586e1f49bb8ac"}, + {file = "GitPython-3.1.3.tar.gz", hash = "sha256:e107af4d873daed64648b4f4beb89f89f0cfbe3ef558fc7821ed2331c2f8da1a"}, +] idna = [ {file = "idna-2.10-py2.py3-none-any.whl", hash = "sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0"}, {file = "idna-2.10.tar.gz", hash = "sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6"}, @@ -790,6 +874,10 @@ packaging = [ {file = "packaging-20.4-py2.py3-none-any.whl", hash = "sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181"}, {file = "packaging-20.4.tar.gz", hash = "sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8"}, ] +pbr = [ + {file = "pbr-5.4.5-py2.py3-none-any.whl", hash = "sha256:579170e23f8e0c2f24b0de612f71f648eccb79fb1322c814ae6b3c07b5ba23e8"}, + {file = "pbr-5.4.5.tar.gz", hash = "sha256:07f558fece33b05caf857474a366dfcc00562bca13dd8b47b2b3e22d9f9bf55c"}, +] pluggy = [ {file = "pluggy-0.13.1-py2.py3-none-any.whl", hash = "sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d"}, {file = "pluggy-0.13.1.tar.gz", hash = "sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0"}, @@ -838,6 +926,19 @@ pytz = [ {file = "pytz-2020.1-py2.py3-none-any.whl", hash = "sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed"}, {file = "pytz-2020.1.tar.gz", hash = "sha256:c35965d010ce31b23eeb663ed3cc8c906275d6be1a34393a1d73a41febf4a048"}, ] +pyyaml = [ + {file = "PyYAML-5.3.1-cp27-cp27m-win32.whl", hash = "sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f"}, + {file = "PyYAML-5.3.1-cp27-cp27m-win_amd64.whl", hash = "sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76"}, + {file = "PyYAML-5.3.1-cp35-cp35m-win32.whl", hash = "sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2"}, + {file = "PyYAML-5.3.1-cp35-cp35m-win_amd64.whl", hash = "sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c"}, + {file = "PyYAML-5.3.1-cp36-cp36m-win32.whl", hash = "sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2"}, + {file = "PyYAML-5.3.1-cp36-cp36m-win_amd64.whl", hash = "sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648"}, + {file = "PyYAML-5.3.1-cp37-cp37m-win32.whl", hash = "sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a"}, + {file = "PyYAML-5.3.1-cp37-cp37m-win_amd64.whl", hash = "sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf"}, + {file = "PyYAML-5.3.1-cp38-cp38-win32.whl", hash = "sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97"}, + {file = "PyYAML-5.3.1-cp38-cp38-win_amd64.whl", hash = "sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee"}, + {file = "PyYAML-5.3.1.tar.gz", hash = "sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d"}, +] requests = [ {file = "requests-2.24.0-py2.py3-none-any.whl", hash = "sha256:fe75cc94a9443b9246fc7049224f75604b113c36acb93f87b80ed42c44cbb898"}, {file = "requests-2.24.0.tar.gz", hash = "sha256:b3559a131db72c33ee969480840fff4bb6dd111de7dd27c8ee1f820f4f00231b"}, @@ -846,6 +947,14 @@ six = [ {file = "six-1.15.0-py2.py3-none-any.whl", hash = "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"}, {file = "six-1.15.0.tar.gz", hash = "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259"}, ] +smmap = [ + {file = "smmap-3.0.4-py2.py3-none-any.whl", hash = "sha256:54c44c197c819d5ef1991799a7e30b662d1e520f2ac75c9efbeb54a742214cf4"}, + {file = "smmap-3.0.4.tar.gz", hash = "sha256:9c98bbd1f9786d22f14b3d4126894d56befb835ec90cef151af566c7e19b5d24"}, +] +stevedore = [ + {file = "stevedore-2.0.1-py3-none-any.whl", hash = "sha256:c4724f8d7b8f6be42130663855d01a9c2414d6046055b5a65ab58a0e38637688"}, + {file = "stevedore-2.0.1.tar.gz", hash = "sha256:609912b87df5ad338ff8e44d13eaad4f4170a65b79ae9cb0aa5632598994a1b7"}, +] toml = [ {file = "toml-0.10.1-py2.py3-none-any.whl", hash = "sha256:bda89d5935c2eac546d648028b9901107a595863cb36bae0c73ac804a9b4ce88"}, {file = "toml-0.10.1.tar.gz", hash = "sha256:926b612be1e5ce0634a2ca03470f95169cf16f939018233a670519cb4ac58b0f"}, @@ -882,8 +991,8 @@ urllib3 = [ {file = "urllib3-1.25.9.tar.gz", hash = "sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527"}, ] virtualenv = [ - {file = "virtualenv-20.0.25-py2.py3-none-any.whl", hash = "sha256:ffffcb3c78a671bb3d590ac3bc67c081ea2188befeeb058870cba13e7f82911b"}, - {file = "virtualenv-20.0.25.tar.gz", hash = "sha256:f332ba0b2dfbac9f6b1da9f11224f0036b05cdb4df23b228527c2a2d5504aeed"}, + {file = "virtualenv-20.0.26-py2.py3-none-any.whl", hash = "sha256:c11a475400e98450403c0364eb3a2d25d42f71cf1493da64390487b666de4324"}, + {file = "virtualenv-20.0.26.tar.gz", hash = "sha256:e10cc66f40cbda459720dfe1d334c4dc15add0d80f09108224f171006a97a172"}, ] wcwidth = [ {file = "wcwidth-0.2.5-py2.py3-none-any.whl", hash = "sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784"}, diff --git a/pyproject.toml b/pyproject.toml index 0565a67..40c8dca 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ authors = ["Marcus Young <3vilpenguin@gmail.com>"] license = "MIT" [tool.poetry.dependencies] -python = ">=3.6,<3.8" +python = ">=3.6" click = "^7.0" pybluez = "^0.22.0" requests = "^2.22" @@ -23,23 +23,4 @@ pytest-cov = "^2.8" coverage = "^5.0" isort = "^4.3" tox = "^3.14" - -[tool.tox] -legacy_tox_ini = """ - -[tox] -isolated_build = True -envlist = py37 -skipsdist = True -toxworkdir=.tox -usedevelop=True - -[testenv] -commands = - isort -c -rc tilty -sp {toxinidir} - pylint --rcfile {toxinidir}/.pylintrc -r n tilty - py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests {posargs} -whitelist_externals = make - bash - pylint -""" +bandit = "^1.6.2" diff --git a/tilty/utils.py b/tilty/utils.py index 8cec012..0823402 100644 --- a/tilty/utils.py +++ b/tilty/utils.py @@ -1,6 +1,7 @@ # -*- coding: utf-8 -*- """ Misc methods """ + def f_to_c(f=0): """ Convert fahrenheight to celcius """ return round((f - 32.0) / 1.8, 2) diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..266fe17 --- /dev/null +++ b/tox.ini @@ -0,0 +1,16 @@ +[tox] +isolated_build = True +skipsdist = True +toxworkdir=.tox +usedevelop=True +envlist = py36,py37,py38 + +[testenv] +commands = + isort -c -rc tilty -sp {toxinidir} + pylint --rcfile {toxinidir}/.pylintrc -r n tilty + py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests {posargs} + bandit . +whitelist_externals = make + bash + pylint From 69fbebbd1c58e803cfe86bc8d1c2d6a82df0b8b8 Mon Sep 17 00:00:00 2001 From: Marcus Young Date: Fri, 10 Jul 2020 08:37:34 -0500 Subject: [PATCH 2/2] Refactor all tests --- .github/workflows/deploy.yml | 21 ++++++++++++-------- .github/workflows/release.yml | 23 +++++++++++++++------- .github/workflows/sast.yml | 35 ++++++++++++++++++++++++++++++++- .github/workflows/tests.yml | 34 ++++---------------------------- SECURITY.md | 23 ++++++++++++++++++++++ requirements-dev.txt | 37 ++++++++++++++++++++++++++++++++--- requirements.txt | 1 + tox.ini | 1 - 8 files changed, 125 insertions(+), 50 deletions(-) create mode 100644 SECURITY.md diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index fa0416c..a1139c3 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -14,20 +14,25 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v2 - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - - name: Setup python uses: actions/setup-python@v1 with: python-version: ${{ matrix.python-version }} architecture: x64 + - name: Get short Python version + id: full-python-version + shell: bash + run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')") - name: install pre-reqs - run: sudo apt-get update && sudo apt-get install libbluetooth-dev python3-venv && pip install poetry tox-gh-actions && pip install -r requirements.txt && pip install -r requirements-dev.txt - - name: set pythonpath - run: echo "::set-env name=PYTHONPATH::$(pwd)" - - name: tests - run: poetry run tox + run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit + - name: lint + run: pre-commit run --all-files + - name: Configure poetry + run: poetry config virtualenvs.in-project true + - name: Install dependencies + run: poetry install + - name: Run tox + run: poetry run tox -e ${{ steps.full-python-version.outputs.version }} latest_deploy: runs-on: ubuntu-latest needs: [test] diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 790ac9a..624c2a2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,14 +18,23 @@ jobs: with: python-version: ${{ matrix.python-version }} architecture: x64 + - name: Get short Python version + id: full-python-version + shell: bash + run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')") - name: install pre-reqs - run: sudo apt-get update && sudo apt-get install libbluetooth-dev python3-venv && pip install poetry tox-gh-actions && pip install -r requirements.txt && pip install -r requirements-dev.txt - - name: set pythonpath - run: echo "::set-env name=PYTHONPATH::$(pwd)" - - name: tests - run: poetry run tox + run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit + - name: lint + run: pre-commit run --all-files + - name: Configure poetry + run: poetry config virtualenvs.in-project true + - name: Install dependencies + run: poetry install + - name: Run tox + run: poetry run tox -e ${{ steps.full-python-version.outputs.version }} create-release: name: Create Release + needs: [test] runs-on: ubuntu-latest steps: - name: Checkout code @@ -42,7 +51,7 @@ jobs: prerelease: false upload_to_pypi: runs-on: ubuntu-latest - needs: [test] + needs: [create-release] steps: - name: Copy Repo Files uses: actions/checkout@v2 @@ -62,7 +71,7 @@ jobs: TWINE_PASSWORD : ${{ secrets.TWINE_PASSWORD }} ubuntu_tag_deploy: runs-on: ubuntu-latest - needs: [test] + needs: [create-release] steps: - name: Copy Repo Files uses: actions/checkout@v2 diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml index fb1fba7..f7ef52c 100644 --- a/.github/workflows/sast.yml +++ b/.github/workflows/sast.yml @@ -1,4 +1,4 @@ -name: "Code scanning - action" +name: "Security" on: push: @@ -21,3 +21,36 @@ jobs: uses: github/codeql-action/autobuild@v1 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 + clair: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Prep clair + run: docker-compose -f docker-compose-clair.yml up -d + - name: Download Clair-Scanner + run: curl -Ls https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 -o clair-scanner && chmod +x clair-scanner + - name: Build + run: docker build -t myoung34/tilty:latest . + - name: Test + run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest + bandit: + runs-on: ubuntu-latest + strategy: + matrix: + python-version: [ '3.6', '3.7', '3.8' ] + steps: + - name: Checkout repository + uses: actions/checkout@v2 + - name: Setup python + uses: actions/setup-python@v1 + with: + python-version: ${{ matrix.python-version }} + architecture: x64 + - name: install pre-reqs + run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit + - name: Configure poetry + run: poetry config virtualenvs.in-project true + - name: Install dependencies + run: poetry install + - name: Run bandit + run: poetry run bandit . diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a7f6ce3..5e432bb 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -7,22 +7,6 @@ on: - 'refs/tags/*' jobs: - lint: - runs-on: ubuntu-latest - strategy: - matrix: - python-version: [ '3.6', '3.7', '3.8' ] - steps: - - uses: actions/checkout@v2 - - name: Setup python - uses: actions/setup-python@v1 - with: - python-version: ${{ matrix.python-version }} - architecture: x64 - - name: lint - run: | - pip install pre-commit - pre-commit run --all-files test: runs-on: ubuntu-latest strategy: @@ -39,9 +23,11 @@ jobs: - name: Get short Python version id: full-python-version shell: bash - run: echo ::set-output name=version::$(python -c "import sys; print('-'.join(str(v) for v in sys.version_info))"| sed 's/\([0-9]\)-\([0-9]\).*/py\1\2/g') + run: echo ::set-output name=version::$(python -c "import sys; print(f'py{sys.version_info.major}{sys.version_info.minor}')") - name: install pre-reqs - run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry + run: sudo apt-get update && sudo apt-get install libbluetooth-dev && pip install poetry pre-commit + - name: lint + run: pre-commit run --all-files - name: Configure poetry run: poetry config virtualenvs.in-project true - name: Install dependencies @@ -52,15 +38,3 @@ jobs: run: poetry run coveralls env: COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} - clair: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Prep clair - run: docker-compose -f docker-compose-clair.yml up -d - - name: Download Clair-Scanner - run: curl -Ls https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 -o clair-scanner && chmod +x clair-scanner - - name: Build - run: docker build -t myoung34/tilty:latest . - - name: Test - run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..39f791e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,23 @@ +## Security + +If you believe you have found a security vulnerability, please report it to me as described below. + +## Reporting Security Issues + +**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to me directly at [myoung34@my.apsu.edu](mailto:myoung34@my.apsu.edu). + +If you'd like to communicate securely, my keybase is [here](https://keybase.io/3vilpenguin) + +Please include the requested information listed below (as much as you can provide) to help better understand the nature and scope of the possible issue: + + * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) + * Full paths of source file(s) related to the manifestation of the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + +## Preferred Languages + +I prefer all communications to be in English. diff --git a/requirements-dev.txt b/requirements-dev.txt index e5a4c6d..a7d8163 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,3 +1,4 @@ +Warning: The lock file is not up to date with the latest changes in pyproject.toml. You may be getting outdated dependencies. Run update to update them. appdirs==1.4.4 \ --hash=sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128 \ --hash=sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41 @@ -10,6 +11,9 @@ atomicwrites==1.4.0; sys_platform == "win32" \ attrs==19.3.0 \ --hash=sha256:08a96c641c3a74e44eb59afb61a24f2cb9f4d7188748e76ba4bb5edfa3cb7d1c \ --hash=sha256:f7b7ce16570fe9965acd6d30101a28f62fb4a7f9e926b3bbc9b61f8b04247e72 +bandit==1.6.2 \ + --hash=sha256:336620e220cf2d3115877685e264477ff9d9abaeb0afe3dc7264f55fa17a3952 \ + --hash=sha256:41e75315853507aa145d62a78a2a6c5e3240fe14ee7c601459d0df9418196065 certifi==2020.6.20 \ --hash=sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41 \ --hash=sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3 @@ -77,6 +81,12 @@ filelock==3.0.12 \ flake8==3.8.3 \ --hash=sha256:15e351d19611c887e482fb960eae4d44845013cc142d42896e9862f775d8cf5c \ --hash=sha256:f04b9fcbac03b0a3e58c0ab3a0ecc462e023a9faf046d57794184028123aa208 +gitdb==4.0.5 \ + --hash=sha256:91f36bfb1ab7949b3b40e23736db18231bf7593edada2ba5c3a174a7b23657ac \ + --hash=sha256:c9e1f2d0db7ddb9a704c2a0217be31214e91a4fe1dea1efad19ae42ba0c285c9 +gitpython==3.1.3 \ + --hash=sha256:ef1d60b01b5ce0040ad3ec20bc64f783362d41fa0822a2742d3586e1f49bb8ac \ + --hash=sha256:e107af4d873daed64648b4f4beb89f89f0cfbe3ef558fc7821ed2331c2f8da1a idna==2.10 \ --hash=sha256:b97d804b1e9b523befed77c48dacec60e6dcb0b5391d57af6a65a312a90648c0 \ --hash=sha256:b307872f855b18632ce0c21c5e45be78c0ea7ae4c15c828c20788b26921eb3f6 @@ -178,6 +188,9 @@ msgpack==0.6.1 \ packaging==20.4 \ --hash=sha256:998416ba6962ae7fbd6596850b80e17859a5753ba17c32284f67bfff33784181 \ --hash=sha256:4357f74f47b9c12db93624a82154e9b120fa8293699949152b22065d556079f8 +pbr==5.4.5 \ + --hash=sha256:579170e23f8e0c2f24b0de612f71f648eccb79fb1322c814ae6b3c07b5ba23e8 \ + --hash=sha256:07f558fece33b05caf857474a366dfcc00562bca13dd8b47b2b3e22d9f9bf55c pluggy==0.13.1 \ --hash=sha256:966c145cd83c96502c3c3868f50408687b38434af77734af1e9ca461a4081d2d \ --hash=sha256:15b2acde666561e1298d71b523007ed7364de07029219b604cf808bfa1c765b0 @@ -215,12 +228,30 @@ python-dateutil==2.8.1 \ pytz==2020.1 \ --hash=sha256:a494d53b6d39c3c6e44c3bec237336e14305e4f29bbf800b599253057fbb79ed \ --hash=sha256:c35965d010ce31b23eeb663ed3cc8c906275d6be1a34393a1d73a41febf4a048 +pyyaml==5.3.1 \ + --hash=sha256:74809a57b329d6cc0fdccee6318f44b9b8649961fa73144a98735b0aaf029f1f \ + --hash=sha256:240097ff019d7c70a4922b6869d8a86407758333f02203e0fc6ff79c5dcede76 \ + --hash=sha256:4f4b913ca1a7319b33cfb1369e91e50354d6f07a135f3b901aca02aa95940bd2 \ + --hash=sha256:cc8955cfbfc7a115fa81d85284ee61147059a753344bc51098f3ccd69b0d7e0c \ + --hash=sha256:7739fc0fa8205b3ee8808aea45e968bc90082c10aef6ea95e855e10abf4a37b2 \ + --hash=sha256:69f00dca373f240f842b2931fb2c7e14ddbacd1397d57157a9b005a6a9942648 \ + --hash=sha256:d13155f591e6fcc1ec3b30685d50bf0711574e2c0dfffd7644babf8b5102ca1a \ + --hash=sha256:73f099454b799e05e5ab51423c7bcf361c58d3206fa7b0d555426b1f4d9a3eaf \ + --hash=sha256:06a0d7ba600ce0b2d2fe2e78453a470b5a6e000a985dd4a4e54e436cc36b0e97 \ + --hash=sha256:95f71d2af0ff4227885f7a6605c37fd53d3a106fcab511b8860ecca9fcf400ee \ + --hash=sha256:b8eac752c5e14d3eca0e6dd9199cd627518cb5ec06add0de9d32baeee6fe645d requests==2.24.0 \ --hash=sha256:fe75cc94a9443b9246fc7049224f75604b113c36acb93f87b80ed42c44cbb898 \ --hash=sha256:b3559a131db72c33ee969480840fff4bb6dd111de7dd27c8ee1f820f4f00231b six==1.15.0 \ --hash=sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced \ --hash=sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259 +smmap==3.0.4 \ + --hash=sha256:54c44c197c819d5ef1991799a7e30b662d1e520f2ac75c9efbeb54a742214cf4 \ + --hash=sha256:9c98bbd1f9786d22f14b3d4126894d56befb835ec90cef151af566c7e19b5d24 +stevedore==2.0.1 \ + --hash=sha256:c4724f8d7b8f6be42130663855d01a9c2414d6046055b5a65ab58a0e38637688 \ + --hash=sha256:609912b87df5ad338ff8e44d13eaad4f4170a65b79ae9cb0aa5632598994a1b7 toml==0.10.1 \ --hash=sha256:bda89d5935c2eac546d648028b9901107a595863cb36bae0c73ac804a9b4ce88 \ --hash=sha256:926b612be1e5ce0634a2ca03470f95169cf16f939018233a670519cb4ac58b0f @@ -252,9 +283,9 @@ typed-ast==1.4.1; implementation_name == "cpython" and python_version < "3.8" \ urllib3==1.25.9 \ --hash=sha256:88206b0eb87e6d677d424843ac5209e3fb9d0190d0ee169599165ec25e9d9115 \ --hash=sha256:3018294ebefce6572a474f0604c2021e33b3fd8006ecd11d62107a5d2a963527 -virtualenv==20.0.25 \ - --hash=sha256:ffffcb3c78a671bb3d590ac3bc67c081ea2188befeeb058870cba13e7f82911b \ - --hash=sha256:f332ba0b2dfbac9f6b1da9f11224f0036b05cdb4df23b228527c2a2d5504aeed +virtualenv==20.0.26 \ + --hash=sha256:c11a475400e98450403c0364eb3a2d25d42f71cf1493da64390487b666de4324 \ + --hash=sha256:e10cc66f40cbda459720dfe1d334c4dc15add0d80f09108224f171006a97a172 wcwidth==0.2.5 \ --hash=sha256:beb4802a9cebb9144e99086eff703a642a13d6a0052920003a230f3294bbe784 \ --hash=sha256:c4d647b99872929fdb7bdcaa4fbe7f01413ed3d98077df798530e5b04f116c83 diff --git a/requirements.txt b/requirements.txt index 575f4df..9f76c6e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ +Warning: The lock file is not up to date with the latest changes in pyproject.toml. You may be getting outdated dependencies. Run update to update them. certifi==2020.6.20 \ --hash=sha256:8fc0819f1f30ba15bdb34cceffb9ef04d99f420f68eb75d901e9560b8749fc41 \ --hash=sha256:5930595817496dd21bb8dc35dad090f1c2cd0adfaf21204bf6732ca5d8ee34d3 diff --git a/tox.ini b/tox.ini index 266fe17..3f3a3b8 100644 --- a/tox.ini +++ b/tox.ini @@ -10,7 +10,6 @@ commands = isort -c -rc tilty -sp {toxinidir} pylint --rcfile {toxinidir}/.pylintrc -r n tilty py.test --cov-config .coveragerc --cov tilty --cov-report term-missing --cov-report xml --junitxml junit.xml tests {posargs} - bandit . whitelist_externals = make bash pylint