diff --git a/.ansible-lint b/.ansible-lint index 0e80b05..4ffc0ef 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,10 +1,9 @@ --- -# See https://ansible-lint.readthedocs.io/en/latest/configuring.html -# for a list of the configuration elements that can exist in this -# file. +# See https://ansible-lint.readthedocs.io/configuring/ for a list of +# the configuration elements that can exist in this file. enable_list: # Useful checks that one must opt-into. See here for more details: - # https://ansible-lint.readthedocs.io/en/latest/rules.html + # https://ansible-lint.readthedocs.io/rules/ - fcqn-builtins - no-log-password - no-same-owner diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 371258c..8f5c8c5 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -3,8 +3,8 @@ # These owners will be the default owners for everything in the # repo. Unless a later match takes precedence, these owners will be # requested for review when someone opens a pull request. -* @dav3r @felddy @jsf9k @mcdonnnj +* @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj # These folks own any files in the .github directory at the root of # the repository and any of its subdirectories. -/.github/ @dav3r @felddy @jsf9k @mcdonnnj +/.github/ @dav3r @felddy @jasonodoom @jsf9k @mcdonnnj diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1515463..4abc07a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -47,13 +47,16 @@ jobs: - id: setup-python uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.11" # We need the Go version and Go cache location for the actions/cache step, # so the Go installation must happen before that. - id: setup-go - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: - go-version: "1.19" + # There is no expectation for actual Go code so we disable caching as + # it relies on the existence of a go.sum file. + cache: false + go-version: "1.20" - name: Lookup Go cache directory id: go-cache run: | @@ -113,7 +116,7 @@ jobs: run: go install ${PACKAGE_URL}@${PACKAGE_VERSION} - name: Install dependencies run: | - python -m pip install --upgrade pip + python -m pip install --upgrade pip setuptools wheel pip install --upgrade --requirement requirements-test.txt - name: Set up pre-commit hook environments run: pre-commit install-hooks @@ -303,7 +306,7 @@ jobs: - id: setup-python uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: "3.11" - name: Cache testing environments uses: actions/cache@v3 env: @@ -318,7 +321,7 @@ jobs: ${{ env.BASE_CACHE_KEY }} - name: Install dependencies run: | - python -m pip install --upgrade pip + python -m pip install --upgrade pip setuptools wheel pip install --upgrade --requirement requirements-test.txt - name: Download docker image artifact uses: actions/download-artifact@v3 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b4e2017..fc21b7b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,17 +31,17 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.33.0 + rev: v0.34.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - repo: https://github.com/pre-commit/mirrors-prettier - rev: v3.0.0-alpha.4 + rev: v3.0.0-alpha.9-for-vscode hooks: - id: prettier - repo: https://github.com/adrienverge/yamllint - rev: v1.29.0 + rev: v1.32.0 hooks: - id: yamllint args: @@ -49,17 +49,36 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.21.0 + rev: 0.23.1 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.0.2 + rev: v3.3.2 hooks: - id: validate_manifest + # Go hooks + - repo: https://github.com/TekWizely/pre-commit-golang + rev: v1.0.0-rc.1 + hooks: + # Style Checkers + - id: go-critic + # StaticCheck + - id: go-staticcheck-repo-mod + # Go Build + - id: go-build-repo-mod + # Go Mod Tidy + - id: go-mod-tidy-repo + # Go Test + - id: go-test-repo-mod + # Go Vet + - id: go-vet-repo-mod + # GoSec + - id: go-sec-repo-mod + # Shell script hooks - repo: https://github.com/cisagov/pre-commit-shfmt rev: v0.0.2 @@ -83,7 +102,7 @@ repos: # Python hooks # Run bandit on the "tests" tree with a configuration - repo: https://github.com/PyCQA/bandit - rev: 1.7.4 + rev: 1.7.5 hooks: - id: bandit name: bandit (tests tree) @@ -92,13 +111,13 @@ repos: - --config=.bandit.yml # Run bandit on everything except the "tests" tree - repo: https://github.com/PyCQA/bandit - rev: 1.7.4 + rev: 1.7.5 hooks: - id: bandit name: bandit (everything else) exclude: tests - repo: https://github.com/psf/black - rev: 22.12.0 + rev: 23.3.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 @@ -112,31 +131,31 @@ repos: hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v0.991 + rev: v1.3.0 hooks: - id: mypy - repo: https://github.com/asottile/pyupgrade - rev: v3.3.1 + rev: v3.4.0 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v5.4.0 + rev: v6.17.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.77.0 + rev: v1.80.0 hooks: - id: terraform_fmt - id: terraform_validate # Docker hooks - repo: https://github.com/IamTheFij/docker-pre-commit - rev: v2.1.1 + rev: v3.0.1 hooks: - id: docker-compose-check diff --git a/Dockerfile b/Dockerfile index 508e3cc..55b4fc1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,7 +42,7 @@ RUN groupadd --system --gid ${CISA_GID} ${CISA_GROUP} \ # will not be included in the final Docker image. ### ENV DEPS \ - libpq-dev=13.9-0+deb11u1 + libpq-dev=13.11-0+deb11u1 # I'd like to pin the version of wget to keep the build reproducible, # but it's tricky. # @@ -136,7 +136,7 @@ RUN groupadd --system --gid ${CISA_GID} ${CISA_GROUP} \ # Install everything we need ### ENV DEPS \ - libpq-dev=13.9-0+deb11u1 + libpq-dev=13.11-0+deb11u1 # Note that we clean up aptitude cruft after installing dependencies. # This must be done in one fell swoop to actually reduce the size of # the resulting Docker image: diff --git a/README.md b/README.md index ce0f5e8..6394ed0 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ composition](https://docs.docker.com/compose/) alongside only the To run the `cisagov/guacscanner` image via Docker: ```console -docker run cisagov/guacscanner:1.1.16 +docker run cisagov/guacscanner:1.1.17 ``` ### Running with Docker Compose ### @@ -82,7 +82,7 @@ Docker secrets. 1. Pull the new image: ```console - docker pull cisagov/guacscanner:1.1.16 + docker pull cisagov/guacscanner:1.1.17 ``` 1. Recreate and run the container by following the [previous @@ -93,11 +93,11 @@ Docker secrets. The images of this container are tagged with [semantic versions](https://semver.org) of the underlying example project that they containerize. It is recommended that most users use a version -tag (e.g. `:1.1.16`). +tag (e.g. `:1.1.17`). | Image:tag | Description | |-----------|-------------| -|`cisagov/guacscanner:1.1.16`| An exact release version. | +|`cisagov/guacscanner:1.1.17`| An exact release version. | |`cisagov/guacscanner:1.1`| The most recent release matching the major and minor version numbers. | |`cisagov/guacscanner:1`| The most recent release matching the major version number. | |`cisagov/guacscanner:edge` | The most recent image built from a merge into the `develop` branch of this repository. | @@ -173,8 +173,8 @@ Build the image locally using this git repository as the [build context](https:/ ```console docker build \ - --build-arg VERSION=1.1.16 \ - --tag cisagov/guacscanner:1.1.16 \ + --build-arg VERSION=1.1.17 \ + --tag cisagov/guacscanner:1.1.17 \ https://github.com/cisagov/guacscanner.git#develop ``` @@ -204,9 +204,9 @@ Docker: docker buildx build \ --file Dockerfile-x \ --platform linux/amd64 \ - --build-arg VERSION=1.1.16 \ + --build-arg VERSION=1.1.17 \ --output type=docker \ - --tag cisagov/guacscanner:1.1.16 . + --tag cisagov/guacscanner:1.1.17 . ``` ## Contributing ## diff --git a/requirements-test.txt b/requirements-test.txt index 5f3337c..8b41b2f 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,4 +1,4 @@ --requirement requirements.txt pre-commit pytest -pytest-dockerc +python-on-whales diff --git a/setup-env b/setup-env index f526cdb..77926bf 100755 --- a/setup-env +++ b/setup-env @@ -65,7 +65,7 @@ done eval set -- "$PARAMS" # Check to see if pyenv is installed -if [ -z "$(command -v pyenv)" ] || [ -z "$(command -v pyenv-virtualenv)" ]; then +if [ -z "$(command -v pyenv)" ] || { [ -z "$(command -v pyenv-virtualenv)" ] && [ ! -f "$(pyenv root)/plugins/pyenv-virtualenv/bin/pyenv-virtualenv" ]; }; then echo "pyenv and pyenv-virtualenv are required." if [[ "$OSTYPE" == "darwin"* ]]; then cat << 'END_OF_LINE' @@ -186,5 +186,5 @@ else: END_OF_LINE )" -# Qapla +# Qapla' echo "Success!" diff --git a/src/version.txt b/src/version.txt index 11dd2b9..416d969 100644 --- a/src/version.txt +++ b/src/version.txt @@ -1 +1 @@ -__version__ = "1.1.16" +__version__ = "1.1.17" diff --git a/tests/conftest.py b/tests/conftest.py index eb2fbde..b91f1d7 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -4,16 +4,25 @@ """ # Third-Party Libraries import pytest +from python_on_whales import docker MAIN_SERVICE_NAME = "guacscanner" VERSION_SERVICE_NAME = f"{MAIN_SERVICE_NAME}-version" +@pytest.fixture(scope="session") +def dockerc(): + """Start up the Docker composition.""" + docker.compose.up(detach=True) + yield docker + docker.compose.down() + + @pytest.fixture(scope="session") def main_container(dockerc): """Return the main container from the Docker composition.""" # find the container by name even if it is stopped already - return dockerc.containers(service_names=[MAIN_SERVICE_NAME], stopped=True)[0] + return dockerc.compose.ps(services=[MAIN_SERVICE_NAME], all=True)[0] @pytest.fixture(scope="session") @@ -23,7 +32,7 @@ def version_container(dockerc): The version container should just output the version of its underlying contents. """ # find the container by name even if it is stopped already - return dockerc.containers(service_names=[VERSION_SERVICE_NAME], stopped=True)[0] + return dockerc.compose.ps(services=[VERSION_SERVICE_NAME], all=True)[0] def pytest_addoption(parser): diff --git a/tests/container_test.py b/tests/container_test.py index 8d33a1f..7baaf6f 100644 --- a/tests/container_test.py +++ b/tests/container_test.py @@ -15,7 +15,7 @@ def test_container_count(dockerc): """Verify the test composition and container.""" # stopped parameter allows non-running containers in results assert ( - len(dockerc.containers(stopped=True)) == 2 + len(dockerc.compose.ps(all=True)) == 2 ), "Wrong number of containers were started." @@ -25,7 +25,7 @@ def test_container_count(dockerc): # """Wait for container to be ready.""" # TIMEOUT = 10 # for i in range(TIMEOUT): -# if READY_MESSAGE in main_container.logs().decode("utf-8"): +# if READY_MESSAGE in main_container.logs(): # break # time.sleep(1) # else: @@ -35,23 +35,23 @@ def test_container_count(dockerc): # ) -def test_wait_for_exits(main_container, version_container): +def test_wait_for_exits(dockerc, main_container, version_container): """Wait for containers to exit.""" - # assert main_container.wait() == 0, "Container service (main) did not exit cleanly" assert ( - main_container.wait() == 1 + dockerc.wait(main_container.id) == 1 ), "Container service (main) did not exit as expected" assert ( - version_container.wait() == 0 + dockerc.wait(version_container.id) == 0 ), "Container service (version) did not exit cleanly" # TODO: Implement this test. See cisagov/guacscanner-docker#3 for # more details. -# def test_output(main_container): +# def test_output(dockerc, main_container): # """Verify the container had the correct output.""" -# main_container.wait() # make sure container exited if running test isolated -# log_output = main_container.logs().decode("utf-8") +# # make sure container exited if running test isolated +# dockerc.wait(main_container.id) +# log_output = main_container.logs() # assert SECRET_QUOTE in log_output, "Secret not found in log output." @@ -69,10 +69,11 @@ def test_release_version(): ), "RELEASE_TAG does not match the project version" -def test_log_version(version_container): +def test_log_version(dockerc, version_container): """Verify the container outputs the correct version to the logs.""" - version_container.wait() # make sure container exited if running test isolated - log_output = version_container.logs().decode("utf-8").strip() + # make sure container exited if running test isolated + dockerc.wait(version_container.id) + log_output = version_container.logs().strip() pkg_vars = {} with open(VERSION_FILE) as f: exec(f.read(), pkg_vars) # nosec @@ -89,5 +90,6 @@ def test_container_version_label_matches(version_container): exec(f.read(), pkg_vars) # nosec project_version = pkg_vars["__version__"] assert ( - version_container.labels["org.opencontainers.image.version"] == project_version + version_container.config.labels["org.opencontainers.image.version"] + == project_version ), "Dockerfile version label does not match project version"