Merge branch 'main' into dev_user_endpoint

fedora-infra · Jul 11, 2024 · f8b25c5 · f8b25c5
2 parents 4074d2e + ba14c64
commit f8b25c5
Show file tree

Hide file tree

Showing 29 changed files with 590 additions and 79 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -0,0 +1,4 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["local>fedora-infra/shared:renovate-config"]
+}
diff --git a/.github/workflows/label-when-deployed.yml b/.github/workflows/label-when-deployed.yml
@@ -0,0 +1,27 @@
+name: Apply labels when deployed
+
+on:
+  push:
+    branches:
+      - staging
+      - stable
+      - main
+
+jobs:
+  label:
+    name: Apply labels
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Staging deployment
+        uses: fedora-infra/label-when-in-branch@v1
+        with:
+          token: ${{'{{'}} secrets.GITHUB_TOKEN {{'}}'}}
+          branch: staging
+          label: deployed:staging
+      - name: Production deployment
+        uses: fedora-infra/label-when-in-branch@v1
+        with:
+          token: ${{'{{'}} secrets.GITHUB_TOKEN {{'}}'}}
+          branch: stable
+          label: deployed:prod
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,203 @@
+name: Test & Build
+
+on:
+  push:
+    branches:
+      - stable
+      - develop
+      - main
+    tags:
+  pull_request:
+    branches:
+      - stable
+      - develop
+      - main
+
+jobs:
+
+  checks:
+    name: Checks
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          dnf install -y pre-commit git libpq-devel krb5-devel
+          pip install poetry
+
+      - name: Mark the working directory as safe for Git
+        run: git config --global --add safe.directory $PWD
+
+      - name: Install the project
+        run: poetry install
+
+      - name: Run pre-commit checks
+        run: pre-commit run --all-files
+
+
+  licenses:
+    name: Licenses
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          dnf install -y libpq-devel krb5-devel
+          pip install poetry
+
+      - name: Run the licenses check
+        run: tox -e licenses
+
+
+  docs:
+    name: Documentation
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          dnf install -y libpq-devel krb5-devel
+          pip install poetry>=1.2
+
+      - name: Build the docs
+        run: tox -e docs
+
+      # - name: Save the docs
+      #   uses: actions/upload-artifact@v2
+      #   with:
+      #     name: docs
+      #     path: {{ cookiecutter.pkg_name }}/docs/_build/html
+
+
+  unit-tests:
+    name: Unit tests
+    runs-on: ubuntu-latest
+    container: fedorapython/fedora-python-tox:latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install dependencies
+        run: |
+          dnf install -y libpq-devel krb5-devel
+          pip install poetry>=1.2
+
+      - name: Mark the working directory as safe for Git
+        run: git config --global --add safe.directory $PWD
+
+      - name: Run the tests
+        run: tox -e ${{ matrix.pyver }}-unit
+
+    strategy:
+      matrix:
+        pyver:
+          - py38
+          - py39
+          - py310
+          - py311
+
+
+  # https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
+  build:
+    name: Build distribution 📦
+    runs-on: ubuntu-latest
+    needs:
+      - checks
+      - licenses
+      - docs
+      - unit-tests
+    outputs:
+      release-notes: ${{ steps.extract-changelog.outputs.markdown }}
+
+    steps:
+
+      - uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.x"
+
+      - name: Install pypa/build
+        run: python3 -m pip install build --user
+
+      - name: Build a binary wheel and a source tarball
+        run: python3 -m build
+
+      - name: Store the distribution packages
+        uses: actions/upload-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Extract changelog section
+        id: extract-changelog
+        uses: sean0x42/markdown-extract@v2
+        with:
+          file: docs/release_notes.md
+          pattern: 'Version\s+\[[[:word:].-]+\]\(.*\)'
+          no-print-matched-heading: true
+      - name: Show the changelog
+        env:
+          CHANGELOG: ${{ steps.extract-changelog.outputs.markdown }}
+        run: echo "$CHANGELOG"
+
+
+  publish-to-pypi:
+    name: Publish to PyPI 🚀
+    if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, 'rc')  # only publish to PyPI on final tag pushes
+    needs:
+      - build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/webhook-to-fedora-messaging
+    permissions:
+      id-token: write  # IMPORTANT: mandatory for trusted publishing
+
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish distribution to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+
+  github-release:
+    name: Create a GitHub Release 📢
+    needs:
+      - publish-to-pypi
+      # The "build" dep is redundant but needed to access the changelog
+      - build
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write  # IMPORTANT: mandatory for making GitHub Releases
+      id-token: write  # IMPORTANT: mandatory for sigstore
+
+    steps:
+      - name: Download all the dists
+        uses: actions/download-artifact@v4
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Sign the dists with Sigstore
+        uses: sigstore/[email protected]
+        with:
+          inputs: >-
+            ./dist/*.tar.gz
+            ./dist/*.whl
+
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: dist/*
+          fail_on_unmatched_files: true
+          body: ${{ needs.build.outputs.release-notes }}
diff --git a/.gitignore b/.gitignore
@@ -70,6 +70,7 @@ instance/
 
 # Sphinx documentation
 docs/_build/
+docs/_source/
 
 # PyBuilder
 .pybuilder/
@@ -127,6 +128,7 @@ venv/
 ENV/
 env.bak/
 venv.bak/
+.vagrant
 
 # Spyder project settings
 .spyderproject

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,37 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+
+repos:
+  # Generic hooks
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-added-large-files
+
+  # https://black.readthedocs.io/en/stable/integrations/source_version_control.html
+  - repo: https://github.com/psf/black
+    rev: 24.4.2
+    hooks:
+      - id: black
+
+  # Ruff
+  - repo: https://github.com/charliermarsh/ruff-pre-commit
+    # Ruff version.
+    rev: v0.5.0
+    hooks:
+      - id: ruff
+
+  - repo: https://github.com/myint/rstcheck
+    rev: v6.2.1
+    hooks:
+      - id: rstcheck
+        additional_dependencies: [sphinx, toml, myst-parser]
+
+  # License headers
+  - repo: https://github.com/fsfe/reuse-tool
+    rev: v3.0.2
+    hooks:
+      - id: reuse
diff --git a/.reuse/dep5 b/.reuse/dep5
@@ -0,0 +1,17 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Contact: Fedora Infrastructure <[email protected]>
+Source: https://github.com/fedora-infra/webhook-to-fedora-messaging
+
+# Sample paragraph, commented out:
+#
+# Files: src/*
+# Copyright: $YEAR $NAME <$CONTACT>
+# License: ...
+
+Files: *.yaml *.yml *.md *.toml .gitignore *.ini *.cfg Vagrantfile .s2i/* .github/* devel/ansible/* docs/*
+Copyright: 2024 Contributors to the Fedora Project
+License: GPL-3.0-or-later
+
+Files: poetry.lock
+Copyright: None, autogenerated
+License: GPL-3.0-or-later
diff --git a/Vagrantfile b/Vagrantfile
@@ -6,21 +6,21 @@ Vagrant.configure(2) do |config|
   config.hostmanager.manage_host = true
   config.hostmanager.manage_guest = true
 
-  config.vm.define "webhook-to-fedora-messaging" do |webhook-to-fedora-messaging|
-    webhook-to-fedora-messaging.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Vagrant-libvirt.x86_64-40-1.14.vagrant.libvirt.box"
-    webhook-to-fedora-messaging.vm.box = "f38-cloud-libvirt"
-    webhook-to-fedora-messaging.vm.hostname = "webhook-to-fedora-messaging.tinystage.test"
+  config.vm.define "w2fm" do |w2fm|
+    w2fm.vm.box_url = "https://download.fedoraproject.org/pub/fedora/linux/releases/40/Cloud/x86_64/images/Fedora-Cloud-Base-Vagrant-libvirt.x86_64-40-1.14.vagrant.libvirt.box"
+    w2fm.vm.box = "f40-cloud-libvirt"
+    w2fm.vm.hostname = "w2fm.tinystage.test"
 
-    webhook-to-fedora-messaging.vm.synced_folder '.', '/vagrant', disabled: true
-    webhook-to-fedora-messaging.vm.synced_folder ".", "/home/vagrant/webhook-to-fedora-messaging", type: "sshfs"
+    w2fm.vm.synced_folder '.', '/vagrant', disabled: true
+    w2fm.vm.synced_folder ".", "/home/vagrant/webhook-to-fedora-messaging", type: "sshfs"
 
 
-    webhook-to-fedora-messaging.vm.provider :libvirt do |libvirt|
+    w2fm.vm.provider :libvirt do |libvirt|
       libvirt.cpus = 2
       libvirt.memory = 2048
     end
 
-    webhook-to-fedora-messaging.vm.provision "ansible" do |ansible|
+    w2fm.vm.provision "ansible" do |ansible|
       ansible.playbook = "devel/ansible/playbook.yml"
       ansible.config_file = "devel/ansible/ansible.cfg"
       ansible.verbose = true

diff --git a/config.toml.example b/config.toml.example
@@ -1,5 +1,6 @@
 [flaskapp]
 DEBUG = true
+SQLALCHEMY_DATABASE_URI = "sqlite:////tmp/w2fm.db"
 TESTING = true
 PROPAGATE_EXCEPTIONS = ""
 SECRET_KEY = "PLEASE-CHANGE-THIS-BEFORE-STARTING"
@@ -23,13 +24,6 @@ PREFERRED_URL_SCHEME = "http"
 TEMPLATES_AUTO_RELOAD = ""
 MAX_COOKIE_SIZE = ""
 
-  [flaskapp.database]
-  HOST = "localhost"
-  PORT = 5432
-  USERNAME = "root"
-  PASSWORD = "password"
-  NAME = "database"
-
   [flaskapp.logsconf]
   version = 1
   disable_existing_loggers = false

diff --git a/devel/ansible/playbook.yml b/devel/ansible/playbook.yml
@@ -4,16 +4,16 @@
   become_method: sudo
 
   vars:
-    name: webhook-to-fedora-messaging
+    app_name: webhook-to-fedora-messaging
     pkg_name: webhook_to_fedora_messaging
     ipa_admin_user: admin
     ipa_admin_password: password
     krb_realm: TINYSTAGE.TEST
+    cert_owner: vagrant
 
   roles:
     - core
-    # If you need Tinystage:
-    # - ipa-client
-    # If you need a TLS cert from Tinystage:
-    # - cert
+    - ipa-client
+    - cert
+    - gss-proxy
     - dev