Setup basic project config

.dockerignore

@@ -12,4 +12,3 @@ __pycache__/
 *$py.class
 
 .venv
-

.github/dependabot.yml

@@ -8,8 +8,11 @@ updates:
       time: "08:00"
       timezone: "Europe/Amsterdam"
     labels:
-      - "github-actions"
       - "dependencies"
+    groups:
+      allgithubactions:
+        patterns:
+        - "*"
 
   - package-ecosystem: "pip"
     directory: "/"
@@ -19,8 +22,11 @@ updates:
       time: "08:00"
       timezone: "Europe/Amsterdam"
     labels:
-      - "pip"
       - "dependencies"
+    groups:
+      allpip:
+        patterns:
+        - "*"
 
   - package-ecosystem: "devcontainers"
     directory: "/"
@@ -30,5 +36,8 @@ updates:
       time: "08:00"
       timezone: "Europe/Amsterdam"
     labels:
-      - "devcontainers"
       - "dependencies"
+    groups:
+      alldevcontainers:
+        patterns:
+        - "*"

.github/workflows/ci.yml

@@ -0,0 +1,196 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - 'main'
+
+env:
+  REGISTRY: ghcr.io
+  POETRY_CACHE_DIR: ~/.cache/pypoetry
+  IMAGE_NAME: ${{ github.repository }}
+  PYTHON_VERSION: "3.11"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ env.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        run: poetry install
+
+      - name: run ruff
+        run: poetry run ruff check --output-format=github
+
+      - name: run format
+        run: poetry run ruff format --check
+
+      - name: run pyright
+        run: poetry run pyright
+
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        run: poetry install
+
+      - name: Generate SBOM
+        run: poetry run cyclonedx-py poetry > sbom.json
+
+      - name: Generace licenses file
+        run: |
+          poetry run pip-licenses  --order=license --format=json --with-description > licenses.txt
+
+      - name: Upload SBOM and licenses
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-licenses-${{ github.sha }}.json
+          path: |
+            sbom.json
+            licenses.txt
+          if-no-files-found: error
+          overwrite: true
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          trivy-config: trivy.yaml
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        run: poetry install
+
+      - name: run pytest
+        run: poetry run coverage run -m pytest
+
+      - name: run coverage report
+        run: poetry run coverage report
+
+      - name: run coverage html
+        run: poetry run coverage html
+
+      - name: Upload code coverage report
+        if: matrix.python-version == '3.11'
+        uses: actions/upload-artifact@v4
+        with:
+          name: codecoverage-${{ github.sha }}
+          path: htmlcov/
+          if-no-files-found: error
+          overwrite: true
+
+
+  build:
+    needs: test
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+      security-events: write
+      actions: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64,darwin/amd64
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.meta.outputs.tags }}
+          trivy-config: trivy.yaml
+          scan-type: image
+          exit-code: 0
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+        env:
+          TRIVY_USERNAME: ${{ github.actor }}
+          TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  notifyMattermost:
+    runs-on: ubuntu-latest
+    needs: [lint, security, test, build ]
+    if: ${{ always() && contains(needs.*.result, 'failure') }}
+    steps:
+      - uses: mattermost/action-mattermost-notify@master
+        with:
+          MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
+          MATTERMOST_CHANNEL: dev
+          TEXT: |
+            ${{ github.repository }} failed build @here :unamused:
+            :rotating_light: [Pipeline](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) failed :fire:
+          MATTERMOST_USERNAME: ${{ github.triggering_actor }}

.github/workflows/codeql.yml

@@ -8,31 +8,25 @@ on:
 
 jobs:
   analyze:
-    name: Analyze (${{ matrix.language }})
+    name: Analyze (python)
     runs-on: 'ubuntu-latest'
     timeout-minutes: 360
     permissions:
       security-events: write
       packages: read
       actions: read
       contents: read
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-        - language: python
-          build-mode: none
+
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
-      
+
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:
-        languages: ${{ matrix.language }}
-        build-mode: ${{ matrix.build-mode }}
+        languages: python
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v3
       with:
-        category: "/language:${{matrix.language}}"
+        category: "/language:python"

.github/workflows/first-interaction.yml

@@ -5,6 +5,7 @@ on: [pull_request, issues]
 jobs:
   greeting:
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     permissions:
       issues: write
       pull-requests: write

.github/workflows/stale.yml

@@ -7,8 +7,9 @@ on:
 jobs:
   stale:
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     permissions:
-      contents: write # only for delete-branch option
+      contents: write
       issues: write
       pull-requests: write
     steps:

.gitignore

@@ -3,6 +3,8 @@ __pycache__/
 *.py[cod]
 *$py.class
 
+# poetry build
+dist/
 
 # Unit test / coverage reports
 .coverage
@@ -22,6 +24,5 @@ __pypackages__/
 # ruff linter
 .ruff_cache/
 
-
-
-
+#mypyr
+.mypy_cache/

.pre-commit-config.yaml

@@ -18,10 +18,6 @@ repos:
     hooks:
       - id: ruff
       - id: ruff-format
-  - repo: https://github.com/RobertCraigie/pyright-python
-    rev: v1.1.359
-    hooks:
-      - id: pyright
 
 ci:
   autofix_prs: false

.vscode/launch.json

@@ -2,10 +2,10 @@
   "version": "0.2.0",
   "configurations": [
     {
-      "name": "Project",
+      "name": "tad",
       "type": "debugpy",
       "request": "launch",
-      "module": "python_project",
+      "module": "tad",
       "justMyCode": false,
       "args": []
     },
@@ -16,7 +16,7 @@
       "module": "pytest",
       "cwd": "${workspaceFolder}",
       "justMyCode": false,
-      "args": [],
+      "args": []
     }
   ]
 }

BUILD.md

@@ -0,0 +1,53 @@
+# Buiding TAD
+
+There are several ways to build and run TAD.
+
+1. poetry
+2. container
+
+## Building TAD with Poetry
+
+Poetry is a python package and dependency manager. Before you can install poetry you first need to install python. Please follow [these](https://github.com/pyenv/pyenv?tab=readme-ov-file#installation) instructions.
+
+Once you have python available you can install poetry. See [here](https://python-poetry.org/docs/#installation).
+
+Once you have poetry and python install you can start installing the dependencies with the following shell command.
+
+```shell
+poetry install
+```
+
+when poetry is done installing all dependencies you can start using the tool.
+
+```shell
+poetry run python -m tad
+```
+
+## Building TAD with Containers
+
+Containers allow use to package software and make it portable and isolated. Before you can run container you first need a container runtime. There are several available but allot of users use [docker desktop](https://www.docker.com/products/docker-desktop/).
+
+Once you install a docker runtime like docker desktop you can start building the applications with this command:
+
+```shell
+docker compose build
+```
+
+to run the application you use this command:
+
+```shell
+docker compose up
+```
+
+## Testing, Linting etc
+
+For testing, linting and other feature we use several tools. You can look up the documentation on how to use these:
+
+* [pytest](https://docs.pytest.org/en/)  `poetry run pytest`
+* [ruff](https://docs.astral.sh/ruff/) `poetry run ruff format` or `poetry run ruff check --fix`
+* [coverage](https://coverage.readthedocs.io/en/) `poetry run coverage report`
+* [pyright](https://microsoft.github.io/pyright/#/) `poetry run pyright`
+
+## Devcontainers
+
+[VSCode](https://code.visualstudio.com/) has great support for devcontainers. If your editor had support for devcontainers you can also use them to start the devcontainer. Devcontaines offer great standardized environments for development.