Setup basic project config

.dockerignore

@@ -12,4 +12,3 @@ __pycache__/
 *$py.class
 
 .venv
-

.github/dependabot.yml

@@ -8,8 +8,11 @@ updates:
       time: "08:00"
       timezone: "Europe/Amsterdam"
     labels:
-      - "github-actions"
       - "dependencies"
+    groups:
+      allgithubactions:
+        patterns:
+        - "*"
 
   - package-ecosystem: "pip"
     directory: "/"
@@ -19,8 +22,11 @@ updates:
       time: "08:00"
       timezone: "Europe/Amsterdam"
     labels:
-      - "pip"
       - "dependencies"
+    groups:
+      allpip:
+        patterns:
+        - "*"
 
   - package-ecosystem: "devcontainers"
     directory: "/"
@@ -30,5 +36,8 @@ updates:
       time: "08:00"
       timezone: "Europe/Amsterdam"
     labels:
-      - "devcontainers"
       - "dependencies"
+    groups:
+      alldevcontainers:
+        patterns:
+        - "*"

.github/workflows/ci.yml

@@ -0,0 +1,183 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - 'v*'
+  pull_request:
+    branches:
+      - 'main'
+
+env:
+  REGISTRY: ghcr.io
+  POETRY_CACHE_DIR: ~/.cache/pypoetry
+  IMAGE_NAME: ${{ github.repository }}
+  PYTHON_VERSION: "3.11"
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ env.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        run: poetry install
+
+      - name: run ruff
+        run: poetry run ruff check --output-format=github
+
+      - name: run format
+        run: poetry run ruff format --check
+
+      - name: run pyright
+        run: poetry run pyright
+
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ env.PYTHON_VERSION }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        run: poetry install
+
+      - name: Generate SBOM
+        run: poetry run cyclonedx-py poetry > sbom.json
+
+      - name: Generace licenses file
+        run: |
+          poetry run pip-licenses  --order=license --format=json --with-description > licenses.txt
+
+      - name: Upload SBOM and licenses
+        uses: actions/upload-artifact@v4
+        with:
+          name: sbom-licenses-${{ github.sha }}.json
+          path: |
+            sbom.json
+            licenses.txt
+          if-no-files-found: error
+          overwrite: true
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          scan-ref: '.'
+          trivy-config: trivy.yaml
+
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: "poetry"
+
+      - name: Install dependencies
+        run: poetry install
+
+      - name: run pytest
+        run: poetry run coverage run -m pytest
+
+      - name: run coverage
+        run: poetry run coverage report
+
+      - name: run coverage
+        run: poetry run coverage html
+
+      - name: Upload code coverage report
+        if: ${{ matrix.python-version }} == '3.11'
+        uses: actions/upload-artifact@v4
+        with:
+          name: codecoverage-${{ github.sha }}
+          path: htmlcov/
+          if-no-files-found: error
+          overwrite: true
+
+
+  build:
+    needs: test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 #todo: set to version
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64,darwin/amd64
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ steps.meta.outputs.tags }}
+          trivy-config: trivy.yaml
+          scan-type: image
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
+
+  # notifyMattermost:
+  #   runs-on: ubuntu-latest
+  #   if: failure()
+  #   steps:
+  #     - uses: mattermost/action-mattermost-notify@master
+  #       with:
+  #         MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }}
+  #         MATTERMOST_CHANNEL: the-best-channel
+  #         TEXT: |
+  #           This is a message from ${{ github.repository }}.
+  #           [Pipeline](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) failed :fire:
+  #         MATTERMOST_USERNAME: ${{ github.triggering_actor }}

.github/workflows/codeql.yml

@@ -25,7 +25,7 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
-      
+
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:

.github/workflows/first-interaction.yml

@@ -5,6 +5,7 @@ on: [pull_request, issues]
 jobs:
   greeting:
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     permissions:
       issues: write
       pull-requests: write

.github/workflows/stale.yml

@@ -7,8 +7,9 @@ on:
 jobs:
   stale:
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     permissions:
-      contents: write # only for delete-branch option
+      contents: write
       issues: write
       pull-requests: write
     steps:

.gitignore

@@ -22,6 +22,5 @@ __pypackages__/
 # ruff linter
 .ruff_cache/
 
-
-
-
+#mypyr
+.mypy_cache/

.vscode/launch.json

@@ -2,10 +2,10 @@
   "version": "0.2.0",
   "configurations": [
     {
-      "name": "Project",
+      "name": "tad",
       "type": "debugpy",
       "request": "launch",
-      "module": "python_project",
+      "module": "tad",
       "justMyCode": false,
       "args": []
     },
@@ -16,7 +16,7 @@
       "module": "pytest",
       "cwd": "${workspaceFolder}",
       "justMyCode": false,
-      "args": [],
+      "args": []
     }
   ]
 }

BUILD.md

@@ -0,0 +1,53 @@
+# Buiding TAD
+
+There are several ways to build and run TAD.
+
+1. poetry
+2. container
+
+## Building TAD with Poetry
+
+Poetry is a python package and dependency manager. Before you can install poetry you first need to install python. Please follow [these](https://github.com/pyenv/pyenv?tab=readme-ov-file#installation) instructions.
+
+Once you have python available you can install poetry. See [here](https://python-poetry.org/docs/#installation).
+
+Once you have poetry and python install you can start installing the dependencies with the following shell command.
+
+```shell
+poetry install
+```
+
+when poetry is done installing all dependencies you can start using the tool.
+
+```shell
+poetry run python -m tad
+```
+
+## Building TAD with Containers
+
+Containers allow use to package software and make it portable and isolated. Before you can run container you first need a container runtime. There are several available but allot of users use [docker desktop](https://www.docker.com/products/docker-desktop/).
+
+Once you install a docker runtime like docker desktop you can start building the applications with this command:
+
+```shell
+docker compose build
+```
+
+to run the application you use this command:
+
+```shell
+docker compose up
+```
+
+## Testing, Linting etc
+
+For testing, linting and other feature we use several tools. You can look up the documentation on how to use these:
+
+* [pytest](https://docs.pytest.org/en/)  `poetry run pytest`
+* [ruff](https://docs.astral.sh/ruff/) `poetry run ruff format` or `poetry run ruff check --fix`
+* [coverage](https://coverage.readthedocs.io/en/) `poetry run coverage report`
+* [pyright](https://microsoft.github.io/pyright/#/) `poetry run pyright`
+
+## Devcontainers
+
+[VSCode](https://code.visualstudio.com/) has great support for devcontainers. If your editor had support for devcontainers you can also use them to start the devcontainer. Devcontaines offer great standardized environments for development.

Dockerfile

@@ -4,8 +4,7 @@ FROM  --platform=$BUILDPLATFORM python:${PYTHON_VERSION} as project-base
 
 LABEL [email protected] \
       organization=MinBZK \
-      license=EUPL-1.2 \
-      io.docker.minbzk.name=python-project-template
+      license=EUPL-1.2
 
 ENV PYTHONUNBUFFERED=1 \
     PYTHONDONTWRITEBYTECODE=1 \
@@ -37,14 +36,15 @@ FROM development AS lint
 
 RUN ruff check
 RUN ruff format --check
+RUN pyright
 
 FROM development AS test
-RUN coverage run --rcfile ./pyproject.toml -m pytest ./tests
-RUN coverage report --fail-under 95
+RUN coverage run -m pytest ./tests
+RUN coverage report
 
 FROM project-base as production
 
-COPY ./python_project /app/python_project
+COPY ./tad /app/tad
 
 # change this to a usefull command
-CMD ["python", "-m", "python_project" ]
+CMD ["python", "-m", "tad" ]

LICENSE

@@ -187,4 +187,4 @@ a European Union Member State.
 The European Commission may update this Appendix to later versions of the above licences without producing
 a new version of the EUPL, as long as they provide the rights granted in Article 2 of this Licence and protect the
 covered Source Code from exclusive appropriation.
-All other changes or additions to this Appendix require the production of a new EUPL version.
+All other changes or additions to this Appendix require the production of a new EUPL version.