Actions added

Initial github actions

.github/pull_request_template.md

@@ -0,0 +1,11 @@
+### Linear Issue
+<!-- Replace both "IDSSE-xxx" strings below with your Issue, e.g. "IDSSE-123" -->
+[IDSSE-xxx](https://linear.app/idss/issue/IDSSE-xxx)
+
+### Changes
+<!-- Brief description of changes -->
+- List of high-level changes
+
+### Explanation
+<!-- Include any discussion, if needed, such as why these changes were needed or why a certain implementation was chosen -->
+N/A

.github/workflows/build-package-python-sci.yml

@@ -0,0 +1,92 @@
+name: Build and Package the Python Commons Scientific package to Dev Registry
+on:
+  push:
+    branches: [ main ]
+env:
+  DEV_REGISTRY: ghcr.io/noaa-gsl/idss/commons/python
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        app:
+          - python-sci
+    steps:
+
+    - name: Checkout Code
+      uses: actions/checkout@v2
+
+    - name: Set ENV Variables
+      shell: bash
+      run: |
+        DATE=$(git show -s --format=%cd --date=format:'%Y-%m-%d.%H:%M:%S.%z' ${{ github.sha }})
+          if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
+            # PR build
+            echo "BRANCH=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
+            echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
+          elif [[ "${GITHUB_EVENT_NAME}" == "push" ]]; then
+            # Handle differences between branches/tags
+            if [[ "${GITHUB_REF}" == *"heads"* ]]; then
+              # Branch build
+              echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
+              echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
+            elif [[ "${GITHUB_REF}" == *"tags"* ]]; then
+              # Tag build
+              echo "BRANCH=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+              echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+            else
+              echo "ERROR: Unanticipated Git Ref"
+              exit 1
+            fi
+          else
+            echo "ERROR: Unanticipated GitHub Event"
+            exit 1
+          fi
+
+    - name: Create App Names
+      env:
+        APP: '${{matrix.app}}'
+      run: |
+        echo "APP_LOWERCASE=${APP,,}" >> $GITHUB_ENV
+
+    - name: Build Image
+      run: |
+        docker build \
+          --build-arg APPNAME=${{matrix.app}} \
+          --build-arg BUILDVER="${{env.VERSION}}" \
+          --build-arg COMMITBRANCH=${{env.BRANCH}} \
+          --build-arg COMMITSHA=${{github.sha}} \
+          -t ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.BRANCH}} \
+          -f ./docker/python-sci/Dockerfile .
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: '${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.BRANCH}}'
+        format: 'table'
+        #exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
+
+        # this requires public repo / additional config
+        #format: 'sarif'
+        #output: 'trivy-results.sarif'
+
+     # GSL isn't paying for this support with private repositories
+#    - name: Upload Trivy scan results to GitHub Security tab
+#      uses: github/codeql-action/upload-sarif@v2
+#      with:
+#        sarif_file: 'trivy-results.sarif'
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v1
+      with:
+        registry: ghcr.io
+        username: ${{github.actor}}
+        password: ${{secrets.GITHUB_TOKEN}}
+
+    - name: Push Image to Dev Registry
+      run: |
+        docker push ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.BRANCH}}

.github/workflows/build-package-python.yml

@@ -0,0 +1,92 @@
+name: Build and Package the Python Commons Base package to Dev Registry
+on:
+  push:
+    branches: [ main ]
+env:
+  DEV_REGISTRY: ghcr.io/noaa-gsl/idss/commons/python
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        app:
+          - python-base
+    steps:
+
+    - name: Checkout Code
+      uses: actions/checkout@v2
+
+    - name: Set ENV Variables
+      shell: bash
+      run: |
+        DATE=$(git show -s --format=%cd --date=format:'%Y-%m-%d.%H:%M:%S.%z' ${{ github.sha }})
+          if [[ "${GITHUB_EVENT_NAME}" == "pull_request" ]]; then
+            # PR build
+            echo "BRANCH=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
+            echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
+          elif [[ "${GITHUB_EVENT_NAME}" == "push" ]]; then
+            # Handle differences between branches/tags
+            if [[ "${GITHUB_REF}" == *"heads"* ]]; then
+              # Branch build
+              echo "BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
+              echo "VERSION=dev-${{ github.sha }}-$DATE" >> $GITHUB_ENV
+            elif [[ "${GITHUB_REF}" == *"tags"* ]]; then
+              # Tag build
+              echo "BRANCH=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+              echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+            else
+              echo "ERROR: Unanticipated Git Ref"
+              exit 1
+            fi
+          else
+            echo "ERROR: Unanticipated GitHub Event"
+            exit 1
+          fi
+
+    - name: Create App Names
+      env:
+        APP: '${{matrix.app}}'
+      run: |
+        echo "APP_LOWERCASE=${APP,,}" >> $GITHUB_ENV
+
+    - name: Build Image
+      run: |
+        docker build \
+          --build-arg APPNAME=${{matrix.app}} \
+          --build-arg BUILDVER="${{env.VERSION}}" \
+          --build-arg COMMITBRANCH=${{env.BRANCH}} \
+          --build-arg COMMITSHA=${{github.sha}} \
+          -t ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.BRANCH}} \
+          -f ./docker/python/Dockerfile .
+
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: '${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.BRANCH}}'
+        format: 'table'
+        #exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
+
+        # this requires public repo / additional config
+        #format: 'sarif'
+        #output: 'trivy-results.sarif'
+
+     # GSL isn't paying for this support with private repositories
+#    - name: Upload Trivy scan results to GitHub Security tab
+#      uses: github/codeql-action/upload-sarif@v2
+#      with:
+#        sarif_file: 'trivy-results.sarif'
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v1
+      with:
+        registry: ghcr.io
+        username: ${{github.actor}}
+        password: ${{secrets.GITHUB_TOKEN}}
+
+    - name: Push Image to Dev Registry
+      run: |
+        docker push ${{env.DEV_REGISTRY}}/${{env.APP_LOWERCASE}}:${{env.BRANCH}}

.github/workflows/linter.yml

@@ -0,0 +1,34 @@
+name: Lint with pylint
+on:
+  push:
+    branches:
+      - 'main'
+  pull_request:
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    name: Lint
+    defaults:
+      run:
+        shell: bash -el {0}
+    strategy:
+      matrix:
+        python-version: [ "3.11" ]
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install python dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pytest pylint==2.17.5 python-dateutil==2.8.2 pint==0.21 importlib-metadata==6.7.0 jsonschema==4.19.0 pika==1.3.1 pyproj numpy==1.26.2 shapely==2.0.2 netcdf4==1.6.3 h5netcdf==1.1.0 pillow==10.2.0
+
+      - name: Set PYTHONPATH for pylint
+        run: |
+          echo "PYTHONPATH=python/idsse_common/idsse/common" >> $GITHUB_ENV
+
+      - name: Run code linter
+        run: pylint ./python/idsse_common --max-line-length=120 --recursive true