Initial commit

.codeclimate.yml

@@ -0,0 +1,12 @@
+version: "2"
+plugins:
+  bandit:
+    enabled: true
+  duplication:
+    enabled: true
+    config:
+      languages:
+        python:
+          python_version: 3
+  sonar-python:
+    enabled: true

.github/workflows/github-pages-dev.yml

@@ -0,0 +1,16 @@
+name: Deploy static content to Pages
+
+on:
+  push:
+    branches: ["main"]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+
+jobs:
+  site:
+    permissions:
+      contents: write
+    uses: ./.github/workflows/reusable-github-pages.yml
+    with:
+      site-version: "dev"

.github/workflows/python-bandit.yml

@@ -0,0 +1,32 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Bandit checks
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  bandit:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Security check - Bandit
+      uses: ioggstream/[email protected]
+      with:
+        project_path: .
+        config_file: .bandit.yml
+
+    # This is optional
+    - name: Security check report artifacts
+      uses: actions/upload-artifact@v1
+      with:
+        name: Security report
+        path: output/security_report.txt

.github/workflows/python-code-style.yml

@@ -0,0 +1,32 @@
+ # This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Python code style
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  quality:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python 3.12
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.12"
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install poetry
+        poetry config virtualenvs.create false
+        poetry install --no-root --with dev
+    - name: Check code style with black
+      run: |
+        make format

.github/workflows/python-lint.yml

@@ -0,0 +1,31 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Python lint
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  quality:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python 3.12
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.12"
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install poetry
+        poetry config virtualenvs.create false
+        poetry install --no-root --with dev
+    - name: Lint with ruff
+      run: make lint

.github/workflows/python-quality.yml

@@ -0,0 +1,38 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Python code quality
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  quality:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python 3.12
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.12"
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install poetry
+        poetry config virtualenvs.create false
+        poetry install --no-root --with dev
+    - name: Test & publish code coverage
+      uses: paambaati/[email protected]
+      env:
+        CC_TEST_REPORTER_ID: ${{ secrets.CODECLIMATE_REPORTER_ID }}
+      with:
+        coverageCommand: make ci-coverage
+        coverageLocations: |
+          ${{github.workspace}}/coverage.lcov:lcov
+        debug: true

.github/workflows/python-tests.yml

@@ -0,0 +1,39 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Python tests
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+        os: [ubuntu-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python ${{ matrix.version }}
+      uses: actions/setup-python@v4
+      with:
+        python-version: "${{ matrix.version }}"
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        python -m pip install poetry
+        poetry config virtualenvs.create false
+        poetry install --no-root --with dev
+    - name: Test with pytest
+      run: |
+        make ci-test
+    - name: Check typing
+      run: |
+        make typing
+

.github/workflows/release.yml

@@ -0,0 +1,86 @@
+# This workflow will publish a python package on pypi, when a release is created
+
+name: release
+
+on:
+  release:
+    types: [ published ]
+
+jobs:
+  build:
+    outputs:
+      version: ${{ steps.docs-version-step.outputs.version }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install poetry poetry-dynamic-versioning
+
+      - name: Build package
+        run: |
+          poetry build
+
+      - name: Archive the dist folder
+        uses: actions/upload-artifact@v3
+        with:
+          name: dist
+          path: dist
+          retention-days: 1
+
+      - name: Export version for site docs
+        id: docs-version-step
+        run: |
+          ./ci-scripts/docs-version.sh
+          echo "Identified version: $(./ci-scripts/docs-version.sh)"
+          echo "version=$(./ci-scripts/docs-version.sh)"
+          echo "version=$(./ci-scripts/docs-version.sh)" >> $GITHUB_OUTPUT
+
+  publish:
+    runs-on: ubuntu-latest
+    needs: build
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      - name: Download the dist folder from the build job
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+          path: dist
+
+      - name: Upload binaries to release
+        uses: shogo82148/actions-upload-release-asset@v1
+        with:
+          upload_url: ${{ github.event.release.upload_url }}
+          asset_path: dist/*
+
+      - name: Publish package distributions to TestPyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        ################################
+        # REMOVE CUSTOM REPOSITORY TO  #
+        # PUBLISH ON OFFICIAL PYPI     #
+        ################################
+        with:
+          repository-url: https://test.pypi.org/legacy/
+
+  site:
+    needs: build
+    uses: ./.github/workflows/reusable-github-pages.yml
+    permissions:
+      contents: write
+    with:
+      site-version: ${{ needs.build.outputs.version }}
+      version-alias: "stable"
+      set-default: true

.github/workflows/reusable-github-pages.yml

@@ -0,0 +1,82 @@
+on:
+  workflow_call:
+    inputs:
+      site-version:
+        required: true
+        type: string
+      version-alias:
+        required: false
+        type: string
+        default: ""
+      branch:
+        required: false
+        type: string
+        default: "gh-pages"
+      set-default:
+        required: false
+        type: boolean
+        default: false
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+# NOTE: There's no option to not cancel pending jobs, but we should be able to avoid race conditions on
+# the published gh-pages branch anyway. The expectation is to have at maximum one running process
+# (after merging to main) and one release process waiting.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  build_deploy_pages:
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up Python 3.12
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.12"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install poetry
+          poetry config virtualenvs.create false
+          poetry install --no-root --with dev
+
+      - name: Configure Git user
+        run: |
+          git config --local user.email "github-actions[bot]@users.noreply.github.com"
+          git config --local user.name "github-actions[bot]"
+
+      - name: Make sure previous versions are available to mike
+        run: |
+          git fetch origin gh-pages --depth=1
+
+      - name: Build and deploy static pages
+        run: |
+          mike deploy ${{ inputs.site-version }} ${{ inputs.version-alias }} --update-aliases --push --branch ${{ inputs.branch }}
+
+      - name: Set default site version
+        if: ${{ inputs.set-default }}
+        run: |
+          mike set-default ${{ inputs.site-version }} --push --branch ${{ inputs.branch }}
+
+      #  `mike` is specifically built to be used together with GitHub pages.
+      # To upload the website to another service (i.e. AWS S3) uncomment
+      # the following step to download the rendered HTML documentation to ./site directory.
+      # You'll need to implement the upload steps for your provider.
+
+#      - name: Download artifact to ./site
+#        run: |
+#          rm -rf ./site
+#          git archive -o site.tar ${{ inputs.branch }}
+#          mkdir -p ./site
+#          tar xf site.tar -C ./site