diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..1eddebe --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,95 @@ +--- +name: build + +on: [push] + +env: + IMAGE_NAME: cisagov/example + PIP_CACHE_DIR: ~/.cache/pip + PRE_COMMIT_CACHE_DIR: ~/.cache/pre-commit + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-python@v1 + with: + python-version: 3.7 + - name: Cache pip test requirements + uses: actions/cache@v1 + with: + path: ${{ env.PIP_CACHE_DIR }} + key: "${{ runner.os }}-pip-test-\ + ${{ hashFiles('**/requirements-test.txt') }}" + restore-keys: | + ${{ runner.os }}-pip-test- + ${{ runner.os }}-pip- + - name: Cache pre-commit hooks + uses: actions/cache@v1 + with: + path: ${{ env.PRE_COMMIT_CACHE_DIR }} + key: "${{ runner.os }}-pre-commit-\ + ${{ hashFiles('**/.pre-commit-config.yaml') }}" + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install --upgrade -r requirements-test.txt + - name: Run linters on all files + run: pre-commit run --all-files + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - name: Determine image version + id: get_ver + run: | + echo "##[set-output name=version;]$(./bump_version.sh show)" + - name: Build docker image + run: | + version=$(./bump_version.sh show) + docker build \ + --tag "$IMAGE_NAME" \ + --build-arg GIT_COMMIT=$(git log -1 --format=%H) \ + --build-arg GIT_REMOTE=$(git remote get-url origin) \ + --build-arg VERSION=${{ steps.get_ver.outputs.version }} \ + . + - name: Save docker image artifact + run: | + mkdir dist + version=$(./bump_version.sh show) + docker save $IMAGE_NAME:latest | gzip > dist/image.tar.gz + - name: Upload artifacts + uses: actions/upload-artifact@v1 + with: + name: dist + path: dist + test: + runs-on: ubuntu-latest + needs: [build] + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-python@v1 + with: + python-version: 3.7 + - name: Cache pip test requirements + uses: actions/cache@v1 + with: + path: ${{ env.PIP_CACHE_DIR }} + key: "${{ runner.os }}-pip-test-\ + ${{ hashFiles('**/requirements-test.txt') }}" + restore-keys: | + ${{ runner.os }}-pip-test- + ${{ runner.os }}-pip- + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install --upgrade -r requirements-test.txt + - name: Download docker image artifact + uses: actions/download-artifact@v1 + with: + name: dist + - name: Load docker image + run: docker load < dist/image.tar.gz + - name: Run tests + run: pytest diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..6fe7223 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,53 @@ +--- +name: release + +on: + release: + types: [prereleased, released] + +env: + IMAGE_NAME: cisagov/example + DOCKER_PW: ${{ secrets.DOCKER_PW }} + DOCKER_USER: ${{ secrets.DOCKER_USER }} + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: actions/setup-python@v1 + with: + python-version: 3.7 + - name: Determine image version + id: get_ver + run: | + echo "##[set-output name=version;]$(./bump_version.sh show)" + - name: Build Docker image + run: | + docker build \ + --tag "$IMAGE_NAME" \ + --build-arg GIT_COMMIT=$(git log -1 --format=%H) \ + --build-arg GIT_REMOTE=$(git remote get-url origin) \ + --build-arg VERSION=${{ steps.get_ver.outputs.version }} \ + . + - name: Tag Docker image + run: | + IFS='.' read -r -a version_array \ + <<< "${{ steps.get_ver.outputs.version }}" + docker login --username "$DOCKER_USER" --password "$DOCKER_PW" + docker tag "$IMAGE_NAME" "${IMAGE_NAME}:latest" + docker tag "$IMAGE_NAME" \ + "${IMAGE_NAME}:${{ steps.get_ver.outputs.version }}" + docker tag "$IMAGE_NAME" \ + "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}" + docker tag "$IMAGE_NAME" "${IMAGE_NAME}:${version_array[0]}" + - name: Publish image to Docker Hub + run: | + IFS='.' read -r -a version_array \ + <<< "${{ steps.get_ver.outputs.version }}" + docker push "${IMAGE_NAME}:latest" + docker push "${IMAGE_NAME}:${{ steps.get_ver.outputs.version }}" + docker push "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}" + docker push "${IMAGE_NAME}:${version_array[0]}" + - name: Publish README.md to Docker Hub + run: ./push_readme.sh diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 87ab6cb..7e2cef6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ --- repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v2.3.0 + rev: v2.4.0 hooks: - id: check-executables-have-shebangs - id: check-json @@ -24,13 +24,13 @@ repos: - id: requirements-txt-fixer - id: trailing-whitespace - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.18.0 + rev: v0.19.0 hooks: - id: markdownlint args: - --config=.mdl_config.json - repo: https://github.com/adrienverge/yamllint - rev: v1.17.0 + rev: v1.18.0 hooks: - id: yamllint - repo: https://github.com/detailyang/pre-commit-shell @@ -38,13 +38,13 @@ repos: hooks: - id: shell-lint - repo: https://gitlab.com/pycqa/flake8 - rev: 3.7.8 + rev: 3.7.9 hooks: - id: flake8 additional_dependencies: - flake8-docstrings - repo: https://github.com/asottile/pyupgrade - rev: v1.23.0 + rev: v1.25.1 hooks: - id: pyupgrade # Run bandit on "tests" tree with a configuration @@ -64,11 +64,11 @@ repos: name: bandit (everything else) exclude: tests - repo: https://github.com/python/black - rev: 19.3b0 + rev: 19.10b0 hooks: - id: black - repo: https://github.com/ansible/ansible-lint.git - rev: v4.1.1a0 + rev: v4.1.1a3 hooks: - id: ansible-lint - repo: https://github.com/antonbabenko/pre-commit-terraform.git diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index cedc956..0000000 --- a/.travis.yml +++ /dev/null @@ -1,56 +0,0 @@ ---- -dist: xenial -language: python -python: 3.7 -services: docker -env: - global: - - IMAGE_NAME=dhsncats/example - - DOCKER_USER=felddy - # DOCKER_PW - - secure: >- - GWxja6rCcevNRay3uOGEt1wpzGOAoKgfquyror60VtkG07GCJ/rCBa/jNsTRRwwDxYW - MqY6xQlAU+GzNeuBxKAlmyrLRRYZDmcBpPgQQPbiC0b5ftGCzTuhdYAj4Hg+LyHKbNP - H0zsXfQRy2NdWPJ8rr3RFL89a/If0hJVL5OEEHfmzpfvHoDvBJQwhmL2sPZizgCsgh6 - eRStRvUWj3taVb5VZ1uIlet8P3g7azkD7tTNx+wAxhjlLpaQfBcy/CC27ogw+QOvgdF - kefskYz54LLzTyXYhRhACjuGaukpBvQBFzBi3MOFYoLj4kb+9b3mqHlnQZLOSo2zlWV - 30mTC7eed5KE64MuQ6I1E72B0rnAoVpnwAjXVIvzfhKBuzbhS54tWjKbqK6UAGxbg6t - wJDiNaB+nYk6zozJ93TQT02XDUOdDS45hO2Kc/CUwJbrZc7V4aYN6Dj30tWy8d2TI8s - GMPuJm8tyxpT/h2eUUPhVzhMCk+4efIBa6cb99wZgkphLmWQefLLpZy8pMwOH7c3ywU - +6tVPBZxSEm4tFRYyPwgl9qvzE8E0WM3FPNgwVO9aypx61HcO8NVD7alUW2j+s3taHX - aVpaCtsf+bpsXPro3/ofst+FHiFPZGBL2iiSIYtFYI4hkDFq9iGGGexo9zgYS6CMexu - YoZtThDw6kaLI= -cache: - pip: true - directories: - - "$HOME/.cache/pre-commit" -install: - - pip install --upgrade --requirement requirements-test.txt - - version=$(./bump_version.sh show) - - docker build - --tag "$IMAGE_NAME" - --build-arg GIT_COMMIT=$(git log -1 --format=%H) - --build-arg GIT_REMOTE=$(git remote get-url origin) - --build-arg VERSION=${version} - . -script: - - pre-commit run --all-files - - pytest --verbose -before_deploy: - - IFS='.' read -r -a version_array <<< "$version" - - docker login --username "$DOCKER_USER" --password "$DOCKER_PW" - - docker tag "$IMAGE_NAME" "${IMAGE_NAME}:latest" - - docker tag "$IMAGE_NAME" "${IMAGE_NAME}:${version}" - - docker tag "$IMAGE_NAME" - "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}" - - docker tag "$IMAGE_NAME" "${IMAGE_NAME}:${version_array[0]}" -deploy: - - provider: script - script: docker push "${IMAGE_NAME}:latest" && - docker push "${IMAGE_NAME}:${version}" && - docker push "${IMAGE_NAME}:${version_array[0]}.${version_array[1]}" && - docker push "${IMAGE_NAME}:${version_array[0]}" && - ./push_readme.sh - on: - tags: true - python: '3.7' diff --git a/README.md b/README.md index 45c6613..5b39478 100644 --- a/README.md +++ b/README.md @@ -1,31 +1,30 @@ # skeleton-docker 💀🐳 # -[![Build Status](https://travis-ci.com/cisagov/skeleton-docker.svg?branch=develop)](https://travis-ci.com/cisagov/skeleton-docker) +[![GitHub Build Status](https://github.com/cisagov/skeleton-docker/workflows/build/badge.svg)](https://github.com/cisagov/skeleton-docker/actions) [![Total alerts](https://img.shields.io/lgtm/alerts/g/cisagov/skeleton-docker.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/cisagov/skeleton-docker/alerts/) [![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/cisagov/skeleton-docker.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/cisagov/skeleton-docker/context:python) ## Docker Image ## -![MicroBadger Layers](https://img.shields.io/microbadger/layers/dhsncats/example.svg) -![MicroBadger Size](https://img.shields.io/microbadger/image-size/dhsncats/example.svg) +![MicroBadger Layers](https://img.shields.io/microbadger/layers/cisagov/example.svg) +![MicroBadger Size](https://img.shields.io/microbadger/image-size/cisagov/example.svg) This is a docker skeleton project that can be used to quickly get a new [cisagov](https://github.com/cisagov) GitHub docker project started. This skeleton project contains [licensing -information](LICENSE), as well as [pre-commit -hooks](https://pre-commit.com) and a [Travis -CI](https://travis-ci.com) configuration appropriate for docker -containers and the major languages that we use. +information](LICENSE), as well as [pre-commit hooks](https://pre-commit.com) +and [GitHub Actions](https://github.com/features/actions) configurations +appropriate for docker containers and the major languages that we use. ## Usage ## ### Install ### -Pull `dhsncats/example` from the Docker repository: +Pull `cisagov/example` from the Docker repository: - docker pull dhsncats/example + docker pull cisagov/example -Or build `dhsncats/example` from source: +Or build `cisagov/example` from source: git clone https://github.com/cisagov/skeleton-docker.git cd skeleton-docker diff --git a/docker-compose.yml b/docker-compose.yml index f9a54ad..6774387 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,7 +15,7 @@ services: # e.g., --build-arg VERSION=0.0.1 context: . dockerfile: Dockerfile - image: dhsncats/example + image: cisagov/example init: true restart: "no" environment: @@ -31,7 +31,7 @@ services: example-version: # Run the container to collect version information - image: dhsncats/example + image: cisagov/example init: true restart: "no" command: --version diff --git a/tests/container_test.py b/tests/container_test.py index 50b62d8..524d1d3 100644 --- a/tests/container_test.py +++ b/tests/container_test.py @@ -12,7 +12,7 @@ SECRET_QUOTE = ( "There are no secrets better kept than the secrets everybody guesses." # nosec ) -TRAVIS_TAG = os.getenv("TRAVIS_TAG") +RELEASE_TAG = os.getenv("RELEASE_TAG") VERSION_FILE = "src/version.txt" @@ -54,7 +54,7 @@ def test_output(main_container): @pytest.mark.skipif( - TRAVIS_TAG in [None, ""], reason="this is not a release (TRAVIS_TAG not set)" + RELEASE_TAG in [None, ""], reason="this is not a release (RELEASE_TAG not set)" ) def test_release_version(): """Verify that release tag version agrees with the module version.""" @@ -63,8 +63,8 @@ def test_release_version(): exec(f.read(), pkg_vars) # nosec project_version = pkg_vars["__version__"] assert ( - TRAVIS_TAG == f"v{project_version}" - ), "TRAVIS_TAG does not match the project version" + RELEASE_TAG == f"v{project_version}" + ), "RELEASE_TAG does not match the project version" def test_log_version(version_container):