Release version - prior to cookie cutter#23
Merged
Merged
Conversation
feat: Create best-in-class Python package template
This commit introduces a complete, production-ready Python package template with a modern, secure, and standardized structure.
Key Features:
* **Dependency Management:** Uses Poetry for standardized package and dependency management.
* **Code Quality:** Implements a comprehensive, self-validating `pre-commit` suite, including Ruff, Mypy, and `hadolint`, to ensure code quality and consistency.
* **Containerization:** Provides an optimized, secure, multi-stage `Dockerfile` that runs as a non-root user. The runtime stage adds the non-root user's local bin to the `PATH` for script accessibility.
* **CI/CD:** Establishes a robust GitHub Actions workflow that includes:
* Linting (via `pre-commit`)
* Testing (across multiple Python versions)
* Docker image vulnerability scanning (via Trivy)
* **Security:** Pins all third-party GitHub Actions to their full commit SHA to mitigate supply chain risks.
* **Efficiency:** Implements a robust caching strategy for Poetry dependencies using `actions/cache` and a local `.venv` to accelerate CI builds.
* **Licensing:** Updates the license to the Prosperity Public License 3.0.0, establishing a dual-licensing model (non-commercial and commercial).
* **Metadata:** Updates the package author to "CoReason, Inc."
The GitHub Actions workflow was failing with an "An action could not be found" error. This was caused by an invalid commit SHA for the `docker/login-action` in the `.github/workflows/docker.yml` file. This commit corrects the SHA to point to a valid, recent version of the action, resolving the workflow failure.
feat: Add professional metadata, badges, and unified CI/CD workflow
This commit professionalizes the repository by adding rich project metadata, status badges, and a new, unified CI/CD pipeline.
Key changes:
- **Metadata:** Updates `pyproject.toml` with PyPI classifiers, keywords, project URLs, and configures pytest for coverage reporting.
- **README:** Enhances `README.md` with a full suite of status badges (PyPI, build status, code coverage, etc.).
- **CI/CD:** Implements a new, unified workflow in `.github/workflows/ci-cd.yml` that replaces the old CI. This pipeline:
- Triggers on pushes and pull requests to `main` and `develop`.
- Handles linting and testing on multiple Python versions.
- Uploads code coverage reports to Codecov.
- Automates publishing to PyPI on new version tags.
- **Fix:** Resolves Codecov integration failures by updating the `codecov/codecov-action` to a valid commit SHA and explicitly setting the repository slug to fix "Repository not found" errors.
feat: Enable cross-platform CI testing (Ubuntu, Windows, macOS) This commit updates the 'test' job in the CI/CD workflow to run against a matrix of operating systems: `ubuntu-latest`, `windows-latest`, and `macos-latest`. To ensure compatibility, particularly on the Windows runner, all steps executing Poetry commands have been updated to explicitly use `shell: bash`. This resolves CI failures by ensuring commands are executed in a consistent environment.
fix(ci): Resolve Docker build workflow failures and update dependencies
This commit addresses multiple issues that caused the Docker `build-scan-push` workflow to fail, ensuring the pipeline is robust and functional.
Key fixes:
* **Action Dependencies:** Updates several GitHub Actions to valid, stable commit SHAs to resolve "action not found" errors:
* `docker/setup-qemu-action`
* `docker/setup-buildx-action`
* `docker/build-push-action`
* `aquasecurity/trivy-action`
* **Image Tagging:** Adds a step to convert the `GITHUB_REPOSITORY` name to lowercase, fixing the "repository name must be lowercase" error during the build.
* **Dockerfile:**
* Ensures the `/install` directory is created in the builder stage, preventing `COPY` failures when no production dependencies exist.
* Removes a redundant `poetry install` command.
refactor(packaging): Align pyproject.toml with PEP 621 metadata standard This commit migrates package metadata from the `[tool.poetry]` section to the standardized `[project]` table as specified by PEP 621. Key changes: - Moves core metadata (name, version, description, authors, etc.) to the `[project]` table. - Updates the `license` definition to correctly reference a custom license file, resolving validation warnings. - Updates the `requires-python` specifier to be PEP 440 compliant, fixing a `ruff` pre-commit hook error. - Confirms the package remains buildable with standard PyPA tools (e.g., `build`) for PEP 517/518 compliance. - Retains Poetry-specific dependency tables (`[tool.poetry.dependencies]`) to ensure full compatibility with Poetry's development workflow.
This commit applies final polishing touches to the repository to ensure it meets the highest standards of a professional Python package. - Updated the `README.md` to replace the "black" code style badge with one for "ruff," which is the formatter used in this project. - Added a `[tool.ruff]` configuration to `pyproject.toml` to ensure consistent and explicit behavior.
This commit applies the Prosperity Public License to the project. - Adds a `NOTICE` file with the required information. - Adds the license header to all Python source files.
Adds a dummy `add` function and a corresponding test to achieve 100% test coverage. - Updates `pyproject.toml` to include `pythonpath = ["src"]` in the pytest configuration. This allows the test runner to find the project's source code in the `src` directory. - Adds a simple `add` function to `src/my_python_project/__init__.py`. - Adds a corresponding test in `tests/test_main.py` to ensure the function is covered, achieving the user's goal of 100% test coverage. Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Adds a GitHub Actions workflow to securely publish the Python package to PyPI using Trusted Publishing (OIDC). This workflow is triggered on new GitHub releases and handles building and publishing the package without the need for long-lived API tokens.
Adds a `codecov.yml` to configure pull request comments. Updates the `README.md` to use the graphical Codecov badge.
…19) - Adds mkdocs and mkdocs-material as development dependencies. - Creates a mkdocs.yml configuration file. - Creates an initial docs/index.md file. - Updates .gitignore to exclude the site/ directory. - Adds a build-docs job to the CI/CD pipeline to build the documentation.
refactor(packaging): Migrate from Poetry to standard setuptools and pip-based CI
This commit completes the migration from a Poetry-based workflow to a standard, PEP-compliant packaging setup using `setuptools` and `pip`.
Key changes:
- **`pyproject.toml`:**
- Replaced the `poetry.core.masonry.api` build-backend with `setuptools.build_meta`.
- Migrated all dependencies from `[tool.poetry]` to the standard `[project].dependencies` and `[project.optional-dependencies]` tables.
- Configured `[tool.setuptools.packages.find]` to correctly discover the `src` layout.
- **CI/CD (`ci-cd.yml`):**
- Removed all Poetry-related steps and configurations.
- Replaced `poetry install` with `pip install -e .[dev]` for installing the package and its development dependencies.
- Replaced `poetry build` with `python -m build` for building the distributables.
- Updated the CI caching mechanism to work with `pip` instead of Poetry.
fix(docker): Refactor Dockerfile to use standard setuptools build This commit resolves a Docker build failure that occurred after migrating the project from Poetry to setuptools. The CI pipeline was failing because the Dockerfile still contained Poetry-specific commands. The Dockerfile has been refactored to use a standard, multi-stage build process: - The builder stage now uses `python -m build` to create a Python wheel. - The runtime stage installs the application and its dependencies from the wheel generated in the builder stage. Additionally, the `build` package version has been pinned to `1.3.0` in the Dockerfile to satisfy a `hadolint` pre-commit hook.
- Add AUDIT.md to document the audit process and findings - Remove legacy `poetry.lock` file - Update AUDIT.md to include verification steps
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.