A series of "best practice" examples for code quality, testing, and style for open source code written under the AMRIT banner, leveraging CI/CD pipelines for package publication and automatic enforcement of these requirements.
- Java
- Python
- TypeScript
- Code linting
- Code testing
- Code type-checking (Python-only)
- Containerised development environments and application images
| Language | Linting | Testing | Typing | Security Scanning | Containerisation | Images | CI/CD |
|---|---|---|---|---|---|---|---|
| Java | Spotless | JUnit | N/A | Trivy | Docker + Compose | GitHub Packages | GitHub Actions |
| Python | Ruff + Bandit | PyTest | MyPy | Grype + pip-audit + Trivy | Docker | GitHub Packages | GitHub Actions |
| TypeScript | ESLint | N/A | Strict | Bearer + Trivy | Docker | GitHub Packages | GitHub Actions |
All of our chosen linting rules, tests, as well as package builds can be executed both locally on developer machines and in the cloud via GitHub Actions. Security checks can be executed via GitHub Actions.
Spotless is a static analysis and formatting tool for multiple languages, including Java. Our Java example runs spotless via Maven.
JUnit is a testing framework for Java. The unit tests we have written for this example run automatically at build time.
Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.
Ruff is a static analysis and formatting tool for Python, serving as an aggregator of rules multiple analysis and formatting tools. Our Python example is subject to a customised collection of Ruff rules including (but not limited to) those from Black, PyLint, and Flake8. Our Ruff rules are evaluated via Tox.
Bandit is a tool designed to find common security issues in Python code. It is worth noting that Ruff implements a subset of Bandit checks, however we have disabled these in preference of explicitly using Bandit itself to perform these.
PyTest is a testing framework for Python. The unit tests we have written for this example are run via Tox.
MyPy is a static type checker for Python. It is run against our example code via Tox.
Tox is a tool for automating the application of tests and other jobs against Python code.
Grype is a vulnerability scanner for container images and filesystems.
pip-audit is a tool for scanning Python environments for packages with known vulnerabilities.
ESLint is a static analysis and formatting tool for JavaScript with official plugins supporting NextJS and TypeScript.
TypeScript features optional static typing via strict mode, which has been enabled for our example code.
A tool called Bearer is performing these; there is a GitHub action which, on a pull request, will scan all the files within the typescript-demo folder.
A developer can find the latest instructions on installing and running Bearer locally here. For quick reference, see the steps below.
$ curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh
# that will install locally into a ./bin/ folder - either keep it here or more it into a $path location # making sure your are in the root of the AMRIT project
$ bearer scan typescript-demoDocker is a tool for the development and execution of OCI-standard container images. It is used to build and run images for our Java, Python, and TypeScript example applications.
Docker Compose is a tool for the orchestration of simple container-based applications, using declarative configuration files to manage single or multi-image applications that may be made up of multiple discrete services or single, self-sufficient images. It is used to run our Java example application.
GitHub Packages is a software package hosting service that is tightly integrated with GitHub's ecosystem. By hosting our container images here, we make the process of downloading and running these example applications trivial:
$ docker run -it -p 3000:3000 ghcr.io/british-oceanographic-data-centre/amrit-repos/typescript/app:v0.0.1
Unable to find image 'ghcr.io/british-oceanographic-data-centre/amrit-repos/typescript/app:v0.0.1' locally
v0.0.1: Pulling from british-oceanographic-data-centre/amrit-repos/typescript/app
e9a0b478e7f1: Pull complete
4f4fb700ef54: Pull complete
8c0df919cab1: Pull complete
f45f60386990: Pull complete
f776f51c2328: Pull complete
8775af10215f: Pull complete
249fa440efa3: Pull complete
34abd3a84db0: Pull complete
aa9688cbfd22: Pull complete
Digest: sha256:9b183d5aebd53fa96ec45fb9dc355cdb60147afc0232c43870da6aaedeb017ff
Status: Downloaded newer image for ghcr.io/british-oceanographic-data-centre/amrit-repos/typescript/app:v0.0.1
▲ Next.js 15.0.3
- Local: http://localhost:3000
- Network: http://0.0.0.0:3000
✓ Starting...
✓ Ready in 58msfirefox http://localhost:3000
GitHub Actions is a CI/CD service that allows developers to run customised jobs for building, testing, and deploying code in a variety of different ways. Our example code is tested and built in the cloud via GitHub actions, then automatically included in container image builds that are published to the GitHub Packages namespace associated with this repository whenever a new release is created.