Skip to content

Latest commit

 

History

History
144 lines (91 loc) · 8.93 KB

README.md

File metadata and controls

144 lines (91 loc) · 8.93 KB

AMRIT Repos

A series of "best practice" examples for code quality, testing, and style for open source code written under the AMRIT banner, leveraging CI/CD pipelines for package publication and automatic enforcement of these requirements.

Languages

  • Java
  • Python
  • TypeScript

Requirements

  • Code linting
  • Code testing
  • Code type-checking (Python-only)
  • Containerised development environments and application images

Implementation and Frameworks

Language Linting Testing Typing Security Scanning Containerisation Images CI/CD
Java Spotless JUnit N/A Trivy Docker + Compose GitHub Packages GitHub Actions
Python Ruff + Bandit PyTest MyPy Grype + pip-audit + Trivy Docker GitHub Packages GitHub Actions
TypeScript ESLint N/A Strict Bearer + Trivy Docker GitHub Packages GitHub Actions

All of our chosen linting rules, tests, as well as package builds can be executed both locally on developer machines and in the cloud via GitHub Actions. Security checks can be executed via GitHub Actions.

Java

See detailled documentation.

Spotless

Spotless is a static analysis and formatting tool for multiple languages, including Java. Our Java example runs spotless via Maven.

JUnit

JUnit is a testing framework for Java. The unit tests we have written for this example run automatically at build time.

Maven

Apache Maven is a software project management and comprehension tool. Based on the concept of a project object model (POM), Maven can manage a project's build, reporting and documentation from a central piece of information.

Python

Ruff

Ruff is a static analysis and formatting tool for Python, serving as an aggregator of rules multiple analysis and formatting tools. Our Python example is subject to a customised collection of Ruff rules including (but not limited to) those from Black, PyLint, and Flake8. Our Ruff rules are evaluated via Tox.

Bandit

Bandit is a tool designed to find common security issues in Python code. It is worth noting that Ruff implements a subset of Bandit checks, however we have disabled these in preference of explicitly using Bandit itself to perform these.

PyTest

PyTest is a testing framework for Python. The unit tests we have written for this example are run via Tox.

MyPy

MyPy is a static type checker for Python. It is run against our example code via Tox.

Tox

Tox is a tool for automating the application of tests and other jobs against Python code.

Grype

Grype is a vulnerability scanner for container images and filesystems.

Pip Audit

pip-audit is a tool for scanning Python environments for packages with known vulnerabilities.

TypeScript

See detailled documentation.

ESLint

ESLint is a static analysis and formatting tool for JavaScript with official plugins supporting NextJS and TypeScript.

Strict mode

TypeScript features optional static typing via strict mode, which has been enabled for our example code.

Security scans

A tool called Bearer is performing these; there is a GitHub action which, on a pull request, will scan all the files within the typescript-demo folder.

A developer can find the latest instructions on installing and running Bearer locally here. For quick reference, see the steps below.

$ curl -sfL https://raw.githubusercontent.com/Bearer/bearer/main/contrib/install.sh | sh
# that will install locally into a ./bin/ folder - either keep it here or more it into a $path location 
# making sure your are in the root of the AMRIT project
$ bearer scan typescript-demo

Docker and Docker Compose

Docker is a tool for the development and execution of OCI-standard container images. It is used to build and run images for our Java, Python, and TypeScript example applications.

Docker Compose is a tool for the orchestration of simple container-based applications, using declarative configuration files to manage single or multi-image applications that may be made up of multiple discrete services or single, self-sufficient images. It is used to run our Java example application.

GitHub Packages

GitHub Packages is a software package hosting service that is tightly integrated with GitHub's ecosystem. By hosting our container images here, we make the process of downloading and running these example applications trivial:

$ docker run -it -p 3000:3000 ghcr.io/british-oceanographic-data-centre/amrit-repos/typescript/app:v0.0.1
Unable to find image 'ghcr.io/british-oceanographic-data-centre/amrit-repos/typescript/app:v0.0.1' locally
v0.0.1: Pulling from british-oceanographic-data-centre/amrit-repos/typescript/app
e9a0b478e7f1: Pull complete 
4f4fb700ef54: Pull complete 
8c0df919cab1: Pull complete 
f45f60386990: Pull complete 
f776f51c2328: Pull complete 
8775af10215f: Pull complete 
249fa440efa3: Pull complete 
34abd3a84db0: Pull complete 
aa9688cbfd22: Pull complete 
Digest: sha256:9b183d5aebd53fa96ec45fb9dc355cdb60147afc0232c43870da6aaedeb017ff
Status: Downloaded newer image for ghcr.io/british-oceanographic-data-centre/amrit-repos/typescript/app:v0.0.1
   ▲ Next.js 15.0.3
   - Local:        http://localhost:3000
   - Network:      http://0.0.0.0:3000

 ✓ Starting...
 ✓ Ready in 58ms
firefox http://localhost:3000

image

GitHub Actions

GitHub Actions is a CI/CD service that allows developers to run customised jobs for building, testing, and deploying code in a variety of different ways. Our example code is tested and built in the cloud via GitHub actions, then automatically included in container image builds that are published to the GitHub Packages namespace associated with this repository whenever a new release is created.