diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fb6cc044..557078d0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -20,3 +20,12 @@ updates: applies-to: "version-updates" patterns: - "*" + - package-ecosystem: pip + groups: + testing: + applies-to: "version-updates" + patterns: + - "*" + directory: "/scripts" + schedule: + interval: "monthly" diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 198de0a9..6a91931b 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -51,9 +51,7 @@ jobs: fi - name: Set up Python 3.x - uses: actions/setup-python@v5 - with: - python-version: '3.9' + uses: ./.github/actions/setup-python - name: Set up Python scripts on PR branch working-directory: ./chart-verifier @@ -61,7 +59,7 @@ jobs: # set up python requirements and scripts on PR branch python3 -m venv ve1 cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd .. - cd scripts && ../ve1/bin/python3 setup.py install && cd .. + cd scripts && ../ve1/bin/pip3 install . && cd .. - name: Check if only release file in PR working-directory: ./chart-verifier @@ -154,7 +152,7 @@ jobs: echo $(pwd) python3 -m venv ve1 cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd .. - cd scripts && ../ve1/bin/python3 setup.py install && cd .. + cd scripts && ../ve1/bin/pip3 install . && cd .. - name: Check for restricted files and user permissiom id: check_authorization diff --git a/.github/workflows/dev_release.yaml b/.github/workflows/dev_release.yaml index 86c12374..47424987 100644 --- a/.github/workflows/dev_release.yaml +++ b/.github/workflows/dev_release.yaml @@ -27,16 +27,14 @@ jobs: go-version-file: go.mod - name: Set up Python 3.x - uses: actions/setup-python@v5 - with: - python-version: '3.9' + uses: ./.github/actions/setup-python - name: Set up Python scripts run: | # set up python requirements and scripts on PR branch python3 -m venv ve1 cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd .. - cd scripts && ../ve1/bin/python3 setup.py install && cd .. + cd scripts && ../ve1/bin/pip3 install . install && cd .. - name: Build Binary id: build-binary diff --git a/.github/workflows/python-style.yml b/.github/workflows/python-style.yml index 153d4a7f..f184115e 100644 --- a/.github/workflows/python-style.yml +++ b/.github/workflows/python-style.yml @@ -6,6 +6,10 @@ on: # Only trigger on changes to Python source. - 'scripts/**.py' - 'tests/**.py' + - 'scripts/requirements.txt' + - 'scripts/pyproject.toml' + - 'scripts/setup.py' + - 'scripts/setup.cfg' jobs: enforce: @@ -14,10 +18,8 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - - name: Set up Python 3.x Part 1 - uses: actions/setup-python@v5 - with: - python-version: "3.9" + - name: Set up Python + uses: ./.github/actions/setup-python - name: Install style tooling run: make venv.codestyle @@ -25,7 +27,5 @@ jobs: - name: Run formatter run: make py.ci.format - # Temporarily auto-pass linting until we are able to manually review and - # address. - name: Run linter - run: make py.lint \ No newline at end of file + run: make py.lint diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 786fe59b..7e43b9db 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -64,16 +64,14 @@ jobs: fi - name: Set up Python 3.x - uses: actions/setup-python@v5 - with: - python-version: '3.9' + uses: ./.github/actions/setup-python - name: Set up Python scripts run: | # set up python requirements and scripts on PR branch python3 -m venv ve1 cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd .. - cd scripts && ../ve1/bin/python3 setup.py install && cd .. + cd scripts && ../ve1/bin/pip3 install . && cd .. - name: Generate release body id: release_body diff --git a/.gitignore b/.gitignore index b8abf228..e77d8599 100644 --- a/.gitignore +++ b/.gitignore @@ -39,4 +39,38 @@ report-info.* # ignore python venvs ve1/ -venv.*/ \ No newline at end of file +venv.*/ + +*.egg-info +sanity-check.py +.cr-release-packages/*.tgz +oc + +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + + +# For Pyenv users +.python-version diff --git a/Makefile b/Makefile index e48ff489..c041ef2a 100644 --- a/Makefile +++ b/Makefile @@ -127,8 +127,9 @@ venv.tools: .PHONY: venv.tools.always-reinstall venv.tools.always-reinstall: $(PY_BIN) -m venv $(VENV_TOOLS) - ./$(VENV_TOOLS_BIN)/pip install -r requirements.txt - ./$(VENV_TOOLS_BIN)/python setup.py install + ./$(VENV_TOOLS_BIN)/pip install -r ./scripts/requirements.txt + ./$(VENV_TOOLS_BIN)/pip install ./scripts + cd .. ### Developer Tooling Installation diff --git a/ruff.toml b/ruff.toml index bc792923..7f4cd7a7 100644 --- a/ruff.toml +++ b/ruff.toml @@ -1,3 +1,3 @@ -ignore = [ +lint.ignore = [ "E203" # https://github.com/PyCQA/pycodestyle/issues/373 -] \ No newline at end of file +] diff --git a/scripts/pyproject.toml b/scripts/pyproject.toml new file mode 100644 index 00000000..fed528d4 --- /dev/null +++ b/scripts/pyproject.toml @@ -0,0 +1,3 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" diff --git a/scripts/requirements.txt b/scripts/requirements.txt index 25832306..6cceb3ad 100644 --- a/scripts/requirements.txt +++ b/scripts/requirements.txt @@ -1,30 +1,30 @@ -attrs==21.2.0 -certifi==2020.12.5 -chardet==4.0.0 -deepdiff==5.6.0 -gitdb==4.0.7 -GitPython==3.1.18 +attrs==23.2.0 +certifi==2024.6.2 +chardet==5.2.0 +deepdiff==7.0.1 +gitdb==4.0.11 +GitPython==3.1.43 glob2==0.7 -idna==2.10 -iniconfig==1.1.1 -mako==1.2.3 -MarkupSafe==2.0.1 -packaging==21.0 -parse==1.19.0 -parse-type==0.5.2 -pluggy==0.13.1 -py==1.10.0 -PyGithub==1.55 -pyparsing==2.4.7 -pytest==6.2.4 -pytest-bdd==4.1.0 -PyYAML==5.4.1 -requests==2.25.1 -retrying==1.3.3 -semver==2.13.0 +idna==3.7 +iniconfig==2.0.0 +mako==1.3.5 +MarkupSafe==2.1.5 +packaging==24.0 +parse==1.20.1 +parse-type==0.6.2 +pluggy==1.5.0 +py==1.11.0 +PyGithub==2.3.0 +pyparsing==3.1.2 +pytest==8.2.2 +pytest-bdd==7.2.0 +PyYAML==6.0.1 +requests==2.32.3 +retrying==1.3.4 +semver==3.0.2 six==1.16.0 -smmap==4.0.0 +smmap==5.0.1 toml==0.10.2 -urllib3==1.26.5 +urllib3==2.2.1 six==1.16.0 retry==0.9.2 diff --git a/scripts/setup.cfg b/scripts/setup.cfg index 6590a0c1..323b1451 100644 --- a/scripts/setup.cfg +++ b/scripts/setup.cfg @@ -1,7 +1,3 @@ -[build-system] -requires = ["setuptools", "wheel"] -build-backend = "setuptools.build_meta" - [metadata] name = rh-chart-verifier version = 0.1.0 diff --git a/tests/tests/functional/chart_test.py b/tests/tests/functional/chart_test.py index 31826c06..b21c58e5 100644 --- a/tests/tests/functional/chart_test.py +++ b/tests/tests/functional/chart_test.py @@ -8,7 +8,6 @@ deploy the charts on. """ - from pytest_bdd import scenario, given, when, then, parsers import os import subprocess @@ -47,15 +46,15 @@ def test_chart_signed(): @given( - parsers.parse("I would like to use the profile"), + parsers.parse("I would like to use the {category} profile"), target_fixture="profile_type", ) -def profile_type(type): - return type +def profile_type(category): + return category @given( - parsers.parse("I will provide a of a "), + parsers.parse("I will provide a {location} of a {helm_chart}"), target_fixture="chart_location", ) def chart_location(location, helm_chart): @@ -63,7 +62,7 @@ def chart_location(location, helm_chart): @given( - parsers.parse("I will provide a of an expected "), + parsers.parse("I will provide a {location} of an expected {report_info}"), target_fixture="report_info_location", ) def report_info_location(location, report_info): @@ -72,7 +71,7 @@ def report_info_location(location, report_info): @given( parsers.parse( - "I will provide a of a to verify the signature" + "I will provide a {location} of a {public_key} to verify the signature" ), target_fixture="public_key_location", ) @@ -81,7 +80,7 @@ def public_key_location(location, public_key): @given( - parsers.parse("I will use the chart verifier image"), + parsers.parse("I will use the chart verifier {image_type} image"), target_fixture="image_type", ) def image_type(image_type): diff --git a/tests/tests/functional/features/chart_good.feature b/tests/tests/functional/features/chart_good.feature index 9969d1a6..81fd42ab 100644 --- a/tests/tests/functional/features/chart_good.feature +++ b/tests/tests/functional/features/chart_good.feature @@ -2,31 +2,35 @@ Feature: Chart verification Partners or redhat or community can verify their charts by running the chart verifier against an error free chart. - Examples: - | image_type | - | tarball | - | podman | - + @source Scenario Outline: A chart provider verifies their chart using the chart verifier - Given I would like to use the profile + Given I would like to use the profile Given I will provide a of a Given I will provide a of an expected Given I will use the chart verifier image Given The chart verifier version value When I run the chart-verifier verify command against the chart to generate a report Then I should see the report-info from the generated report matching the expected report-info - Examples: - | type | location | helm_chart | report_info | - | partner | tests/charts/psql-service/0.1.8/ | src | partner-report-info.json | - | partner | tests/charts/psql-service/0.1.9/ | psql-service-0.1.9.tgz | partner-report-info.json | - | redhat | tests/charts/psql-service/0.1.8/ | src | redhat-report-info.json | - | redhat | tests/charts/psql-service/0.1.9/ | psql-service-0.1.9.tgz | redhat-report-info.json | - | community | tests/charts/psql-service/0.1.8/ | src | community-report-info.json | - | community | tests/charts/psql-service/0.1.9/ | psql-service-0.1.9.tgz | community-report-info.json | + | category | location | helm_chart | report_info | image_type | + # test with tarball + | partner | tests/charts/psql-service/0.1.8/ | src | partner-report-info.json | tarball | + | partner | tests/charts/psql-service/0.1.9/ | psql-service-0.1.9.tgz | partner-report-info.json | tarball | + | redhat | tests/charts/psql-service/0.1.8/ | src | redhat-report-info.json | tarball | + | redhat | tests/charts/psql-service/0.1.9/ | psql-service-0.1.9.tgz | redhat-report-info.json | tarball | + | community | tests/charts/psql-service/0.1.8/ | src | community-report-info.json | tarball | + | community | tests/charts/psql-service/0.1.9/ | psql-service-0.1.9.tgz | community-report-info.json | tarball | + # Testing with Podman + | partner | tests/charts/psql-service/0.1.8/ | src | partner-report-info.json | podman | + | partner | tests/charts/psql-service/0.1.9/ | psql-service-0.1.9.tgz | partner-report-info.json | podman | + | redhat | tests/charts/psql-service/0.1.8/ | src | redhat-report-info.json | podman | + | redhat | tests/charts/psql-service/0.1.9/ | psql-service-0.1.9.tgz | redhat-report-info.json | podman | + | community | tests/charts/psql-service/0.1.8/ | src | community-report-info.json | podman | + | community | tests/charts/psql-service/0.1.9/ | psql-service-0.1.9.tgz | community-report-info.json | podman | + @signed Scenario Outline: A chart provider verifies their signed chart using the chart verifier - Given I would like to use the profile + Given I would like to use the profile Given I will provide a of a Given I will provide a of an expected Given I will use the chart verifier image @@ -34,8 +38,11 @@ Feature: Chart verification Given The chart verifier version value When I run the chart-verifier verify command against the signed chart to generate a report Then I should see the report-info from the report for the signed chart matching the expected report-info - Examples: - | type | location | helm_chart | report_info | public_key | - | partner | tests/charts/psql-service/0.1.11/ | psql-service-0.1.11.tgz | partner-report-info.json | psql-service-0.1.11.tgz.key | - | redhat | tests/charts/psql-service/0.1.11/ | psql-service-0.1.11.tgz | redhat-report-info.json | psql-service-0.1.11.tgz.key | + | category | location | helm_chart | report_info | public_key | image_type | + # test with tarball + | partner | tests/charts/psql-service/0.1.11/ | psql-service-0.1.11.tgz | partner-report-info.json | psql-service-0.1.11.tgz.key | tarball | + | redhat | tests/charts/psql-service/0.1.11/ | psql-service-0.1.11.tgz | redhat-report-info.json | psql-service-0.1.11.tgz.key | tarball | + # test with podman + | partner | tests/charts/psql-service/0.1.11/ | psql-service-0.1.11.tgz | partner-report-info.json | psql-service-0.1.11.tgz.key | podman | + | redhat | tests/charts/psql-service/0.1.11/ | psql-service-0.1.11.tgz | redhat-report-info.json | psql-service-0.1.11.tgz.key | podman |