# Description

* Security policy updated * Pylint action updated correctly to gihub standards * Added github action to validate the new release is not repeated * Enhancements in doc strings inside the library * Updated some third party actions used inside the same github actions created by me * Instead of using integers inside the library now are the same but using the http library * The creation of new releases are automated now, so publish to pypi is automated too from the beginning
dmtzs · Dec 19, 2023 · 9cf2916 · 9cf2916
2 parents 6fd193d + 20e13fe
commit 9cf2916
Show file tree

Hide file tree

Showing 13 changed files with 597 additions and 149 deletions.
diff --git a/.github/config/.pylintrc b/.github/config/.pylintrc
@@ -1,24 +1,17 @@
 [MESSAGES CONTROL]
 disable=
-    C0303,
-    C0304,
-    C0116,
-    W0703,
-    R1705,
-    C0114,
-    W0702,
-    R0912,
-    R0915,
-    W0511,
-    C0413,
-    F0010,
-    R0401,
-    R1720,
-    R1710,
-    C0115,
-    W0611,
-    E1133,
-    E1135,
+    W0703,  # Catching too general exception Exception
+    R1705,  # Unnecessary "else" after "return"
+    W0702,  # No exception type(s) specified
+    R0912,  # Too many branches
+    R0915,  # Too many statements
+    C0413,  # Import "from module import *" should be placed at the top of the module
+    F0010,  # error while code parsing: Unable to load file
+    R0401,  # Cyclic import
+    R1720,  # Unnecessary "elif" after "return"
+    R1710,  # Either all return statements in a function should return an expression, or none of them should.
+    E1133,  # Non-iterable value passed to an iterator's __next__ method
+    E1135,  # Non-iterator passed to iter
 
 [FORMAT]
 max-line-length=210
diff --git a/.github/scripts/requirements.txt b/.github/scripts/requirements.txt
@@ -0,0 +1,2 @@
+requests==2.31.0
+python-dotenv==1.0.0
diff --git a/.github/scripts/validate_release.py b/.github/scripts/validate_release.py
@@ -0,0 +1,82 @@
+"""
+This script is used to validate if the version is the same of one of the previous versions.
+"""
+
+import os
+import sys
+import traceback
+import configparser
+from http import HTTPStatus
+import requests
+from dotenv import load_dotenv
+
+
+def main() -> None:
+    """
+    Verify if the version is the same of one of the previous versions.
+
+    Returns:
+    - None
+    """
+    token = os.getenv("GH_API_TOKEN")
+    user_repo = os.getenv("GITHUB_REPOSITORY")
+    headers = {
+        "Authorization": f"Bearer {token}",
+        "Accept": "application/json",
+        "X-GitHub-Api-Version": "2022-11-28"
+    }
+
+    releases = f"https://api.github.com/repos/{user_repo}/releases"
+    response = requests.get(releases, headers=headers, timeout=20)
+    response_body: list[dict[str, any]] = response.json()
+    if response.status_code == HTTPStatus.OK.value:
+        previous_versions = [release.get("tag_name")[1:] for release in response_body]  # example: ['1.0.0']
+        root = os.getenv("GITHUB_WORKSPACE")
+        config = configparser.ConfigParser()
+        config.read(f"{root}/setup.cfg")
+        actual_version = config.get("metadata", "version")
+        if actual_version in previous_versions:
+            print("\033[33m The version is the same of one of the previous versions, please update the version \033[0m")
+            sys.exit(1)
+    else:
+        print(f"\033[33m Something went wrong getting the releases: {response_body} \033[0m")
+        sys.exit(1)
+
+def load_env_vars() -> None:
+    """
+    Load the environment variables from .env file.
+
+    Returns:
+    - None
+    """
+    try:
+        if os.path.exists("vars.env"):
+            load_dotenv("vars.env")
+            print("\033[92m The vars.env file loaded \033[0m")
+        else:
+            raise FileNotFoundError
+    except FileNotFoundError:
+        print("\033[33m The vars.env file was not found, using env vars of github action \033[0m")
+
+if __name__ == "__main__":
+    try:
+        load_env_vars()
+        ENVIRONMENT = ""
+        destiny_branch = os.getenv("GITHUB_BASE_REF")
+        if destiny_branch == "master":
+            ENVIRONMENT = "PRD"
+        elif destiny_branch == "development":
+            ENVIRONMENT = destiny_branch.upper()
+        else:
+            print("\033[92m The destiny branch is not master or dev, script doesnt need to run \033[0m")
+        if ENVIRONMENT == "PRD":
+            main()
+        else:
+            print("\033[92m PR destiny is not to dev, skipping the execution of this code \033[0m")
+    except Exception:
+        print(f"\033[33m Complete exception traceback: {traceback.format_exc()} \033[0m")
+        sys.exit(1)
+    else:
+        print("\033[92m The release version is valid \033[0m")
+    finally:
+        print("\033[92m End of the script \033[0m")
diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml
@@ -3,62 +3,46 @@ name: Pylint
 on:
   push:
     branches:
-      - development
+      - '*'
+      - '!master'
 
 jobs:
-  changes:
-    name: Verify files
+  build:
+    name: Executing pylint
     runs-on: ubuntu-latest
-    outputs:
-      api: ${{ steps.filter.outputs.api }}
+    env:
+      CHANGED: 0
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
     steps:
-    - uses: actions/checkout@v3
-      name: Accessing to files
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 2 # last 2 commits
-    
+
     - name: Extracting branch name
-      run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF##*/})"  #output: dmtzs-test-pylint1 or other branch name
+      run: echo "Current branch is ${GITHUB_REF##*/}"
       id: extract_branch
 
-    - uses: dorny/paths-filter@v2
-      name: Verifying changes in files
-      id: filter
-      with:
-        base: ${{ steps.extract_branch.outputs.branch }}  #Uses the branch that trigger the workflow
-        filters: |
-          api:
-            - 'src/**.py'
-    
-    # run only if 'api' files were changed
-    - name: workflow tests
-      if: steps.filter.outputs.api == 'true'
-      run: echo "Files changed, running deployment job"
-
-    # run only if not 'api' files were changed
-    - name: not workflow tests
-      if: steps.filter.outputs.api != 'true'
-      run: echo "Files not changed, passing the deployment job"
-
-  build:
-    needs: changes
-    name: Executing pylint
-    runs-on: ubuntu-latest
+    - name: Check for Python file changes
+      id: check_files
+      run: |
+        CHANGED=$(git diff --name-only HEAD^ HEAD | grep '\.py$' | wc -l)
+        echo "CHANGED=$CHANGED" >> $GITHUB_ENV
     
-    if: needs.changes.outputs.api == 'true'
-    strategy:
-      matrix:
-        python-version: ["3.9", "3.10", "3.11"]
-    steps:
-    - uses: actions/checkout@v3
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v3
+      if: env.CHANGED != '0'
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
+
     - name: Install dependencies
+      if: env.CHANGED != '0'
       run: |
         python -m pip install --upgrade pip
-        pip install pylint
+        pip install pylint requests==2.31.0 python-dotenv==1.0.0
+
     - name: Analysing the code with pylint
+      if: env.CHANGED != '0'
       run: |
-        pylint $(git ls-files './src*.py') --rcfile=.github/config/.pylintrc ./
+        pylint $(git ls-files './src/*.py' './.github/*.py') --rcfile=.github/config/.pylintrc ./
diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
@@ -11,9 +11,9 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Set up Python
-      uses: actions/setup-python@v3
+      uses: actions/setup-python@v5
       with:
         python-version: '3.x'
 

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,58 @@
+name: Release Workflow
+
+on:
+    pull_request:
+      types: [closed]
+
+jobs:
+  release:
+    if: github.event_name == 'pull_request' && github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'master'
+    runs-on: ubuntu-latest
+    env:
+      GITHUB_TOKEN: ${{ secrets.GH_API_TOKEN }}
+      VERSION: ""
+      COMMIT_MESSAGE: ""
+      RELEASE_ID: ""
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Python 3.11
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.11
+
+    # - name: Upload release artifact
+    #   uses: actions/upload-artifact@v3
+    #   with:
+    #     name: cert.pem
+    #     path: /home/runner/work/CameraRaspPython/CameraRaspPython/X509-cert-3470865803141646530.pem
+
+    - name: Set commit message and version as env variables
+      run: |
+        echo "COMMIT_MESSAGE<<EOF" >> $GITHUB_ENV
+        git log --format='%B' -n 1 >> $GITHUB_ENV
+        echo "EOF" >> $GITHUB_ENV
+        echo "VERSION=$(jq -r .version config.json)" >> $GITHUB_ENV
+
+    - name: Install gh
+      run: |
+        type -p curl >/dev/null || (sudo apt update && sudo apt install curl -y)
+        curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
+        sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg
+        echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
+        sudo apt update
+        sudo apt install gh -y
+
+    - name: Create release
+      run: |
+          gh release create v${{ env.VERSION }} \
+            --title "Release v${{ env.VERSION }}" \
+            --notes "${{ env.COMMIT_MESSAGE }}" \
+            --repo ${{ github.repository }} \
+            --target ${{ github.sha }}
+          RELEASE_ID=$(gh api \
+            -H "Accept: application/vnd.github+json" \
+            -H "X-GitHub-Api-Version: 2022-11-28" \
+            https://api.github.com/repos/${{ github.repository }}/releases/tags/v${{ env.VERSION }} | jq '.id')
+          echo "RELEASE_ID=$RELEASE_ID" >> $GITHUB_ENV
diff --git a/.github/workflows/tox-retro.yml b/.github/workflows/tox-retro.yml
@@ -12,9 +12,9 @@ jobs:
       matrix:
         python-version: ["3.9", "3.10", "3.11"]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies

diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -13,11 +13,11 @@ jobs:
         python-version: ["3.9", "3.10", "3.11"]
     steps:
       # Checkout the code from the repository
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       # Set up Python
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 

diff --git a/.github/workflows/validate_release.yml b/.github/workflows/validate_release.yml
@@ -0,0 +1,36 @@
+name: Validate Pull Requests
+
+on:
+  pull_request:
+    branches:
+      - '*'
+
+jobs:
+  validate-pull-requests:
+    runs-on: ubuntu-latest
+    env:
+      PR_NUMBER: ${{ github.event.number }}
+      GH_API_TOKEN: ${{ secrets.GH_API_TOKEN }}
+
+    steps:
+    - name: Show the PR number
+      run: |
+        echo "The PR number is: $PR_NUMBER"
+
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Set up Python 3.11
+      uses: actions/setup-python@v5
+      with:
+        python-version: 3.11
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r .github/scripts/requirements.txt
+
+    - name: Validate PR release
+      run: |
+        echo "Validating PR release"
+        python .github/scripts/validate_release.py
diff --git a/.gitignore b/.gitignore
@@ -35,4 +35,7 @@ MANIFEST
 
 # Flask stuff:
 instance/
-.webassets-cache
+.webassets-cache
+
+# Environment variables
+*.env
diff --git a/SECURITY.md b/SECURITY.md
@@ -11,11 +11,18 @@ Release and components versions supported.
 Supported versions of the releases and other components of this project that are not necessary releases. This releases are stored in this repository and can be requested via github API.
 | Version | Supported          |
 | ------- | ------------------ |
-| Flask-authgen-jwt 1.2.4   | :white_check_mark: |
+| Flask-authgen-jwt 4.1.2   | :white_check_mark: |
 
 Not supported versions of releases.
 | Version | Supported          |
 | ------- | ------------------ |
+| Flask-authgen-jwt 4.1.1   | :x: |
+| Flask-authgen-jwt 4.1.0   | :x: |
+| Flask-authgen-jwt 4.0.0   | :x: |
+| Flask-authgen-jwt 3.0.1   | :x: |
+| Flask-authgen-jwt 3.0.0   | :x: |
+| Flask-authgen-jwt 2.0.0   | :x: |
+| Flask-authgen-jwt 1.2.4   | :x: |
 | Flask-authgen-jwt 1.1.3   | :x: |
 | Flask-authgen-jwt 1.0.2   | :x: |
 | Flask-authgen-jwt 1.0.0   | :x: |

diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = Flask-authgen-jwt
-version = 4.1.2
+version = 4.2.2
 author = Diego Martinez
 license = MIT
 author_email = [email protected]