Add .github/workflows/codeql.yml #30
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit adds a workflow to analyze the repository using CodeQL. CodeQL performs scanning across the code to identify security vulnerabilities and errors. https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning
LCVcode
reviewed
Aug 18, 2024
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
LCVcode
pushed a commit
that referenced
this pull request
Aug 21, 2024
* status_keeper.py: use XDG specification paths for cache and config * status_keeper.py: create directories if they do not exist with XDG * status_keeper.py: remove redundant path check * status_keeper.py: remove unreachable return in get_current_juju_status_json * Use mermaid for the Juju objects graph in README.md (#31) * README.md: use mermaid flowchart for Juju objects * README.md: tweak graph layout * add .github/dependabot.yml (#29) dependabot is an incredibly useful CI/CD automation provided by GitHub. It opens PRs to updated older dependencies and alerts on known vulnerabilities in the software supply-chain. It's a handy bedrock to have in any repository workflow. * Add .github/workflows/codeql.yml (#30) * add .github/workflows/codeql.yml This commit adds a workflow to analyze the repository using CodeQL. CodeQL performs scanning across the code to identify security vulnerabilities and errors. https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning * .github/workflows/codeql.yml: fix branch, main -> master * [no ci] add (MIT) LICENSE; closes #28 (#40) * Implement Poetry as the development lifecycle tool (#32) * .gitignore: update to cover IDE and more Python The existing .gitignore was missing a few items -- particular, there are numerous logs and miscellanea generated from the tooling in the Python ecosystem. Also, JetBrains generates a huge amount of trash that shouldn't be committed into the repository. * add .python-version This file declares the generally-accepted Python version for use in development. I selected a version close to the default on Ubuntu Jammy. `python --version` ``` Python 3.10.12 ``` * add .editorconfig EditorConfig is a handy little file for maintaining consistent editor settings across different IDEs. https://editorconfig.org/ * add poetry Uses the Poetry Python dependency management and packaging system. Poetry helps to manage the various tools used in development, keeping everything in one TOML config. * README.md: add information regarding poetry * rm requirements.txt * README.md: format examples as a list * closes #6 add: pyinstaller static binary target This commit adds a simple configuration for Pyinstaller to Poetry using poetry-pyinstaller-plugin. It results in `poetry build` emitting a static binary target, easy for carrying along into restrictive environments without concern for the Python version or existence of dependencies. ## Building: `poetry build` ``` [...] Preparing PyInstaller 6.10.0 environment /home/jlettman/.cache/pypoetry/virtualenvs/jockey-Msi6Fc7k-py3.10 Building binaries with PyInstaller Python 3.10 [manylinux_2_35_x86_64] - Building jockey SINGLE_FILE [...] ``` ## Testing the binary: `dist/pyinstaller/manylinux_2_35_x86_64/jockey --help` ``` usage: jockey [-h] [--refresh] [-f FILE] object [filters ...] Jockey - A Juju query language to put all your Juju objects at your fingertips. [...] ``` ## Checking the output: `file dist/pyinstaller/manylinux_2_35_x86_64/jockey` ``` dist/pyinstaller/manylinux_2_35_x86_64/jockey: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=04804d3c31218f938502cbed5cdd1af09d59a8f0, for GNU/Linux 2.6.32, stripped ``` * restructure directories for Poetry * .github/workflows/ci.yml: refactor for Poetry This commit overhauls the CI/CD workflow to support the change to Poetry. It includes extensive linting and testing in a parallel fashion. In addition, heavy caching is used to reduce the CI/CD job times. Lastly, CodeCov is available, but if the token is missing, the workflow will not fail. * pyproject.toml: add flake8 plugin to pass settings from TOML * jockey: update everything to pass CI/CD * tests: fix broken IDE refactor for imports * .github/workflows/ci.yml: fix Windows test runner(?) * .github/workflows/ci.yml: add build step * .github/workflows/ci.yml: name artifact based on OS * pyproject.toml: add post-build hooks to relocate binaries * .github/workflows/ci.yml: hash venv on pyproject.toml too * add docs * README.md: provide output for examples * [no ci] .gitignore: ignore snapcraft artifacts * [no ci] pyproject.toml: change executable name to Juju plugin style * [no ci] add snapcraft.yaml * .github/workflows/ci.yml: auto-build snaps in CD * snapcraft.yaml: attempt to fix runner w/ differences * snapcraft.yaml: fix confinement, retain default snapcraft behavior * .github/workflows/ci.yml: upload snapcraft logs on failure * .github/workflows/ci.yml: fix typo * snapcraft.yaml: fix cooked build(?) * snapcraft.yaml: fix cooked craftctl * snapcraft.yaml: refactor * status_keeper.py: use XDG specification paths for cache and config * status_keeper.py: create directories if they do not exist with XDG * status_keeper.py: remove redundant path check * status_keeper.py: remove unreachable return in get_current_juju_status_json * fix isort on branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a workflow to analyze the repository using CodeQL.
CodeQL scans the code to identify security vulnerabilities and errors.
https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning