Certego shared CI 1.3.5

.github/.gitignore

@@ -0,0 +1,9 @@
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+.idea/

.github/.husky/pre-commit

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+. "$(dirname -- "$0")/_/husky.sh"
+
+npx lint-staged

.github/.pre-commit-config.yaml

@@ -1,22 +1,19 @@
-
 repos:
 -   repo: https://github.com/pycqa/flake8
     rev: 5.0.4
     hooks:
     - id: flake8
       exclude: docs/conf.py
-      files: buffalogs
-      args: ["--config", ".github/configurations/.flake8"]
+      args: ["--config", ".github/configurations/python_linters/.flake8"]
 
 -   repo: https://github.com/pycqa/isort
     rev: 5.12.0
     hooks:
       - id: isort
-        files: buffalogs
-        args: ["--settings-path", ".github/configurations/.isort.cfg", "--filter-files", "--skip", "venv"]
+        args: ["--settings-path", ".github/configurations/python_linters/.isort.cfg", "--filter-files", "--skip", "venv"]
 
 -   repo: https://github.com/psf/black
     rev: 22.12.0
     hooks:
       - id: black
-        args: ["--config", ".github/configurations/.black"]
+        args: ["--config", ".github/configurations/python_linters/.black"]

.github/README.dev.md

@@ -0,0 +1,42 @@
+<img src="Certego.png" alt="Certego" width="200" />
+
+# .github 
+
+## 🔧 Development
+To contribute to Certego CI, please:
+ - clone this repository
+ - follow [Setup](#📖-setup) section
+ - do pull requests to `develop`.
+
+Otherwise you can simply open an issue.
+
+
+## 📖 Setup
+CI files of base directory must be *hard linked* in the `.github/.github` folder, so they can be tested.
+Since GitHub is not able to store the fact that these files are hardlink, you need to restore it executing [this script](.github/hooks/post-merge) at every checkout.  
+From project root:
+```bash
+.github/hooks/post-merge
+```
+First time is mandatory, then a `post-merge` hook has been made to do it automatically:
+```
+cd .git/hooks
+ln -s ../../.github/hooks/post-merge
+```
+Alternatively you can execute the script manually every time you need.  
+Now all changes will be linked and be tested with [*test* project](.github/test/) on every PR.  
+**Important:**
+- Please remember to stage both base and `.github` files before commit.  
+- Links are for the single files. If you add directories, move or add files, you need to re-execute (or even modify) the script.
+
+
+### 🕑 Files to update periodically
+Periodically update:
+- Test projects dependencies: [Python dependencies](.github/test/python_test/packages.txt), [Node.js packages](.github/test/node_test/package.json)
+- Node linters dependencies: [ESLint packages](configurations/node_linters/eslint/package.json), [Stylelint packages](configurations/node_linters/stylelint/package.json)
+- [Pre-commit config](.pre-commit-config.yaml) actions revs.
+- All [external actions](workflows/) revs.
+- All README and docs.
+
+### 🏷️ Release
+After a new release is created, please inform final users that they should update CI subtree in their projects.

.github/README_CI.md

@@ -0,0 +1,138 @@
+[![CI](https://github.com/certego/.github/actions/workflows/pull_request_automation.yml/badge.svg)](https://github.com/certego/.github/actions/workflows/pull_request_automation.yml)
+
+<img src="Certego.png" alt="Certego" width="200" />
+
+# .github
+
+This repository contains CI workflows for Certego projects.
+It also contains the recommended configurations for linters and formatters.
+
+## ⚙️ CI components
+### 🔴 [Pull request automation](workflows/pull_request_automation.yml)
+Automatically executed on every PR. Manages tests and lints stuff. To customize for your project.
+### 🔴 [Release](workflows/release.yml)
+Automatically executed on every closed PR to the master branch that matches the regex `^[0-9]+\.[0-9]+\.[0-9]+$` . Manages release stuff. To customize for your project.
+## ⇩
+### 🟡 [Reusable workflows](workflows/)
+They receive input props and call actions.
+## ⇩
+### 🟢 [Composite actions](actions/)
+They execute commands (linters, tests,...)
+
+### CI features
+Actually CI actions commands implement this features:
+- Linters & Formatters
+  - Black
+  - Isort
+  - Flake8
+  - Pylint
+  - Bandit
+  - Eslint
+  - Prettier
+  - Stylelint
+- Tests 
+  - Coverage printing
+  - License checks
+  - Doc syntax check
+  - CodeQL security check
+  - Django migrations check
+  - Dockerfile syntax check
+- Release and tagging
+- Publish on test Pypi
+- Publish on Pypi
+- Publish on Npm
+- Announce release on Twitter
+
+### Other CI features:
+This repository also contains configurations for:
+- [Dependabot](dependabot.yml)
+- Pre-commit hook configurations
+
+## 🧰 Action configurations (linters, formatters, docs, coverage...)
+See [here](configurations/)
+
+---
+
+## 📖 How to use
+**Add** this repository to your project using `git subtree` command:
+```bash
+git subtree add --squash --prefix .github https://github.com/certego/.github.git main  && rm -rf .github/.github
+```
+Customize options of [Pull request automation](workflows/pull_request_automation.yml)  
+Customize linters in [configurations folder](configurations/)  
+Customize [dependabot](dependabot.yml).  
+Customize [CHANGELOG](CHANGELOG.md)  
+
+**Update** the subtree every time a new release of this repository is rolled. Pay attention,be careful to not lose your changes.
+```bash
+git subtree pull --squash --prefix .github https://github.com/certego/.github  main && rm -rf .github/.github
+```
+
+
+*Note:* DO NOT squash the commits in which you added/pulled subtree, otherwise `git-subtree-dir` info in `git log` will be lost
+
+**Configure** your project to use CI following below instructions.
+
+### Python
+CI automatically installs and calls code analyzers this way:
+```
+pylint --rcfile=.github/configurations/python_linters/.pylintrc
+bandit -c .github/configurations/python_linters/.bandit.yaml
+flake8 --config .github/configurations/python_linters/.flake8
+black --config .github/configurations/python_linters/.black
+isort --settings-path .github/configurations/python_linters/.isort.cfg --profile black --filter-files --skip venv
+```
+For local installation and customization, see [here](configurations/python_linters/README.md)
+
+#### (Opt.) Pre-commit
+Add `pre-commit` to your python requirements.
+Configure [this](.pre-commit-config.yaml) configuration file in your `.github` dir.
+From root of your project install:
+```
+pre-commit install -c .github/.pre-commit-config.yaml
+```
+Pre-commit will add hook `.git/hooks/pre-commit` for you.
+
+### Node.js
+Add to `package.json` these scripts (configure paths), CI automatically installs and calls them:
+```
+"config": {
+    "eslint": ".github/configurations/node_linters/eslint/.eslintrc.json",
+    "stylelint": ".github/configurations/node_linters/stylelint/.stylelintrc.json",
+    "prettier": ".github/configurations/node_linters/prettier/.prettierrc.js"
+},
+"scripts": {
+    "test": "TZ=UTC jest ./tests --silent",
+    "test-coverage": "npm test -- --coverage=true",
+    "lint-config-install": "cd $(dirname $npm_package_config_eslint) && npm i",
+    "lint": "eslint -c $npm_package_config_eslint 'src/**/*.{js,jsx}' 'tests/**/*.{js,jsx}'",
+    "lint-fix": "npm run lint -- --fix",
+    "lint-scss-config-install": "cd $(dirname $npm_package_config_stylelint) && npm i",
+    "lint-scss": "stylelint --config $npm_package_config_stylelint 'src/scss/**/*.{css,scss}'",
+    "lint-scss-fix": "npm run lint-scss -- --fix",
+    "formatter": "prettier --config $npm_package_config_prettier 'src/**/*.{js,jsx}' 'tests/**/*.{js,jsx}' 'src/scss/**/*.{css,scss}' --check",
+    "formatter-fix": "npm run formatter -- --write"
+},
+```
+For local installation and customization see [here](configurations/node_linters/README.md).
+
+#### (Opt.) Pre-commit
+To enable pre-commit add this to your `package.json` (configure paths, prettier is optional).
+**Note:** starting point of `husky install` must be same directory as .git
+```
+    "scripts": {
+        "prepare": "cd ./ && husky install .github/.husky"
+    },
+    "lint_staged": {
+        "*.{js,jsx}": ["eslint -c .github/configurations/node_linters/eslint/.eslintrc.json"] //, "prettier --config .github/configurations/node_linters/prettier/.prettierrc.js"],
+        "*.{css,scss}": ["stylelint --config .github/configurations/node_linters/stylelint/.stylelintrc.json"] // , "prettier --config .github/configurations/node_linters/prettier/.prettierrc.js"]
+    },
+```
+Then execute this command:
+```
+npm i -D husky lint-staged && npm run prepare
+```
+
+
+## 🔧 Development
+To contribute to this repository, please see [here](README.dev.md)

.github/actions/apt_requirements/action.yml

@@ -0,0 +1,25 @@
+name: Composite action  install apt requirements
+description: Composite action install apt requirements
+inputs:
+  working_directory:
+    description: Working directory 
+    required: true
+  requirements_file:
+    description: Requirements file
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Export apt requirements
+      id: export-apt-requirements
+      run: |
+        PKG=$(cat ${{ inputs.requirements_file }})
+        echo apt_packages=$PKG | awk '{print}' ORS=' ' >> $GITHUB_OUTPUT
+      shell: bash
+
+    - name: Cache apt packages
+      id: cache-apt-packages
+      uses: awalsh128/cache-apt-pkgs-action@v1
+      with:
+        packages: ${{ steps.export-apt-requirements.outputs.apt_packages }}

.github/actions/codeql/action.yml

@@ -0,0 +1,24 @@
+name: Composite action codeql
+description: Composite action codeql
+inputs:
+  language:
+    description: Programming language to use
+    required: true
+  working_directory:
+    description: Source code directory
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ inputs.language }}
+        setup-python-dependencies: false
+        source-root: ${{ inputs.working_directory }}
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+
+

.github/actions/node_linter/action.yml

@@ -0,0 +1,70 @@
+name: Composite action node linter
+description: Composite action node linter
+inputs:
+  working_directory:
+    description: Path to the package.json file
+    required: true
+
+
+  use_eslint:
+    description: Use eslint formatter
+    required: true
+
+  use_prettier:
+    description: Use prettier formatter
+    required: true
+
+  use_stylelint:
+    description: Use stylelint formatter
+    required: true
+
+  check_packages_licenses:
+    description: Check if npm packages have a valid license.
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Lint with prettier
+      run: |
+        if [[ ${{ inputs.use_prettier }} != 'false' ]]; then
+          npm run formatter
+        else
+          echo "Skipping prettier"
+        fi
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash
+
+    - name: Lint with eslint
+      run: |
+        if [[ ${{ inputs.use_eslint }} != 'false' ]]; then
+          npm run lint-config-install
+          npm run lint
+        else
+          echo "Skipping eslint"
+        fi
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash
+
+    - name: Lint with stylelint
+      run: |
+        if [[ ${{ inputs.use_stylelint }} != 'false' ]]; then
+          npm rum lint-scss-config-install
+          npm run lint-scss
+        else
+          echo "Skipping stylelint"
+        fi
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash
+
+    - name: Collect packages licenses
+      run: |
+        if [[ ${{ inputs.check_packages_licenses }} != 'false' ]]; then
+          echo '{"name":"", "license":""}' > fmt.json
+          npx -y [email protected] --csv --production --excludePrivatePackages --customPath fmt.json | cut -d, -f2,3 | tail -n +2 > licenses.csv
+          cat licenses.csv
+        else
+          echo "Skipping license check"
+        fi
+      working-directory: ${{ inputs.working_directory }}
+      shell: bash