Compare commits

...

6 Commits

Author SHA1 Message Date
bb5d88229a Release v1.2.2
All checks were successful
CI / Checks (push) Successful in 1m49s
2024-06-05 07:14:39 +00:00
7975776398 v1.2.2 2024-06-05 07:10:16 +00:00
9c8f1388ce release -> development 2024-05-29 19:53:25 +00:00
4da8562871 Release v1.2.1
All checks were successful
CD / Checks (push) Successful in 45s
2024-05-29 19:45:22 +00:00
009d9b15e0 v1.2.1 2024-05-29 21:43:59 +02:00
56f5acfff8 Pull request #7: release -> development
Merge in PLAYG/keep-it-secret from release to development
2024-05-29 19:26:30 +00:00
9 changed files with 145 additions and 6 deletions

27
.gitea/workflows/ci.yaml Normal file
View File

@ -0,0 +1,27 @@
name: "CI"
on:
push:
branches:
- "release"
jobs:
run-checks:
name: "Checks"
runs-on: "ubuntu-latest"
steps:
- uses: "actions/checkout@v4"
- uses: "actions/setup-python@v5"
with:
python-version: "3.10"
- uses: "Gr1N/setup-poetry@v8"
with:
poetry-version: "1.7.1"
- name: "Install deps"
run: |
set -x
poetry install
- name: "Run CI task"
run: |
set -x
poetry run inv ci

View File

@ -1,5 +1,14 @@
## Keep It Secret Changelog
#### v1.2.2 (2024-06-05)
* TeamCity integration for private builds.
#### v1.2.1 (2024-05-29)
* Gitea Actions integration.
* `README.md` language fixes.
#### v1.2.0 (2024-02-08)
* Hashicorp Vault integration.

88
Dockerfile Normal file
View File

@ -0,0 +1,88 @@
ARG APP_USER_UID=10001
ARG APP_USER_GID=10001
ARG IMAGE_TAG=development.000000
FROM python:3.10.14-slim-bookworm AS base
ARG APP_USER_UID
ARG APP_USER_GID
ARG IMAGE_TAG
ENV PYTHONUNBUFFERED=1 \
PYTHONDONTWRITEBYTECODE=1 \
PIP_NO_CACHE_DIR=off \
PIP_DISABLE_PIP_VERSION_CHECK=on \
PIP_DEFAULT_TIMEOUT=100 \
PIP_INDEX_URL="https://nexus.bthlabs.pl/repository/pypi/simple/" \
POETRY_VERSION=1.7.1 \
POETRY_HOME="/srv/poetry" \
POETRY_NO_INTERACTION=1 \
VIRTUAL_ENV="/srv/venv" \
KEEP_IT_SECRET_IMAGE_TAG=${IMAGE_TAG}
RUN if [ ! $(getent group ${APP_USER_GID}) ];then groupadd -g ${APP_USER_GID} app; fi && \
useradd -m -d /home/app -u ${APP_USER_UID} -g ${APP_USER_GID} app && \
apt-get update && \
apt-get install -y --no-install-recommends wait-for-it dumb-init curl && \
(curl -sSL https://install.python-poetry.org | python -) && \
python3.10 -m venv ${VIRTUAL_ENV} && \
mkdir /srv/app /srv/bin /srv/lib /srv/log /srv/run && \
chown -R ${APP_USER_UID}:${APP_USER_GID} /srv
ENV PATH="${VIRTUAL_ENV}/bin:/srv/bin:/srv/poetry/bin:${PATH}"
USER app
WORKDIR /srv/app
FROM base AS development
ARG APP_USER_UID
ARG APP_USER_GID
ARG IMAGE_TAG
USER app
WORKDIR /srv/app
FROM development AS deployment-build
ARG APP_USER_UID
ARG APP_USER_GID
ARG IMAGE_TAG
ADD --chown=$APP_USER_UID:$APP_USER_GID . /srv/app
RUN poetry install --no-dev
FROM deployment-build AS ci
ARG APP_USER_UID
ARG APP_USER_GID
ARG IMAGE_TAG
RUN poetry install
FROM base AS deployment
ARG APP_USER_UID
ARG APP_USER_GID
ARG IMAGE_TAG
COPY --from=deployment-build /srv/app /srv/app
COPY --from=deployment-build /srv/venv /srv/venv
RUN chown -R $APP_USER_UID:$APP_USER_GID /srv
USER root
RUN apt-get clean autoclean && \
apt-get autoremove --yes && \
rm -rf /var/lib/apt /var/lib/dpkg && \
rm -rf /home/app/.cache
USER app
ENV PYTHONPATH="/srv/app"
ENV DJANGO_SETTINGS_MODULE="settings"
EXPOSE 8000
ENTRYPOINT ["/usr/bin/dumb-init"]
CMD ["echo NOOP"]

View File

@ -65,7 +65,7 @@ to provide secrets suitable for the development environment:
```
The `ProductionSecrets` class uses environment variables and AWS Secrets
Manager to provide secrets suitable for the development environment:
Manager to provide secrets suitable for the production environment:
```
>>> production_secrets = ProductionSecrets()

View File

@ -11,10 +11,10 @@
project = 'Keep It Secret'
copyright = '2023-present Tomek Wójcik'
author = 'Tomek Wójcik'
version = '1.2.0'
version = '1.2.2'
# The full version, including alpha/beta/rc tags
release = '1.2.0'
release = '1.2.2'
# -- General configuration ---------------------------------------------------
# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration

View File

@ -6,7 +6,7 @@ from .fields import ( # noqa: F401
)
from .secrets import Secrets # noqa: F401
__version__ = '1.2.0'
__version__ = '1.2.2'
__all__ = [
'AbstractField',

View File

@ -1,6 +1,6 @@
[tool.poetry]
name = "keep-it-secret"
version = "1.2.0"
version = "1.2.2"
description = "Keep It Secret by BTHLabs"
authors = ["Tomek Wójcik <contact@bthlabs.pl>"]
maintainers = ["BTHLabs <contact@bthlabs.pl>"]

View File

@ -6,6 +6,7 @@ hang-closing = False
[tool:pytest]
addopts = --disable-warnings
junit_suite_name = keep_it_secret
env =
KEEP_IT_SECRET_TESTS_SPAM=spam
AWS_ACCESS_KEY_ID=thisisntright

View File

@ -1,5 +1,7 @@
# -*- coding: utf-8 -*-
# type: ignore
import os
from invoke import task
try:
@ -20,13 +22,25 @@ def mypy(ctx, warn=False):
@task
def tests(ctx, warn=False):
return ctx.run('pytest -v', warn=warn)
pytest_command_line = [
'pytest',
'-v',
]
if 'KEEP_IT_SECRET_JUNIT_XML_PATH' in os.environ:
pytest_command_line.append(
f"--junit-xml={os.environ['KEEP_IT_SECRET_JUNIT_XML_PATH']}",
)
return ctx.run(' '.join(pytest_command_line), warn=warn)
@task
def ci(ctx):
result = True
ctx.run('mkdir -p build')
if flake8(ctx, warn=True).exited != 0:
result = False