Initial public commit

.dockerignore

@@ -0,0 +1,6 @@
+*
+!pyproject.toml
+!README.md
+!integration/testrun.py
+!hv4gha
+**/*.pyc

.github/helpers/gen-compose-env

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -o errexit
+set -o nounset
+
+cat <<EOF
+HV4GHA_ACCOUNT=andreaso
+HV4GHA_APP_ID=368468
+HV4GHA_APP_KEY_B64=${TEST_APP_KEY_B64}
+HV4GHA_TEST_REPO=hv4gha
+EOF

.github/workflows/codeql.yaml

@@ -0,0 +1,40 @@
+---
+
+name: CodeQL
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: "15 4 * * 6"
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Python Analyze
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Use Python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: python
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/linting.yaml

@@ -0,0 +1,72 @@
+---
+
+name: Linting
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+  statuses: write
+
+jobs:
+  python:
+    name: Python
+    runs-on: ubuntu-22.04
+
+    strategy:
+      matrix:
+        py_version: ["3.10", "3.11"]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install Poetry
+        run: pipx install poetry
+
+      - name: Enable Python ${{ matrix.py_version }}
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.py_version }}
+
+      - name: Use Python ${{ matrix.py_version }} with Poetry
+        run: poetry env use python${{ matrix.py_version }}
+
+      - name: Install dependencies
+        run: poetry install
+
+      - name: Check import order
+        run: poetry run isort --check hv4gha/ integration/
+
+      - name: Check Black formating
+        run: poetry run black --check hv4gha/ integration/
+
+      - name: Verify type hints
+        run: poetry run mypy --strict hv4gha/ integration/
+
+      - name: Run Pylint
+        run: poetry run pylint -rn -sn hv4gha/ integration/
+
+  super:
+    name: Super-Linter
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Lint
+        uses: super-linter/super-linter/slim@v5
+        env:
+          VALIDATE_ALL_CODEBASE: true
+          VALIDATE_JSCPD: false
+          DEFAULT_BRANCH: main
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish.yaml

@@ -0,0 +1,42 @@
+---
+
+name: Publish
+
+on:
+  push:
+    tags:
+      - v*
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  pypi:
+    name: PyPi Publish
+    runs-on: ubuntu-22.04
+
+    environment:
+      name: release
+      url: https://pypi.org/project/hv4gha/
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install Poetry
+        run: pipx install poetry
+
+      - name: Output expected packge version refs/tags/
+        id: expected
+        run: echo "tagref=refs/tags/v$(poetry version --short)" >> "$GITHUB_OUTPUT"
+
+      - name: Fail on mismatch between tag and package version
+        if: github.ref != steps.expected.outputs.tagref
+        run: echo "Mismatch between pushed tag and package version"; exit 1
+
+      - name: Build package
+        run: poetry build
+
+      - name: Publish package
+        uses: pypa/gh-action-pypi-publish@release/v1

.github/workflows/testing.yaml

@@ -0,0 +1,55 @@
+---
+
+name: Testing
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  integration:
+    name: Integration testing
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup Docker Compose .env file
+        run: .github/helpers/gen-compose-env > integration/.env
+        env:
+          TEST_APP_KEY_B64: ${{ secrets.TEST_APP_KEY_B64 }}
+
+      - name: Build test images
+        run: docker compose -f integration/docker-compose.yaml build
+
+      - name: Bring up Vault server
+        run: docker compose -f integration/docker-compose.yaml up --wait --detach vault-server
+
+      - name: Enable Vault's Transit Engine
+        run: docker compose -f integration/docker-compose.yaml run --no-deps vault-setup
+
+      - name: Import App key (Python 3.10)
+        run: docker compose -f integration/docker-compose.yaml run --no-deps testrun-py310 import
+
+      - name: Issue Access Token (Python 3.10)
+        run: docker compose -f integration/docker-compose.yaml run --no-deps testrun-py310 issue
+
+      - name: Issue scoped Access Token (Python 3.10)
+        run: docker compose -f integration/docker-compose.yaml run --no-deps testrun-py310 issue-scoped
+
+      - name: Import App key (Python 3.11)
+        run: docker compose -f integration/docker-compose.yaml run --no-deps testrun-py311 import
+
+      - name: Issue Access Token (Python 3.11)
+        run: docker compose -f integration/docker-compose.yaml run --no-deps testrun-py311 issue
+
+      - name: Issue scoped Access Token (Python 3.11)
+        run: docker compose -f integration/docker-compose.yaml run --no-deps testrun-py311 issue-scoped

.gitignore

@@ -0,0 +1,8 @@
+*~
+\#*#
+.#*
+
+*.pyc
+/dist/
+
+/integration/.env

.pre-commit-config.yaml

@@ -0,0 +1,43 @@
+---
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-toml
+      - id: check-yaml
+      - id: check-added-large-files
+
+  - repo: local
+    hooks:
+      - id: isort
+        name: isort
+        entry: poetry run isort
+        language: system
+        types_or: [python, pyi]
+        require_serial: true
+        args: ["--filter-files"]
+
+      - id: black
+        name: black
+        entry: poetry run black
+        language: system
+        types_or: [python, pyi]
+        require_serial: true
+
+      - id: mypy
+        name: mypy
+        entry: poetry run mypy
+        language: system
+        types_or: [python, pyi]
+        exclude: '^tests/'
+        require_serial: true
+        args: ["--strict"]
+
+      - id: pylint
+        name: pylint
+        entry: poetry run pylint
+        language: system
+        types: [python]
+        args: ["-rn", "-sn"]

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 Andreas Olsson <[email protected]>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.