jonaspammer / cookiecutter-pypackage Goto Github PK

View Code? Open in Web Editor NEW

2.0 2.0 1.0 480 KB

An awesome CookieCutter for all-the-things python.

License: MIT License

JavaScript 3.25% Python 65.08% Dockerfile 31.67%

cookiecutter-template cookiecutter-pypackage dockerfile cookiecutter-python3

cookiecutter-pypackage's Introduction

👋 Hey there. My name’s Jonas

📺 Favourite Series: Avatar: The Last Airbender, Star Trek (VOY / TNG / PICARD / DISCOVERY)
⛳ Hobbies and Interests: Watching Movies with Friends, Learning new things, Programming, Keeping a clean and organized home and setup
🔝 Current Primary Fascinations: Ansible Automation and CI/CD (because its Awesome), Cooking (I spend too much € on other things ;))
📍 Location: EU, Austria, Vorarlberg (CET +1 hour)

IT ()

Computers are not magic and Software can be understood.

I know my way around Linux, Windows, IT, programming and generally like to always try to understand most of the things I stumble across every day.

My current keen interest area is Dev - Ops — Specifically, in my current decision case, IaaC with Ansible/Terraform/Amazon Web Services and Continious Automated Integration/Delivery with GitHub Actions and Docker.
I will never get bored of my enthusiasm for web development, the browser, the backend and everything around it, as well as the perspectives that they still offer and make possible for us today.

Details

These are very fascinating topics that are fundamentally changing the way software development and deployment is done. Servers / VMs are transformed from sacred "don’t touch" black box systems into simple disposable and on-demand createable goods. It is the pinnacle of automation and reproducibility.

And the crazy thing is that nothing has fundamentally changed - It’s just that the solutions (Linux, SSH, HTTP, TLS, ..) and concepts (TCP/IP, ..) that were created a long time ago by very smart people are so crazily thought-of princibles which we’re all just slowly sticking together and extending continously. IT is amazing.

🌱 Having just completed an IT apprenticeship, I am currently studying for various certifications (CCNA, MSCA, FSNE 1-4, RHCSA, …) to solidify my knowledge and help myself making the decision on which path to truly pursue by digging into each of them.

Recent Activities

🙋‍♂️ I actively star repositories I find useful and interesting. Below is an automatically generated overview of my GitHub profile, showing mostly my recently starred projects (which may give somewhat of an indication of what I’m currently onto):

Private, Work and Infrastructure Setup

SETUP.adoc

Demystifying

Some Summarizations on various Topics I wrote to easily link to. Sources always linked.

Some Links

conventions
dream world

Pinned Repositories / Recent Contributions

cookiecutter-pypackage's People

Contributors

Stargazers

Watchers

Forkers

lgtm-migrator

cookiecutter-pypackage's Issues

ci: add ossf scorecard action and badge

https://github.com/ossf/scorecard-action

current scorecard results when run through cli on cookiecutter-pypackage-test

Aggregate score: 5.6 / 10

Check scores:
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
|  SCORE  |          NAME          |             REASON             |                                               DOCUMENTATION/REMEDIATION                                               |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Binary-Artifacts       | no binaries found in the repo  | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#binary-artifacts       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Branch-Protection      | branch protection not enabled  | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#branch-protection      |
|         |                        | on development/release         |                                                                                                                       |
|         |                        | branches                       |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | CI-Tests               | 4 out of 4 merged PRs          | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#ci-tests               |
|         |                        | checked by a CI test -- score  |                                                                                                                       |
|         |                        | normalized to 10               |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | CII-Best-Practices     | no badge detected              | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#cii-best-practices     |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 2 / 10  | Code-Review            | Prow code reviews found for 8  | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#code-review            |
|         |                        | commits out of the last 30 --  |                                                                                                                       |
|         |                        | score normalized to 2          |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 3 / 10  | Contributors           | 1 different organizations      | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#contributors           |
|         |                        | found -- score normalized to 3 |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Dangerous-Workflow     | no dangerous workflow patterns | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#dangerous-workflow     |
|         |                        | detected                       |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Dependency-Update-Tool | update tool detected           | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#dependency-update-tool |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Fuzzing                | project is not fuzzed          | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#fuzzing                |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | License                | license file detected          | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#license                |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Maintained             | 30 commit(s) out of 30 and 1   | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#maintained             |
|         |                        | issue activity out of 1 found  |                                                                                                                       |
|         |                        | in the last 90 days -- score   |                                                                                                                       |
|         |                        | normalized to 10               |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Packaging              | publishing workflow detected   | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#packaging              |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 5 / 10  | Pinned-Dependencies    | dependency not pinned by hash  | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#pinned-dependencies    |
|         |                        | detected -- score normalized   |                                                                                                                       |
|         |                        | to 5                           |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | SAST                   | SAST tool is not run on all    | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#sast                   |
|         |                        | commits -- score normalized to |                                                                                                                       |
|         |                        | 0                              |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Security-Policy        | security policy file not       | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#security-policy        |
|         |                        | detected                       |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ?       | Signed-Releases        | no releases found              | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#signed-releases        |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 0 / 10  | Token-Permissions      | non read-only tokens detected  | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#token-permissions      |
|         |                        | in GitHub workflows            |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| 10 / 10 | Vulnerabilities        | no vulnerabilities detected    | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#vulnerabilities        |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|
| ?       | Webhooks               | check is not supported for     | https://github.com/ossf/scorecard/blob/e42af756609b2cde6d757fd45ea05ddf0016ff62/docs/checks.md#webhooks               |
|         |                        | this request: SCORECARD_V6     |                                                                                                                       |
|         |                        | is not set, not running the    |                                                                                                                       |
|         |                        | Webhook check                  |                                                                                                                       |
|---------|------------------------|--------------------------------|-----------------------------------------------------------------------------------------------------------------------|

fix(ci): add DOCKER_README.adoc to path spec of docker workflow

simplify and restructure README

less text is more

remove pip-compile'd versions of requirements from cookiecutter

it's a generated file that will change drastically when even one dependency is added by a project using this cookie, making the merge conflict displayed by a cruft update nonsensical. it always must be generated from the project's one

fix(security): fix Dockerfile CVE's

As reported by reported by Run aquasecurity/trivy-action@d63413b0a4a4482237085319f7f4a1ce99a8f2ac in Generic CookieCutter Test job

┌───────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│        Library        │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                            Title                            │
├───────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ setuptools (METADATA) │ CVE-2022-40897 │ HIGH     │ 63.2.0            │ 65.5.1        │ CVE-2022-40897 affecting package python-setuptools 40.2.0-6 │
│                       │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-40897                  │
├───────────────────────┼────────────────┤          ├───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ wheel (METADATA)      │ CVE-2022-40898 │          │ 0.37.1            │ 0.38.1        │ CVE-2022-40898 affecting package python-wheel 0.33.6-7      │
│                       │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-40898                  │
└───────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

ci: sync dockerhub short description with github repo description

Can be done through a single argument of the already used peter-evans/dockerhub-description

ci: cancel gh-pages job when a newer has been started for same branch

to avoid unecessary CI time

fix(ci): dockerhub-readme workflow should only run on push to master

Currently it runs on all branches, wich causes potential for conflict

cookiecutter-pypackage/{{ cookiecutter.project_slug }}/.github/workflows/docker.yml

Lines 4 to 6 in 634ecac

 push: 

 branches: 

 - "**"

cookiecutter-pypackage/{{ cookiecutter.project_slug }}/.github/workflows/docker.yml

Lines 124 to 126 in 634ecac

 dockerhub-readme: 

 if: github.event_name != 'pull_request' 

 needs: dockerhub

add cookiecutter option to disable `{{ cookiecutter }}` 's renovate

ci: reduce renovate noise

Implement as per other cookiecutter (but this time in one go / PR 😺):
JonasPammer/cookiecutter-ansible-role#138 (comment)
JonasPammer/cookiecutter-ansible-role#139
JonasPammer/cookiecutter-ansible-role#144
JonasPammer/cookiecutter-ansible-role#145
JonasPammer/cookiecutter-ansible-role#147
JonasPammer/cookiecutter-ansible-role#149

Action Required: Fix Renovate Configuration

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Location: .github/renovate.json5
Error type: Invalid JSON5 (parsing failed)
Message: JSON5.parse error: JSON5: invalid character 'c' at 37:3

ci(deps): change renovate config of cookie to exclude things that the cookiecutter already renovates

without this change, a cruft update will result in uneccesarry .rej files when the cookie made a renovate update different than the cutter

ci: add matrix configuration to test on windows/macos/linux and different python versions

~as done in https://github.com/jazzband/pip-tools/blob/master/.github/workflows/ci.yml

i write python because i want it to work on everything everywhere easily

ci: change gh-pages autocommit message to only include first line with commit sha appended to it

trivia explained in JonasPammer/cookiecutter-ansible-role#47

refactor: pip-compile should not be a pre-commit hook

when i pre-commit run --all-files the pip-compile steps take up too much time
when i pre-commit run --all-files i don't expect to be needing to dealing with package updates
integrating this into pre-commit breaks PR workflow so badly as described in above point
every *.txt file already has command inside it that is used to generate it and includes what it sources from

just bring back the development docs made in 6b17574

chore: allow other licenses through cookiecutter variable

e.g. as done in https://github.com/audreyfeldroy/cookiecutter-pypackage

ci(deps): change renovate config to exclude the `{{ cookiecutter }}` directory

without this change, a cruft update will result in uneccesarry .rej files when the cookie made a renovate update different than the cutter

#97
#99
- if the user chooses not to use renovate, the user's repo would be out of date the entire time afterwards because of fixed sha's.
  or it would be out of date if he doesn't have renovate installed, etc..
- if the user chooses to have renovate activated, renovate will obviously make the appropiate PR's
- another thing how JonasPammer/cookiecutter-ansible-role#57 is bad: if the user for example added an step to his action, it's not being covered by cruft update. don't do it like there. implement the fix of trivia like said in the title and the first level bullet points
#96

compare 'pre-commit-hooks/detect-private-key', 'thoughtworks/talisman', 'yelp/detect-secrets', 'githuardian/ggshield'

as per TODO shown here:

cookiecutter-pypackage/.pre-commit-config.yaml

Line 22 in 31b1801

 # TODO compare to 'thoughtworks/talisman', 'yelp/detect-secrets', 'githuardian/ggshield' 

ci: add codeql static code analysis tools

as recommended by OSSF and already implemented in JonasPammer/cookiecutter-github-action-typescript

fix!: change possible open_source_license values to string-only

Trivia:
JonasPammer/cookiecutter-ansible-role#140

Implement as per JonasPammer/cookiecutter-ansible-role#141 and document in release as seen in https://github.com/JonasPammer/cookiecutter-ansible-role/releases/tag/4.0.0!

fix: transform requirements.txt to requirements.[in|txt] using pip tools

not only is this a best practice but it also fixes a potential CI hickup
the CI caches their venv using the requirements.txt files, and because they are generic they cache and use an not-so-much predictable version

when implementing, do NOT automate the generation of the pinned versions. just document it.

tests: add dockerfile smoke tests

rationale behind the need of this / rationale what "smoke tests" test: https://pythonspeed.com/articles/test-your-docker-build/

make a file like shown in https://testinfra.readthedocs.io/en/latest/examples.html#test-docker-images (with additional actual tests like shown in first "rationale" link) and execute it in the docker.yml ci before push to dockerhub

add note to CI-generated files that they are generated

..and thus shall not be edited yada yada

SECURITY.adoc no longer recognized by github's `/security/policy`

Add step to {{ cookiecutter.project_slug }}/.github/workflows/gh-pages.yml to generate SECURITY.md file so this functionality works again (I could swear previously github recognized it and showed when clicking that button -- scorecard acknowledges it):

ci: exclude directory of cookie in renovate config of cutter

part of #93

ci: add CI to auto release to PyPI when pushing a new tag to master

docs: switch to using asciidoctor-reducer

950e66d

setup security policy for every project and cookiecutter

in form of a SECURITY.adoc like the one that github's ui generates in e.g. https://github.com/JonasPammer/cookiecutter-pypackage-test/security/policy

also document the maintenance need of this of this file in release/version documentation in development.adoc

for my projects [email protected] can be used for reporting vulns, i look into it

more info on this practice may be found in e.g. the following ossf scorecard issue scan result https://github.com/JonasPammer/cookiecutter-pypackage-test/security/code-scanning/60

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

chore(deps): update actions/cache action to v4
chore(deps): update actions/setup-python action to v5
chore(deps): update actions/upload-artifact action to v4
chore(deps): update crazy-max/ghaction-github-labeler action to v5
chore(deps): update docker/build-push-action action to v5
chore(deps): update docker/setup-buildx-action action to v3
chore(deps): update docker/setup-qemu-action action to v3
🔐 Create all rate-limited PRs at once 🔐

Pending Status Checks

These updates await pending status checks. To force their creation now, click the checkbox below.

chore(deps): update actions/checkout action to v4

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

github-actions

.github/workflows/ci.yml

actions/checkout v3@8e5e7e5ab8b370d6c329ec480221332ada57f0ab

actions/setup-python v4@57ded4d7d5e986d7296eab16560982c6dd7c923b

actions/cache v3@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8

actions/cache v3@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8

actions/upload-artifact v3@0b7f8abb1508181956e8e162db84b466c27e18ce

actions/setup-python v4@57ded4d7d5e986d7296eab16560982c6dd7c923b

docker/setup-qemu-action v2@e81a89b1732b9c48d79cd809d8d81d79c4647a18

docker/setup-buildx-action v2@4b4e9c3e2d4531116a6f8ba8e71fc6e2cb6e6c8c

docker/build-push-action v4@3b5e8027fcad23fda98b2e3ac259d8d67585f671

aquasecurity/trivy-action 0.9.2@1f0aa582c8c8f5f7639610d6d38baddfea4fdcee

actions/checkout v3@8e5e7e5ab8b370d6c329ec480221332ada57f0ab

actions/setup-python v4@57ded4d7d5e986d7296eab16560982c6dd7c923b

actions/cache v3@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8

.github/workflows/issue-label-manager.yml

actions/checkout v3@8e5e7e5ab8b370d6c329ec480221332ada57f0ab

crazy-max/ghaction-github-labeler v4@3de87da19416edc45c90cd89e7a4ea922a3aae5a

.github/workflows/label-pr-sizes.yml

pascalgn/size-label-action v0.4.3@1619680c5ac1ef360b944bb56a57587ba4aa2af8

pip_requirements

requirements-dev.txt

Check this box to trigger a request for Renovate to run again on this repository

	dockerhub-readme:
	if: github.event_name != 'pull_request'
	needs: dockerhub