release

.github/workflows/generate.yaml

@@ -119,3 +119,28 @@ jobs:
           destination-repository-username: 'boromir674'
           target-branch: ${{ env.branch }}
           commit-message: 'apply Template from https://github.com/boromir674/cookiecutter-python-package'
+
+      ## GENERATE Python Gold Standard FROM TEMPLATE into gen/ ##
+      # ROOT : gen/biskotaki/pyproject.toml
+      - name: Generate Python Gold Standard Biskotaki from Template
+        env:
+          USER_CONFIG: tests/data/gold-standard.yml
+        run: |
+          echo "    version: \"${{ env.PKG_VERSION }}\"" >> ${{ env.USER_CONFIG }}
+          generate-python -o gen-gold --config-file "${{ env.USER_CONFIG }}" --no-input -f --offline
+
+      ## PUSH the Python Gold Standard to BISKOTAKI REPO ##
+      - name: Push to dedicated branch in biskotaki repo
+        # Pin to v1.7.2 -> 07c4d7b3def0a8ebe788a8f2c843a4e1de4f6900
+        uses: cpina/github-action-push-to-another-repository@07c4d7b3def0a8ebe788a8f2c843a4e1de4f6900
+        env:
+          SSH_DEPLOY_KEY: ${{ secrets.SSH_GITHUB_KEY }}
+        with:
+          source-directory: 'gen-gold/biskotaki-gold-standard'
+          destination-github-username: 'boromir674'
+          destination-repository-name: 'biskotaki'
+          user-email: [email protected]
+          user-name: 'Konstantinos'
+          destination-repository-username: 'boromir674'
+          target-branch: py-gold
+          commit-message: 'apply Template from https://github.com/boromir674/cookiecutter-python-package'

.github/workflows/policy_lint.yml

@@ -57,7 +57,7 @@ on:
         # ie { "l": 10 } -> allowes at most 10 low, 0 m, and 0 h
         # ie { "l": 10, "m": 3 } -> allowes at most 10 low, 3 m, and 0 h
         # Default is 6 allowed low, 0 m, and 0 h
-        default: '{"l": 6, "m": 0, "h": 0}'
+        default: '{"l": 8, "m": 0, "h": 0}'
 
 jobs:
   # Decide whether to run Lint Job, given incoming Signal
@@ -205,7 +205,7 @@ jobs:
       - name: 'Parse Bandit Results, and prepare comparing LOW, MEDIUM, and HIGH'
         run: |
           # Parse Totals Object
-          TOTALS=$(jq '.runs[0].properties.metrics._totals' results-sarif.json)
+          TOTALS=$(jq '.runs[0].properties.metrics._totals' "${{ env._SARIF_FILE }}")
 
           # Find CWE's of HIGH Severity
           HIGH=$(echo $TOTALS | jq '.["SEVERITY.HIGH"]')

.github/workflows/test.yaml

@@ -314,12 +314,7 @@ jobs:
   ## JOB: Signal for Automated PyPI Upload ##
   check_which_git_branch_we_are_on:
     runs-on: ubuntu-latest
-    needs: set_github_outputs
-    if: ${{ startsWith(github.event.ref, 'refs/tags/v') && needs.set_github_outputs.outputs.PUBLISH_ON_PYPI == 'true' }}
-    # Signals only if all below are True:
-    #  - PyPI Job Switch is ON
-    #  - Workflow Event is a 'v*' Tag (e.g. v1.0.0, v-test)
-    #  - Tag is tagging a commit on either the 'master' or 'release' Branch
+    if: ${{ startsWith(github.event.ref, 'refs/tags/v') }}
     env:
       RELEASE_BR: 'release'
       MAIN_BR: 'master'
@@ -363,11 +358,10 @@ jobs:
 
   ## JOB: PYPI UPLOAD ##
   pypi_publish:
-    needs: [test_suite, check_which_git_branch_we_are_on]
-    if: always()
+    needs: [set_github_outputs, test_suite, check_which_git_branch_we_are_on]
     uses: boromir674/automated-workflows/.github/workflows/pypi_env.yml@8e97f596067fcbbaa0a6927ec1ee47dce4ab5f1a
     with:
-      should_trigger: ${{ needs.check_which_git_branch_we_are_on.outputs.AUTOMATED_DEPLOY == 'true' }}
+      should_trigger: ${{ needs.set_github_outputs.outputs.PUBLISH_ON_PYPI == 'true' && needs.check_which_git_branch_we_are_on.outputs.AUTOMATED_DEPLOY == 'true' }}
       distro_name: cookiecutter_python
       distro_version: ${{ needs.test_suite.outputs.PEP_VERSION }}
       pypi_env: '${{ needs.check_which_git_branch_we_are_on.outputs.ENVIRONMENT_NAME }}'
@@ -413,3 +407,17 @@ jobs:
       source_code_targets: 'src'
       python_version: '3.10'
       artifacts_dir: 'dependency-graphs'
+
+
+### Make a Github Release ###
+  gh_release:
+    needs: [test_suite, check_which_git_branch_we_are_on]
+    if: ${{ needs.check_which_git_branch_we_are_on.outputs.AUTOMATED_DEPLOY == 'true' }}
+    uses: boromir674/automated-workflows/.github/workflows/gh-release.yml@test
+    name: 'GH Release'
+    with:
+      tag: ${{ github.ref_name }}
+      draft: ${{ needs.check_which_git_branch_we_are_on.outputs.ENVIRONMENT_NAME == 'TEST_DEPLOYMENT' }}
+    secrets:
+      # passing the GH_TOKEN PAT, to render in GH as ie: 'boromir674 released this yesterday', instead of 'github-actions released this yesterday'
+      gh_token: ${{ secrets.GH_TOKEN }}

CHANGELOG.rst

@@ -2,6 +2,30 @@
 Changelog
 =========
 
+2.2.1 (2024-03-11)
+==================
+
+Changes
+^^^^^^^
+
+fix
+"""
+- adjust mkdocs configured template to follow the Gold Standard Snaphost
+
+test
+""""
+- fix building wheel and sdist from gen proj
+
+ci
+""
+- pass PAT 'GH_TOKEN' in GH Release Workflow
+- pass git tag name, ie v2.2.1-rc in GH Release Workflow
+- allow checking for -rc tag regardless of top-level PYPI overide switch
+- add GH Release Job in 'CI/CD Pipeline' Workflow
+- allow a couple of more subprocess low severity cwe reported by bandit
+- generate and push Python Gold Standard to py-gold branch of biskotaki repo
+
+
 2.2.0 (2024-03-10)
 ==================
 

README.rst

@@ -275,9 +275,9 @@ Free/Libre and Open Source Software (FLOSS)
 
 .. Github Releases & Tags
 
-.. |commits_since_specific_tag_on_master| image:: https://img.shields.io/github/commits-since/boromir674/cookiecutter-python-package/v2.2.0/master?color=blue&logo=github
+.. |commits_since_specific_tag_on_master| image:: https://img.shields.io/github/commits-since/boromir674/cookiecutter-python-package/v2.2.1/master?color=blue&logo=github
     :alt: GitHub commits since tagged version (branch)
-    :target: https://github.com/boromir674/cookiecutter-python-package/compare/v2.2.0..master
+    :target: https://github.com/boromir674/cookiecutter-python-package/compare/v2.2.1..master
 
 .. |commits_since_latest_github_release| image:: https://img.shields.io/github/commits-since/boromir674/cookiecutter-python-package/latest?color=blue&logo=semver&sort=semver
     :alt: GitHub commits since latest release (by SemVer)

docs/conf.py

@@ -30,7 +30,7 @@
 author = 'Konstantinos Lampridis'
 
 # The full version, including alpha/beta/rc tags
-release = '2.2.0'
+release = '2.2.1'
 
 # -- General configuration ---------------------------------------------------
 

docs/contents/35_development/gitops-v2-cheatsheet.md

@@ -89,12 +89,11 @@ git push origin -d test-distro-docs
 git push origin -d direct-onboarding
 
 git push origin -d release-train
-
+git push origin -d release
 ```
 
 Clean Local with:
 ```shell
 git tag -d board-request
 git tag -d auto-prod
-git checkout release && git rebase master
 ```

pyproject.toml

@@ -10,7 +10,7 @@ build-backend = "poetry.core.masonry.api"
 ## Also renders on pypi as 'subtitle'
 [tool.poetry]
 name = "cookiecutter_python"
-version = "2.2.0"
+version = "2.2.1"
 description = "1-click Generator of Python Project, from Template with streamlined \"DevOps\" using a powerful CI/CD Pipeline."
 authors = ["Konstantinos Lampridis <[email protected]>"]
 maintainers = ["Konstantinos Lampridis <[email protected]>"]

src/cookiecutter_python/__init__.py

@@ -1,3 +1,3 @@
-__version__ = '2.2.0'
+__version__ = '2.2.1'
 
 from . import _logging  # noqa

src/cookiecutter_python/backend/error_handling/handler_builder.py

@@ -1,5 +1,3 @@
-import json
-
 import click
 from software_patterns import SubclassRegistry
 
@@ -17,8 +15,8 @@
 @HandlerBuilder.register_as_subclass('critical')
 class CriticalHandlerBuilder:
     def __call__(self, error):
-        click.echo('{}'.format(error.message))
-        click.echo('Error message: {}'.format(error.error.message))
+        click.echo('{}'.format(str(error)))
+        click.echo('Error message: {}'.format(str(error)))
 
-        context_str = json.dumps(error.context, indent=4, sort_keys=True)
-        click.echo('Context: {}'.format(context_str))
+        # Message that program is exiting due to error
+        click.echo('Exiting due to error')

src/cookiecutter_python/{{ cookiecutter.project_slug }}/docs-mkdocs/cicd.md

@@ -11,6 +11,4 @@ Flow Chart, of Jobs Dependencies in the Pipeline.
 
 **config: ./.github/workflows/test.yaml**
 
-{# to be evaluated, post generation, during markdown docs build process #}
-{# not during Generation time #}
-{% raw %}{% include 'dockerfile_mermaid.md' %}{% endraw %}
+{% raw %}{% include 'cicd_mermaid.md' %}{% endraw %}

src/cookiecutter_python/{{ cookiecutter.project_slug }}/docs-mkdocs/dockerfile_mermaid.md

@@ -6,5 +6,5 @@
 graph TB;
   python:3.9.16-slim-bullseye --> builder
   python:3.9.16-slim-bullseye --> install
-  builder -. "COPY" .-> install
+  builder -. "requirements.txt" .-> install
 ```

src/cookiecutter_python/{{ cookiecutter.project_slug }}/scripts/gen_api_refs_pages.py

@@ -1,4 +1,5 @@
 """Generate the code reference pages."""
+
 import typing as t
 from pathlib import Path
 
@@ -88,7 +89,6 @@
     # mkdocs_gen_files.set_edit_path(full_doc_path, path)
 
 
-
 # At the end, create a magic, literate navigation file called SUMMARY.md in the
 # reference folder.
 with mkdocs_gen_files.open("reference/SUMMARY.md", "w") as nav_file:

src/cookiecutter_python/{{ cookiecutter.project_slug }}/src/{{ cookiecutter.pkg_name }}/__main__.py

@@ -8,6 +8,7 @@
 This is an alternative to directly invoking the cli that uses python as the
 "entrypoint".
 """
+
 from __future__ import absolute_import
 
 from {{ cookiecutter.pkg_name }}.cli import main

tests/biskotaki_ci/snapshot/biskotaki_ci_no_input/test_build_creates_artifacts.py

@@ -75,6 +75,13 @@ def test_running_build_creates_source_and_wheel_distros(
         [sys.executable, '-m', 'tox', '-r', '-vv', '-e', 'check'],
         cwd=snapshot_dir,
         check=False,  # prevent raising exception, so we can do clean up
+        # pass the PKG_VERSION env var with value '0.0.1'
+        env={
+            # required by Check environment
+            'PKG_VERSION': '0.0.1',
+            # required due to programmatic execution, in this case
+            'PATH': str(Path(sys.executable).parent),
+        },
     )
 
     # CLEAN UP: Remove .tox/check folder, created by tox

tests/biskotaki_ci/snapshot/biskotaki_ci_no_input/test_lint_passes.py

@@ -4,14 +4,22 @@
 
 
 @pytest.mark.integration
-def test_running_lint_passes(
-    test_root,
-):
+@pytest.mark.parametrize(
+    'snapshot_name',
+    [
+        # LINT Biskotaki, with sphinx
+        'biskotaki-no-input',
+        # LINT Biskotaki Gold Standard, with mkdocs
+        'biskotaki-gold-standard',
+    ],
+)
+def test_running_lint_passes(snapshot_name, test_root):
     import subprocess
     from pathlib import Path
 
+    # LINT Biskotaki
     # Load Snapshot
-    snapshot_dir: Path = test_root / 'data' / 'snapshots' / 'biskotaki-no-input'
+    snapshot_dir: Path = test_root / 'data' / 'snapshots' / snapshot_name
     assert snapshot_dir.exists()
     assert snapshot_dir.is_dir()
 
@@ -22,10 +30,51 @@ def test_running_lint_passes(
         check=False,  # prevent raising exception, so we can do clean up
     )
 
-    # Remove .tox/ folder, created by tox
+    # SANITY verify .tox/lint exists, when using tox 3.x
+    assert (snapshot_dir / '.tox' / 'lint').exists()
+
+    # Remove .tox/lint folder, created by tox 3.x
+    import shutil
+
+    shutil.rmtree(snapshot_dir / '.tox' / 'lint')
+
+    # Check that Code passes Lint out of the box
+    assert res.returncode == 0
+
+
+@pytest.mark.integration
+@pytest.mark.parametrize(
+    'snapshot_name',
+    [
+        # Test Case 1: RUFF Biskotaki, with sphinx
+        'biskotaki-no-input',
+        # Test Case 2: RUFF Biskotaki Gold Standard, with mkdocs
+        'biskotaki-gold-standard',
+    ],
+)
+def test_running_ruff_passes(snapshot_name, test_root):
+    import subprocess
+    from pathlib import Path
+
+    # Load Snapshot
+    snapshot_dir: Path = test_root / 'data' / 'snapshots' / snapshot_name
+    assert snapshot_dir.exists()
+    assert snapshot_dir.is_dir()
+
+    # Programmatically run Lint, with the entrypoint we suggest, for a Dev to run
+    res = subprocess.run(  # tox -e ruff
+        [sys.executable, '-m', 'tox', '-r', '-vv', '-e', 'ruff'],
+        cwd=snapshot_dir,
+        check=False,  # prevent raising exception, so we can do clean up
+    )
+
+    # SANITY verify .tox/ruff exists, when using tox 3.x
+    assert (snapshot_dir / '.tox' / 'ruff').exists()
+
+    # Remove .tox/ruff folder, created by tox 3.x
     import shutil
 
-    shutil.rmtree(snapshot_dir / '.tox')
+    shutil.rmtree(snapshot_dir / '.tox' / 'ruff')
 
     # Check that Code passes Lint out of the box
     assert res.returncode == 0

tests/biskotaki_ci/snapshot/test_matches_biskotaki_runtime_gen.py

@@ -45,7 +45,8 @@ def test_snapshot_matches_runtime(snapshot, biskotaki_ci_project, test_root):
 
     # current CI runs tox -e dev, sdist, and wheel meaning it is certain __pycache__ will be created
     # remove all __pycache__ folders and everything nested under them
-    # this is a tiny bit of a hack, but it is the simplest way to fix the problem
+
+    # for example it is very common for a cpython interpreter to create __pycache__ folders
 
     # for all relative paths, if 'part' __pycache__ is in the path, remove it
     snap_relative_paths_set = set(
@@ -57,10 +58,7 @@ def test_snapshot_matches_runtime(snapshot, biskotaki_ci_project, test_root):
 
     # EXCLUDE artifacts, and cache potentially produced if running linters
     snap_relative_paths_set = set(
-        [x for x in snap_relative_paths_set if '.ruff_cached' not in x.parts]
-    )
-    runtime_relative_paths_set = set(
-        [x for x in runtime_relative_paths_set if '.ruff_cached' not in x.parts]
+        [x for x in snap_relative_paths_set if '.ruff_cache' not in x.parts]
     )
 
     # EXCLUDE from test .pytest_cache/ folders too