podaac · frankinspace · Oct 4, 2023 · Sep 27, 2023 · Sep 27, 2023 · Sep 27, 2023
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,225 @@
+# This is the main build pipeline that verifies and publishes the software
+name: Build
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push events
+  push:
+    branches: [ develop, release/**, main, feature/**, issue/**, dependabot/** ]
+    tags-ignore:
+      - '*'
+    paths-ignore:
+      - 'pyproject.toml'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+env:
+  POETRY_VERSION: "1.3.1"
+  PYTHON_VERSION: "3.10"
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  # First job in the workflow installs and verifies the software
+  build:
+    name: Build, Test, Verify, Publish
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    steps:
+      - uses: getsentry/action-github-app-token@v2
+        name: podaac cicd token
+        id: podaac-cicd
+        with:
+          app_id: ${{ secrets.CICD_APP_ID }}
+          private_key: ${{ secrets.CICD_APP_PRIVATE_KEY }}
+      - uses: actions/checkout@v3
+        with:
+          repository: ${{ github.repository }}
+          token: ${{ steps.podaac-cicd.outputs.token }}
+      - uses: actions/setup-python@v4
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+
+      - name: Install bumpver & poetry
+        run: pip3 install bumpver poetry poetry-plugin-bundle
+      - name: Install dependencies
+        run: poetry install
+
+      - name: Get version
+        id: get-version
+        run: |
+          echo "current_version=$(poetry version | awk '{print $2}')" >> $GITHUB_OUTPUT
+          echo "pyproject_name=$(poetry version | awk '{print $1}')" >> $GITHUB_ENV
+      - name: Bump pre-alpha version
+        # If triggered by push to a feature branch
+        if: |
+          startsWith(github.ref, 'refs/heads/feature') ||
+          startsWith(github.ref, 'refs/heads/issue')     ||
+          startsWith(github.ref, 'refs/heads/dependabot')
+        run: |
+          new_ver="${{ steps.get-version.outputs.current_version }}+$(git rev-parse --short ${GITHUB_SHA})"
+          poetry version $new_ver
+          echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV
+      - name: Bump alpha version
+        # If triggered by push to the develop branch
+        if: ${{ github.ref == 'refs/heads/develop' }}
+        run: |
+          poetry version prerelease
+          echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV
+          echo "venue=sit" >> $GITHUB_ENV
+      - name: Bump rc version
+        # If triggered by push to a release branch
+        if: ${{ startsWith(github.ref, 'refs/heads/release/') }}
+        env:
+          # True if the version already has a 'rc' pre-release identifier
+          BUMP_RC: ${{ contains(steps.get-version.outputs.current_version, 'rc') }}
+        run: |
+          if [ "$BUMP_RC" = true ]; then
+            poetry version prerelease
+          else
+            poetry version ${GITHUB_REF#refs/heads/release/}-rc.1
+          fi
+          echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV
+          echo "venue=uat" >> $GITHUB_ENV
+      - name: Release version
+        # If triggered by push to the main branch
+        if: ${{ startsWith(github.ref, 'refs/heads/main') }}
+        env:
+          CURRENT_VERSION: ${{ steps.get-version.outputs.current_version }}
+        # Remove -rc.* from end of version string
+        # The ${string%%substring} syntax below deletes the longest match of $substring from back of $string.
+        run: |
+          poetry version ${CURRENT_VERSION%%-rc.*}
+          echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV
+          echo "venue=ops" >> $GITHUB_ENV
+      - name: Install hydrocron
+        run: poetry install
+      - name: Lint
+        run: |
+          poetry run pylint hydrocronapi
+          poetry run flake8 hydrocronapi
+
+
+      ## Set environment variables
+      - name: Configure Initial YAML file and environment variables
+        run: |
+          echo "THE_VERSION=${{ env.software_version }}" >> $GITHUB_ENV;
+          echo "GIT_BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV;
+          GITHUB_REF_READABLE="${GITHUB_REF//\//-}"
+          echo "GITHUB_REF_READABLE=${GITHUB_REF_READABLE}" >> $GITHUB_ENV
+          echo "THE_ENV=sit" >> $GITHUB_ENV
+          echo "TARGET_ENV_UPPERCASE=SIT" >> $GITHUB_ENV
+
+      - name: Run Snyk as a blocking step
+        uses: snyk/actions/python-3.9@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: test
+          args: >
+            --org=${{ secrets.SNYK_ORG_ID }}
+            --project-name=${{ github.repository }}
+            --severity-threshold=high
+            --fail-on=all
+      - name: Run Snyk on Python
+        uses: snyk/actions/python-3.9@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          command: monitor
+          args: >
+            --org=${{ secrets.SNYK_ORG_ID }}
+            --project-name=${{ github.repository }}
+      - name: Commit Version Bump
+        # If building develop, a release branch, or main then we commit the version bump back to the repo
+        if: |
+          github.ref == 'refs/heads/develop' ||
+          github.ref == 'refs/heads/main'    ||
+          startsWith(github.ref, 'refs/heads/release')
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+          git commit -am "/version ${{ env.software_version }}"
+          git push
+      - name: Push Tag
+        if: |
+          github.ref == 'refs/heads/develop' ||
+          github.ref == 'refs/heads/main'    ||
+          startsWith(github.ref, 'refs/heads/release')
+        run: |
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+          git tag -a "${{ env.software_version }}" -m "Version ${{ env.software_version }}"
+          git push origin "${{ env.software_version }}"
+      - name: Build Python Artifact
+        run: |
+          poetry build
+
+
+
+      # Setup Terraform to Deploy
+
+      - name: Configure AWS Credentials as Environment Variables
+        run: echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV |
+             echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV
+
+      - name: Validate AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-region: us-west-2
+          role-session-name: GitHubActions
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}
+      - run: aws sts get-caller-identity
+
+
+      - name: Test with pytest
+        if: |
+          github.ref == 'test'
+        run: |
+          pip install pytest
+          pip install pytest-dynamodb
+          pip install connexion
+          pip install flask_testing
+          pip install moto
+          pip install geopandas
+          pip install git+https://github.com/podaac/hydrocron-db.git
+          pytest tests/test_api.py -k 'test_gettimeseries_get'
+          pytest tests/test_api.py -k 'test_getsubset_get'
+
+
+
+      - uses: hashicorp/[email protected]
+        with:
+          terraform_version: 1.0.3
+
+
+      #   -- Build --
+      - name: Build lambda package
+        run: ./build.sh
+      - name: Upload packaged zip
+        uses: actions/[email protected]
+        with:
+          name: dist
+          path: dist/*.zip
+
+      - name: Deploy Terraform
+        #if: |
+        #  github.ref == 'refs/heads/develop' ||
+        #  github.ref == 'refs/heads/main'    ||
+        #  startsWith(github.ref, 'refs/heads/release') ||
+        #  github.event.head_commit.message == '/deploy sit' ||
+        #  github.event.head_commit.message == '/deploy uat'
+        working-directory: terraform/
+        env:
+          AWS_ACCESS_KEY_ID:       ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}
+          AWS_SECRET_ACCESS_KEY:   ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}
+          AWS_DEFAULT_REGION:      us-west-2
+
+        run: |
+          source bin/config.sh ${{ env.THE_ENV }}
+          terraform init -reconfigure -backend-config="bucket=podaac-services-${{ env.THE_ENV }}-terraform" -backend-config="region=us-west-2"
+          terraform plan -var-file=tfvars/"${{ env.THE_ENV }}".tfvars -var="app_version=${{ env.THE_VERSION }}" -out="tfplan"
+          terraform apply -auto-approve tfplan
diff --git a/.gitignore b/.gitignore
@@ -69,4 +69,7 @@ hydrocronapi/controllers/__pycache__/
 
 .idea
 .env
-docker/dynamodb
+docker/dynamodb
+
+tests/dynamodb_local/
+node_modules/
diff --git a/.pylintrc b/.pylintrc
@@ -274,7 +274,7 @@ exclude-too-few-public-methods=
 ignored-parents=
 
 # Maximum number of arguments for function / method.
-max-args=5
+max-args=6
 
 # Maximum number of attributes for a class (see R0902).
 max-attributes=7
@@ -435,8 +435,7 @@ timeout-methods=requests.api.delete,requests.api.get,requests.api.head,requests.
 
 # List of note tags to take in consideration, separated by a comma.
 notes=FIXME,
-      XXX,
-      TODO
+      XXX
 
 # Regular expression of note tags to take in consideration.
 notes-rgx=
@@ -445,7 +444,7 @@ notes-rgx=
 [REFACTORING]
 
 # Maximum number of nested blocks for function / method body
-max-nested-blocks=5
+max-nested-blocks=6
 
 # Complete name of functions that never returns. When checking for
 # inconsistent-return-statements if a never returning function is called then

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 ### Added
     - Issue 8 - Hydrocron API implementation with mysql local database
+    - Issue 23 - Added github actions with Snyk, pylint, flake8
 ### Changed 
     - Issue 8 - Hydrocron API implementation with dynamodb local database
     - Issue 8 - Rearrange database code

diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ docker compose up
 To run the server, please execute the following from the root directory:
 
 ```
-python3 -m hydrocronapi
+HYDROCRON_ENV=dev python -m hydrocronapi
 ```
 
 and open your browser to here:
@@ -44,7 +44,7 @@ Your Swagger definition lives here:
 http://localhost:8080/hydrocron/HydroAPI/1.0.0/swagger.json
 ```
 
-## Running with Docker
+## Running with Docker 
 
 To run the server on a Docker container, please execute the following from the root directory:
 

diff --git a/hydrocronapi/__main__.py b/hydrocronapi/__main__.py
@@ -1,7 +1,14 @@
-#!/usr/bin/env python3
+"""
+Hydrocron API module
+"""
+# !/usr/bin/env python3
+
 
 def main():
-    from hydrocronapi import hydrocron
+    """
+    Main function to run flask app in port 8080
+    """
+    from hydrocronapi import hydrocron  # noqa: E501 # pylint: disable=import-outside-toplevel
     hydrocron.flask_app.run(port=8080)