From 43833a4b20199f40d44b0f1ac540ec326e4ad9ca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Feb 2025 08:32:12 +0000 Subject: [PATCH 1/4] Bump github/codeql-action in the github-actions-all group Bumps the github-actions-all group with 1 update: [github/codeql-action](https://github.com/github/codeql-action). Updates `github/codeql-action` from 3.28.8 to 3.28.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/dd746615b3b9d728a6a37ca2045b68ca76d4841a...9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-all ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 89e6fbf2..31e0d8e6 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -54,7 +54,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@dd746615b3b9d728a6a37ca2045b68ca76d4841a # tag=codeql-bundle-v3.28.8 + uses: github/codeql-action/init@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # tag=codeql-bundle-v3.28.9 with: languages: ${{ matrix.language }} @@ -62,7 +62,7 @@ jobs: # Java). If this step fails, then you should remove it and run the build # manually (see below). - name: Autobuild - uses: github/codeql-action/autobuild@dd746615b3b9d728a6a37ca2045b68ca76d4841a # tag=codeql-bundle-v3.28.8 + uses: github/codeql-action/autobuild@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # tag=codeql-bundle-v3.28.9 # ℹī¸ Command-line programs to run using the OS shell. 📚 # https://git.io/JvXDl @@ -76,4 +76,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@dd746615b3b9d728a6a37ca2045b68ca76d4841a # tag=codeql-bundle-v3.28.8 + uses: github/codeql-action/analyze@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # tag=codeql-bundle-v3.28.9 diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 09721daf..eae197ac 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -60,6 +60,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # tag=codeql-bundle-v3.28.8 + uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # tag=codeql-bundle-v3.28.9 with: sarif_file: results.sarif From 406195488b703d7d68ca87e2ad9099d188fea40b Mon Sep 17 00:00:00 2001 From: Felddy Date: Tue, 11 Feb 2025 17:33:59 -0500 Subject: [PATCH 2/4] Merge changes from upstream skeleton - Rename compose file and update docs. - Fix issues flagged by new linter versions. - Replace setup.py with pyproject.toml for modern Python packaging. - Rename version file to match expectations of bump script. --- .ansible-lint | 7 +- .bandit.yml | 2 +- .github/dependabot.yml | 8 +- .github/workflows/build.yml | 13 +- .github/workflows/codeql-analysis.yml | 32 +-- .github/workflows/sync-labels.yml | 10 +- .pre-commit-config.yaml | 107 ++++++---- CODE_OF_CONDUCT.md | 10 +- CONTRIBUTING.md | 25 ++- README.md | 6 +- bump_version.sh | 196 ++++++++++++++---- docker-compose.yml => compose.yml | 0 docs/cookbooks/cloudflare/README.md | 4 +- .../{docker-compose.yml => compose.yml} | 1 - patches/hotfix_2020062801-0.6.4.sh | 0 patches/hotfix_2020100101-0.7.3.sh | 0 patches/hotfix_2020101401-0.7.4.sh | 0 patches/hotfix_2020120401-0.7.8.sh | 0 patches/hotfix_2020121401-0.7.8.sh | 0 patches/hotfix_2021050101-0.8.2.sh | 0 patches/hotfix_issue_3817-0.7.4.sh | 0 patches/hotfix_issue_697.sh | 0 pyproject.toml | 2 +- requirements-dev.txt | 4 +- setup-env | 73 +++++-- src/_version.py | 3 - src/logging.sh | 0 src/version.txt | 1 + tag.sh | 2 +- tests/conftest.py | 7 +- tests/container_test.py | 0 31 files changed, 365 insertions(+), 148 deletions(-) rename docker-compose.yml => compose.yml (100%) rename docs/cookbooks/cloudflare/{docker-compose.yml => compose.yml} (98%) mode change 100644 => 100755 patches/hotfix_2020062801-0.6.4.sh mode change 100644 => 100755 patches/hotfix_2020100101-0.7.3.sh mode change 100644 => 100755 patches/hotfix_2020101401-0.7.4.sh mode change 100644 => 100755 patches/hotfix_2020120401-0.7.8.sh mode change 100644 => 100755 patches/hotfix_2020121401-0.7.8.sh mode change 100644 => 100755 patches/hotfix_2021050101-0.8.2.sh mode change 100644 => 100755 patches/hotfix_issue_3817-0.7.4.sh mode change 100644 => 100755 patches/hotfix_issue_697.sh delete mode 100644 src/_version.py mode change 100644 => 100755 src/logging.sh create mode 100644 src/version.txt mode change 100644 => 100755 tests/container_test.py diff --git a/.ansible-lint b/.ansible-lint index 0e80b05b..4ffc0efa 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,10 +1,9 @@ --- -# See https://ansible-lint.readthedocs.io/en/latest/configuring.html -# for a list of the configuration elements that can exist in this -# file. +# See https://ansible-lint.readthedocs.io/configuring/ for a list of +# the configuration elements that can exist in this file. enable_list: # Useful checks that one must opt-into. See here for more details: - # https://ansible-lint.readthedocs.io/en/latest/rules.html + # https://ansible-lint.readthedocs.io/rules/ - fcqn-builtins - no-log-password - no-same-owner diff --git a/.bandit.yml b/.bandit.yml index 2b618f68..663c521c 100644 --- a/.bandit.yml +++ b/.bandit.yml @@ -3,7 +3,7 @@ # https://bandit.readthedocs.io/en/latest/config.html # Tests are first included by `tests`, and then excluded by `skips`. -# If `tests` is empty, all tests are are considered included. +# If `tests` is empty, all tests are considered included. tests: # - B101 diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5117ccf8..820b1341 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -7,8 +7,8 @@ version: 2 updates: - - package-ecosystem: "docker" - directory: "/" + - directory: / + package-ecosystem: docker schedule: interval: "daily" labels: @@ -49,8 +49,8 @@ updates: patterns: - "*" - - package-ecosystem: "pip" - directory: "/" + - directory: / + package-ecosystem: pip schedule: interval: "daily" labels: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a6065db8..4819a38f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,10 +3,13 @@ name: Build on: + merge_group: + types: + - checks_requested + pull_request: push: branches: - '**' - pull_request: release: types: [edited, published] schedule: @@ -22,6 +25,14 @@ permissions: actions: read contents: read +# Set a default shell for any run steps. The `-Eueo pipefail` sets errtrace, +# nounset, errexit, and pipefail. The `-x` will print all commands as they are +# run. Please see the GitHub Actions documentation for more information: +# https://docs.github.com/en/actions/using-jobs/setting-default-values-for-jobs +defaults: + run: + shell: bash -Eueo pipefail -x {0} + jobs: diagnostics: name: "Diagnostics" diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 31e0d8e6..8abfae53 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -4,20 +4,22 @@ # # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. -# -# ******** NOTE ******** -# We have attempted to detect the languages in your repository. Please check -# the `language` matrix defined below to confirm you have the correct set of -# supported CodeQL languages. -# -name: "CodeQL" +name: CodeQL on: - push: - branches: [develop, develop-prerelease] + merge_group: + types: + - checks_requested pull_request: - # The branches below must be a subset of the branches above - branches: [develop, develop-prerelease] + # The branches here must be a subset of the ones in the push key + branches: + - develop + - develop-prerelease + push: + # Dependabot triggered push events have read-only access, but uploading code + # scanning requires write access. + branches-ignore: + - dependabot/** schedule: - cron: '31 7 * * 2' @@ -26,12 +28,18 @@ permissions: contents: read jobs: + diagnostics: + name: Run Diagnostics + uses: felddy/reusable-workflows/.github/workflows/diagnostics.yml@v2 analyze: name: Analyze + needs: + - diagnostics runs-on: ubuntu-latest permissions: - actions: read + # actions/checkout needs this to fetch code contents: read + # required for all workflows security-events: write strategy: diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 17e59dbf..3910056e 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -4,14 +4,20 @@ name: sync-labels on: push: paths: - - '.github/labels.yml' - - '.github/workflows/sync-labels.yml' + - .github/labels.yml + - .github/workflows/sync-labels.yml + workflow_dispatch: permissions: contents: read jobs: + diagnostics: + name: Run Diagnostics + uses: felddy/reusable-workflows/.github/workflows/diagnostics.yml@v2 labeler: + needs: + - diagnostics permissions: # actions/checkout needs this to fetch code contents: read diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 986c8f98..5f342242 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -4,22 +4,30 @@ default_language_version: python: python3 repos: + # Check the pre-commit configuration + - repo: meta + hooks: + - id: check-useless-excludes + - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: check-case-conflict - id: check-executables-have-shebangs - id: check-json - id: check-merge-conflict + - id: check-shebang-scripts-are-executable + - id: check-symlinks - id: check-toml + - id: check-vcs-permalinks - id: check-xml - id: debug-statements + - id: destroyed-symlinks - id: detect-aws-credentials args: - --allow-missing-credentials - id: detect-private-key - id: end-of-file-fixer - exclude: files/(issue|motd) - id: mixed-line-ending args: - --fix=lf @@ -32,15 +40,13 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.41.0 + rev: v0.42.0 hooks: - id: markdownlint args: - --config=.mdl_config.yaml - - repo: https://github.com/pre-commit/mirrors-prettier - # This is the last version of v3 available from the mirror. We should hold - # here until v4, which is currently in alpha, is more stable. - rev: v3.1.0 + - repo: https://github.com/rbubley/mirrors-prettier + rev: v3.3.3 hooks: - id: prettier # This is the latest version of v3 available from NPM. The pre-commit @@ -57,14 +63,14 @@ repos: # GitHub Actions hooks - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.28.4 + rev: 0.29.4 hooks: - id: check-github-actions - id: check-github-workflows # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v3.7.1 + rev: v4.0.1 hooks: - id: validate_manifest @@ -72,25 +78,25 @@ repos: - repo: https://github.com/TekWizely/pre-commit-golang rev: v1.0.0-rc.1 hooks: - # Style Checkers - - id: go-critic - # StaticCheck - - id: go-staticcheck-repo-mod # Go Build - id: go-build-repo-mod + # Style Checkers + - id: go-critic + # goimports + - id: go-imports-repo + args: + # Write changes to files + - -w # Go Mod Tidy - id: go-mod-tidy-repo + # GoSec + - id: go-sec-repo-mod + # StaticCheck + - id: go-staticcheck-repo-mod # Go Test - id: go-test-repo-mod # Go Vet - id: go-vet-repo-mod - # GoSec - - id: go-sec-repo-mod - # goimports - - id: go-imports-repo - args: - # Write changes to files - - -w # Nix hooks - repo: https://github.com/nix-community/nixpkgs-fmt rev: v1.3.0 @@ -99,7 +105,7 @@ repos: # Shell script hooks - repo: https://github.com/scop/pre-commit-shfmt - rev: v3.8.0-1 + rev: v3.10.0-1 hooks: - id: shfmt args: @@ -125,7 +131,7 @@ repos: # Python hooks # Run bandit on the "tests" tree with a configuration - repo: https://github.com/PyCQA/bandit - rev: 1.7.8 + rev: 1.7.10 hooks: - id: bandit name: bandit (tests tree) @@ -134,39 +140,49 @@ repos: - --config=.bandit.yml # Run bandit on everything except the "tests" tree - repo: https://github.com/PyCQA/bandit - rev: 1.7.8 + rev: 1.7.10 hooks: - id: bandit name: bandit (everything else) exclude: tests - repo: https://github.com/psf/black-pre-commit-mirror - rev: 24.4.2 + rev: 24.10.0 hooks: - id: black - repo: https://github.com/PyCQA/flake8 - rev: 7.0.0 + rev: 7.1.1 hooks: - id: flake8 additional_dependencies: - - flake8-docstrings + - flake8-docstrings==1.7.0 - repo: https://github.com/PyCQA/isort rev: 5.13.2 hooks: - id: isort - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.10.0 + rev: v1.13.0 hooks: - id: mypy - additional_dependencies: - - types-setuptools + - repo: https://github.com/pypa/pip-audit + rev: v2.7.3 + hooks: + - id: pip-audit + args: + # Add any pip requirements files to scan + - --requirement + - requirements-dev.txt + - --requirement + - requirements-test.txt + - --requirement + - requirements.txt - repo: https://github.com/asottile/pyupgrade - rev: v3.15.2 + rev: v3.19.0 hooks: - id: pyupgrade # Ansible hooks - repo: https://github.com/ansible/ansible-lint - rev: v24.6.0 + rev: v24.10.0 hooks: - id: ansible-lint additional_dependencies: @@ -177,21 +193,40 @@ repos: # necessary to add the ansible package itself as an # additional dependency, with the same pinning as is done in # requirements-test.txt of cisagov/skeleton-ansible-role. - # - ansible>=9,<10 + # + # Version 10 is required because the pip-audit pre-commit + # hook identifies a vulnerability in ansible-core 2.16.13, + # but all versions of ansible 9 have a dependency on + # ~=2.16.X. + # + # It is also a good idea to go ahead and upgrade to version + # 10 since version 9 is going EOL at the end of November: + # https://endoflife.date/ansible + # - ansible>=10,<11 # ansible-core 2.16.3 through 2.16.6 suffer from the bug # discussed in ansible/ansible#82702, which breaks any # symlinked files in vars, tasks, etc. for any Ansible role # installed via ansible-galaxy. Hence we never want to # install those versions. # + # Note that the pip-audit pre-commit hook identifies a + # vulnerability in ansible-core 2.16.13. The pin of + # ansible-core to >=2.17 effectively also pins ansible to + # >=10. + # + # It is also a good idea to go ahead and upgrade to + # ansible-core 2.17 since security support for ansible-core + # 2.16 ends this month: + # https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html#ansible-core-support-matrix + # # Note that any changes made to this dependency must also be # made in requirements.txt in cisagov/skeleton-packer and # requirements-test.txt in cisagov/skeleton-ansible-role. - - ansible-core>=2.16.7 + - ansible-core>=2.17 # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.90.0 + rev: v1.96.1 hooks: - id: terraform_fmt - id: terraform_validate @@ -204,7 +239,7 @@ repos: # Packer hooks - repo: https://github.com/cisagov/pre-commit-packer - rev: v0.0.2 + rev: v0.3.0 hooks: - - id: packer_validate - id: packer_fmt + - id: packer_validate diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index 31bd69c8..e870b848 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -55,11 +55,11 @@ further defined and clarified by project maintainers. ## Enforcement ## Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at . All complaints -will be reviewed and investigated and will result in a response that is deemed -necessary and appropriate to the circumstances. The project team is obligated to -maintain confidentiality with regard to the reporter of an incident. Further -details of specific enforcement policies may be posted separately. +reported by contacting the project team at . All +complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a1239079..3dda900f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -46,9 +46,13 @@ There are a few ways to do this, but we prefer to use create and manage a Python virtual environment specific to this project. -If you already have `pyenv` and `pyenv-virtualenv` configured you can -take advantage of the `setup-env` tool in this repo to automate the -entire environment configuration process. +We recommend using the `setup-env` script located in this repository, +as it automates the entire environment configuration process. The +dependencies required to run this script are +[GNU `getopt`](https://github.com/util-linux/util-linux/blob/master/misc-utils/getopt.1.adoc), +[`pyenv`](https://github.com/pyenv/pyenv), and [`pyenv-virtualenv`](https://github.com/pyenv/pyenv-virtualenv). +If these tools are already configured on your system, you can simply run the +following command: ```console ./setup-env @@ -57,13 +61,18 @@ entire environment configuration process. Otherwise, follow the steps below to manually configure your environment. -#### Installing and using `pyenv` and `pyenv-virtualenv` #### +#### Installing and using GNU `getopt`, `pyenv`, and `pyenv-virtualenv` #### -On the Mac, we recommend installing [brew](https://brew.sh/). Then -installation is as simple as `brew install pyenv pyenv-virtualenv` and +On macOS, we recommend installing [brew](https://brew.sh/). Then +installation is as simple as `brew install gnu-getopt pyenv pyenv-virtualenv` and adding this to your profile: ```bash +# GNU getopt must be explicitly added to the path since it is +# keg-only (https://docs.brew.sh/FAQ#what-does-keg-only-mean) +export PATH="$(brew --prefix)/opt/gnu-getopt/bin:$PATH" + +# Setup pyenv export PYENV_ROOT="$HOME/.pyenv" export PATH="$PYENV_ROOT/bin:$PATH" eval "$(pyenv init --path)" @@ -71,13 +80,15 @@ eval "$(pyenv init -)" eval "$(pyenv virtualenv-init -)" ``` -For Linux, Windows Subsystem for Linux (WSL), or on the Mac (if you +For Linux, Windows Subsystem for Linux (WSL), or macOS (if you don't want to use `brew`) you can use [pyenv/pyenv-installer](https://github.com/pyenv/pyenv-installer) to install the necessary tools. Before running this ensure that you have installed the prerequisites for your platform according to the [`pyenv` wiki page](https://github.com/pyenv/pyenv/wiki/common-build-problems). +GNU `getopt` is included in most Linux distributions as part of the +[`util-linux`](https://github.com/util-linux/util-linux) package. On WSL you should treat your platform as whatever Linux distribution you've chosen to install. diff --git a/README.md b/README.md index dcd02bfa..a7f2588a 100644 --- a/README.md +++ b/README.md @@ -76,7 +76,7 @@ docker run \ specified using [environment variables](#environment-variables). It is highly recommended that you use [`docker compose`](https://docs.docker.com/compose/) or similar container orchestration to manage your server's configuration. A -`docker-compose.yml` file, like the example below, is a reliable way to start +`compose.yml` file, like the example below, is a reliable way to start and maintain a container while capturing its configurations. Each time the container starts it generates the configuration files needed by @@ -85,7 +85,7 @@ means **changes made in the server's configuration GUI will not persist between container restarts**. If you would like to disable the regeneration of these configuration files, set `CONTAINER_PRESERVE_CONFIG` to `true`. -1. Create a `docker-compose.yml` file similar to the one below. Provide +1. Create a `compose.yml` file similar to the one below. Provide your credentials as values to the environment variables: ```yaml @@ -140,7 +140,7 @@ uses `secrets.json`. Regardless of the name you choose it must be targeted to } ``` -1. Then add the secret to your `docker-compose.yml` file: +1. Then add the secret to your `compose.yml` file: ```yaml --- diff --git a/bump_version.sh b/bump_version.sh index 6058d164..324fea9e 100755 --- a/bump_version.sh +++ b/bump_version.sh @@ -1,54 +1,172 @@ #!/usr/bin/env bash -# bump_version.sh (show|major|minor|patch|prerelease|build) +# bump-version [--push] [--label LABEL] (major | minor | patch | prerelease | build | finalize | show) +# bump-version --list-files set -o nounset set -o errexit set -o pipefail -VERSION_FILE=src/_version.py -README_FILE=README.md +# Stores the canonical version for the project. +VERSION_FILE=src/version.txt +# Files that should be updated with the new version. +VERSION_FILES=("$VERSION_FILE" README.md) -HELP_INFORMATION="bump_version.sh (show|major|minor|patch|prerelease|build|finalize)" +USAGE=$( + cat << END_OF_LINE +Update the version of the project. -old_version=$(sed -n "s/^__version__ = \"\(.*\)\"$/\1/p" $VERSION_FILE) +Usage: + ${0##*/} [--push] [--label LABEL] (major | minor | patch | prerelease | build | finalize | show) + ${0##*/} --list-files + ${0##*/} (-h | --help) + +Options: + -h | --help Show this message. + --push Perform a \`git push\` after updating the version. + --label LABEL Specify the label to use when updating the build or prerelease version. + --list-files List the files that will be updated when the version is bumped. +END_OF_LINE +) + +old_version=$(< "$VERSION_FILE") # Comment out periods so they are interpreted as periods and don't # just match any character old_version_regex=${old_version//\./\\\.} +new_version="$old_version" + +bump_part="" +label="" +commit_prefix="Bump" +with_push=false +commands_with_label=("build" "prerelease") +commands_with_prerelease=("major" "minor" "patch") +with_prerelease=false -if [ $# -ne 1 ]; then - echo "$HELP_INFORMATION" +####################################### +# Display an error message, the help information, and exit with a non-zero status. +# Arguments: +# Error message. +####################################### +function invalid_option() { + echo "$1" + echo "$USAGE" + exit 1 +} + +####################################### +# Bump the version using the provided command. +# Arguments: +# The version to bump. +# The command to bump the version. +# Returns: +# The new version. +####################################### +function bump_version() { + local temp_version + temp_version=$(python -c "import semver; print(semver.parse_version_info('$1').${2})") + echo "$temp_version" +} + +if [ $# -eq 0 ]; then + echo "$USAGE" + exit 1 else - case $1 in - major | minor | patch | prerelease | build) - new_version=$(python -c "import semver; print(semver.bump_$1('$old_version'))") - echo Changing version from "$old_version" to "$new_version" - tmp_file=/tmp/version.$$ - sed "s/$old_version_regex/$new_version/" $VERSION_FILE > $tmp_file - mv $tmp_file $VERSION_FILE - sed "s/$old_version_regex/$new_version/" $README_FILE > $tmp_file - mv $tmp_file $README_FILE - git add $VERSION_FILE $README_FILE - git commit -m"Bump version from $old_version to $new_version" - git push - ;; - finalize) - new_version=$(python -c "import semver; print(semver.finalize_version('$old_version'))") - echo Changing version from "$old_version" to "$new_version" - tmp_file=/tmp/version.$$ - sed "s/$old_version_regex/$new_version/" $VERSION_FILE > $tmp_file - mv $tmp_file $VERSION_FILE - sed "s/$old_version_regex/$new_version/" $README_FILE > $tmp_file - mv $tmp_file $README_FILE - git add $VERSION_FILE $README_FILE - git commit -m"Finalize version from $old_version to $new_version" - git push - ;; - show) - echo "$old_version" - ;; - *) - echo "$HELP_INFORMATION" - ;; - esac + while [ $# -gt 0 ]; do + case $1 in + --push) + if [ "$with_push" = true ]; then + invalid_option "Push has already been set." + fi + + with_push=true + shift + ;; + --label) + if [ -n "$label" ]; then + invalid_option "Label has already been set." + fi + + label="$2" + shift 2 + ;; + build | finalize | major | minor | patch) + if [ -n "$bump_part" ]; then + invalid_option "Only one version part should be bumped at a time." + fi + + bump_part="$1" + shift + ;; + prerelease) + with_prerelease=true + shift + ;; + show) + echo "$old_version" + exit 0 + ;; + -h | --help) + echo "$USAGE" + exit 0 + ;; + --list-files) + printf '%s\n' "${VERSION_FILES[@]}" + exit 0 + ;; + *) + invalid_option "Invalid option: $1" + ;; + esac + done +fi + +if [ -n "$label" ] && [ "$with_prerelease" = false ] && [[ ! " ${commands_with_label[*]} " =~ [[:space:]]${bump_part}[[:space:]] ]]; then + invalid_option "Setting the label is only allowed for the following commands: ${commands_with_label[*]}" +fi + +if [ "$with_prerelease" = true ] && [ -n "$bump_part" ] && [[ ! " ${commands_with_prerelease[*]} " =~ [[:space:]]${bump_part}[[:space:]] ]]; then + invalid_option "Changing the prerelease is only allowed in conjunction with the following commands: ${commands_with_prerelease[*]}" +fi + +label_option="" +if [ -n "$label" ]; then + label_option="token='$label'" +fi + +if [ -n "$bump_part" ]; then + if [ "$bump_part" = "finalize" ]; then + commit_prefix="Finalize" + bump_command="finalize_version()" + elif [ "$bump_part" = "build" ]; then + bump_command="bump_${bump_part}($label_option)" + else + bump_command="bump_${bump_part}()" + fi + new_version=$(bump_version "$old_version" "$bump_command") + echo Changing version from "$old_version" to "$new_version" +fi + +if [ "$with_prerelease" = true ]; then + bump_command="bump_prerelease($label_option)" + temp_version=$(bump_version "$new_version" "$bump_command") + echo Changing version from "$new_version" to "$temp_version" + new_version="$temp_version" +fi + +tmp_file=/tmp/version.$$ +for version_file in "${VERSION_FILES[@]}"; do + if [ ! -f "$version_file" ]; then + echo Missing expected file: "$version_file" + exit 1 + fi + sed "s/$old_version_regex/$new_version/" "$version_file" > $tmp_file + mv $tmp_file "$version_file" +done + +git add "${VERSION_FILES[@]}" +git commit --message "$commit_prefix version from $old_version to $new_version" + +if [ "$with_push" = true ]; then + git push fi diff --git a/docker-compose.yml b/compose.yml similarity index 100% rename from docker-compose.yml rename to compose.yml diff --git a/docs/cookbooks/cloudflare/README.md b/docs/cookbooks/cloudflare/README.md index 9915e23c..6bd3cad4 100644 --- a/docs/cookbooks/cloudflare/README.md +++ b/docs/cookbooks/cloudflare/README.md @@ -38,7 +38,7 @@ ```console . - ├── docker-compose.yml + ├── compose.yml ├── foundry_secrets.json └── volumes/ ├── cloudflare_config/ @@ -47,7 +47,7 @@ └── foundry_data/ ``` -1. Edit `docker-compose.yml` and `foundry_secrets.json` and replace all the +1. Edit `compose.yml` and `foundry_secrets.json` and replace all the placeholder values that are contained within `< >`. For example, modifying the placeholders for the `foundry` service: diff --git a/docs/cookbooks/cloudflare/docker-compose.yml b/docs/cookbooks/cloudflare/compose.yml similarity index 98% rename from docs/cookbooks/cloudflare/docker-compose.yml rename to docs/cookbooks/cloudflare/compose.yml index 22d4c1db..c0b9a110 100644 --- a/docs/cookbooks/cloudflare/docker-compose.yml +++ b/docs/cookbooks/cloudflare/compose.yml @@ -1,5 +1,4 @@ --- -version: "3" services: foundry: diff --git a/patches/hotfix_2020062801-0.6.4.sh b/patches/hotfix_2020062801-0.6.4.sh old mode 100644 new mode 100755 diff --git a/patches/hotfix_2020100101-0.7.3.sh b/patches/hotfix_2020100101-0.7.3.sh old mode 100644 new mode 100755 diff --git a/patches/hotfix_2020101401-0.7.4.sh b/patches/hotfix_2020101401-0.7.4.sh old mode 100644 new mode 100755 diff --git a/patches/hotfix_2020120401-0.7.8.sh b/patches/hotfix_2020120401-0.7.8.sh old mode 100644 new mode 100755 diff --git a/patches/hotfix_2020121401-0.7.8.sh b/patches/hotfix_2020121401-0.7.8.sh old mode 100644 new mode 100755 diff --git a/patches/hotfix_2021050101-0.8.2.sh b/patches/hotfix_2021050101-0.8.2.sh old mode 100644 new mode 100755 diff --git a/patches/hotfix_issue_3817-0.7.4.sh b/patches/hotfix_issue_3817-0.7.4.sh old mode 100644 new mode 100755 diff --git a/patches/hotfix_issue_697.sh b/patches/hotfix_issue_697.sh old mode 100644 new mode 100755 diff --git a/pyproject.toml b/pyproject.toml index 866f2fcd..06525546 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -36,4 +36,4 @@ source = "https://github.com/felddy/foundryvtt-docker" test = ["coverage", "coveralls", "docker", "pre-commit", "pytest", "pytest-cov"] [tool.setuptools.dynamic] -version = { attr = "_version.__version__" } +version = { file = "src/version.txt" } diff --git a/requirements-dev.txt b/requirements-dev.txt index 1d7e3027..d149d1a3 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,4 +1,6 @@ --requirement requirements-test.txt ipython mypy -semver +pipenv +# The bump-version script requires at least version 3 of semver. +semver>=3 diff --git a/setup-env b/setup-env index f0133130..ad1d5269 100755 --- a/setup-env +++ b/setup-env @@ -13,8 +13,9 @@ It does the following: - Allows the user to specify a name for the virtual environment. - Verifies pyenv and pyenv-virtualenv are installed. - Creates the Python virtual environment. + - Creates a Node.js virtual environment. - Configures the activation of the virtual environment for the repo directory. - - Installs the requirements needed for development (including mypy type stubs). + - Installs the requirements needed for development. - Installs git pre-commit hooks. - Configures git remotes for upstream "lineage" repositories. @@ -39,6 +40,52 @@ python_versions() { pyenv versions --bare --skip-aliases --skip-envs } +check_python_version() { + local version=$1 + + # This is a valid regex for semantically correct Python version strings. + # For more information see here: + # https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string + # Break down the regex into readable parts major.minor.patch + local major="0|[1-9]\d*" + local minor="0|[1-9]\d*" + local patch="0|[1-9]\d*" + + # Splitting the prerelease part for readability + # Start of the prerelease + local prerelease="(?:-" + # Numeric or alphanumeric identifiers + local prerelease+="(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)" + # Additional dot-separated identifiers + local prerelease+="(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*" + # End of the prerelease, making it optional + local prerelease+=")?" + # Optional build metadata + local build="(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?" + + # Final regex composed of parts + local regex="^($major)\.($minor)\.($patch)$prerelease$build$" + + # This checks if the Python version does not match the regex pattern specified in $regex, + # using Perl for regex matching. If the pattern is not found, then prompt the user with + # the invalid version message. + if ! echo "$version" | perl -ne "exit(!/$regex/)"; then + echo "Invalid version of Python: Python follows semantic versioning," \ + "so any version string that is not a valid semantic version is an" \ + "invalid version of Python." + exit 1 + # Else if the Python version isn't installed then notify the user. + # grep -E is used for searching through text lines that match the specific verison. + elif ! python_versions | grep -E "^${version}$" > /dev/null; then + echo "Error: Python version $version is not installed." + echo "Installed Python versions are:" + python_versions + exit 1 + else + echo "Using Python version $version" + fi +} + # Flag to force deletion and creation of virtual environment FORCE=0 @@ -144,17 +191,8 @@ while true; do -p | --python-version) PYTHON_VERSION="$2" shift 2 - # Check the Python versions being passed in. - if [ -n "${PYTHON_VERSION+x}" ]; then - if python_versions | grep -E "^${PYTHON_VERSION}$" > /dev/null; then - echo Using Python version "$PYTHON_VERSION" - else - echo Error: Python version "$PYTHON_VERSION" is not installed. - echo Installed Python versions are: - python_versions - exit 1 - fi - fi + # Check the Python version being passed in. + check_python_version "$PYTHON_VERSION" ;; -v | --venv-name) VENV_NAME="$2" @@ -188,15 +226,8 @@ if [ $LIST_VERSIONS -ne 0 ]; then # Read the user's desired Python version. # -r: treat backslashes as literal, -p: display prompt before input. read -r -p "Enter the desired Python version: " PYTHON_VERSION - # Check the Python versions being passed in. - if [ -n "${PYTHON_VERSION+x}" ]; then - if python_versions | grep -E "^${PYTHON_VERSION}$" > /dev/null; then - echo Using Python version "$PYTHON_VERSION" - else - echo Error: Python version "$PYTHON_VERSION" is not installed. - exit 1 - fi - fi + # Check the Python version being passed in. + check_python_version "$PYTHON_VERSION" fi # Remove any lingering local configuration. diff --git a/src/_version.py b/src/_version.py deleted file mode 100644 index 3ddba9e1..00000000 --- a/src/_version.py +++ /dev/null @@ -1,3 +0,0 @@ -"""This file defines the version of this module.""" - -__version__ = "13.335.0" diff --git a/src/logging.sh b/src/logging.sh old mode 100644 new mode 100755 diff --git a/src/version.txt b/src/version.txt new file mode 100644 index 00000000..bfdee1e4 --- /dev/null +++ b/src/version.txt @@ -0,0 +1 @@ +13.335.0 diff --git a/tag.sh b/tag.sh index e1f74474..0a0e607a 100755 --- a/tag.sh +++ b/tag.sh @@ -4,6 +4,6 @@ set -o nounset set -o errexit set -o pipefail -version=$(./bump_version.sh show) +version=$(./bump-version show) git tag "v$version" && git push --tags diff --git a/tests/conftest.py b/tests/conftest.py index fa56217e..24acc185 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -18,7 +18,7 @@ # Cloudflare R2 pre-signed URL re.compile(r"\?verify=([0-9]+-[a-zA-Z0-9%]+)"), ] -VERSION_FILE = "src/_version.py" +VERSION_FILE = "src/version.txt" VERSION_SERVICE_NAME = f"{MAIN_SERVICE_NAME}-version" client = docker.from_env() @@ -81,10 +81,9 @@ def version_container(image_tag): @pytest.fixture(scope="session") def project_version(): """Get the project version.""" - pkg_vars = {} with open(VERSION_FILE) as f: - exec(f.read(), pkg_vars) # nosec - return pkg_vars["__version__"] + version = f.read().strip() + return version @pytest.fixture(scope="session") diff --git a/tests/container_test.py b/tests/container_test.py old mode 100644 new mode 100755 From 4794acf5915a3ff6bf99264f98d3568241de9811 Mon Sep 17 00:00:00 2001 From: Felddy Date: Mon, 10 Feb 2025 12:40:36 -0500 Subject: [PATCH 3/4] Add cache tag file to container cache directory Closes #1151 Add support for `CACHEDIR.TAG` files to the container cache --- src/entrypoint.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/entrypoint.sh b/src/entrypoint.sh index b44d39d0..5e1d6f42 100755 --- a/src/entrypoint.sh +++ b/src/entrypoint.sh @@ -139,6 +139,13 @@ if [ $install_required = true ]; then if [[ "${CONTAINER_CACHE:-}" ]]; then log "Using CONTAINER_CACHE: ${CONTAINER_CACHE}" mkdir -p "${CONTAINER_CACHE}" + # Create a cache marker file in the cache directory. + cat << END_OF_LINE > "${CONTAINER_CACHE}/CACHEDIR.TAG" +Signature: $(printf ".IsCacheDirectory" | md5sum | cut -d ' ' -f 1) +# This file is a cache directory tag created by the felddy/foundryvtt container +# https://github.com/felddy/foundryvtt-docker +# For information about cache directory tags see https://bford.info/cachedir/ +END_OF_LINE else log_warn "CONTAINER_CACHE has been unset. Release caching is disabled." fi From c28a8efe888763bc1a10306617e5911d2f8ada9a Mon Sep 17 00:00:00 2001 From: Felddy Date: Tue, 11 Feb 2025 21:46:03 -0500 Subject: [PATCH 4/4] Revert bump script name --- tag.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tag.sh b/tag.sh index 0a0e607a..e1f74474 100755 --- a/tag.sh +++ b/tag.sh @@ -4,6 +4,6 @@ set -o nounset set -o errexit set -o pipefail -version=$(./bump-version show) +version=$(./bump_version.sh show) git tag "v$version" && git push --tags