diff --git a/.gitignore b/.gitignore
index 574fe32b04533cd4854491fea23fa54a18abd6d3..024eb667ba69e7bed3260dd1bbb07eaba5376a26 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,14 +1,15 @@
+__pycache__
.coverage
-cov.xml
.DS_Store
.eggs
-*.pyc
-coverage.xml
.ipynb_checkpoints*
.mypy_cache
.pytest_cache
-htmlcov
.vscode
+*.egg-info
+*.pyc
build
+coverage.xml
dist
-*.egg-info
\ No newline at end of file
+htmlcov
+junit.xml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c7e2878665e06bbdff96e062bb14f0303873d926..e6f77b92fc3bab4d66f10fb137e748ef39a71a64 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: ${DEVOPS_REGISTRY}usgs/python:3.9-obspy
+image: code.usgs.gov:5001/devops/images/usgs/python:3.10-obspy
stages:
- init
@@ -28,7 +28,6 @@ workflow:
- IMAGE_NAME=usgs/${APP_NAME}:${CI_COMMIT_REF_SLUG}
- IMAGE_NAME=${IMAGE_NAME/:master/:latest}
- INTERNAL_IMAGE_NAME=${CODE_REGISTRY_IMAGE}/${IMAGE_NAME}
- - STACK_NAME=${APP_NAME}
.deploy:
extends:
@@ -90,6 +89,22 @@ workflow:
APP_DEPLOY_DIR: "/geomag/geomag-algorithms"
REQUIRED_PREFIX: "/geomag"
+# template for jobs that need docker-in-docker
+.dind:
+ # TODO: refactor Docker build to different runner
+ # before_script:
+ # - |
+ # echo "${CI_REGISTRY_PASSWORD}" | docker login \
+ # --username "${CI_REGISTRY_USER}" \
+ # --password-stdin \
+ # "${CI_REGISTRY}"
+ image: code.usgs.gov:5001/devops/images/usgs/docker:20
+ services:
+ - alias: docker
+ name: code.usgs.gov:5001/devops/images/usgs/docker:20-dind
+ variables:
+ DOCKER_DRIVER: overlay2
+
# rules to define which branches should trigger actions
.development-env: &development-env
if: $CI_PROJECT_PATH != $UPSTREAM_PATH
@@ -106,7 +121,7 @@ workflow:
.production-env: &production-env
if: >
$CI_PROJECT_PATH == $UPSTREAM_PATH
- && ( $CI_COMMIT_BRANCH == 'production' || $CI_COMMIT_TAG)
+ && ( $CI_COMMIT_BRANCH == 'production' || $CI_COMMIT_TAG )
variables:
ENVIRONMENT: production
@@ -127,7 +142,6 @@ Poetry:
# install into .venv for artifact
- poetry config virtualenvs.in-project true --local
- poetry install
- - poetry run safety check
stage: init
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
@@ -136,21 +150,28 @@ Poetry:
# Test Stage
## --------------------------------------------------
-Python Build:
+Audit:
+ needs:
+ - Poetry
+ script:
+ - poetry run poe audit
+ stage: test
+
+Build:
needs:
- Poetry
script:
- poetry build
stage: test
-Python Lint:
+Lint:
needs:
- Poetry
script:
- - poetry run black --check .
+ - poetry run poe lint
stage: test
-Python Test:
+Test:
artifacts:
reports:
coverage_report:
@@ -160,8 +181,7 @@ Python Test:
needs:
- Poetry
script:
- - poetry run pytest --cov=geomagio --junitxml junit.xml
- - poetry run coverage xml
+ - poetry run poe test
stage: test
## --------------------------------------------------
@@ -171,9 +191,9 @@ Python Test:
Build Docker Image:
extends:
- .adjust_image_names
- image: ${DEVOPS_REGISTRY}docker:19.03-git
+ - .dind
needs:
- - Python Build
+ - Build
script:
- LOCAL_IMAGE="local/${IMAGE_NAME}"
## build image
@@ -186,8 +206,6 @@ Build Docker Image:
"."
## trivy scan before push
- - wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
- - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
# fail LOW,MEDIUM vulnerabilities that have a fix available
- ./trivy image --exit-code 1 --ignore-unfixed --severity LOW,MEDIUM "${LOCAL_IMAGE}";
# fail HIGH,CRITICAL vulnerabilities
@@ -203,17 +221,13 @@ Build Docker Image:
docker tag "${LOCAL_IMAGE}" "${IMAGE}";
docker push "${IMAGE}";
done
- services:
- - alias: docker
- name: ${DEVOPS_REGISTRY}docker:19.03-dind
stage: integration
tags:
+ # TODO: refactor to separate build/publish steps
- build
variables:
APP_NAME: geomag-algorithms
- DOCKER_DRIVER: overlay2
- FROM_IMAGE: ${DEVOPS_REGISTRY}usgs/python:3.9-obspy
- TRIVY_VERSION: "0.27.1"
+ FROM_IMAGE: code.usgs.gov:5001/devops/images/usgs/python:3.10-obspy
## --------------------------------------------------
# Deploy Stage
diff --git a/pyproject.toml b/pyproject.toml
index 4de69450022bf96151d7ef4194426254f88c41b3..41503ae5b9acf35f2a0d866959a8584ccdf79c00 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -78,6 +78,9 @@ copy-absolutes = "geomagio.processing.copy_absolutes:main"
[tool.poe.tasks]
# e.g. "poetry run poe lint"
+audit = [
+ { shell = "safety check"}
+]
lint = [
{ shell = "black --check ." },
# TODO: fix isort warnings then enable this check