Merge pull request #11 from Ouranosinc/run-tests

Ouranosinc · Feb 15, 2023 · b4cbacf · b4cbacf
2 parents 0a25a87 + 4963265
commit b4cbacf
Show file tree

Hide file tree

Showing 53 changed files with 3,206 additions and 1,056 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,42 +1,45 @@
-# Docker
+## Docker
 Dockerfile
 .dockerignore
 
-# Git
+## Git
 .git
 .github
 
-# Environment
+## Environment
 env/*.env
 venv
 
-# Makefile
+## Makefile
 downloads
 
-# Unit test / Coverage reports
+## Unit test / Coverage reports
 **/.cache
 **/.coverage
 **/.pytest_cache
 .coverage
 reports
 share
 
-# PyCharm
+## PyCharm
 .idea
 
-# vscode
+## vscode
 .vscode
 
-# Build artifacts
+## Build artifacts
 **/__pycache__
 **/*.py[cod]
 *.egg-info
 *.egg[s]
 build
 dist
 pip-selfcheck.json
+node_modules
+package-lock.json
+package.json
 
-# Project
+## Project
 *.log
 **/custom.ini
 docs/

diff --git a/.github/.gitleaks.toml b/.github/.gitleaks.toml
@@ -0,0 +1,118 @@
+# Original:
+#   https://raw.githubusercontent.com/zricethezav/gitleaks-action/master/.gitleaks.toml
+title = "gitleaks config"
+[[rules]]
+	description = "AWS Manager ID"
+	regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}'''
+	tags = ["key", "AWS"]
+[[rules]]
+	description = "AWS Secret Key"
+	regex = '''(?i)aws(.{0,20})?(?-i)['\"][0-9a-zA-Z\/+]{40}['\"]'''
+	tags = ["key", "AWS"]
+[[rules]]
+	description = "AWS MWS key"
+	regex = '''amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'''
+	tags = ["key", "AWS", "MWS"]
+[[rules]]
+	description = "Facebook Secret Key"
+	regex = '''(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]'''
+	tags = ["key", "Facebook"]
+[[rules]]
+	description = "Facebook Client ID"
+	regex = '''(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]'''
+	tags = ["key", "Facebook"]
+[[rules]]
+	description = "Twitter Secret Key"
+	regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}['\"]'''
+	tags = ["key", "Twitter"]
+[[rules]]
+	description = "Twitter Client ID"
+	regex = '''(?i)twitter(.{0,20})?['\"][0-9a-z]{18,25}['\"]'''
+	tags = ["client", "Twitter"]
+[[rules]]
+	description = "Github"
+	regex = '''(?i)github(.{0,20})?(?-i)['\"][0-9a-zA-Z]{35,40}['\"]'''
+	tags = ["key", "Github"]
+[[rules]]
+	description = "LinkedIn Client ID"
+	regex = '''(?i)linkedin(.{0,20})?(?-i)['\"][0-9a-z]{12}['\"]'''
+	tags = ["client", "LinkedIn"]
+[[rules]]
+	description = "LinkedIn Secret Key"
+	regex = '''(?i)linkedin(.{0,20})?['\"][0-9a-z]{16}['\"]'''
+	tags = ["secret", "LinkedIn"]
+[[rules]]
+	description = "Slack"
+	regex = '''xox[baprs]-([0-9a-zA-Z]{10,48})?'''
+	tags = ["key", "Slack"]
+[[rules]]
+	description = "Asymmetric Private Key"
+	regex = '''-----BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?-----'''
+	tags = ["key", "AsymmetricPrivateKey"]
+[[rules]]
+	description = "Generic Credential"
+	regex = '''(?i)(api_key|apikey|secret)(.{0,20})?['|"][0-9a-zA-Z]{16,45}['|"]'''
+	tags = ["key", "API", "generic"]
+	[rules.allowlist]
+        description = "ignore old commit secret (v0.1.0)"
+        commits = ["11cdaf9bb4ffa9eb060ae58dd81268012fd60c28"]
+        paths = ['''magpie/security.py''']
+        regexes = ['''randomsecretstring''']
+[[rules]]
+	description = "Google API key"
+	regex = '''AIza[0-9A-Za-z\\-_]{35}'''
+	tags = ["key", "Google"]
+[[rules]]
+	description = "Heroku API key"
+	regex = '''(?i)heroku(.{0,20})?['"][0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}['"]'''
+	tags = ["key", "Heroku"]
+[[rules]]
+	description = "MailChimp API key"
+	regex = '''(?i)(mailchimp|mc)(.{0,20})?['"][0-9a-f]{32}-us[0-9]{1,2}['"]'''
+	tags = ["key", "Mailchimp"]
+[[rules]]
+	description = "Mailgun API key"
+	regex = '''(?i)(mailgun|mg)(.{0,20})?['"][0-9a-z]{32}['"]'''
+	tags = ["key", "Mailgun"]
+[[rules]]
+	description = "PayPal Braintree access token"
+	regex = '''access_token\$production\$[0-9a-z]{16}\$[0-9a-f]{32}'''
+	tags = ["key", "Paypal"]
+[[rules]]
+	description = "Picatic API key"
+	regex = '''sk_live_[0-9a-z]{32}'''
+	tags = ["key", "Picatic"]
+[[rules]]
+	description = "SendGrid API Key"
+	regex = '''SG\.[\w_]{16,32}\.[\w_]{16,64}'''
+	tags = ["key", "SendGrid"]
+[[rules]]
+	description = "Slack Webhook"
+	regex = '''https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}'''
+	tags = ["key", "slack"]
+[[rules]]
+	description = "Stripe API key"
+	regex = '''(?i)stripe(.{0,20})?['\"][sk|rk]_live_[0-9a-zA-Z]{24}'''
+	tags = ["key", "Stripe"]
+[[rules]]
+	description = "Square access token"
+	regex = '''sq0atp-[0-9A-Za-z\-_]{22}'''
+	tags = ["key", "square"]
+[[rules]]
+	description = "Square OAuth secret"
+	regex = '''sq0csp-[0-9A-Za-z\\-_]{43}'''
+	tags = ["key", "square"]
+[[rules]]
+	description = "Twilio API key"
+	regex = '''(?i)twilio(.{0,20})?['\"][0-9a-f]{32}['\"]'''
+	tags = ["key", "twilio"]
+[allowlist]
+    description = "Allowlisted files"
+    files = [
+    # original contents
+    '''^\.?gitleaks.toml$''',
+    '''(.*?)(jpg|gif|doc|pdf|bin)$''',
+    '''(go.mod|go.sum)$''',
+    # old commit files with false positives or dummy data
+    '''magpie/login/login.py''',
+    '''.+(.js.map)$''']
diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md
@@ -0,0 +1,37 @@
+---
+name: Bug Report
+about: Create a report to help us improve.
+title: "[BUG]"
+labels: bug
+assignees: fmigneault
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+<!--
+Steps to reproduce the behavior:
+1. Deploy process with payload '...'
+2. Execute using payload '....'
+3. Result '....'
+4. Error message '...'
+-->
+
+**Expected behavior**
+<!--
+A clear and concise description of what you expected to happen.
+-->
+
+**Screenshots**
+<!--
+If applicable, add screenshots to help explain your problem.
+-->
+
+**Environment**
+<!-- Please complete the following information -->
+ - OS: \[e.g. Linux|Windows] (if running locally)
+ - Browser \[e.g. chrome, safari] (if running as a service)
+ - Instance: URL (if needed to demonstrate the bug)
+ - Version: MAJOR.MINOR.PATCH
diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md
@@ -0,0 +1,32 @@
+---
+name: Feature Request
+about: Suggest an idea for this project.
+title: "[Feature]"
+labels: feature
+assignees: fmigneault
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+<!-- 
+A clear and concise description of what the problem is. 
+Ex. I would like to be able to authenticate using [...]
+-->
+
+
+**Describe the solution you'd like**
+<!--
+A clear and concise description of what you want to happen. 
+-->
+
+
+**Describe alternatives you've considered**
+<!--
+A clear and concise description of any alternative solutions or features you've considered.
+-->
+
+
+**Additional context**
+<!--
+Add any other context or screenshots about the feature request here.
+-->
diff --git a/.github/labeler.yml b/.github/labeler.yml
@@ -0,0 +1,44 @@
+# label rules used by .github/workflows/label.yml
+
+api:
+  - canarieapi/api.py
+  - canarieapi/app_object.py
+  - canarieapi/reverse_proxied.py
+  - canarieapi/status.py
+  - canarieapi/utility_rest.py
+  - canarieapi/wsgi.py
+
+config:
+  - canarieapi/default_configuration.py
+  - canarieapi/schema.py
+
+monitor:
+  - canarieapi/logparser.py
+  - canarieapi/monitor.py
+
+# label 'ci' all automation-related steps and files
+ci:
+  - .*  # all '.<>' files
+  - .github/**/*
+  - ci/**/*
+  - hooks/**/*
+  - Makefile
+  - Dockerfile*
+  - setup.cfg
+
+doc:
+  - "*.rst"
+  - "*.example"
+  - doc/**/*
+  - requirements-doc.txt
+
+db:
+  - canarieapi/database_schema.sql
+
+tests:
+  - tests/**/*
+  - requirements-dev.txt
+
+ui:
+  - canarieapi/static/*
+  - canarieapi/templates/*
diff --git a/.github/workflows/greetings.yml b/.github/workflows/greetings.yml
@@ -0,0 +1,18 @@
+name: Greetings
+
+on: [pull_request, issues]
+
+jobs:
+  greeting:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/first-interaction@v1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        issue-message: >
+          Thanks for submitting an issue. Make sure you have checked for similar issues.
+          Also, provide enough details for us to be able to replicate the problem.
+        pr-message: >
+          Thanks for submitting a PR. Make sure you have looked at the contribution guidelines.
+          Also, look for quick check/tests operations that you can run locally for early verification of errors.
+          Travis will be happier if it doesn't need to run too many times with problematic code.
diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
@@ -0,0 +1,17 @@
+# This workflow will triage pull requests and apply a label based on the
+# paths that are modified in the pull request.
+#
+# To use this workflow, you will need to set up a .github/labeler.yml
+# file with configuration.  For more information, see:
+# https://github.com/actions/labeler/blob/master/README.md
+
+name: Labeler
+on: [pull_request]
+
+jobs:
+  label:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v2
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"
diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml
@@ -0,0 +1,58 @@
+# look for secrets pushed by mistake
+
+# NOTE: To fix problematic commits that got references to detected secrets, execute the following:
+# 1. Assuming the branch is built on top of master for a PR
+#     >> git rebase -i master
+# 2. Then, replace "pick" by "squash" for matched problematic commits
+#	 If this didn't work, more advanced edit of history commits needs to be applied.
+#	 Please refer to git interactive rebase documentation to do so.
+# 3. Finally re-run secrets analysis to validate that problems where fixed
+
+
+name: Secret Scan
+on:
+  - pull_request
+  - push
+
+jobs:
+  #trufflehog:
+  #  runs-on: ubuntu-latest
+  #  steps:
+  #  - uses: actions/checkout@master
+  #  - name: trufflehog-actions-scan
+  #    uses: edplato/trufflehog-actions-scan@master
+    #- uses: max/secret-scan@master
+    #  with:
+    #    repo-token: "${{ secrets.GITHUB_TOKEN }}"
+
+  # ref: https://github.com/svdarren/secrets-workflow/blob/9633bc1195a1ca1d4d70415aa4eff6cf55d706de/.github/workflows/secrets.yml
+  gitleak:
+    name: gitleaks
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: '0'
+      - name: Install dependencies
+        run: docker pull zricethezav/gitleaks
+      #- run: |
+      #    docker run --name=gitleaks --volume $GITHUB_WORKSPACE:/workspace/ \
+      #    -v --exclude-forks --redact --threads=1 --branch=$GITHUB_REF --repo-path=/workspace/
+      #- run: docker run --rm --name=gitleaks -v /tmp/:/code/ zricethezav/gitleaks -v --repo-path=/code/gitleaks
+      # @todo command is failing
+      #- run: gitleaks -v --exclude-forks --redact --threads=1 --branch=$GITHUB_REF --repo-path=$GITHUB_WORKSPACE
+
+      # FIXME: revert to original repo when (if) they ever consider the fix
+      #     https://github.com/eshork/gitleaks-action/pull/4
+      #     https://github.com/eshork/gitleaks-action/issues/3
+      #- uses: fmigneault/gitleaks-action@master
+      #- uses: eshork/gitleaks-action@v1.0.0
+      - uses: gitleaks/gitleaks-action@v1.6.0  # see: https://github.com/gitleaks/gitleaks-action/issues/57
+
+      # NOTE:
+      #   does the same as gitleaks-action, but over the whole git history + posts found problem on issue/PR comments
+      #   disable as it causes old (fixed) problems to be detected
+      #- uses: CySeq/gitcret@v2
+      #  env:
+      #    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}