feature/mx-1347 link cruft template (#10)

# Added - pull request template - cve scan workflow - CHANGELOG file - cruft template link # Changes - harmonized boilerplate --------- Signed-off-by: Nicolas Drebenstedt <drebenstedtn@rki.de>
robert-koch-institut · Jan 17, 2024 · 2fe5723 · 2fe5723
1 parent d8ef77a
commit 2fe5723
Show file tree

Hide file tree

Showing 14 changed files with 299 additions and 22 deletions.
diff --git a/.cruft.json b/.cruft.json
@@ -0,0 +1,14 @@
+{
+  "template": "https://github.com/robert-koch-institut/mex-template",
+  "commit": "fb8fdbbc28f15d99939d22915b49348150d1d534",
+  "checkout": null,
+  "context": {
+    "cookiecutter": {
+      "project_name": "model",
+      "short_summary": "Conceptual and machine-readable versions of the MEx metadata model.",
+      "long_summary": "The `mex-model` repository contains the MEx metadata model in two formats. `/docs/specification.md` contains the conceptual model, which is mainly used to facilitate interoperability with other metadata schemas and models. `mex/model` holds the JSON schema, which represents the conceptual model in a format that can be used for technical implementation in applications.",
+      "_template": "https://github.com/robert-koch-institut/mex-template"
+    }
+  },
+  "directory": null
+}
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -0,0 +1,20 @@
+# PR Context
+<!-- Additional info for the reviewer -->
+
+# Added
+<!-- New features and interfaces -->
+
+# Changes
+<!-- Changes in existing functionality -->
+
+# Deprecated
+<!-- Soon-to-be removed features -->
+
+# Removed
+<!-- Definitely removed features -->
+
+# Fixed
+<!-- Fixed bugs -->
+
+# Security
+<!-- Fixed vulnerabilities -->
diff --git a/.github/workflows/cookiecutter.yml b/.github/workflows/cookiecutter.yml
@@ -0,0 +1,42 @@
+name: Cookiecutter
+
+on:
+  push:
+    branches: ["main"]
+  workflow_dispatch:
+
+env:
+  PIP_NO_OPTION: on
+  PIP_NO_CLEAN: on
+  PIP_PREFER_BINARY: on
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+
+      - name: Cache requirements
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-requirements
+        with:
+          path: ~/.cache/pip
+          key: ${{ env.cache-name }}-${{ hashFiles('requirements.txt') }}
+          restore-keys: |
+            ${{ env.cache-name }}-
+
+      - name: Setup python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+
+      - name: Install requirements
+        run: make setup
+
+      - name: Check template
+        run: cruft check
diff --git a/.github/workflows/cve-scan.yml b/.github/workflows/cve-scan.yml
@@ -0,0 +1,45 @@
+name: CVE Scan
+
+on:
+  pull_request:
+  schedule:
+    - cron: '0 2 * * *'
+  workflow_dispatch:
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
+
+      - name: Cache trivy
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-trivy
+        with:
+          path: ~/.cache/trivy
+          key: ${{ env.cache-name }}-${{ hashFiles('poetry.lock') }}
+          restore-keys: |
+            ${{ env.cache-name }}-
+
+      - name: Run trivy
+        uses: aquasecurity/trivy-action@master
+        with:
+          exit-code: 1
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          scan-ref: '.'
+          scan-type: 'fs'
+          severity: 'CRITICAL,HIGH'
+          list-all-pkgs: 'true'
+          ignore-unfixed: true
+
+      - name: Publish results
+        uses: github/codeql-action/upload-sarif@v2
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -29,13 +29,23 @@ jobs:
           restore-keys: |
             ${{ env.cache-name }}-
 
+      - name: Cache poetry
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-poetry
+        with:
+          path: ~/.cache/pip
+          key: ${{ env.cache-name }}-${{ hashFiles('poetry.lock') }}
+          restore-keys: |
+            ${{ env.cache-name }}-
+
       - name: Setup python
         uses: actions/setup-python@v4
         with:
           python-version: 3.11
 
       - name: Install requirements
-        run: make setup
+        run: make install
 
       - name: Run linters
         run: make linter
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,11 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
 # Distribution / packaging
 .Python
 build/
@@ -18,12 +26,79 @@ share/python-wheels/
 *.egg
 MANIFEST
 
+# PyInstaller
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Testing / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+pytestdebug.log
+
+# Translations
+*.mo
+*.pot
+
+# Scrapy stuff
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+docs/source/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# PEP 582
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
 # Environments
 *.env
 .env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
 
-# MacOS
-.DS_Store
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# ruff
+.ruff_cache
 
 # PyCharm
 .idea/
@@ -33,3 +108,6 @@ MANIFEST
 .vscode/*
 .history/
 *.code-workspace
+
+# SQLite databases
+*.db
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,6 +8,7 @@ repos:
       - id: pretty-format-json
         name: json
         args: [--autofix, --no-sort-keys, --indent=4, --no-ensure-ascii]
+        exclude: .cruft.json
       - id: check-yaml
         name: yaml
       - id: end-of-file-fixer
@@ -16,3 +17,8 @@ repos:
         name: whitespaces
       - id: fix-byte-order-marker
         name: byte-order
+  - repo: https://github.com/python-poetry/poetry
+    rev: 1.7.1
+    hooks:
+      - id: poetry-check
+        name: poetry
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,27 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+
+- pull request template
+- cve scan workflow
+- CHANGELOG file
+- cruft template link
+
+### Changes
+
+- harmonized boilerplate
+
+### Deprecated
+
+### Removed
+
+### Fixed
+
+### Security
diff --git a/LICENSE b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Robert Koch-Institut
+Copyright (c) 2024 Robert Koch-Institut
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

diff --git a/README.md b/README.md
@@ -3,6 +3,7 @@
 Conceptual and machine-readable versions of the MEx metadata model.
 
 [![linting](https://github.com/robert-koch-institut/mex-model/actions/workflows/linting.yml/badge.svg)](https://github.com/robert-koch-institut/mex-model/actions/workflows/linting.yml)
+[![cve-scan](https://github.com/robert-koch-institut/mex-model/actions/workflows/cve-scan.yml/badge.svg)](https://github.com/robert-koch-institut/mex-model/actions/workflows/cve-scan.yml)
 
 ## project
 
@@ -16,6 +17,10 @@ Via MEx, metadata will be made findable, accessible and shareable, as well as av
 for further research. The goal is to get an overview of what research data is available,
 understand its context, and know what needs to be considered for subsequent use.
 
+RKI cooperated with D4L data4life gGmbH for a pilot phase where the vision of a
+FAIR metadata catalog was explored and concepts and prototypes were developed.
+The partnership has ended with the successful conclusion of the pilot phase.
+
 After an internal launch, the metadata will also be made publicly available and thus be
 available to external researchers as well as the interested (professional) public to
 find research data from the RKI.
@@ -30,31 +35,53 @@ data Findable, Accessible, Interoperable and Reusable.
 ## package
 
 The `mex-model` repository contains the MEx metadata model in two formats.
-
-- `/docs` contains the conceptual model, which is mainly used to facilitate
-  interoperability with other metadata schemas and models
-- `mex/model` holds the JSON schema, which represents the conceptual model in a format
-  that can be used for technical implementation in applications
+`/docs/specification.md` contains the conceptual model, which is mainly used to
+facilitate interoperability with other metadata schemas and models. `mex/model` holds
+the JSON schema, which represents the conceptual model in a format that can be used for
+technical implementation in applications.
 
 ## license
 
-This package is licensed under the [MIT license](/LICENSE). Other components of the
-MEx project will be released under the same license in the future.
+This package is licensed under the [MIT license](/LICENSE). All other software
+components of the MEx project are open-sourced under the same license as well.
 
 ## development
 
 ### installation
 
-- install `python3.11` in your preferred way
-- on unix run `make install`
-- on windows run `.\mex.bat install`
+- on unix, consider using pyenv https://github.com/pyenv/pyenv
+  - get pyenv `curl https://pyenv.run | bash`
+  - install 3.11 `pyenv install 3.11`
+  - create env `pyenv virtualenv 3.11 mex`
+  - go to repo root
+  - use env `pyenv local mex`
+  - run `make install`
+- on windows, see https://python-poetry.org/docs/managing-environments
+  - install `python3.11` in your preferred way
+  - go to repo root
+  - run `.\mex.bat install`
 
-### linting
+### linting and testing
 
 - on unix run `make test`
 - on windows run `.\mex.bat test`
+- or run manually
+  - linter checks via `pre-commit run --all-files`
+  - all tests via `poetry run pytest`
+  - just unit tests via `poetry run pytest -m "not integration"`
 
 ### updating dependencies
 
+- update boilerplate files with `cruft update`
 - update global dependencies in `requirements.txt` manually
 - update git hooks with `pre-commit autoupdate`
+- show outdated dependencies with `poetry show --outdated`
+- update dependencies in poetry using `poetry update --lock`
+- update github actions manually in `.github/workflows/*.yml`
+
+### creating release
+
+- update version, eg `poetry version minor`
+- commit update `git commit --message "..." pyproject.toml`
+- create a tag `git tag ...`
+- push `git push --follow-tags`