Merge pull request #14 from voquis/12-use-oidc-publishing

#12 use oidc publishing

.github/workflows/publish.yml

@@ -4,10 +4,6 @@ on:
   push:
     tags: [ '*.*.*' ]
 
-env:
-  PYTHON_REPOSITORY_USERNAME: ${{ secrets.PYTHON_REPOSITORY_USERNAME }}
-  PYTHON_REPOSITORY_PASSWORD: ${{ secrets.PYTHON_REPOSITORY_PASSWORD }}
-
 jobs:
   publish:
     runs-on: ubuntu-latest
@@ -16,17 +12,17 @@ jobs:
       contents: read
     steps:
       # Checkout project code
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       # Set up python environment
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v3
         with:
           python-version: '3.x'
 
-      # Install python poetry and dependencies for use in later steps
-      - name: Install Poetry
-        run: ./scripts/poetry.sh
+      # Re-run validation and build
+      - name: Validate
+        run: ./scripts/validate.sh
 
-      # Change working directory and run build script
-      - name: Publish
-        run: ./scripts/publish.sh
+      # Get pypi credentials and publish
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1

.github/workflows/validate.yml

@@ -10,24 +10,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Checkout project code
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       # Install and run shellcheck for all shell scripts
-      - name: Install shellcheck
-        run: sudo apt install shellcheck
-
-      - name: Check shell scripts
-        run: for f in $(find scripts -type f -name *.sh); do shellcheck $f; done;
+      - run: sudo apt install shellcheck
+      - run: for f in $(find scripts -type f -name *.sh); do shellcheck $f; done;
 
       # Use python setup action to configure version
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v3
         with:
           python-version: '3.x'
 
       # Install python poetry and dependencies for use in later steps
-      - name: Install poetry
-        run: ./scripts/poetry.sh
-
-      # Run validation script
-      - name: Validate
-        run: ./scripts/validate.sh
+      - run: ./scripts/validate.sh

pyproject.toml

@@ -1,31 +1,43 @@
-[tool.poetry]
+[build-system]
+build-backend = "hatchling.build"
+requires = ["hatchling"]
+
+[project]
 name = "value-fetcher"
-version = "1.0.2"
+version = "1.0.3"
 description = "Fetch a value from various sources, e.g AWS Secrets Manager and SSM Parameter Store"
-authors = ["Voquis Limited <opensource@voquis.com>"]
-readme = "README.md"
-packages = [{include = "value_fetcher", from = "src"}]
-homepage = "https://github.com/voquis/value-fetcher"
-repository = "https://github.com/voquis/value-fetcher"
 keywords = ["parameters", "secrets", "configuration", "values"]
+readme = "README.md"
 license = "MIT"
+requires-python = ">=3.8"
+
+authors = [{ name = "Voquis Limited", email = "opensource@voquis.com" }]
+
+classifiers = [
+  "Programming Language :: Python :: 3",
+  "License :: OSI Approved :: MIT License",
+  "Operating System :: OS Independent",
+]
 
-[tool.poetry.dependencies]
-python = "^3.11"
-boto3 = "^1.26.27"
-pyyaml = "^6.0"
+dependencies = ["boto3"]
+
+[project.optional-dependencies]
+dev = [
+  'black',
+  'build',
+  'flake8',
+  'moto',
+  'pylint',
+  'pytest',
+  'pytest-cov',
+  'twine'
+]
+
+[project.urls]
+Homepage = "https://github.com/voquis/value-fetcher"
+Issues = "https://github.com/voquis/value-fetcher/issues"
 
 [tool.pytest.ini_options]
 pythonpath = [
   "src"
 ]
-
-[tool.poetry.group.dev.dependencies]
-moto = "^4.0.11"
-pylint = "^2.15.8"
-pytest = "^7.2.0"
-coverage = "^6.5.0"
-
-[build-system]
-requires = ["poetry-core"]
-build-backend = "poetry.core.masonry.api"

scripts/validate.sh

@@ -1,14 +1,27 @@
 #!/bin/bash
 set -euo pipefail
 
-# Install dependencies, including development dependencies
-poetry install --no-root
+# Assumes the src contains a single package to be built
+PACKAGE_PATH=$(find src/* -type d | head -n 1)
+PACKAGE_NAME=${PACKAGE_PATH#src/}
+echo "Using package name: $PACKAGE_NAME"
 
-# Run linting checks on package, tests and app entrypoint
-poetry run pylint src tests
+# Install development dependencies with pip
+pip install .[dev]
 
-# Run tests and generate test coverage report
-poetry run coverage run -m pytest tests
-poetry run coverage html --omit="tests*"
-poetry run coverage xml --omit="tests/*"
-poetry run coverage report --omit="tests/*" --precision=2 --fail-under=100.00
+# Run formatting checks
+flake8
+
+# Run linting checks
+black --check --diff .
+pylint src tests
+
+# Run tests and generate coverage reports
+pytest --cov="$PACKAGE_NAME" \
+  --cov-report term \
+  --cov-report html \
+  --cov-fail-under=100.00
+
+# Check the build
+python -m build
+twine check --strict dist/*

src/value_fetcher/__init__.py

@@ -1,4 +1,7 @@
 """
 Load value fetcher class to make available at the package level
 """
+
 from .base import ValueFetcher
+
+type(ValueFetcher)

src/value_fetcher/aws.py

@@ -8,14 +8,16 @@
 import boto3
 import botocore
 
+
 class Aws:
     """
     Fetch parameters and send emails.
     """
+
     def __init__(self) -> None:
         # Prepare AWS clients
-        self.ssm = boto3.client('ssm')
-        self.secretsmanager = boto3.client('secretsmanager')
+        self.ssm = boto3.client("ssm")
+        self.secretsmanager = boto3.client("secretsmanager")
 
     def get_parameter_value(self, name) -> str:
         """
@@ -25,15 +27,12 @@ def get_parameter_value(self, name) -> str:
 
         value = None
 
-        logging.debug('Fetching AWS SSM Parameter Store parameter: %s', name)
+        logging.debug("Fetching AWS SSM Parameter Store parameter: %s", name)
         try:
-            response = self.ssm.get_parameter(
-                Name=name,
-                WithDecryption=True
-            )
-            if 'Parameter' in response:
-                if 'Value' in response['Parameter']:
-                    value = response['Parameter']['Value']
+            response = self.ssm.get_parameter(Name=name, WithDecryption=True)
+            if "Parameter" in response:
+                if "Value" in response["Parameter"]:
+                    value = response["Parameter"]["Value"]
         except (
             botocore.exceptions.ClientError,
             botocore.exceptions.NoCredentialsError,
@@ -42,29 +41,28 @@ def get_parameter_value(self, name) -> str:
             self.ssm.exceptions.ParameterNotFound,
             self.ssm.exceptions.ParameterVersionNotFound,
         ) as exception:
-            logging.warning('Unable to retrieve AWS SSM Parameter value for name %s', name)
+            logging.warning("AWS SSM Parameter fetch failed: %s", name)
             logging.warning(exception)
 
         return value
 
-
     def get_secret_value(self, name) -> str:
         """
         Fetch encrypted secret from Secrets Manager
         https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html
         """
 
         value = None
-        logging.debug('Fetching AWS Secrets Manager secret: %s', name)
+        logging.debug("Fetching AWS Secrets Manager secret: %s", name)
 
         try:
             response = self.secretsmanager.get_secret_value(SecretId=name)
-            if 'SecretString' in response:
-                value = response['SecretString']
-            elif 'SecretBinary' in response:
-                value = response['SecretBinary']
+            if "SecretString" in response:
+                value = response["SecretString"]
+            elif "SecretBinary" in response:
+                value = response["SecretBinary"]
                 if isinstance(value, bytes):
-                    value = value.decode('utf-8')
+                    value = value.decode("utf-8")
         except (
             botocore.exceptions.ClientError,
             botocore.exceptions.NoCredentialsError,
@@ -74,7 +72,7 @@ def get_secret_value(self, name) -> str:
             self.secretsmanager.exceptions.DecryptionFailure,
             self.secretsmanager.exceptions.InternalServiceError,
         ) as exception:
-            logging.warning('Unable to retrieve AWS Secrets Manager value for name %s', name)
+            logging.warning("AWS Secrets Manager fetch failed: %s", name)
             logging.warning(exception)
 
         return value