Use github actions, rather than travis (#229)

* Use github actions, rather than travis

* Pre-commit lint fixes on test directory

* Run apt-get update prior to install

* Create build directory for coverage

* Temporarily lower coverage

.github/workflows/pull_request.yml

@@ -0,0 +1,58 @@
+on: pull_request
+jobs:
+  pre-commit:
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Setup python 3.6
+        uses: actions/setup-python@v1
+        with:
+          python-version: 3.6
+      - name: Install pre-commit
+        run: pip install pre-commit
+      - name: Run pre-commit
+        run: pre-commit run --all-files
+  ## Uncomment once license tests are in and passing
+  #license-check:
+  #  runs-on: ubuntu-18.04
+  #  steps:
+  #    - name: Checkout
+  #      uses: actions/checkout@v1
+  #    - name: Setup Ruby 2.x
+  #      uses: actions/setup-ruby@v1
+  #      with:
+  #        ruby-version: 2.x
+  #    - name: Install license finder
+  #      run: gem install license_finder
+  #    - name: Setup python 3.6
+  #      uses: actions/setup-python@v1
+  #      with:
+  #        python-version: 3.6
+  #    - name: Install apt dependencies
+  #      run: sudo apt-get install -y python3-dev openssl libssl-dev gcc pkg-config libffi-dev libxml2-dev libxmlsec1-dev
+  #    - name: Install dependencies
+  #      run: pip install -r piptools_requirements3.txt && pip install -r requirements3.txt
+  #    - name: Run license finder
+  #      run: license_finder
+  test:
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - uses: actions/setup-node@v1
+        with:
+          node-version: '8.x'
+      - name: Setup python 3.6
+        uses: actions/setup-python@v1
+        with:
+          python-version: 3.6
+      - name: Install apt dependencies
+        run: sudo apt-get update && sudo apt-get install -y python3-dev openssl libssl-dev gcc pkg-config libffi-dev libxml2-dev libxmlsec1-dev
+      - name: Install dependencies
+        run: pip install -r piptools_requirements3.txt && pip install -r requirements3.txt
+      - run: "npm install grunt-cli && npm install"
+      - name: Run python tests
+        run: make test
+      - name: Run frontend tests
+        run: grunt test

.github/workflows/push.yml

@@ -0,0 +1,65 @@
+name: Build and Deploy
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - '*'
+jobs:
+  build-and-deploy-docs:
+    name: Build and publish docs
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Setup Ruby
+        uses: actions/setup-ruby@v1
+        with:
+          ruby-version: '2.6.x'
+      - name: Install bundler deps
+        run: |
+            cd docs
+            gem install bundler
+            bundle install --jobs 4 --retry 3
+      - name: Build docs
+        run: cd docs && bundler exec middleman build && touch build/.nojekyll
+      - name: Deploy docs
+        uses: JamesIves/github-pages-deploy-action@releases/v3
+        with:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BASE_BRANCH: master # The branch the action should deploy from.
+          BRANCH: gh-pages # The branch the action should deploy to.
+          FOLDER: docs/build # The folder the action should deploy.
+  build-and-publish-python-module:
+    name: Build and publish python module to pypi
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Setup python 3.6
+        uses: actions/setup-python@v1
+        with:
+          python-version: 3.6
+      - name: Add wheel dependency
+        run: pip install wheel
+      - name: Generate dist
+        run: python setup.py sdist bdist_wheel
+      - name: Publish to PyPI
+        if: startsWith(github.event.ref, 'refs/tags')
+        uses: pypa/gh-action-pypi-publish@master
+        with:
+          user: __token__
+          password: ${{ secrets.pypi_password }}
+  build-and-publish-docker-image:
+    name: Build and publish docker image
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v1
+      - name: Publish to Registry
+        uses: elgohr/[email protected]
+        with:
+          name: lyft/confidant
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+          tag_names: true

.pre-commit-config.yaml

@@ -0,0 +1,9 @@
+exclude: '^docs/.*$'
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v2.1.0
+    hooks:
+    -   id: flake8
+        additional_dependencies:
+        -   flake8==3.3.0
+        -   flake8-tidy-imports==1.0.6

Gruntfile.js

@@ -45,7 +45,7 @@ module.exports = function (grunt) {
     // Make sure code styles are up to par and there are no obvious mistakes
     jshint: {
       options: {
-        jshintrc: '.jshintrc',
+        jshintrc: '<%= baseDir %>.jshintrc',
         reporter: require('jshint-stylish')
       },
       all: {

Makefile

@@ -1,11 +1,8 @@
 # bash needed for pipefail
 SHELL := /bin/bash
 
-test: test_lint test_unit
-
-test_lint:
-	mkdir -p build
-	set -o pipefail; flake8 | sed "s#^\./##" > build/flake8.txt || (cat build/flake8.txt && exit 1)
+test: test_unit
 
 test_unit:
-	nosetests --with-path=confidant tests/unit
+	mkdir -p build
+	nosetests --with-coverage --with-path=confidant tests/unit

confidant/public/modules/common/services/http.js

@@ -80,7 +80,7 @@
                 responseError: function(rejection) {
                     var status = rejection.status;
                     finish();
-                    if (status == 401) {
+                    if (status === 401) {
                         window.location.href = 'loggedout';
                     }
                     return $q.reject(rejection);

confidant/public/modules/history/controllers/ResourceHistoryCtrl.js

@@ -49,11 +49,11 @@
 
             $scope.resourceTypeFilter = function(field) {
                 return function(resource) {
-                    if (resource[field] == 'credential' && $scope.showCredentials) {
+                    if (resource[field] === 'credential' && $scope.showCredentials) {
                         return true;
-                    } else if (resource[field] == 'blind_credential' && $scope.showBlindCredentials) {
+                    } else if (resource[field] === 'blind_credential' && $scope.showBlindCredentials) {
                         return true;
-                    } else if (resource[field] == 'service' && $scope.showServices) {
+                    } else if (resource[field] === 'service' && $scope.showServices) {
                         return true;
                     }
                     return false;

confidant/public/modules/history/services/archive.js

@@ -34,7 +34,7 @@
                     for (var i = credentialArchive.length; i--;) {
                         credentialArchive[i].type = 'credential';
                     }
-                    for (var i = blindCredentialArchive.length; i--;) {
+                    for (i = blindCredentialArchive.length; i--;) {
                         blindCredentialArchive[i].type = 'blind_credential';
                     }
                     for (i = serviceArchive.length; i--;) {

confidant/public/modules/resources/controllers/BlindCredentialDetailsCtrl.js

@@ -19,12 +19,11 @@
         'blindcredentials.credential',
         'blindcredentials.services',
         function ($scope, $stateParams, $q, $log, $filter, $location, BlindCredential, BlindCredentialServices) {
-            var credentialCopy = null;
             $scope.$log = $log;
 
             if ($stateParams.blindCredentialId) {
                 BlindCredentialServices.get({'id': $stateParams.blindCredentialId}).$promise.then(function(blindCredentialServices) {
-                    $scope.blindCredentialServices = blindCredentialServices['services'];
+                    $scope.blindCredentialServices = blindCredentialServices.services;
                 });
 
                 BlindCredential.get({'id': $stateParams.blindCredentialId}).$promise.then(function(blindCredential) {

confidant/public/modules/resources/controllers/CredentialDetailsCtrl.js

@@ -42,7 +42,8 @@
         'credentials.services',
         'credentials.valueGenerator',
         function ($scope, $stateParams, $q, $log, $filter, $location, Credential, Credentials, CredentialServices, ValueGenerator) {
-            var credentialCopy = null;
+            var credentialCopy = null,
+                deferred = $q.defer();
             $scope.$log = $log;
             $scope.saveError = '';
             $scope.getError = '';
@@ -54,7 +55,7 @@
 
             if ($stateParams.credentialId) {
                 CredentialServices.get({'id': $stateParams.credentialId}).$promise.then(function(credentialServices) {
-                    $scope.credentialServices = credentialServices['services'];
+                    $scope.credentialServices = credentialServices.services;
                 });
 
                 Credential.get({'id': $stateParams.credentialId}).$promise.then(function(credential) {
@@ -192,7 +193,7 @@
                 }
                 // Ensure metadata keys are unique and transform them
                 // into key/value dict.
-                for (var i = $scope.credential.mungedMetadata.length; i--;) {
+                for (i = $scope.credential.mungedMetadata.length; i--;) {
                     var metadataItem = $scope.credential.mungedMetadata[i];
                     if (metadataItem.isDeleted) {
                         $scope.credential.mungedMetadata.splice(i, 1);
@@ -224,7 +225,7 @@
                         newCredential.mungedMetadata = _metadata;
                         $scope.credential = newCredential;
                         if (credentialCopy.name !== $scope.credential.name ||
-                            credentialCopy.enabled != $scope.credential.enabled) {
+                            credentialCopy.enabled !== $scope.credential.enabled) {
                             $scope.$emit('updateCredentialList');
                         }
                         credentialCopy = angular.copy(newCredential);

confidant/public/modules/resources/controllers/ResourceCtrl.js

@@ -53,12 +53,12 @@
             };
 
             $scope.resourceTypeFilter = function(field) {
-                return function(resource) {
-                    if (field == 'credential' && $scope.showCredential) {
+                return function() {
+                    if (field === 'credential' && $scope.showCredential) {
                         return true;
-                    } else if (field == 'blind-credential' && $scope.showBlindCredential) {
+                    } else if (field === 'blind-credential' && $scope.showBlindCredential) {
                         return true;
-                    } else if (field == 'service' && $scope.showService) {
+                    } else if (field === 'service' && $scope.showService) {
                         return true;
                     }
                     return false;

confidant/public/modules/resources/controllers/ServiceDetailsCtrl.js

@@ -143,7 +143,7 @@
                         $scope.service.credentials.splice(i, 1);
                     }
                 }
-                for (var i = $scope.service.blind_credentials.length; i--;) {
+                for (i = $scope.service.blind_credentials.length; i--;) {
                     var blind_credential = $scope.service.blind_credentials[i];
                     if (blind_credential.isDeleted) {
                         delete blind_credential.isDeleted;
@@ -196,7 +196,7 @@
                     deferred.resolve();
                 }
                 return deferred.promise;
-            }
+            };
 
             $scope.saveService = function() {
                 var _service = {},
@@ -221,7 +221,7 @@
                     }
                     _service.credentials.push(credential.id);
                 }
-                for (var i = $scope.service.blind_credentials.length; i--;) {
+                for (i = $scope.service.blind_credentials.length; i--;) {
                     var blind_credential = $scope.service.blind_credentials[i];
                     if (blind_credential.isDeleted) {
                         $scope.service.blind_credentials.splice(i, 1);

package.json

@@ -30,7 +30,7 @@
     "grunt-contrib-copy": "^0.5.0",
     "grunt-contrib-cssmin": "^0.9.0",
     "grunt-contrib-htmlmin": "^0.3.0",
-    "grunt-contrib-jshint": "^0.10.0",
+    "grunt-contrib-jshint": "^2.1.0",
     "grunt-contrib-symlink": "^0.3.0",
     "grunt-contrib-uglify": "^0.4.0",
     "grunt-contrib-watch": "^0.6.1",

setup.cfg

@@ -13,7 +13,7 @@ xunit-file = build/nosetests.xml
 cover-package = confidant
 cover-xml = 1
 cover-xml-file = build/coverage.xml
-cover-min-percentage = 39
+cover-min-percentage = 37
 
 [flake8]
 # The jenkins violations plugin can read the pylint format.
@@ -25,7 +25,7 @@ max-line-length = 80
 # venv/:
 #  third party libraries are all stored in venv - so we don't want to
 #  check them for style issues.
-exclude = .git,__pycache__,venv,tests/,.ropeproject,confidant-testing.py
+exclude = .git,__pycache__,venv,tests/,.ropeproject
 
 [pep8]
 max-line-length = 80

tests/unit/confidant/authnz/authnz_test.py

@@ -8,9 +8,9 @@
 settings.encrypted_settings.secret_string = {}
 settings.encrypted_settings.decrypted_secrets = {'SESSION_SECRET': 'TEST_KEY'}
 
-import confidant.routes
-from confidant.app import app
-from confidant import authnz
+import confidant.routes  # noqa:E402,F401
+from confidant.app import app  # noqa:E402
+from confidant import authnz  # noqa:E402
 
 
 class AuthnzTest(unittest.TestCase):
@@ -159,16 +159,19 @@ def test_will_extract_from_request(self):
             with patch('confidant.authnz.userauth.request') as request_mock:
                 request_mock.headers = {
                     app.config['HEADER_AUTH_USERNAME_HEADER']: 'unittestuser',
-                    app.config['HEADER_AUTH_EMAIL_HEADER']: '[email protected]',
+                    app.config['HEADER_AUTH_EMAIL_HEADER']: '[email protected]',  # noqa:E501
                 }
-                self.assertEqual(authnz.get_logged_in_user(), '[email protected]')
+                self.assertEqual(
+                    authnz.get_logged_in_user(),
+                    '[email protected]'
+                )
 
     def test_will_log_in(self):
         with app.test_request_context('/fake'):
             with patch('confidant.authnz.userauth.request') as request_mock:
                 request_mock.headers = {
                     app.config['HEADER_AUTH_USERNAME_HEADER']: 'unittestuser',
-                    app.config['HEADER_AUTH_EMAIL_HEADER']: '[email protected]',
+                    app.config['HEADER_AUTH_EMAIL_HEADER']: '[email protected]',  # noqa:E501
                 }
                 resp = authnz.user_mod.log_in()