[patch] Apply PEP-8, fix code smells, add detect-secrets (#28)

Author: durera

.flake8

@@ -0,0 +1,5 @@
+[flake8]
+# These rules are ignored
+# - E501 line too long
+ignore = E501
+max-line-length = 120

.github/workflows/pre-commit.yml

@@ -0,0 +1,13 @@
+name: pre-commit
+
+on:
+  push:
+    branches: ["**"]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v3
+    - uses: pre-commit/action@v3.0.1

.github/workflows/python-release.yml

@@ -42,7 +42,7 @@ jobs:
           # stop the build if there are Python syntax errors or undefined names
           flake8 src --count --select=E9,F63,F7,F82 --show-source --statistics
           # exit-zero treats all errors as warnings.
-          flake8 src --count --exit-zero --max-complexity=10 --max-line-length=200 --statistics
+          flake8 src --count --exit-zero --max-complexity=10 --max-line-length=120 --statistics
 
       # 4. Publish to PyPi
       # -------------------------------------------------------------------------------------------

.pre-commit-config.yaml

@@ -0,0 +1,16 @@
+default_language_version:
+    python: python
+repos:
+  - repo: https://github.com/hhatto/autopep8
+    rev: v2.3.1
+    hooks:
+    -   id: autopep8
+  - repo: https://github.com/PyCQA/flake8
+    rev: 7.1.1
+    hooks:
+      - id: flake8
+  - repo: https://github.com/ibm/detect-secrets
+    rev: 0.13.1+ibm.62.dss
+    hooks:
+      - id: detect-secrets
+        args: [--baseline, .secrets.baseline, --use-all-plugins, --fail-on-unaudited]

.secrets.baseline

@@ -0,0 +1,136 @@
+{
+  "exclude": {
+    "files": "^.secrets.baseline$",
+    "lines": null
+  },
+  "generated_at": "2024-10-18T09:38:24Z",
+  "plugins_used": [
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "base64_limit": 4.5,
+      "name": "Base64HighEntropyString"
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "BoxDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "ghe_instance": "github.ibm.com",
+      "name": "GheDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "hex_limit": 3,
+      "name": "HexHighEntropyString"
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "keyword_exclude": null,
+      "name": "KeywordDetector"
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "results": {
+    "test/src/test_db2.py": [
+      {
+        "hashed_secret": "a4b48a81cdab1e1a5dd37907d6c85ca1c61ddc7c",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 263,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "test/test_cases/manage_fail/db2set.txt": [
+      {
+        "hashed_secret": "bd78032d1e51d595c52a633d3041cf7a22bddbf5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 11,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "test/test_cases/manage_fail/db2uinstance.yaml": [
+      {
+        "hashed_secret": "a4b48a81cdab1e1a5dd37907d6c85ca1c61ddc7c",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 91,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "test/test_cases/manage_pass/db2set.txt": [
+      {
+        "hashed_secret": "1459943ba5fd876f7ef6e48f566a40b448a2bf08",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 11,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "test/test_cases/manage_pass/db2uinstance.yaml": [
+      {
+        "hashed_secret": "1459943ba5fd876f7ef6e48f566a40b448a2bf08",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 107,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ]
+  },
+  "version": "0.13.1+ibm.62.dss",
+  "word_list": {
+    "file": null,
+    "hash": null
+  }
+}

CONTRIBUTING.md

@@ -0,0 +1,34 @@
+Developer Guide
+===============================================================================
+
+
+Detect Secrets
+-------------------------------------------------------------------------------
+- Update the `.secrets.baseline` file using: `detect-secrets scan --update .secrets.baseline`
+- Audit secrets using: `detect-secrets audit .secrets.baseline`
+
+
+Pre-Commit Hooks
+-------------------------------------------------------------------------------
+The follow pre-commit hooks are enabled:
+
+- **autopep8**
+- **flake8**
+- **detect-secrets**
+
+These hooks are also executed in a GitHub action in the [pre-commit workflow](.github/workflows/pre-commit.yml).
+
+```bash
+python -m pip install pre-commit --upgrade
+pre-commit install
+```
+
+Manually run the pre-commit hooks against changed files
+```bash
+pre-commit run
+```
+
+Manually run the pre-commit hooks against all files
+```bash
+pre-commit run -a
+```

README.md

@@ -1,5 +1,11 @@
 mas.devops
 ===============================================================================
+[![Code style: PEP8](https://img.shields.io/badge/code%20style-PEP--8-blue.svg)](https://peps.python.org/pep-0008/)
+[![Flake8: checked](https://img.shields.io/badge/flake8-checked-blueviolet)](https://flake8.pycqa.org/en/latest/)
+![GitHub Actions Workflow Status](https://img.shields.io/github/actions/workflow/status/ibm-mas/python-devops/python-release.yml)
+![PyPI - Version](https://img.shields.io/pypi/v/mas.devops)
+![PyPI - Python Version](https://img.shields.io/pypi/pyversions/mas.devops)
+![PyPI - Downloads](https://img.shields.io/pypi/dm/mas.devops)
 
 
 Example

bin/mas-devops-db2-validate-config

@@ -31,23 +31,21 @@ if __name__ == "__main__":
 
     args, unknown = parser.parse_known_args()
 
-    
     log_level = getattr(logging, args.log_level)
     logging.basicConfig()
     logging.getLogger('mas.devops.db2').setLevel(level=log_level)
 
-
     try:
-      # Try to load in-cluster configuration
-      config.load_incluster_config()
-      print("Loaded in-cluster configuration")
+        # Try to load in-cluster configuration
+        config.load_incluster_config()
+        print("Loaded in-cluster configuration")
     except ConfigException:
-      # If that fails, fall back to kubeconfig file
-      config.load_kube_config()
-      print("Loaded kubeconfig file")
+        # If that fails, fall back to kubeconfig file
+        config.load_kube_config()
+        print("Loaded kubeconfig file")
 
     validate_db2_config(
-      client.api_client.ApiClient(), 
-      args.mas_instance_id, 
-      args.mas_app_id
-    )
+        client.api_client.ApiClient(),
+        args.mas_instance_id,
+        args.mas_app_id
+    )

setup.py

@@ -7,12 +7,12 @@
 # http://www.eclipse.org/legal/epl-v10.html
 # *****************************************************************************
 
+from setuptools import setup, find_namespace_packages
 import codecs
 import sys
 import os
 sys.path.insert(0, 'src')
 
-from setuptools import setup, find_namespace_packages
 
 if not os.path.exists('README.rst'):
     import pypandoc
@@ -25,11 +25,14 @@
 
 # Maintain a single source of versioning
 # https://packaging.python.org/en/latest/guides/single-sourcing-package-version/
+
+
 def read(rel_path):
     here = os.path.abspath(os.path.dirname(__file__))
     with codecs.open(os.path.join(here, rel_path), 'r') as fp:
         return fp.read()
 
+
 def get_version(rel_path):
     for line in read(rel_path).splitlines():
         if line.startswith('__version__'):
@@ -38,6 +41,7 @@ def get_version(rel_path):
     else:
         raise RuntimeError("Unable to find version string.")
 
+
 setup(
     name='mas-devops',
     version=get_version("src/mas/devops/__init__.py"),