[MERGE] Release Candidate 5 for Version v2.0.0

reactive-firewall · reactive-firewall · commit 19f462483ab0 · 2024-11-06T19:24:44.000-08:00
* FROM PR #175 (tag 'v2.0.0-rc-4'): This pull request focuses on enhancing the test coverage of the multicast project as part of the ongoing effort to reach comprehensive test coverage outlined in issue [#53](#53). It introduces new test modules, updates existing tests, and refines continuous integration workflows to support the expanded test suite. Additionally, it addresses issues [#117](#117) and [#176](#176) by improving exit code handling and standardizing workflow triggers, respectively. --- - **Purpose**: To test the `CommandExecutionError` exception, ensuring proper handling of error messages and exit codes. - **Key Tests**: - Validates that the exception correctly sets the error message and exit code when provided with specific arguments. - Confirms that the default exit code is `1` when no exit code is specified. - Tests the preservation of the original cause when the exception is raised with a `__cause__`. - **Purpose**: To verify the application's behavior upon receiving a keyboard interrupt (SIGINT). - **Key Tests**: - Ensures graceful shutdown and appropriate exit code (`130`) when a keyboard interrupt is received. - Validates that resources are properly cleaned up after the interrupt. - **Added**: `test_Usage_Error_WHEN_the_help_sub_command_is_called` method. - **Purpose**: To test that the help output for sub-commands (`HEAR`, `RECV`, `SAY`, `NOOP`) displays correct usage information. - **Coverage**: Improves test coverage for command-line interface help options. - **File**: `tests/__init__.py` - **Changes**: - Imported new test modules (`test_exceptions`, `test_hear_keyboard_interrupt`). - Updated `test_cases` to include the new test suites, ensuring they are executed during testing. - **Files**: - `.github/workflows/Tests.yml` - Other workflow files updated accordingly. - **Purpose**: To ensure compatibility with Python 3.13 and future-proof the project. - **Changes**: - Updated the testing matrix to include Python 3.13. - Adjusted jobs to run tests against the new Python version. - **Files**: - `.github/workflows/Tests.yml` - `.github/workflows/Labeler.yml` - `.github/workflows/bandit.yml` - Others. - **Purpose**: To enhance security by defining necessary permissions explicitly for each job in the workflows. - **Changes**: - Set permissions for actions such as reading contents, writing statuses, and accessing pull requests. - Ensured compliance with the principle of least privilege. - **File**: `.github/workflows/Tests.yml` - **Purpose**: To address pip installation issues on Windows platforms within the CI environment. - **Changes**: - Added a step to fix pip installation on Windows, improving the reliability of CI tests across different environments. - **Objective**: Resolves issue [#176](#176) by standardizing branch patterns across all GitHub Action workflows. - **Affected Workflows**: - `.github/workflows/Labeler.yml` - `.github/workflows/bandit.yml` - `.github/workflows/makefile-lint.yml` - `.github/workflows/markdown-lint.yml` - `.github/workflows/yaml-lint.yml` - **Changes**: - Updated `on.push.branches` and `on.pull_request.branches` to include consistent branch patterns (`"main"`, `"master"`, `"stable"`, `"feature-*"`, `"patch-*"`, `"HOTFIX-*"`) across all workflows. - Ensured that workflows are triggered appropriately for all relevant branches. - **File**: `.github/dependabot.yml` - **Changes**: - Added several development dependencies to the `allow` list for the `tests/` directory in the `pip` ecosystem. - **Newly Monitored Dependencies**: - `tox`, `virtualenv`, `flake8`, `pep8`, `pytest`, `pytest-checkdocs`, `pytest-cov`, `pytest-enabler`, `pytest-flake8`, `coverage`. - **Purpose**: - To ensure that these testing and development tools are kept up-to-date automatically. - Enhances security and stability by proactively managing development dependencies. - **File**: `.coveragerc` - **Changes**: - Added `except ImportError` to the exclusion list in the `[report]` section. - **Purpose**: - To exclude `ImportError` exception handling lines from coverage reports. - Focuses coverage metrics on relevant code, improving the accuracy of coverage data. - **Files Affected**: - `multicast/__init__.py` - `multicast/__main__.py` - `multicast/exceptions.py` - `multicast/hear.py` - `multicast/recv.py` - `multicast/send.py` - **Changes**: - Refactored method signatures to accept `**kwargs`, enhancing flexibility. - Improved error handling and resource cleanup. - Standardized import statements and module references. - **Purpose**: - To improve code maintainability and readability. - To prepare the codebase for future enhancements and refactoring. --- - **Connection**: This PR significantly contributes to increasing the test coverage of the multicast project. - **Actions**: - Added new test modules covering exceptions and signal handling. - Enhanced existing tests to cover edge cases and improve robustness. - **Connection**: Lays the groundwork for future refactoring by testing current exit code behaviors. - **Actions**: - Validated the handling of exit codes in various scenarios. - Ensured that default and specific exit codes behave as expected. - **Connection**: This PR closes issue #176 by updating workflow triggers. - **Actions**: - Standardized branch patterns in all GitHub Action workflows. - Improved consistency and predictability of CI/CD processes. - **PR #118**: Previous work on gathering metrics and improving summaries. - **PR #148**: Development of the strategic plan for enhancing PR documentation. --- 1. **[TESTING] Improved test coverage slightly (- WIP #53 -)** - **Changes**: - Initial improvements to test coverage. - Adjustments to test suite configuration. 2. **[TESTING] Implemented `tests/test_exceptions.py` (- WIP #53 -)** - **Changes**: - Added tests for `CommandExecutionError`. - Improved exception handling coverage. 3. **[TESTING] Implemented `tests/test_hear_keyboard_interrupt.py` (- WIP #53 -)** - **Changes**: - Added tests for handling keyboard interrupts. - Ensured proper cleanup after interruption. 4. **[TESTING] Fix for regression** - **Changes**: - Addressed regressions introduced by previous changes. - Stabilized test executions. 5. **[TESTING] Possible fix for regression Part 2 & Part 3** - **Changes**: - Continued efforts to resolve test failures. - Improved compatibility across different operating systems. 6. **[CONFIG] Fix braindead Windows Python pip issue (- WIP PR #175 -)** - **Changes**: - Implemented pip installation workaround for Windows. - Ensured CI tests pass on Windows environments. 7. **[TESTING] Possible fix for Linux `Ctrl+C` tests (- WIP #53 -)** - **Changes**: - Fixed issues with signal handling tests on Linux. - Ensured consistent behavior across platforms. 8. **[CI] Apply suggestions from code review (- WIP #176 -)** - **Changes**: - Incorporated feedback to refine workflow configurations. - Finalized standardization of workflow triggers. --- - **Enhanced Test Coverage**: Moves the project closer to 100% test coverage, improving code reliability and maintainability. - **Cross-Version Support**: Ensures compatibility with the latest Python release (3.13), future-proofing the project. - **Improved CI/CD Processes**: Standardized workflows lead to more reliable and secure continuous integration and deployment pipelines. - **Better Dependency Management**: Proactive monitoring of development dependencies enhances security and stability. - **Foundation for Future Refactoring**: Validated current behaviors to facilitate upcoming changes, particularly in exit code handling. --- This pull request represents a significant step forward in enhancing the robustness and maintainability of the multicast project. By improving test coverage, refining workflows, and laying the groundwork for future enhancements, it contributes to the long-term success and stability of the project. --- * From PR #174 (patch-codeql-lockdown): [UPDATE] Update codeql-analysis.yml with defaults * From PR #173 (feature-add-scorecard-scan): [UPDATE] Version bump scorecard.yml [PATCH] Apply suggestions from code review (- WIP PR #173 -) [FEATURE] Create scorecard.yml ---
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -20,6 +20,8 @@ on:
   schedule:
     - cron: '17 5 * * 1'
 
+permissions: {}
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -0,0 +1,53 @@
+name: Scorecards supply-chain security
+on:
+  # Only the default branch is supported.
+  branch_protection_rule:
+  schedule:
+    - cron: '34 9 * * 5'
+  push:
+    branches: ["master"]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecards analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@08f935069d990d2675a557ebcecc774477e7c55c # v2.4.0+deps
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # Read-only PAT token. To create it,
+          # follow the steps in https://github.com/ossf/scorecard-action#pat-token-creation.
+          repo_token: ${{ secrets.SCORECARD_TOKEN }}
+          # Publish the results to enable scorecard badges. For more details, see
+          # https://github.com/ossf/scorecard-action#publishing-results.
+          # If you are installing the action on a private repo, set it to `publish_results: false`
+          # or comment out the following line.
+          publish_results: true
+
+      # Upload the results as artifacts (optional).
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@86b04fb0e47484f7282357688f21d5d0e32175fe # v3.27.0
+        with:
+          sarif_file: results.sarif
