CactuseSecurity
diff --git a/‎.editorconfig‎
Lines changed: 5 additions & 1 deletion b/‎.editorconfig‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎.githook-templates/pre-commit.sample‎
Lines changed: 6 additions & 0 deletions b/‎.githook-templates/pre-commit.sample‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.githooks/post-checkout‎
Lines changed: 2 additions & 0 deletions b/‎.githooks/post-checkout‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.githooks/post-merge‎
Lines changed: 2 additions & 0 deletions b/‎.githooks/post-merge‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.githooks/post-rewrite‎
Lines changed: 2 additions & 0 deletions b/‎.githooks/post-rewrite‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.githooks/submodule-sync‎
Lines changed: 71 additions & 0 deletions b/‎.githooks/submodule-sync‎
Lines changed: 71 additions & 0 deletions
diff --git a/‎…-sync-develop-to-importer-rework.yml.yml‎ ‎…elop-to-importer-rework.yml.yml.disabled‎.github/workflows/auto-sync-develop-to-importer-rework.yml.yml renamed to .github/workflows/auto-sync-develop-to-importer-rework.yml.yml.disabled b/‎…-sync-develop-to-importer-rework.yml.yml‎ ‎…elop-to-importer-rework.yml.yml.disabled‎.github/workflows/auto-sync-develop-to-importer-rework.yml.yml renamed to .github/workflows/auto-sync-develop-to-importer-rework.yml.yml.disabled
diff --git a/‎.github/workflows/test-install.yml‎
Lines changed: 28 additions & 4 deletions b/‎.github/workflows/test-install.yml‎
Lines changed: 28 additions & 4 deletions
diff --git a/‎.gitignore‎
Lines changed: 62 additions & 1 deletion b/‎.gitignore‎
Lines changed: 62 additions & 1 deletion
diff --git a/‎.gitmodules‎
Lines changed: 4 additions & 0 deletions b/‎.gitmodules‎
Lines changed: 4 additions & 0 deletions
@@ -3,10 +3,14 @@
 
 root = true
 
-[*]
+[*.cs]
 indent_style = space
 indent_size = 4
 end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = false
 insert_final_newline = true
+
+[*.razor]
+indent_style = space
+indent_size = 4
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+RUFF_PATH=.venv/bin/ruff
+
+$RUFF_PATH check --fix
+$RUFF_PATH format
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$(dirname "$0")/submodule-sync"
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$(dirname "$0")/submodule-sync"
@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$(dirname "$0")/submodule-sync"
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Sync submodules quietly after common Git operations.
+
+# Resolve repository root; bail out if not inside a Git repo.
+repo_root="$(git rev-parse --show-toplevel 2>/dev/null || true)"
+if [[ -z "${repo_root}" ]]; then
+  exit 0
+fi
+
+cd "${repo_root}"
+
+# No submodules configured.
+if [[ ! -f .gitmodules ]]; then
+  exit 0
+fi
+
+# No submodule paths registered in .gitmodules.
+if ! git config --file .gitmodules --get-regexp '^submodule\..*\.path$' >/dev/null 2>&1; then
+  exit 0
+fi
+
+# Disable prompts and keep this hook silent for users without repo access.
+export GIT_TERMINAL_PROMPT=0
+export GIT_ASKPASS=/bin/true
+export GIT_SSH_COMMAND="ssh -o BatchMode=yes"
+
+run_quiet() {
+  # Ignore failures to avoid blocking normal Git operations.
+  "$@" >/dev/null 2>&1 || true
+}
+
+# Initialize submodules first so each path exists.
+run_quiet git submodule update --init --recursive
+
+# Iterate configured submodules to ensure we are on a branch (not detached).
+while read -r key path; do
+  # Convert `submodule.<name>.path` -> `<name>`.
+  name="${key#submodule.}"
+  name="${name%.path}"
+
+  # Skip if the submodule path is missing or not initialized.
+  if [[ ! -d "${path}" ]]; then
+    continue
+  fi
+
+  # Skip if the path is not a Git repo.
+  if ! git -C "${path}" rev-parse --git-dir >/dev/null 2>&1; then
+    continue
+  fi
+
+  # Prefer repo-local submodule.<name>.branch, fallback to .gitmodules.
+  branch="$(git config --get "submodule.${name}.branch" || true)"
+  if [[ -z "${branch}" ]]; then
+    branch="$(git config --file .gitmodules --get "submodule.${name}.branch" || true)"
+  fi
+
+  if [[ -n "${branch}" ]]; then
+    # Try to checkout the branch if it already exists locally.
+    run_quiet git -C "${path}" checkout -q "${branch}"
+
+    # If still detached, create/reset the branch from origin.
+    if ! git -C "${path}" symbolic-ref -q HEAD >/dev/null 2>&1; then
+      run_quiet git -C "${path}" checkout -q -B "${branch}" "origin/${branch}"
+    fi
+  fi
+done < <(git config --file .gitmodules --get-regexp '^submodule\..*\.path$')
+
+# Move submodules to the newest commit on their tracking branch, merging instead of detaching.
+run_quiet git submodule update --remote --merge --recursive
@@ -1,4 +1,4 @@
-name: do test install
+name: Checks
 
 on:
   push:
@@ -18,11 +18,10 @@ jobs:
     strategy:
       matrix:
         os: [ubuntu-latest]
-        # os: [ubuntu-latest, ubuntu-22.04]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
-      - uses: actions/setup-dotnet@v4
+      - uses: actions/setup-dotnet@v5
         with:
           dotnet-version: '8.0.x'
 
@@ -38,3 +37,28 @@ jobs:
           dotnet restore
           dotnet build
           dotnet test --filter "Name=HtmlToPdfTest"
+
+
+  python-code-check:
+    name: Python Code Check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-python@v6
+        with:
+          python-version: '3.11' 
+
+      - run: pip install -r roles/importer/files/importer/requirements.txt
+
+      - run: pip install -r scripts/customizing/app_data_import/requirements-for-app-data-import.txt
+
+      - uses: astral-sh/ruff-action@57714a7c8a2e59f32539362ba31877a1957dded1
+        with:
+          version: "0.14.8"
+
+      - run: pyright
+
+      - run: ruff check
+      
+      - run: ruff format --exit-non-zero-on-format
@@ -1,9 +1,70 @@
 .vs/
-.idea/
+.vscode/launch.json
+.vscode/settings.local.json
 .test_data/
 roles/importer/venv/
 ansible_venv/
+*.todo
 **/.venv/
 **/__pycache__/
 **/*.pyc
 .vscode/launch.json
+
+# Created by https://www.toptal.com/developers/gitignore/api/jetbrains+iml
+# Edit at https://www.toptal.com/developers/gitignore?templates=jetbrains+iml
+
+### JetBrains+iml ###
+# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
+# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
+
+# Jetbrains IDE generated content
+**/.idea/
+# Specifically instructed to keep this file out of the ignore
+!.idea/
+!.idea/ruff.xml
+
+# Gradle and Maven with auto-import
+# When using Gradle or Maven with auto-import, you should exclude module files,
+# since they will be recreated, and may cause churn.  Uncomment if using
+# auto-import.
+# *.iml
+# *.ipr
+
+# CMake
+cmake-build-*/
+
+# File-based project format
+*.iws
+
+# IntelliJ
+out/
+
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+
+# JIRA plugin
+atlassian-ide-plugin.xml
+
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+
+### JetBrains+iml Patch ###
+# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023
+
+*.iml
+modules.xml
+*.ipr
+
+# End of https://www.toptal.com/developers/gitignore/api/jetbrains+iml
+
+.idea/copilot*
+.idea/vcs.xml
+.idea/inspectionProfiles
+.idea/.gitignore
+cov.xml
+.coverage
+.DS_Store
+.dotnet
@@ -0,0 +1,4 @@
+[submodule "agents"]
+	path = agents
+	url = https://github.com/CactuseSecurity/firewall-orchestrator-agents
+	branch = main
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+#!/usr/bin/env bash`
	`2`	`+"$(dirname "$0")/submodule-sync"`