Initial commit

Author: stdavis

.coveragerc

@@ -0,0 +1,9 @@
+[run]
+omit =
+    # files to omit from coverage. should be sample files etc
+    # */connection_sample.py
+
+[report]
+exclude_lines =
+    # Don't complain if non-runnable code isn't run:
+    if __name__ == .__main__.

.editorconfig

@@ -0,0 +1,10 @@
+root = true
+
+[*.py]
+indent_size = 4
+
+[*]
+indent_style = space
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true

.github/actions/deploy/action.yml

@@ -0,0 +1,104 @@
+name: Deploy
+description: Deploy to GCP
+inputs:
+  project_id:
+    description: "The GCP project ID"
+    required: true
+  identity_provider:
+    description: "The identity provider for the workload identity"
+    required: true
+  service_account_email:
+    description: "The service account email"
+    required: true
+  pause_schedule_job:
+    description: "Pause the scheduler job"
+    required: false
+    default: "no"
+  github_token:
+    description: "The GitHub token"
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: 🗝️ Authenticate to Google Cloud
+      id: auth
+      uses: google-github-actions/auth@v2
+      with:
+        workload_identity_provider: ${{ inputs.identity_provider }}
+        service_account: ${{ inputs.service_account_email }}
+        token_format: "access_token"
+
+    - name: 🐳 Set up Docker Buildx
+      id: builder
+      uses: docker/setup-buildx-action@v3
+
+    - name: 🗝️ Authenticate Docker to Google Cloud
+      uses: docker/login-action@v3
+      with:
+        registry: us-central1-docker.pkg.dev
+        username: oauth2accesstoken
+        password: ${{ steps.auth.outputs.access_token }}
+
+    - name: 🏷️ Extract tags from GitHub
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        github-token: ${{ inputs.github_token }}
+        images: us-central1-docker.pkg.dev/${{ inputs.project_id }}/images/job
+        tags: |
+          type=ref,suffix=-{{sha}},event=branch
+          type=ref,prefix=pr-,suffix=-{{sha}},event=pr
+          type=semver,pattern={{version}}
+          latest
+
+    - name: 📦 Build and push image
+      uses: docker/build-push-action@v6
+      with:
+        builder: ${{ steps.builder.outputs.name }}
+        tags: ${{ steps.meta.outputs.tags }}
+        context: .
+        file: ./Dockerfile
+        push: true
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        provenance: false
+
+    - name: ☁️ Set up Cloud SDK
+      uses: google-github-actions/setup-gcloud@v2
+
+    - name: 🚀 Deploy Cloud Run Job
+      uses: google-github-actions/deploy-cloudrun@v2
+      with:
+        project_id: ${{ inputs.project_id }}
+        region: us-central1
+        image: us-central1-docker.pkg.dev/${{ inputs.project_id }}/images/job:latest
+        job: default
+        secrets: /secrets/app/secrets.json=skid-secrets:latest
+        secrets_update_strategy: overwrite
+        timeout: 3h
+        flags: |
+          --memory=3Gi
+          --task-timeout=3h
+          --max-retries=0
+          --service-account=cloud-run-sa@${{ inputs.project_id }}.iam.gserviceaccount.com
+
+    - name: 🕰️ Create Cloud Scheduler
+      shell: bash
+      run: |
+        for i in $(gcloud scheduler jobs list --location=us-central1 --uri); do
+          gcloud scheduler jobs delete $i --quiet
+        done
+        gcloud scheduler jobs create http skinname-schedule \
+          --description="Trigger the skinname-skid bot once a week on saturday evening" \
+          --schedule="0 3 * * 1" \
+          --time-zone=America/Denver \
+          --location=us-central1 \
+          --uri="https://us-central1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/${{ inputs.project_id }}/jobs/default:run" \
+          --oauth-service-account-email=scheduler-sa@${{ inputs.project_id }}.iam.gserviceaccount.com
+
+    - name: 🙅 Pause Scheduler Job
+      shell: bash
+      if: inputs.pause_schedule_job != 'no'
+      run: |
+        gcloud scheduler jobs pause "skinname-schedule" --location=us-central1 --quiet

.github/dependabot.yml

@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: monthly
+    groups:
+      safe-dependencies:
+        update-types: ["minor", "patch"]
+      major-dependencies:
+        update-types: ["major"]
+    commit-message:
+      prefix: deps
+      prefix-development: deps(dev)
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    groups:
+      ci-dependencies:
+        dependency-type: "production"

.github/workflows/pull_request.yml

@@ -0,0 +1,39 @@
+name: Pull Request Events
+
+on: pull_request
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Unit tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ⬇️ Set up code
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: .python-version
+          cache: pip
+          cache-dependency-path: setup.py
+
+      - name: Install libkrb5 for Kerberos on Linux
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libkrb5-dev
+
+      - name: Install module
+        run: pip install .[tests]
+
+      - name: 🧶 Lint
+        run: ruff check --output-format=github .
+
+      - name: 🧪 Run pytest
+        run: pytest

.github/workflows/push.yml

@@ -0,0 +1,58 @@
+name: Push Events
+
+on:
+  push:
+    branches:
+      - main
+      - dev
+
+concurrency:
+  group: "${{ github.head_ref || github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  release:
+    name: Create release
+    if: github.ref_name == 'main'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: 🚀 Create Release
+        uses: agrc/release-composite-action@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          github-app-id: ${{ secrets.UGRC_RELEASE_BOT_APP_ID }}
+          github-app-key: ${{ secrets.UGRC_RELEASE_BOT_APP_KEY }}
+          github-app-name: ${{ secrets.UGRC_RELEASE_BOT_NAME }}
+          github-app-email: ${{ secrets.UGRC_RELEASE_BOT_EMAIL }}
+          release-type: python
+          extra-files: src/skidname/version.py
+
+  deploy-dev:
+    name: Deploy to Cloud Run (dev)
+    runs-on: ubuntu-latest
+    if: github.ref_name == 'dev'
+    environment:
+      name: dev
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: ⬇️ Set up code
+        uses: actions/checkout@v4
+        with:
+          show-progress: false
+
+      - name: 🚀 Deploy
+        uses: ./.github/actions/deploy
+        timeout-minutes: 15
+        with:
+          project_id: ${{ secrets.PROJECT_ID }}
+          identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
+          service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
+          pause_schedule_job: "yes"
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,42 @@
+name: Release Events
+on:
+  release:
+    types: [published]
+
+jobs:
+  deploy-prod:
+    name: Deploy Prod
+    runs-on: ubuntu-latest
+    environment:
+      name: prod
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: ⬇️ Set up code
+        uses: actions/checkout@v4
+
+      - name: 🚀 Deploy
+        uses: ./.github/actions/deploy
+        timeout-minutes: 15
+        with:
+          project_id: ${{ secrets.PROJECT_ID }}
+          identity_provider: ${{ secrets.IDENTITY_PROVIDER }}
+          service_account_email: ${{ secrets.SERVICE_ACCOUNT_EMAIL }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+  notify:
+    name: Notifications
+    runs-on: ubuntu-latest
+    needs: deploy-prod
+    permissions:
+      contents: read
+      pull-requests: write
+      issues: write
+
+    steps:
+      - name: Release Notifier
+        uses: agrc/release-issue-notifications-action@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,35 @@
+secrets.json
+sheets-sa.json
+
+*.py[cod]
+
+# Packages
+.eggs/
+*.egg
+*.egg-info
+dist
+build
+eggs
+parts
+bin
+var
+sdist
+develop-eggs
+.installed.cfg
+lib
+lib64
+__pycache__
+
+# Installer logs
+pip-log.txt
+
+*.pyt.xml
+*.csv.xml
+arc.dir
+.pytest_cache
+__pycache__
+
+.env/
+.DS_Store
+cov.xml
+.coverage

.python-version

@@ -0,0 +1 @@
+3.11

.vscode/extensions.json

@@ -0,0 +1,16 @@
+{
+  // See https://go.microsoft.com/fwlink/?LinkId=827846 to learn about workspace recommendations.
+  // Extension identifier format: ${publisher}.${name}. Example: vscode.csharp
+  // List of extensions which should be recommended for users of this workspace.
+  "recommendations": [
+    "editorconfig.editorconfig",
+    "njpwerner.autodocstring",
+    "ms-python.vscode-pylance",
+    "ms-python.python",
+    "donjayamanne.python-environment-manager",
+    "charliermarsh.ruff",
+    "tamasfe.even-better-toml"
+  ],
+  // List of extensions recommended by VS Code that should not be recommended for users of this workspace.
+  "unwantedRecommendations": []
+}

.vscode/settings.json

@@ -0,0 +1,52 @@
+{
+  "cSpell.words": [
+    "accesstoken",
+    "agrc",
+    "arcgis",
+    "arcpy",
+    "Buildx",
+    "cloudrun",
+    "Codecov",
+    "finditer",
+    "getenv",
+    "instafail",
+    "libkrb",
+    "mapserv",
+    "metatable",
+    "mssql",
+    "ODBC",
+    "oidc",
+    "opensgid",
+    "palletjack",
+    "pgsql",
+    "psycopg",
+    "pygsheets",
+    "pyodbc",
+    "pytest",
+    "rindex",
+    "sgid",
+    "skidname",
+    "skinname",
+    "UGRC",
+    "venv",
+    "worknote"
+  ],
+  "editor.formatOnSave": true,
+  "editor.rulers": [120],
+  "coverage-gutters.showGutterCoverage": false,
+  "coverage-gutters.showLineCoverage": true,
+  "coverage-gutters.showRulerCoverage": false,
+  "coverage-gutters.highlightdark": "rgb(61, 153, 112, .05)",
+  "coverage-gutters.noHighlightDark": "rgb(255, 65, 54, .05)",
+  "coverage-gutters.partialHighlightDark": "rgb(255, 133, 27, .05)",
+  "python.languageServer": "Pylance",
+  "python.testing.pytestEnabled": true,
+  "python.testing.pytestArgs": ["--no-cov"],
+  "editor.codeActionsOnSave": {
+    "source.organizeImports": "explicit"
+  },
+  "[python]": {
+    "editor.defaultFormatter": "charliermarsh.ruff",
+    "editor.formatOnSave": true
+  }
+}