✨ add pre-commit, reviews and venv

Yoan Moscatelli · Yoan Moscatelli · commit 10d735bf40ae · 2025-03-18T21:12:04.000Z
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -1,4 +1,4 @@
-FROM mcr.microsoft.com/devcontainers/base:jammy
+FROM mcr.microsoft.com/devcontainers/base:noble
 
 RUN export DEBIAN_FRONTEND=noninteractive && \
     apt-get update && \
@@ -8,14 +8,29 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
         bash-completion \
         curl \
         git \
+        libsqlite3-dev \
+        python3 \
         python3-pip \
+        python3-venv \
         p7zip-full \
         skopeo \
         tmux \
         vim \
         && \
     apt-get clean
+
+USER vscode
+
+ENV LANG=C.UTF-8
+ENV LC_ALL=C.UTF-8
+
+# Create virtual environment
+ENV VIRTUAL_ENV=/home/vscode/venv
+RUN python3 -m venv $VIRTUAL_ENV
+ENV PATH="$VIRTUAL_ENV/bin:$PATH"
+
 COPY requirements.txt /tmp/requirements.txt
-RUN python3 -m pip install --no-cache-dir --upgrade pip && \
-    python3 -m pip install --no-cache-dir -r /tmp/requirements.txt
-USER vscode
+
+# Install python libs in the virtual environment
+RUN pip install --upgrade pip && \
+    pip install -r /tmp/requirements.txt
diff --git a/.devcontainer/requirements.txt b/.devcontainer/requirements.txt
@@ -1,4 +1,5 @@
-requests==2.32.0
-GitPython==3.1.43
+requests==2.32.3
+GitPython==3.1.44
 pyunpack==0.3
-patool==2.2.0
+patool==4.0.0
+pre-commit==4.1.0
diff --git a/.devcontainer/setup.sh b/.devcontainer/setup.sh
@@ -2,7 +2,7 @@
 
 set -xe
 
-if [ "$CODESPACES" = "true" ]; then
+if [[ "${CODESPACES}" = "true" ]]; then
   # NOTE: This is the only way I managed to have the right
   # permissions files for git sources files
   # (Some salt pylint test check file permissions and expected 644
@@ -19,10 +19,11 @@ fi
 echo "Updating localtime"
 sudo ln -fs /usr/share/zoneinfo/UTC /etc/localtime
 
-# Install act
-gh extension install https://github.com/nektos/gh-act
+echo "Install pre-commit hooks"
+pre-commit install --install-hooks
 
-# Install dependencies
 echo "Installing dependencies"
-python3 src/main.py install
+# Run with sudo and preserved environment
+sudo PATH="${PATH}" python3 src/main.py install
+
 echo "End of setup"
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,3 +1,4 @@
+---
 version: 2
 updates:
   - package-ecosystem: "github-actions"
@@ -12,9 +13,6 @@ updates:
     schedule:
       interval: "daily"
     rebase-strategy: "auto"
-    ignore:
-      - dependency-name: "requests"
-        versions: ["<2.25.1"]
     reviewers:
       - "scality/metalk8s"
 
diff --git a/.github/scripts/update_scanners.py b/.github/scripts/update_scanners.py
@@ -1,3 +1,5 @@
+#!/usr/bin/env python3
+
 import re
 import requests
 
diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -1,3 +1,4 @@
+---
 name: "nightly"
 run-name: "Nightly tests for ${{ github.ref_name }}"
 
@@ -38,15 +39,17 @@ jobs:
       - name: Update scanner versions
         run: python .github/scripts/update_scanners.py
 
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
-        id: pr
-        with:
-          title: Dependency update
-          branch: feature/deps-update
-          delete-branch: true
-          commit-message: ":arrow_up: Update scanner versions"
-          token: ${{ steps.app-token.outputs.token }}
+      - name: Create pull request  
+        uses: actions/github-script@v7  
+        with:  
+          script: |
+            const pr = await github.rest.pulls.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              head: "feature/deps-update",
+              base: "main",
+              title: ":arrow_up: Update scanner versions"
+            })
 
   vuln-scan:
     permissions:
@@ -58,7 +61,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          path: ./
           fetch-depth: 0
           fetch-tags: true
 
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,30 @@
+---
+repos:
+  - repo: https://github.com/psf/black
+    rev: 25.1.0
+    hooks:
+      - id: black
+        files: src/.*\.py
+        name: Formatting Python
+      - id: black
+        files: src/.*\.py
+        # We want this hook to be part of "lint" so that if we run
+        # `pre-commit run lint` we include this hook
+        alias: lint
+        name: Checking Python formatting
+        args:
+          - --check
+          - --diff
+
+  - repo: https://github.com/pycqa/pylint
+    rev: v3.3.5
+    hooks:
+      - id: pylint
+        alias: lint
+        name: Lint Python (CLI)
+        files: src/.*\.py
+        additional_dependencies:
+          - 'requests~=2.32.3'
+          - 'GitPython~=3.1.44'
+          - 'pyunpack~=0.3'
+          - 'patool~=4.0.0'
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -15,7 +15,9 @@ It has been installed through the `gh` extension.
 To run the workflow locally, execute the following command:
 
 ```bash
-gh act push --rm --workflows=.github/workflows/tests.yaml -P ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04
+docker login ghcr.io
+gh extension install https://github.com/nektos/gh-act
+gh act push --rm --workflows=.github/workflows/tests.yaml -P ubuntu-24.04=ghcr.io/catthehacker/ubuntu:act-22.04
 ```
 
 For more information on how to use `act`, please refer to the [official documentation] or run `gh act --help`.
diff --git a/action.yaml b/action.yaml
@@ -1,3 +1,4 @@
+---
 name: "Scality SBOM Action"
 description: "Creates an SBOM (Software Bill Of Materials) from your code, and artifacts."
 author: "Scality"
diff --git a/src/lib/install.py b/src/lib/install.py
@@ -7,7 +7,7 @@
 from pyunpack import Archive
 
 # Define the scanners and their versions
-scanners = {"syft": "1.20.0", "grype": "0.89.1", "trivy": "0.60.0"}
+scanners = {"syft": "1.21.0", "grype": "0.90.0", "trivy": "0.60.0"}
 
 # Define the base URLs for the scanners
 ANCHORE_BASE_URL = (
@@ -20,6 +20,7 @@
     "v{version}/{package_name}_{version}_Linux-64bit.tar.gz"
 )
 
+
 def set_versions(package_name):
     """
     ## This function sets the versions of the scanners.
@@ -30,6 +31,7 @@ def set_versions(package_name):
         version = scanners[package_name]
     return version
 
+
 def install_package(package_name, version):
     """
     ## This function installs the specified package and version.
@@ -47,6 +49,8 @@ def install_package(package_name, version):
     except FileNotFoundError:
         print(f"{package_name} is not installed.")
     print(f"Installing {package_name} version {version}...")
+    # Set base URL based on package name
+    base_url = ""
     if package_name in ["syft", "grype"]:
         base_url = ANCHORE_BASE_URL
     elif package_name == "trivy":
@@ -77,11 +81,12 @@ def install_package(package_name, version):
     os.remove(f"{package_name}_v{version}.tar.gz")
     print(f"{package_name} version {version} installed.")
 
+
 def install():
     """
     ## This function installs the base packages.
     """
     for scanner, version in scanners.items():
         version = set_versions(scanner)
         print(f"Installing {scanner} version {version}...")
-        install_package(scanner,version)
+        install_package(scanner, version)

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+#!/usr/bin/env python3`
	`2`	`+`
`1`	`3`	`import re`
`2`	`4`	`import requests`
`3`	`5`
Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+---`
`1`	`2`	`name: "Scality SBOM Action"`
`2`	`3`	`description: "Creates an SBOM (Software Bill Of Materials) from your code, and artifacts."`
`3`	`4`	`author: "Scality"`