aac-puml project infrastructure setup (#774)

[crazynewidea]

intermediate pull request to test main branch push workflow

[lizzcondrey]

So, I don't think it would get to go away fully because we still need to bundle the secure install components into the zip since that is something that gets provided for project hosting. But the steps that were previously producing the hash output that is now able to be accomplished with the build tool changes should get to be altered.

I believe it is outside of the scope of this task to fully determine what would have to change and how. Believe it is a solid candidate for a few tasks within the future pipeline refinement and buildtool modernization features.

[lizzcondrey]

Working through Will's aac-spec PR found the python-deploy-artifacts.yml workflow that reminded me that I forgot to put a comment to your PR to include. But with a note of commenting out lines 5-9 about the push to main.
Need to comment the push to main portion out so that it does not try to automatically deploy to PyPi yet since we do not have a functioning stand-alone package yet. We should only be manually deploying till we know it is fully functioning and stable and safe to put to automatic deployments.
Also, we need to confirm we have a registration with PyPi for the package.

The deployment of artifacts happens in the python-build-and-lint.yml worflow in the upload-artifacts action. Agree we need to confirm registration with PyPi but seems out of scope for this code review.

Partially correct, while an upload-artifacts does occur in the python-build-and-lint.yml workflow, that is not an upload to PyPi. That is handled by the python-deploy-artifacts.yml workflow as mentioned in my original comment.

Agree confirming the registration with PyPi is outside the scope of this task and code review, was just including it for SA.

[lizzcondrey]

There were some change suggestions missed, tagged those with new comments. And flagged files that are still needing to be removed. Good job getting through initial round of comments.

[lizzcondrey]

I don't see any .gitignore files for your PR, need to make sure the documentation one is pulled in as well as the src code level one.
Also don't see the .pylintrc file included which would be used with the linting step in the pipeline, but you removed that step. Both need to be included.

.gitignore is at the root of the project directory. .pylintrc added as requested additional .gitingnore added in docs folder as requested

The .gitignore at root was from the original initial commit of standing up the repository, it won't have any of the additional AaC ignore additions. Did you make changes to it prior to moving to the dev branch to update with the additional ignore additions? If so, it wouldn't have been grabbed for this PR so didn't have a way to review if it included the additional AaC ignores.

[lizzcondrey]

Good job getting version tags reassigned everywhere you had main, but it looks like you migrated versions and that can cause a lot of breakage with the actions within the workflows. Make sure you are using what is currently in core, we have an upcoming pipeline improvement feature that would tackle migrating action versions since that is well outside of the scope of the infrastructure task and the PUML feature.

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[lizzcondrey]

Think this will be the last round. Looks like the action versions all got corrected, trusting the tweaks to the toml file being a result of something you're seeing since it is a new approach, and Gitpod launching seems to have been fixed since I can get it to launch now, and we were having issues with it yesterday.

[lizzcondrey]

Why did these have to be commented out?

[crazynewidea]

they were causing the gitpod load to fail. This change made the gitpod load quicker and still accomplishes the python version load that we want. I left the commented out code there for reference in case we still wanted any of it. Is there something there you want to revive?

[lizzcondrey]

Curious about why this was causing issues for you but not with the aac-spec repo. As long as you're tracking it as an issue and this is currently working, we can evaluate it as we continue to work in the repository and maintain what a rollback would look like with the commented section. This should be okay for now.

[lizzcondrey]

I missed catching some of the upload-artifact versions not getting corrected to v3.

[lizzcondrey]

Good job getting everything addressed and incorporated. Identified some good spots for further evaluation and improvement within our upcoming pipeline feature.