Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deploy to PyPI, install with pip; removed some vulnerabilities…and more! #5

Merged
merged 2 commits into from
Nov 7, 2024
Merged

Deploy to PyPI, install with pip; removed some vulnerabilities…and more! #5

merged 2 commits into from
Nov 7, 2024

Conversation

nutjob4life
Copy link
Contributor

Purpose

Merge this PR and get some vulnerabilities removed, PyPI support, and you can pip install slim-leaderboard once this is published to PyPI.

Proposed Changes

  • Removal of unbounded dependency confusion vulnerabilities
  • Addition of PyPI project metadata
  • You can pip install it!
  • Removal of unused imports
  • Application of basic PEP8 formatting
  • Unapologetic removal of commented-out code that lacked comments explaining why it was commented out (yes, a personal pet peeve)
  • Removal of infused_count = pr_count = issue_count = total_count = 0 as these variables were never used
  • Support for --version

Issues

No issues; I just wanted to be able to pip install this and saw opportunities for additional fine-tuning.

Testing

$ env GITHUB_TOKEN=ghp_REDACTED slim-leaderboard --emoji --output_format MARKDOWN examples/slim-ammos-config.json > report.md
WARNING:root:Ignoring archived or disabled repository [multi-mission-utilities-DSN] in org (https://api.github.com/orgs/nasa-ammos/repos?per_page=100)
WARNING:root:Ignoring archived or disabled repository [aerie-release] in org (https://api.github.com/orgs/nasa-ammos/repos?per_page=100)
WARNING:root:Ignoring archived or disabled repository [BSL-private] in org (https://api.github.com/orgs/nasa-ammos/repos?per_page=100)
Scanning Repositories:   1%|▌                                                          | 1/97 [00:01<02:33,  1.60s/repo

Scanning Repositories: 100%|██████████████████████████████████████████████████████████| 97/97 [01:21<00:00,  1.19repo/s]

And look what's in report.md:

SLIM Best Practices Repository Scan Report

Owner Repository License Readme Contributing Guide Code of Conduct Issue Templates PR Templates Additional Documentation Changelog GitHub: Vulnerability Alerts GitHub: Code Scanning Alerts GitHub: Secret Scanning Alerts Secrets Detection Governance Model Continuous Testing Plan
nasa-ammos slim-starterkit-python 🟢 🟢 🟢 🟢 🟢 🟢 🟢 🟢 🔴 🟢 🔴 🟢 🟢 🔴
nasa-ammos slim 🟢 🟢 🟢 🟢 🟢 🟢 🟢 🟢 🔴 🟢 🔴 🔴 🟢 🔴
nasa-ammos slim-starterkit 🟢 🟢 🟢 🟢 🟢 🟢 🟢 🟢 🔴 🔴 🔴 🔴 🟢 🔴

Publishing to PyPI

Well, we have @ingyhere's new trusted publishing support, but for a quickie:

$ python3 -m build
$ twine upload dist/*

And make sure to add the appropriate collaborators.

@nutjob4life
Deploy to PyPI, install with pip; removed some vulnerabilities…and more!
1958ba1 
- Removed unbounded dependency confusion vulnerabilities
- Added PyPI project metadata
- Made pip-installable
- Removed unused imports
- Applied basic PEP8 formatting
- Unapologetically removed commented-out code that lacked comments explaining why it was commented out (yes, a personal pet peeve)
- Removed `infused_count = pr_count = issue_count = total_count = 0` as these variables were never used
- Add support for `--version`
@nutjob4life nutjob4life requested review from yunks128, ingyhere and riverma and removed request for ingyhere November 4, 2024 19:14
@yunks128
Copy link
Contributor

yunks128 commented Nov 7, 2024

@nutjob4life This is awesome! Thank you for your contribution!

@yunks128 yunks128 merged commit 75d781b into main Nov 7, 2024
1 check failed
@yunks128 yunks128 deleted the pypi branch November 7, 2024 06:16
@nutjob4life
Copy link
Contributor Author

@yunks128 thank you! 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yunks128 yunks128 Awaiting requested review from yunks128

@riverma riverma Awaiting requested review from riverma

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nutjob4life @yunks128