mrok 0.1.6__tar.gz → 0.1.7__tar.gz

mrok-0.1.7/.github/actions/setup-python-env/action.yml

@@ -0,0 +1,30 @@
+name: "Setup Python Environment"
+description: "Set up Python environment for the given Python version"
+
+inputs:
+  python-version:
+    description: "Python version to use"
+    required: true
+    default: "3.12"
+  uv-version:
+    description: "uv version to use"
+    required: true
+    default: "0.6.2"
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/setup-python@v5
+      with:
+        python-version: ${{ inputs.python-version }}
+
+    - name: Install uv
+      uses: astral-sh/setup-uv@v2
+      with:
+        version: ${{ inputs.uv-version }}
+        enable-cache: 'true'
+        cache-suffix: ${{ matrix.python-version }}
+
+    - name: Install Python dependencies
+      run: uv sync --frozen
+      shell: bash

mrok-0.1.7/.github/workflows/notify-pr-closed.yaml

@@ -0,0 +1,41 @@
+name: Notify Teams on PR
+
+on:
+  pull_request:
+    types: [closed]
+
+jobs:
+  notify-teams:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Compute added/removed lines for notification
+        id: diff
+        run: |
+          PR_DATA=$(gh pr view "${{ github.event.pull_request.number }}" --json additions,deletions -q '.')
+          ADDITIONS=$(echo "$PR_DATA" | jq '.additions')
+          DELETIONS=$(echo "$PR_DATA" | jq '.deletions')
+          echo "additions=$ADDITIONS" >> $GITHUB_OUTPUT
+          echo "deletions=$DELETIONS" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Notify Microsoft Teams
+        uses: softwareone-platform/notify-pr-teams-action@v4
+        with:
+          webhook_url: ${{ secrets.TEAMS_WEBHOOK_URL }}
+          bot_image_url: https://raw.githubusercontent.com/softwareone-platform/mrok/main/.github/workflows/assets/turing_team_pr_bot.png
+          repo: ${{ github.repository }}
+          pr_url: ${{ github.event.pull_request.html_url }}
+          pr_title: ${{ github.event.pull_request.title }}
+          pr_author: ${{ github.event.pull_request.user.login }}
+          head_ref: ${{ github.event.pull_request.head.ref }}
+          base_ref: ${{ github.event.pull_request.base.ref }}
+          commits: ${{ github.event.pull_request.commits }}
+          changed_files: ${{ github.event.pull_request.changed_files }}
+          additions: ${{ steps.diff.outputs.additions }}
+          deletions: ${{ steps.diff.outputs.deletions }}
+          pr_number: ${{ github.event.pull_request.number }}
+          pr_status: ${{ github.event.pull_request.state }}
+          is_merged: ${{ github.event.pull_request.merged }}

mrok-0.1.7/.github/workflows/notify-pr-reviewed.yml

@@ -0,0 +1,33 @@
+name: PR Review Notification
+
+on:
+  pull_request_review:
+    types: [submitted, edited, dismissed]
+
+jobs:
+  notify-teams:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get Review Comments Count
+        id: comments
+        run: |
+          COMMENTS_COUNT=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            "https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews/${{ github.event.review.id }}/comments" | jq 'length')
+          echo "count=$COMMENTS_COUNT" >> $GITHUB_OUTPUT
+
+      - name: Notify Teams
+        uses: softwareone-platform/notify-pr-reviews-teams-action@v2
+        with:
+          webhook_url: ${{ secrets.TEAMS_WEBHOOK_URL }}
+          bot_image_url: https://raw.githubusercontent.com/softwareone-platform/mrok/main/.github/workflows/assets/turing_team_pr_bot.png
+          repo: ${{ github.repository }}
+          pr_number: ${{ github.event.pull_request.number }}
+          pr_title: ${{ github.event.pull_request.title }}
+          reviewer: ${{ github.event.review.user.login }}
+          review_state: ${{ github.event.review.state }}
+          global_comment: ${{ github.event.review.body || 'No comment provided' }}
+          comments_count: ${{ steps.comments.outputs.count }}
+          head_ref: ${{ github.event.pull_request.head.ref }}
+          base_ref: ${{ github.event.pull_request.base.ref }}
+          event: ${{ github.event.action }}
+          pr_url: ${{ github.event.pull_request.html_url }}

mrok-0.1.7/.github/workflows/pr-build-merge.yaml

@@ -0,0 +1,109 @@
+name: PR build and merge
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+  push:
+    branches:
+      - main
+      - release/*
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install libprotobuf-c1
+        run: sudo apt install -y libprotobuf-c1
+      - name: Install uv and set up its cache
+        uses: astral-sh/setup-uv@v4
+        with:
+          enable-cache: true
+          cache-dependency-glob: "uv.lock"
+
+      - name: Install Python
+        uses: actions/setup-python@v5
+        with:
+          python-version-file: ".python-version"
+
+      - name: Install the project dependancies
+        run: uv sync --all-extras --dev
+
+      - name: Run formatting checks
+        run: uv run ruff format --check --diff .
+
+      - name: Run linting
+        run: uv run ruff check .
+
+      - name: Run security checks
+        run: uv run bandit -c pyproject.toml -r . -f json -o bandit.json
+
+      - name: Run tests
+        run: uv run pytest
+      - name: Compute added/removed lines for notification
+        if: ${{ github.event_name == 'pull_request' }}
+        id: diff
+        run: |
+          PR_DATA=$(gh pr view "${{ github.event.pull_request.number }}" --json additions,deletions -q '.')
+          ADDITIONS=$(echo "$PR_DATA" | jq '.additions')
+          DELETIONS=$(echo "$PR_DATA" | jq '.deletions')
+          echo "additions=$ADDITIONS" >> $GITHUB_OUTPUT
+          echo "deletions=$DELETIONS" >> $GITHUB_OUTPUT
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Notify Microsoft Teams
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: softwareone-platform/notify-pr-teams-action@v4
+        with:
+          webhook_url: ${{ secrets.TEAMS_WEBHOOK_URL }}
+          bot_image_url: https://raw.githubusercontent.com/softwareone-platform/mrok/main/.github/workflows/assets/turing_team_pr_bot.png
+          repo: ${{ github.repository }}
+          pr_url: ${{ github.event.pull_request.html_url }}
+          pr_title: ${{ github.event.pull_request.title }}
+          pr_author: ${{ github.event.pull_request.user.login }}
+          head_ref: ${{ github.event.pull_request.head.ref }}
+          base_ref: ${{ github.event.pull_request.base.ref }}
+          commits: ${{ github.event.pull_request.commits }}
+          changed_files: ${{ github.event.pull_request.changed_files }}
+          additions: ${{ steps.diff.outputs.additions }}
+          deletions: ${{ steps.diff.outputs.deletions }}
+          pr_number: ${{ github.event.pull_request.number }}
+          pr_status: ${{ github.event.pull_request.state }}
+          is_merged: ${{ github.event.pull_request.merged }}
+
+
+      - name: SonarQube Scan
+        uses: sonarsource/sonarqube-scan-action@v6
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      - name: SonarQube Quality Gate check
+        id: sonarqube-quality-gate-check
+        uses: sonarsource/sonarqube-quality-gate-action@master
+        with:
+          pollingTimeoutSec: 600
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+      - name: Save code coverage report in the artefacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-report
+          path: htmlcov
+          retention-days: 10
+
+      - name: Generate openapi.json
+        run: uv run mrok controller openapi -f json -o openapi.json
+
+      - name: Save openapi.json the artefacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: openapi-spec
+          path: openapi.json
+          retention-days: 10

mrok-0.1.7/.github/workflows/release.yml

@@ -0,0 +1,112 @@
+name: Release
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  id-token: write  # for OIDC
+  contents: read
+
+jobs:
+  docker-image:
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    needs: [ set-version ]
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v5
+      with:
+        fetch-depth: 0
+
+    - name: Download updated pyproject.toml
+      uses: actions/download-artifact@v4
+      with:
+        name: pyproject-toml
+
+    - name: 'Get the version'
+      id: get_version
+      run: echo  "VERSION=${GITHUB_REF/refs\/tags\//}" >> "$GITHUB_OUTPUT"
+
+    - name: 'Login to ACR'
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ vars.REGISTRY_LOGIN_SERVER }}
+        username: ${{ vars.REGISTRY_USERNAME }}
+        password: ${{ secrets.REGISTRY_PASSWORD }}
+    - name: Docker meta
+      id: meta
+      uses: docker/metadata-action@v4
+      with:
+        images: ${{ vars.REGISTRY_LOGIN_SERVER }}/gha/mrok
+        tags: |
+          type=semver,pattern={{major}}.{{minor}}.{{patch}},value=${{ steps.get_version.outputs.VERSION }}
+          type=semver,pattern={{major}}.{{minor}},value=${{ steps.get_version.outputs.VERSION }}
+          type=semver,pattern={{major}},value=${{ steps.get_version.outputs.VERSION }}
+        flavor: |
+          latest=false
+    - name: Build and push docker image
+      id: docker_build
+      uses: docker/build-push-action@v3
+      with:
+        context: .
+        file: prod.Dockerfile
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+    - name: Docker image digest
+      run: echo ${{ steps.docker_build.outputs.digest }}
+
+  dtrack:
+    uses: softwareone-platform/ops-template/.github/workflows/dependency-track-python-uv.yml@v1
+    with:
+      projectName: 'mrok'
+    secrets:
+      DEPENDENCYTRACK_APIKEY: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+
+  set-version:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Export tag
+        id: vars
+        run: echo tag=${GITHUB_REF#refs/*/} >> $GITHUB_OUTPUT
+        if: ${{ github.event_name == 'release' }}
+
+      - name: Update project version
+        run: |
+          sed -i "s/^version = \".*\"/version = \"$RELEASE_VERSION\"/" pyproject.toml
+        env:
+          RELEASE_VERSION: ${{ steps.vars.outputs.tag }}
+        if: ${{ github.event_name == 'release' }}
+
+      - name: Upload updated pyproject.toml
+        uses: actions/upload-artifact@v4
+        with:
+          name: pyproject-toml
+          path: pyproject.toml
+
+  publish:
+    runs-on: ubuntu-latest
+
+    needs: [ set-version ]
+    steps:
+      - name: Check out
+        uses: actions/checkout@v4
+
+      - name: Set up the environment
+        uses: ./.github/actions/setup-python-env
+
+      - name: Download updated pyproject.toml
+        uses: actions/download-artifact@v4
+        with:
+          name: pyproject-toml
+
+      - name: Build package
+        run: uv build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          repository-url: https://upload.pypi.org/legacy/

mrok-0.1.7/.gitignore

@@ -0,0 +1,192 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+charges_file_folder
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+cover/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+.pybuilder/
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+#   For a library or package, you might want to ignore these files since the code is
+#   intended to run in multiple environments; otherwise, check them in:
+# .python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# poetry
+#   Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
+#   This is especially recommended for binary packages to ensure reproducibility, and is more
+#   commonly ignored for libraries.
+#   https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
+#poetry.lock
+
+# pdm
+#   Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
+#pdm.lock
+#   pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
+#   in version control.
+#   https://pdm.fming.dev/latest/usage/project/#working-with-version-control
+.pdm.toml
+.pdm-python
+.pdm-build/
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.env.*
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# pytype static type analyzer
+.pytype/
+
+# Cython debug symbols
+cython_debug/
+
+# unified cache dir
+.cache/
+
+# bandit report
+bandit.json
+
+# PyCharm
+#  JetBrains specific template is maintained in a separate JetBrains.gitignore that can
+#  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
+#  and can be added to the global gitignore or merged into this file.  For a more nuclear
+#  option (not recommended) you can uncomment the following to ignore the entire idea folder.
+.idea/
+
+# vscode
+.devcontainer/
+
+# Postgres data
+pg_data/
+test_pg_data/
+
+# Default OpenAPI spec file
+ffc_operations_openapi_spec.yml
+
+# local dev tools configs
+taplo.toml
+
+# MacOS
+.DS_Store
+
+.identity
+.ziti-home
+
+# Ignore dynaconf secret files
+.secrets.*

mrok-0.1.7/.pre-commit-config.yaml

@@ -0,0 +1,29 @@
+default_language_version:
+    python: python3.12
+repos:
+    - repo: https://github.com/pre-commit/pre-commit-hooks
+      rev: v5.0.0
+      hooks:
+          - id: check-added-large-files
+          - id: check-toml
+          - id: check-yaml
+            args:
+                - --unsafe
+          - id: end-of-file-fixer
+          - id: trailing-whitespace
+    - repo: https://github.com/astral-sh/ruff-pre-commit
+      rev: v0.10.0
+      hooks:
+          - id: ruff
+            args:
+                - --fix
+          - id: ruff-format
+    - repo: https://github.com/PyCQA/bandit
+      rev: "1.8.0"
+      hooks:
+          - id: bandit
+            args:
+                - -c
+                - pyproject.toml
+                - -r
+                - .

mrok-0.1.7/.python-version

@@ -0,0 +1 @@
+3.12

{mrok-0.1.6 → mrok-0.1.7}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: mrok
-Version: 0.1.6
+Version: 0.1.7
 Summary: MPT Extensions OpenZiti Orchestrator
 Author: SoftwareOne AG
 License:                                  Apache License
@@ -204,16 +204,14 @@ License:                                  Apache License
            WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
            See the License for the specific language governing permissions and
            limitations under the License.
-        
-Requires-Python: <4,>=3.12
-Description-Content-Type: text/markdown
 License-File: LICENSE.txt
+Requires-Python: <4,>=3.12
 Requires-Dist: cryptography<46.0.0,>=45.0.7
 Requires-Dist: dynaconf<4.0.0,>=3.2.11
 Requires-Dist: fastapi-pagination<0.15.0,>=0.14.1
-Requires-Dist: fastapi[standard]<0.117.0,>=0.116.1
+Requires-Dist: fastapi[standard]<0.120.0,>=0.119.0
 Requires-Dist: gunicorn<24.0.0,>=23.0.0
-Requires-Dist: httptools<0.7.0,>=0.6.4
+Requires-Dist: httptools<0.8.0,>=0.7.1
 Requires-Dist: httpx<0.29.0,>=0.28.1
 Requires-Dist: openziti<2.0.0,>=1.3.1
 Requires-Dist: pydantic<3.0.0,>=2.11.7
@@ -221,9 +219,9 @@ Requires-Dist: pyfiglet<2.0.0,>=1.0.4
 Requires-Dist: pyjwt<3.0.0,>=2.10.1
 Requires-Dist: pyyaml<7.0.0,>=6.0.2
 Requires-Dist: rich<15.0.0,>=14.1.0
-Requires-Dist: typer<0.17.0,>=0.16.1
-Requires-Dist: uvicorn-worker<0.4.0,>=0.3.0
-Dynamic: license-file
+Requires-Dist: typer<0.20.0,>=0.19.2
+Requires-Dist: uvicorn-worker<0.5.0,>=0.4.0
+Description-Content-Type: text/markdown
 
 [![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff) [![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=softwareone-platform_mrok&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=softwareone-platform_mrok) [![Coverage](https://sonarcloud.io/api/project_badges/measure?project=softwareone-platform_mrok&metric=coverage)](https://sonarcloud.io/summary/new_code?id=softwareone-platform_mrok)
 

mrok-0.1.7/dev.Dockerfile

@@ -0,0 +1,50 @@
+FROM python:3.12
+
+# The uv installer requires curl (and certificates) to download the release archive
+RUN apt-get clean -y; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends ca-certificates curl vim postgresql-client netcat-openbsd libprotobuf-c1; \
+    apt-get autoremove --purge -y; \
+    apt-get clean -y; \
+    rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*
+
+RUN curl -sSf https://get.openziti.io/install.bash | bash -s openziti-controller openziti-router zrok
+# Run the uv installer then remove it
+RUN curl -LsSf https://astral.sh/uv/install.sh | sh
+
+# Ensure the installed binary is on the `PATH`
+ENV PATH="/root/.local/bin/:$PATH"
+
+# Install the project into `/app`
+WORKDIR /app
+
+# Enable bytecode compilation
+ENV UV_COMPILE_BYTECODE=1
+
+# Copy from the cache instead of linking since it's a mounted volume
+ENV UV_LINK_MODE=copy
+
+# Install the project's dependencies using the lockfile and settings
+RUN --mount=type=cache,target=/root/.cache/uv \
+    --mount=type=bind,source=uv.lock,target=uv.lock \
+    --mount=type=bind,source=pyproject.toml,target=pyproject.toml \
+    uv sync --frozen --no-install-project
+
+RUN echo 'alias pip="uv pip"' >> ~/.bashrc
+
+# Then, add the rest of the project source code and install it
+# Installing separately from its dependencies allows optimal layer caching
+COPY . /app
+RUN --mount=type=cache,target=/root/.cache/uv \
+    uv sync --frozen
+
+
+
+
+# Place executables in the environment at the front of the path
+ENV PATH="/app/.venv/bin:$PATH"
+
+COPY ./entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]