sftpwarden 1.0.0__tar.gz

sftpwarden-1.0.0/.dockerignore

@@ -0,0 +1,20 @@
+*
+
+!pyproject.toml
+!README.md
+!LICENSE
+
+!sftpwarden
+!sftpwarden/**
+
+!docker
+!docker/runtime
+!docker/runtime/**
+!docker/watcher
+!docker/watcher/**
+
+**/__pycache__
+**/*.py[cod]
+**/*.pyo
+**/*.pyd
+**/.DS_Store

sftpwarden-1.0.0/.env.example

@@ -0,0 +1,2 @@
+SFTPWARDEN_CONFIG=/etc/sftpwarden/sftpwarden.yaml
+

sftpwarden-1.0.0/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,35 @@
+---
+name: Bug report
+about: Report something that is not working as expected
+title: "Bug: "
+labels: bug
+assignees: ""
+---
+
+## What happened?
+
+Describe the problem clearly.
+
+## What did you expect?
+
+Describe the expected behavior.
+
+## Reproduction
+
+```bash
+# commands or minimal steps
+```
+
+## Environment
+
+- SFTPWarden version or commit:
+- Python version:
+- OS:
+- Docker version:
+- Provider: YAML / CSV / MySQL / PostgreSQL
+- Context type: local / remote local-sync / remote-only
+
+## Logs
+
+Paste relevant output here. Redact secrets, tokens, private keys, DSNs, usernames,
+hostnames, and customer data when needed.

sftpwarden-1.0.0/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,24 @@
+---
+name: Feature request
+about: Suggest a useful improvement
+title: "Feature: "
+labels: enhancement
+assignees: ""
+---
+
+## Problem
+
+What operational problem are you trying to solve?
+
+## Proposed behavior
+
+What should SFTPWarden do?
+
+## Alternatives considered
+
+What have you tried or considered?
+
+## Compatibility
+
+Would this affect existing CLI commands, config files, provider schemas, runtime
+state, Docker images, or remote deployment behavior?

sftpwarden-1.0.0/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,20 @@
+## Summary
+
+Describe the user-facing change.
+
+## Target Branch
+
+- [ ] This PR targets `dev`, not `main`
+
+## Validation
+
+- [ ] Docs-only change: `tox -e docs`
+- [ ] Code change: `tox`
+- [ ] Docker/runtime change: local Docker build/smoke test
+- [ ] Docs updated when behavior changed
+- [ ] Examples updated when configuration changed
+- [ ] No secrets, private keys, tokens, DSNs, or customer data included
+
+## Notes
+
+Mention compatibility risks, follow-up work, or deployment considerations.

sftpwarden-1.0.0/.github/dependabot.yml

@@ -0,0 +1,77 @@
+version: 2
+
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    target-branch: "dev"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+      timezone: "Asia/Dubai"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "deps"
+    groups:
+      python-dependencies:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    target-branch: "dev"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:15"
+      timezone: "Asia/Dubai"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "deps"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "docker"
+    directories:
+      - "/"
+      - "/docker/runtime"
+      - "/docker/watcher"
+    target-branch: "dev"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:30"
+      timezone: "Asia/Dubai"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "deps"
+    groups:
+      docker-images:
+        patterns:
+          - "*"
+
+  - package-ecosystem: "docker-compose"
+    directories:
+      - "/examples/csv"
+      - "/examples/mysql"
+      - "/examples/postgres"
+      - "/examples/watcher-docker"
+      - "/examples/yaml"
+    target-branch: "dev"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:45"
+      timezone: "Asia/Dubai"
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "deps"
+    groups:
+      compose-images:
+        patterns:
+          - "*"

sftpwarden-1.0.0/.github/workflows/ci.yml

@@ -0,0 +1,94 @@
+name: CI
+
+on:
+  push:
+    branches: [dev]
+    paths:
+      - "sftpwarden/**"
+      - "tests/**"
+      - "examples/**"
+      - "docker/**"
+      - "pyproject.toml"
+      - "tox.ini"
+      - ".github/workflows/ci.yml"
+  pull_request:
+    branches: [dev]
+    paths:
+      - "sftpwarden/**"
+      - "tests/**"
+      - "examples/**"
+      - "docker/**"
+      - "pyproject.toml"
+      - "tox.ini"
+      - ".github/workflows/ci.yml"
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Python ${{ matrix.python-version }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - python-version: "3.11"
+            tox-env: py311
+          - python-version: "3.12"
+            tox-env: py312
+          - python-version: "3.13"
+            tox-env: py313
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v7.0.0
+
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: pip
+
+      - name: Install tox
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install tox
+
+      - name: Run tests
+        run: tox -e ${{ matrix.tox-env }}
+
+  quality:
+    name: Lint, package, and examples
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v7.0.0
+
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version: "3.13"
+          cache: pip
+
+      - name: Install tox and package
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install tox
+          python -m pip install -e ".[watch,mysql,postgres]"
+
+      - name: Run lint and package checks
+        run: tox -e lint,package
+
+      - name: Validate examples
+        run: |
+          sftpwarden validate --config examples/yaml/sftpwarden.yaml
+          sftpwarden validate --config examples/csv/sftpwarden.yaml
+          SFTPWARDEN_MYSQL_DSN=mysql://user:pass@localhost/sftp sftpwarden validate --config examples/mysql/sftpwarden.yaml
+          SFTPWARDEN_POSTGRES_DSN=postgresql://user:pass@localhost/sftp sftpwarden validate --config examples/postgres/sftpwarden.yaml
+
+      - name: Validate compose generation
+        run: |
+          sftpwarden compose --config examples/yaml/sftpwarden.yaml > /tmp/sftpwarden-compose.yml
+          test -s /tmp/sftpwarden-compose.yml

sftpwarden-1.0.0/.github/workflows/docker.yml

@@ -0,0 +1,145 @@
+name: Docker
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "docker/**"
+      - "sftpwarden/**"
+      - "pyproject.toml"
+      - ".dockerignore"
+      - ".github/workflows/docker.yml"
+
+permissions:
+  contents: read
+  packages: write
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+  WATCHER_IMAGE_NAME: ${{ github.repository }}-watcher
+
+jobs:
+  version:
+    runs-on: ubuntu-latest
+    outputs:
+      changed: ${{ steps.version.outputs.changed }}
+      version: ${{ steps.version.outputs.version }}
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v7.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Check package version change
+        id: version
+        env:
+          BEFORE_SHA: ${{ github.event.before }}
+        run: |
+          python - <<'PY' >> "$GITHUB_OUTPUT"
+          import os
+          import subprocess
+          import tomllib
+          from pathlib import Path
+
+          def read_version(text: str) -> str:
+              return tomllib.loads(text)["project"]["version"]
+
+          current = read_version(Path("pyproject.toml").read_text(encoding="utf-8"))
+          previous = ""
+          before = os.environ.get("BEFORE_SHA", "")
+          if before and before != "0" * 40:
+              result = subprocess.run(
+                  ["git", "show", f"{before}:pyproject.toml"],
+                  capture_output=True,
+                  check=False,
+                  text=True,
+              )
+              if result.returncode == 0:
+                  previous = read_version(result.stdout)
+
+          changed = previous != current
+          print(f"version={current}")
+          print(f"previous_version={previous}")
+          print(f"changed={str(changed).lower()}")
+          PY
+
+  build:
+    needs: version
+    if: needs.version.outputs.changed == 'true'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v7.0.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v4.1.0
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v4.2.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Runtime metadata
+        id: runtime-meta
+        uses: docker/metadata-action@v6.1.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ needs.version.outputs.version }}
+            type=raw,value=latest
+
+      - name: Watcher metadata
+        id: watcher-meta
+        uses: docker/metadata-action@v6.1.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.WATCHER_IMAGE_NAME }}
+          tags: |
+            type=raw,value=${{ needs.version.outputs.version }}
+            type=raw,value=latest
+
+      - name: Build runtime image
+        uses: docker/build-push-action@v7.2.0
+        with:
+          context: .
+          file: docker/runtime/Dockerfile
+          load: true
+          tags: sftpwarden:ci
+
+      - name: Runtime smoke test
+        run: |
+          docker run --rm --entrypoint sh sftpwarden:ci -c 'command -v sshd && command -v sftpwarden && sftpwarden --version && grep -q "^Port 22$" /etc/ssh/sshd_config'
+
+      - name: Build watcher image
+        uses: docker/build-push-action@v7.2.0
+        with:
+          context: .
+          file: docker/watcher/Dockerfile
+          load: true
+          tags: sftpwarden-watcher:ci
+
+      - name: Watcher smoke test
+        run: |
+          docker run --rm --entrypoint sh sftpwarden-watcher:ci -c 'command -v sftpwarden && sftpwarden --version && test ! -S /var/run/docker.sock'
+
+      - name: Publish runtime image
+        uses: docker/build-push-action@v7.2.0
+        with:
+          context: .
+          file: docker/runtime/Dockerfile
+          push: true
+          tags: ${{ steps.runtime-meta.outputs.tags }}
+          labels: ${{ steps.runtime-meta.outputs.labels }}
+
+      - name: Publish watcher image
+        uses: docker/build-push-action@v7.2.0
+        with:
+          context: .
+          file: docker/watcher/Dockerfile
+          push: true
+          tags: ${{ steps.watcher-meta.outputs.tags }}
+          labels: ${{ steps.watcher-meta.outputs.labels }}

sftpwarden-1.0.0/.github/workflows/docs.yml

@@ -0,0 +1,60 @@
+name: Docs
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "README.md"
+      - "CONTRIBUTING.md"
+      - "SECURITY.md"
+      - "CODE_OF_CONDUCT.md"
+      - "docs/**"
+      - ".github/workflows/docs.yml"
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: pages
+  cancel-in-progress: false
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v7.0.0
+
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version: "3.13"
+          cache: pip
+
+      - name: Install docs dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install -e ".[docs]"
+
+      - name: Build Sphinx site
+        run: sphinx-build -b html docs docs/_build/html
+
+      - name: Upload Pages artifact
+        uses: actions/upload-pages-artifact@v5.0.0
+        with:
+          path: docs/_build/html
+
+  deploy:
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v5.0.0

sftpwarden-1.0.0/.github/workflows/release.yml

@@ -0,0 +1,122 @@
+name: Release
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - "sftpwarden/**"
+      - "pyproject.toml"
+      - "README.md"
+      - "LICENSE"
+      - "CHANGELOG.md"
+      - ".github/workflows/release.yml"
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  verify:
+    runs-on: ubuntu-latest
+    outputs:
+      changed: ${{ steps.version.outputs.changed }}
+      version: ${{ steps.version.outputs.version }}
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v7.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Verify package versions and change
+        id: version
+        env:
+          BEFORE_SHA: ${{ github.event.before }}
+        run: |
+          python - <<'PY' >> "$GITHUB_OUTPUT"
+          import os
+          import subprocess
+          import tomllib
+          from pathlib import Path
+
+          import sftpwarden
+
+          def read_version(text: str) -> str:
+              return tomllib.loads(text)["project"]["version"]
+
+          package_version = read_version(Path("pyproject.toml").read_text(encoding="utf-8"))
+          module_version = sftpwarden.__version__
+          if package_version != module_version:
+              raise SystemExit(
+                  f"pyproject={package_version} module={module_version}"
+              )
+
+          previous = ""
+          before = os.environ.get("BEFORE_SHA", "")
+          if before and before != "0" * 40:
+              result = subprocess.run(
+                  ["git", "show", f"{before}:pyproject.toml"],
+                  capture_output=True,
+                  check=False,
+                  text=True,
+              )
+              if result.returncode == 0:
+                  previous = read_version(result.stdout)
+
+          changed = previous != package_version
+          print(f"version={package_version}")
+          print(f"previous_version={previous}")
+          print(f"changed={str(changed).lower()}")
+          PY
+
+  package:
+    needs: verify
+    if: needs.verify.outputs.changed == 'true'
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/sftpwarden
+
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v7.0.0
+
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version: "3.13"
+          cache: pip
+
+      - name: Build distributions
+        run: |
+          python -m pip install --upgrade pip build
+          python -m build
+
+      - name: Upload package artifacts
+        uses: actions/upload-artifact@v7.0.1
+        with:
+          name: python-package
+          path: dist/*
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@v1.14.0
+
+  github-release:
+    needs: [verify, package]
+    if: needs.verify.outputs.changed == 'true'
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Download package artifacts
+        uses: actions/download-artifact@v8.0.1
+        with:
+          name: python-package
+          path: dist
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v3.0.1
+        with:
+          tag_name: v${{ needs.verify.outputs.version }}
+          target_commitish: ${{ github.sha }}
+          files: dist/*
+          generate_release_notes: true