Skip to content

Instantly share code, notes, and snippets.

@hectorcanto
Created November 11, 2020 11:56
Show Gist options
  • Save hectorcanto/f2b50938a0b7cdeb9960c7d4870dfea8 to your computer and use it in GitHub Desktop.
Save hectorcanto/f2b50938a0b7cdeb9960c7d4870dfea8 to your computer and use it in GitHub Desktop.
A curated Makefile for a Python repository, with commands for using several code quality and security tools like Pylint, Flake, Bandit, Trivy ... Assumes everything is installed, a full demo repo is pending (it is a promise)
# https://misc.flogisoft.com/bash/tip_colors_and_formatting
RED="\\e[91m"
GREEN="\\e[32m"
BLUE="\\e[94m"
YELLOW="\\e[33m"
REGULAR="\\e[39m"
REPORTS=".coverage-reports"
SRC="app"
VERSION=$(shell cat ${SRC}/__init__.py | head -n 1 | cut -d" " -f 3 | tr -d "'")
# Change the version command to adapt it to your needs
help: ## Prompts help for every command
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \
awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
warn:
@echo "${BLUE}This is a warning to use in other commands.${REGULAR}"
clean-py: ## Remove Python artifacts like .pyc and pycache
find . -name '*.pyc' -exec rm -f {} +
find . -name '*.pyo' -exec rm -f {} +
find . -name '*~' -exec rm -f {} +
find . -name '__pycache__' -exec rm -fr {} +
build: ## Build docker image with credentials from .env
@docker build --build-arg $(shell cat .env | grep PYPI) -t test-image:active ./
show-version: ## Shows the explicit version of the component
@echo ${VERSION}
bump-version:
bumpversion patch --allow-dirty
d diff: ## Show diff of the first unstaged file
git diff --name-only | head -n 1 | xargs git diff
a add: ## Add the first unstaged file, run it after make diff
@git diff --name-only | head -n 1 | xargs git add -v
black: ## Launch black against all added files
@git diff --cached --name-only -- '***.py' | xargs -L 1 black -l 100
linting: ## Check linting with Pylint -- generates report
pylint --rcfile=setup.cfg ${SRC}/ | tee ${REPORTS}/pylint.txt
flake: ## Check style and linting with Flake8 - generates report
@flake8 --tee --output-file=${REPORTS}/flake8.txt\
&& echo "${GREEN}Passed Flake8 style review.${REGULAR}" \
|| (echo "${RED}Flake8 style review failed.${REGULAR}" ; exit 1)
check-upgradable: ## Prompt a list of upgradable Python packages
@echo "${YELLOW}This task may take up to a minute.${REGULAR}"
pip-check -H -l | tee ${REPORTS}/upgradable.txt
graph: ## Show the dependency inverted graph with ARG highlighted, usage: make graph ARG="requests"
pipenv graph --reverse | grep --color=always -e^ -e ${ARG}
swagger: ## Launch a Swagger server with API definition in local port 8081
docker run --rm -d --name swagger_local -p 8081:8080 -e SWAGGER_JSON=/mnt/api_definition.yaml -v $
(shell pwd):/mnt swaggerapi/swagger-ui
xdg-open http://localhost:8081
deploy-swarm:
docker stack deploy -c docker-compose.yml platform
dkc: ## Quickly deploy Docker containers
docker-compose up -d
test: ## Run pytest with PYTEST conf
pytest -p no:warnings
up: ## Raise all auxiliary container
docker-compose pull
docker-compose up -d database broker
launch: ## Launch application with Gunicorn in port 8000
gunicorn -w 4 application:application --bind 0.0.0.0:8000 --timeout 1000
sonar: ## Sonar Scanner CLI -- reports xunit, coverage, pylint and bandit
@sed -i -e 's|<source>.*</source>|<source>app</source>|g' ${REPORTS}/coverage.xml
docker run -v "${PWD}:/usr/src" --user="$(shell id -u):$(shell id -g)" --env-file=.env sonarsource
/sonar-scanner-cli
bandit: ## Check security issues with Bandit
@bandit --format json --output ${REPORTS}/bandit.json --recursive ${SRC}
safety: ## Check Python packages vulnerabilities against PyUp DB
@safety check --full-report | tee ${REPORTS}/safety.txt
trivy: ## Check docker image vulnerabilities with Trivy
@docker run -t -e TRIVY_EXIT_CODE=1 -e TRIVY_SEVERITY=HIGH,CRITICAL \
-v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy p2_sut_1
dead-code: ## Look for dead code with Vulture
@vulture ${SRC}/ | tee ${REPORTS}/vulture.txt
.PHONY: help clean-py build linting black flake check-upgradable graph dkc test up launch sonar bandit saf
ety \
trivy dead-code
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment