Created
November 11, 2020 11:56
-
-
Save hectorcanto/f2b50938a0b7cdeb9960c7d4870dfea8 to your computer and use it in GitHub Desktop.
A curated Makefile for a Python repository, with commands for using several code quality and security tools like Pylint, Flake, Bandit, Trivy ... Assumes everything is installed, a full demo repo is pending (it is a promise)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# https://misc.flogisoft.com/bash/tip_colors_and_formatting | |
RED="\\e[91m" | |
GREEN="\\e[32m" | |
BLUE="\\e[94m" | |
YELLOW="\\e[33m" | |
REGULAR="\\e[39m" | |
REPORTS=".coverage-reports" | |
SRC="app" | |
VERSION=$(shell cat ${SRC}/__init__.py | head -n 1 | cut -d" " -f 3 | tr -d "'") | |
# Change the version command to adapt it to your needs | |
help: ## Prompts help for every command | |
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | \ | |
awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' | |
warn: | |
@echo "${BLUE}This is a warning to use in other commands.${REGULAR}" | |
clean-py: ## Remove Python artifacts like .pyc and pycache | |
find . -name '*.pyc' -exec rm -f {} + | |
find . -name '*.pyo' -exec rm -f {} + | |
find . -name '*~' -exec rm -f {} + | |
find . -name '__pycache__' -exec rm -fr {} + | |
build: ## Build docker image with credentials from .env | |
@docker build --build-arg $(shell cat .env | grep PYPI) -t test-image:active ./ | |
show-version: ## Shows the explicit version of the component | |
@echo ${VERSION} | |
bump-version: | |
bumpversion patch --allow-dirty | |
d diff: ## Show diff of the first unstaged file | |
git diff --name-only | head -n 1 | xargs git diff | |
a add: ## Add the first unstaged file, run it after make diff | |
@git diff --name-only | head -n 1 | xargs git add -v | |
black: ## Launch black against all added files | |
@git diff --cached --name-only -- '***.py' | xargs -L 1 black -l 100 | |
linting: ## Check linting with Pylint -- generates report | |
pylint --rcfile=setup.cfg ${SRC}/ | tee ${REPORTS}/pylint.txt | |
flake: ## Check style and linting with Flake8 - generates report | |
@flake8 --tee --output-file=${REPORTS}/flake8.txt\ | |
&& echo "${GREEN}Passed Flake8 style review.${REGULAR}" \ | |
|| (echo "${RED}Flake8 style review failed.${REGULAR}" ; exit 1) | |
check-upgradable: ## Prompt a list of upgradable Python packages | |
@echo "${YELLOW}This task may take up to a minute.${REGULAR}" | |
pip-check -H -l | tee ${REPORTS}/upgradable.txt | |
graph: ## Show the dependency inverted graph with ARG highlighted, usage: make graph ARG="requests" | |
pipenv graph --reverse | grep --color=always -e^ -e ${ARG} | |
swagger: ## Launch a Swagger server with API definition in local port 8081 | |
docker run --rm -d --name swagger_local -p 8081:8080 -e SWAGGER_JSON=/mnt/api_definition.yaml -v $ | |
(shell pwd):/mnt swaggerapi/swagger-ui | |
xdg-open http://localhost:8081 | |
deploy-swarm: | |
docker stack deploy -c docker-compose.yml platform | |
dkc: ## Quickly deploy Docker containers | |
docker-compose up -d | |
test: ## Run pytest with PYTEST conf | |
pytest -p no:warnings | |
up: ## Raise all auxiliary container | |
docker-compose pull | |
docker-compose up -d database broker | |
launch: ## Launch application with Gunicorn in port 8000 | |
gunicorn -w 4 application:application --bind 0.0.0.0:8000 --timeout 1000 | |
sonar: ## Sonar Scanner CLI -- reports xunit, coverage, pylint and bandit | |
@sed -i -e 's|<source>.*</source>|<source>app</source>|g' ${REPORTS}/coverage.xml | |
docker run -v "${PWD}:/usr/src" --user="$(shell id -u):$(shell id -g)" --env-file=.env sonarsource | |
/sonar-scanner-cli | |
bandit: ## Check security issues with Bandit | |
@bandit --format json --output ${REPORTS}/bandit.json --recursive ${SRC} | |
safety: ## Check Python packages vulnerabilities against PyUp DB | |
@safety check --full-report | tee ${REPORTS}/safety.txt | |
trivy: ## Check docker image vulnerabilities with Trivy | |
@docker run -t -e TRIVY_EXIT_CODE=1 -e TRIVY_SEVERITY=HIGH,CRITICAL \ | |
-v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy p2_sut_1 | |
dead-code: ## Look for dead code with Vulture | |
@vulture ${SRC}/ | tee ${REPORTS}/vulture.txt | |
.PHONY: help clean-py build linting black flake check-upgradable graph dkc test up launch sonar bandit saf | |
ety \ | |
trivy dead-code |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment