-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp.doql.css
More file actions
434 lines (386 loc) · 17.9 KB
/
Copy pathapp.doql.css
File metadata and controls
434 lines (386 loc) · 17.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
app {
name: "nfo";
version: "0.2.22";
}
interface[type="cli"] {
framework: click;
}
interface[type="cli"] page[name="nfo"] {
}
workflow[name="install"] {
trigger: "manual";
step-1: run cmd=$(PYTHON) -m pip install -e .;
}
workflow[name="dev"] {
trigger: "manual";
step-1: run cmd=$(PYTHON) -m pip install -e ".[dev]";
}
workflow[name="test"] {
trigger: "manual";
step-1: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest -p pytest_asyncio.plugin tests/ -v;
}
workflow[name="test-cov"] {
trigger: "manual";
step-1: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src $(PYTHON) -m pytest -p pytest_asyncio.plugin tests/ -v --cov=src/pactown --cov-report=term-missing;
}
workflow[name="lint"] {
trigger: "manual";
step-1: run cmd=if $(PYTHON) -c "import ruff" >/dev/null 2>&1; then \;
step-2: run cmd=$(PYTHON) -m ruff check src/ tests/; \;
step-3: run cmd=elif command -v ruff >/dev/null 2>&1; then \;
step-4: run cmd=ruff check src/ tests/; \;
step-5: run cmd=elif command -v pipx >/dev/null 2>&1; then \;
step-6: run cmd=pipx run ruff check src/ tests/; \;
step-7: run cmd=else \;
step-8: run cmd=echo "Missing dependency: ruff. Run: make dev (or install via pipx)."; \;
step-9: run cmd=exit 1; \;
step-10: run cmd=fi;
}
workflow[name="format"] {
trigger: "manual";
step-1: run cmd=if $(PYTHON) -c "import ruff" >/dev/null 2>&1; then \;
step-2: run cmd=$(PYTHON) -m ruff format src/ tests/; \;
step-3: run cmd=elif command -v ruff >/dev/null 2>&1; then \;
step-4: run cmd=ruff format src/ tests/; \;
step-5: run cmd=elif command -v pipx >/dev/null 2>&1; then \;
step-6: run cmd=pipx run ruff format src/ tests/; \;
step-7: run cmd=else \;
step-8: run cmd=echo "Missing dependency: ruff. Run: make dev (or install via pipx)."; \;
step-9: run cmd=exit 1; \;
step-10: run cmd=fi;
}
workflow[name="build"] {
trigger: "manual";
step-1: run cmd=$(PYTHON) -c "import build" >/dev/null 2>&1 || (echo "Missing dependency: build. Run: $(PYTHON) -m pip install -e \".[dev]\" (or: $(PYTHON) -m pip install build)" && exit 1);
step-2: run cmd=$(PYTHON) -m build;
}
workflow[name="clean"] {
trigger: "manual";
step-1: run cmd=rm -rf dist/ build/ *.egg-info src/*.egg-info;
step-2: run cmd=find . -type d -name __pycache__ -exec rm -rf {} + 2>/dev/null || true;
step-3: run cmd=find . -type d -name .pytest_cache -exec rm -rf {} + 2>/dev/null || true;
step-4: run cmd=echo "Cleaned all generated files";
}
workflow[name="registry"] {
trigger: "manual";
step-1: run cmd=pactown-registry --host 0.0.0.0 --port 8800;
}
workflow[name="registry-bg"] {
trigger: "manual";
step-1: run cmd=pactown-registry --host 0.0.0.0 --port 8800 &;
}
workflow[name="up"] {
trigger: "manual";
step-1: run cmd=pactown up $(CONFIG);
}
workflow[name="down"] {
trigger: "manual";
step-1: run cmd=pactown down $(CONFIG);
}
workflow[name="status"] {
trigger: "manual";
step-1: run cmd=pactown status $(CONFIG);
}
workflow[name="validate"] {
trigger: "manual";
step-1: run cmd=pactown validate $(CONFIG);
}
workflow[name="graph"] {
trigger: "manual";
step-1: run cmd=pactown graph $(CONFIG);
}
workflow[name="examples"] {
trigger: "manual";
step-1: run cmd=pactown up examples/saas.pactown.yaml --dry-run;
}
workflow[name="init"] {
trigger: "manual";
step-1: run cmd=pactown init;
}
workflow[name="publish-registry"] {
trigger: "manual";
step-1: run cmd=pactown publish $(CONFIG) --registry http://localhost:8800;
}
workflow[name="pull"] {
trigger: "manual";
step-1: run cmd=pactown pull $(CONFIG) --registry http://localhost:8800;
}
workflow[name="check-pypi-deps"] {
trigger: "manual";
step-1: run cmd=$(PYTHON) -c "import build" >/dev/null 2>&1 || (echo "Missing dependency: build. Run: $(PYTHON) -m pip install -e \".[dev]\" (or: $(PYTHON) -m pip install build)" && exit 1);
step-2: run cmd=$(PYTHON) -c "import twine" >/dev/null 2>&1 || (echo "Missing dependency: twine. Run: $(PYTHON) -m pip install -e \".[dev]\" (or: $(PYTHON) -m pip install twine)" && exit 1);
step-3: run cmd=$(BUMP2VERSION) --help >/dev/null 2>&1 || (echo "Missing dependency: bump2version. Run: $(PYTHON) -m pip install -e \".[dev]\" (or: $(PYTHON) -m pip install bump2version)" && exit 1);
}
workflow[name="publish-pypi"] {
trigger: "manual";
step-1: run cmd=$(MAKE) check-pypi-deps;
step-2: run cmd=$(MAKE) bump-patch;
step-3: run cmd=$(MAKE) sync-pactown-com;
step-4: run cmd=$(MAKE) build;
step-5: run cmd=$(PYTHON) -m twine upload dist/*;
}
workflow[name="version"] {
trigger: "manual";
step-1: run cmd=grep -m1 'version = ' pyproject.toml | cut -d'"' -f2;
}
workflow[name="bump-patch"] {
trigger: "manual";
step-1: run cmd=$(BUMP2VERSION) patch --config-file .bumpversion.cfg --allow-dirty;
step-2: run cmd=echo "Bumped to $$(grep -m1 'version = ' pyproject.toml | cut -d'"' -f2)";
}
workflow[name="bump-minor"] {
trigger: "manual";
step-1: run cmd=$(BUMP2VERSION) minor --config-file .bumpversion.cfg --allow-dirty;
step-2: run cmd=echo "Bumped to $$(grep -m1 'version = ' pyproject.toml | cut -d'"' -f2)";
}
workflow[name="bump-major"] {
trigger: "manual";
step-1: run cmd=$(BUMP2VERSION) major --config-file .bumpversion.cfg --allow-dirty;
step-2: run cmd=echo "Bumped to $$(grep -m1 'version = ' pyproject.toml | cut -d'"' -f2)";
}
workflow[name="publish"] {
trigger: "manual";
step-1: depend target=publish-pypi;
}
workflow[name="sync-pactown-com"] {
trigger: "manual";
step-1: run cmd=$(PYTHON) tools/sync_pactown_com_dependency.py;
}
workflow[name="security"] {
trigger: "manual";
step-1: depend target=security-sast;
step-2: depend target=security-deps;
}
workflow[name="security-sast"] {
trigger: "manual";
step-1: run cmd=echo "Running SAST analysis...";
step-2: run cmd=if $(PYTHON) -c "import bandit" >/dev/null 2>&1; then \;
step-3: run cmd=$(PYTHON) -m bandit -r src/ -ll -ii --skip B101 || true; \;
step-4: run cmd=elif command -v bandit >/dev/null 2>&1; then \;
step-5: run cmd=bandit -r src/ -ll -ii --skip B101 || true; \;
step-6: run cmd=else \;
step-7: run cmd=echo "[SKIP] bandit not installed. Run: $(PYTHON) -m pip install bandit"; \;
step-8: run cmd=fi;
step-9: run cmd=if command -v semgrep >/dev/null 2>&1; then \;
step-10: run cmd=semgrep scan --config=p/python --config=p/owasp-top-ten src/ --error 2>/dev/null || \;
step-11: run cmd=semgrep scan --config=auto src/ --error 2>/dev/null || \;
step-12: run cmd=echo "[WARN] semgrep scan completed with findings"; \;
step-13: run cmd=else \;
step-14: run cmd=echo "[SKIP] semgrep not installed. Run: pip install semgrep (or pipx install semgrep)"; \;
step-15: run cmd=fi;
}
workflow[name="security-deps"] {
trigger: "manual";
step-1: run cmd=echo "Scanning dependencies for vulnerabilities...";
step-2: run cmd=if $(PYTHON) -c "import pip_audit" >/dev/null 2>&1; then \;
step-3: run cmd=$(PYTHON) -m pip_audit --desc on || true; \;
step-4: run cmd=elif command -v pip-audit >/dev/null 2>&1; then \;
step-5: run cmd=pip-audit --desc on || true; \;
step-6: run cmd=else \;
step-7: run cmd=echo "[SKIP] pip-audit not installed. Run: $(PYTHON) -m pip install pip-audit"; \;
step-8: run cmd=fi;
}
workflow[name="security-secrets"] {
trigger: "manual";
step-1: run cmd=echo "Scanning for secrets...";
step-2: run cmd=if command -v gitleaks >/dev/null 2>&1; then \;
step-3: run cmd=gitleaks detect --source . --verbose 2>/dev/null || echo "[WARN] Potential secrets found"; \;
step-4: run cmd=else \;
step-5: run cmd=echo "[SKIP] gitleaks not installed. Install: https://github.com/gitleaks/gitleaks#installing"; \;
step-6: run cmd=fi;
}
workflow[name="security-all"] {
trigger: "manual";
step-1: depend target=security;
step-2: depend target=security-secrets;
}
workflow[name="artifacts-docker"] {
trigger: "manual";
step-1: run cmd=if command -v docker >/dev/null 2>&1 && docker info >/dev/null 2>&1; then \;
step-2: run cmd=$(PYTHON) tools/validate_artifacts_docker.py \;
step-3: run cmd=--root $(ARTIFACT_ROOT) --strict -v; \;
step-4: run cmd=else \;
step-5: run cmd=echo "ERROR: Docker not available"; exit 1; \;
step-6: run cmd=fi;
}
workflow[name="artifacts-clean"] {
trigger: "manual";
step-1: run cmd=echo "Cleaning $(ARTIFACT_ROOT)/ and bytecode caches...";
step-2: run cmd=if [ -d "$(ARTIFACT_ROOT)" ] && command -v docker >/dev/null 2>&1 && docker info >/dev/null 2>&1; then \;
step-3: run cmd=docker run --rm -v "$$(cd $(ARTIFACT_ROOT) && pwd):/clean" ubuntu:22.04 \;
step-4: run cmd=sh -c 'chmod -R 777 /clean/test-* 2>/dev/null; rm -rf /clean/test-*' 2>/dev/null; \;
step-5: run cmd=fi;
step-6: run cmd=rm -rf $(ARTIFACT_ROOT)/test-* 2>/dev/null || true;
step-7: run cmd=find . -type d -name __pycache__ -exec rm -rf {} + 2>/dev/null || true;
step-8: run cmd=echo "Done – artifact directory cleaned.";
}
workflow[name="artifacts-quick"] {
trigger: "manual";
step-1: run cmd=echo "";
step-2: run cmd=echo "============================================================";
step-3: run cmd=echo " STEP 1/3: Generating scaffold artifacts (18 frameworks)";
step-4: run cmd=echo "============================================================";
step-5: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-6: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-7: run cmd=$(ARTIFACT_TESTS)::TestRealScaffoldInPactown -v --tb=short;
step-8: run cmd=echo "";
step-9: run cmd=echo "============================================================";
step-10: run cmd=echo " STEP 2/3: Validating artifact sizes (strict, no stubs)";
step-11: run cmd=echo "============================================================";
step-12: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-13: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-14: run cmd=$(ARTIFACT_TESTS)::TestArtifactSizeValidation -v --tb=short -s;
step-15: run cmd=echo "";
step-16: run cmd=echo "============================================================";
step-17: run cmd=echo " STEP 3/3: Validating file correctness";
step-18: run cmd=echo "============================================================";
step-19: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-20: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-21: run cmd=$(ARTIFACT_TESTS)::TestGeneratedFileCorrectness -v --tb=short -s;
step-22: run cmd=echo "";
step-23: run cmd=echo "============================================================";
step-24: run cmd=echo " DONE – quick validation passed";
step-25: run cmd=echo "============================================================";
}
workflow[name="artifacts"] {
trigger: "manual";
step-1: run cmd=echo "";
step-2: run cmd=echo "============================================================";
step-3: run cmd=echo " STEP 1/9: Generating scaffold artifacts (18 frameworks)";
step-4: run cmd=echo "============================================================";
step-5: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-6: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-7: run cmd=$(ARTIFACT_TESTS)::TestRealScaffoldInPactown -v --tb=short;
step-8: run cmd=echo "";
step-9: run cmd=echo "============================================================";
step-10: run cmd=echo " STEP 2/9: Generating IaC artifacts (Docker)";
step-11: run cmd=echo "============================================================";
step-12: run cmd=if command -v docker >/dev/null 2>&1 && docker info >/dev/null 2>&1; then \;
step-13: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-14: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-15: run cmd=$(ARTIFACT_TESTS)::TestDockerIaCValidation::test_docker_iac_all_files_present_and_consistent \;
step-16: run cmd=-v --tb=short; \;
step-17: run cmd=else \;
step-18: run cmd=echo "[SKIP] Docker not available – IaC scaffolds not generated"; \;
step-19: run cmd=fi;
step-20: run cmd=echo "";
step-21: run cmd=echo "============================================================";
step-22: run cmd=echo " STEP 3/9: Validating artifact sizes (strict, no stubs)";
step-23: run cmd=echo "============================================================";
step-24: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-25: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-26: run cmd=$(ARTIFACT_TESTS)::TestArtifactSizeValidation -v --tb=short -s;
step-27: run cmd=echo "";
step-28: run cmd=echo "============================================================";
step-29: run cmd=echo " STEP 4/9: Validating file correctness (magic bytes,";
step-30: run cmd=echo " configs, syntax, schemas)";
step-31: run cmd=echo "============================================================";
step-32: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-33: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-34: run cmd=$(ARTIFACT_TESTS)::TestGeneratedFileCorrectness -v --tb=short -s;
step-35: run cmd=echo "";
step-36: run cmd=echo "============================================================";
step-37: run cmd=echo " STEP 5/9: Docker native validation (every artifact in";
step-38: run cmd=echo " its native Docker container)";
step-39: run cmd=echo "============================================================";
step-40: run cmd=if command -v docker >/dev/null 2>&1 && docker info >/dev/null 2>&1; then \;
step-41: run cmd=$(PYTHON) tools/validate_artifacts_docker.py \;
step-42: run cmd=--root $(ARTIFACT_ROOT) --strict -v; \;
step-43: run cmd=else \;
step-44: run cmd=echo "[SKIP] Docker not available – native validation skipped"; \;
step-45: run cmd=fi;
step-46: run cmd=echo "";
step-47: run cmd=echo "============================================================";
step-48: run cmd=echo " STEP 6/9: Docker platform tests (binary format,";
step-49: run cmd=echo " artifact execution, syntax checks)";
step-50: run cmd=echo "============================================================";
step-51: run cmd=if command -v docker >/dev/null 2>&1 && docker info >/dev/null 2>&1; then \;
step-52: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-53: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-54: run cmd=$(ARTIFACT_TESTS)::TestDockerArtifactSizeValidation \;
step-55: run cmd=$(ARTIFACT_TESTS)::TestDockerBinaryFormatVerification \;
step-56: run cmd=$(ARTIFACT_TESTS)::TestDockerArtifactExecution \;
step-57: run cmd=$(ARTIFACT_TESTS)::TestDockerAutomatedExecution \;
step-58: run cmd=$(ARTIFACT_TESTS)::TestDockerDockerfileValidation \;
step-59: run cmd=-v --tb=short; \;
step-60: run cmd=else \;
step-61: run cmd=echo "[SKIP] Docker not available – platform validation skipped"; \;
step-62: run cmd=fi;
step-63: run cmd=echo "";
step-64: run cmd=echo "============================================================";
step-65: run cmd=echo " STEP 7/9: E2E build → deploy via Ansible";
step-66: run cmd=echo "============================================================";
step-67: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-68: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-69: run cmd=$(ARTIFACT_TESTS)::TestE2EBuildAndAnsibleDeploy \;
step-70: run cmd=$(ARTIFACT_TESTS)::TestMultiPlatformArtifactsWithAnsible \;
step-71: run cmd=-v --tb=short;
step-72: run cmd=echo "";
step-73: run cmd=echo "============================================================";
step-74: run cmd=echo " STEP 8/9: Desktop + mobile artifact generation per OS";
step-75: run cmd=echo "============================================================";
step-76: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-77: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-78: run cmd=$(ARTIFACT_TESTS)::TestDesktopArtifactGeneration \;
step-79: run cmd=$(ARTIFACT_TESTS)::TestMobileArtifactGeneration \;
step-80: run cmd=$(ARTIFACT_TESTS)::TestAnsibleArtifactDistribution \;
step-81: run cmd=-v --tb=short;
step-82: run cmd=echo "";
step-83: run cmd=echo "============================================================";
step-84: run cmd=echo " STEP 9/9: Cross-platform matrix (framework × OS)";
step-85: run cmd=echo "============================================================";
step-86: run cmd=PYTEST_DISABLE_PLUGIN_AUTOLOAD=1 PYTHONPATH=src \;
step-87: run cmd=$(PYTHON) -m pytest -p pytest_asyncio.plugin \;
step-88: run cmd=$(CROSS_PLATFORM_TESTS) -v --tb=short;
step-89: run cmd=echo "";
step-90: run cmd=echo "============================================================";
step-91: run cmd=echo " ALL DONE – full artifact pipeline completed (9 steps)";
step-92: run cmd=echo "============================================================";
}
workflow[name="health"] {
trigger: "manual";
step-1: run cmd=docker compose ps;
step-2: run cmd=docker compose exec app echo "Health check passed";
}
workflow[name="logs"] {
trigger: "manual";
step-1: run cmd=docker compose logs -f;
}
workflow[name="ps"] {
trigger: "manual";
step-1: run cmd=docker compose ps;
}
workflow[name="docker-build"] {
trigger: "manual";
step-1: run cmd=docker build -t nfo:latest .;
}
workflow[name="import-makefile-hint"] {
trigger: "manual";
step-1: run cmd=echo 'Run: taskfile import Makefile to import existing targets.';
}
workflow[name="help"] {
trigger: "manual";
step-1: run cmd=grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS =;
step-2: run cmd=##;
step-3: run cmd=Show;
step-4: run cmd=this;
step-5: run cmd=help;
}
deploy {
target: docker-compose;
compose_file: docker-compose.yml;
}
environment[name="local"] {
runtime: docker-compose;
env_file: ".env";
}
workflow[name="all"] {
trigger: "manual";
step-1: run cmd=taskfile run install;
step-2: run cmd=taskfile run lint;
step-3: run cmd=taskfile run test;
}
workflow[name="fmt"] {
trigger: "manual";
step-1: run cmd=ruff format .;
}