Merge branch 'main' into feat/json-logger

Author: ix-56h

.docker/minio/setup.sh

@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# Simple script to set up MinIO bucket and user
+# Based on example from MinIO issues
+
+# Format bucket name to ensure compatibility
+BUCKET_NAME=$(echo "${S3_BUCKET_NAME}" | tr '[:upper:]' '[:lower:]' | tr '_' '-')
+
+# Configure MinIO client
+mc alias set myminio http://minio:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}
+
+# Remove bucket if it exists (for clean setup)
+mc rm -r --force myminio/${BUCKET_NAME} || true
+
+# Create bucket
+mc mb myminio/${BUCKET_NAME}
+
+# Set bucket policy to allow downloads
+mc anonymous set download myminio/${BUCKET_NAME}
+
+# Create user with access and secret keys
+mc admin user add myminio ${S3_ACCESS_KEY} ${S3_SECRET_KEY} || echo "User already exists"
+
+# Create policy for the bucket
+echo '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:*"],"Resource":["arn:aws:s3:::'${BUCKET_NAME}'/*","arn:aws:s3:::'${BUCKET_NAME}'"]}]}' > /tmp/policy.json
+
+# Apply policy
+mc admin policy create myminio gitingest-policy /tmp/policy.json || echo "Policy already exists"
+mc admin policy attach myminio gitingest-policy --user ${S3_ACCESS_KEY}
+
+echo "MinIO setup completed successfully"
+echo "Bucket: ${BUCKET_NAME}"
+echo "Access via console: http://localhost:9001"

.env.example

@@ -34,4 +34,27 @@ GITINGEST_SENTRY_SEND_DEFAULT_PII=true
 # Environment name for Sentry (default: "")
 GITINGEST_SENTRY_ENVIRONMENT=development
 
+# MinIO Configuration (for development)
+# Root user credentials for MinIO admin access
+MINIO_ROOT_USER=minioadmin
+MINIO_ROOT_PASSWORD=minioadmin
+
+# S3 Configuration (for application)
+# Set to "true" to enable S3 storage for digests
+# S3_ENABLED=true
+# Endpoint URL for the S3 service (MinIO in development)
+S3_ENDPOINT=http://minio:9000
+# Access key for the S3 bucket (created automatically in development)
+S3_ACCESS_KEY=gitingest
+# Secret key for the S3 bucket (created automatically in development)
+S3_SECRET_KEY=gitingest123
+# Name of the S3 bucket (created automatically in development)
+S3_BUCKET_NAME=gitingest-bucket
+# Region for the S3 bucket (default for MinIO)
+S3_REGION=us-east-1
+# Public URL/CDN for accessing S3 resources
+S3_ALIAS_HOST=127.0.0.1:9000/gitingest-bucket
+# Optional prefix for S3 file paths (if set, prefixes all S3 paths with this value)
+# S3_DIRECTORY_PREFIX=my-prefix
+
 LOG_FORMAT=JSON

.github/workflows/ci.yml

@@ -2,9 +2,13 @@ name: CI
 
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
-    branches: [ main ]
+    branches: [main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 permissions:
   contents: read
@@ -17,67 +21,63 @@ jobs:
       matrix:
         os: [ubuntu-latest, macos-latest, windows-latest]
         python-version: ["3.8", "3.9", "3.10", "3.11", "3.12", "3.13"]
-
         include:
           - os: ubuntu-latest
             python-version: "3.13"
             coverage: true
 
     steps:
-    - name: Harden the runner (Audit all outbound calls)
-      uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
-      with:
-        egress-policy: audit
-
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
 
-    - name: Set up Python
-      uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
-      with:
-        python-version: ${{ matrix.python-version }}
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-    - name: Locate pip cache
-      id: pip-cache
-      shell: bash
-      run: echo "dir=$(python -m pip cache dir)" >> "$GITHUB_OUTPUT"
+      - name: Set up Python
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+        with:
+          python-version: ${{ matrix.python-version }}
+          cache: 'pip'
 
-    - name: Cache pip
-      uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
-      with:
-        path: ${{ steps.pip-cache.outputs.dir }}
-        key: ${{ runner.os }}-pip-${{ hashFiles('pyproject.toml') }}
-        restore-keys: ${{ runner.os }}-pip-
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install ".[dev,server]"
 
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        python -m pip install ".[dev,server]"
+      - name: Cache pytest results
+        uses: actions/cache@v4
+        with:
+          path: .pytest_cache
+          key: ${{ runner.os }}-pytest-${{ matrix.python-version }}-${{ hashFiles('**/pytest.ini') }}
+          restore-keys: |
+            ${{ runner.os }}-pytest-${{ matrix.python-version }}-
 
-    - name: Run tests
-      if: ${{ matrix.coverage != true }}
-      run: pytest
+      - name: Run tests
+        if: ${{ matrix.coverage != true }}
+        run: pytest
 
-    - name: Run tests and collect coverage
-      if: ${{ matrix.coverage == true }}
-      run: |
-        pytest \
-        --cov=gitingest \
-        --cov=server \
-        --cov-branch \
-        --cov-report=xml \
-        --cov-report=term
+      - name: Run tests and collect coverage
+        if: ${{ matrix.coverage == true }}
+        run: |
+          pytest \
+          --cov=gitingest \
+          --cov=server \
+          --cov-branch \
+          --cov-report=xml \
+          --cov-report=term
 
-    - name: Upload coverage to Codecov
-      if: ${{ matrix.coverage == true }}
-      uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
-      with:
-        token: ${{ secrets.CODECOV_TOKEN }}
-        files: coverage.xml
-        flags: ${{ matrix.os }}-py${{ matrix.python-version }}
-        name: codecov-${{ matrix.os }}-${{ matrix.python-version }}
-        fail_ci_if_error: true
-        verbose: true
+      - name: Upload coverage to Codecov
+        if: ${{ matrix.coverage == true }}
+        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: coverage.xml
+          flags: ${{ matrix.os }}-py${{ matrix.python-version }}
+          name: codecov-${{ matrix.os }}-${{ matrix.python-version }}
+          fail_ci_if_error: true
+          verbose: true
 
-    - name: Run pre-commit hooks
-      uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
-      if: ${{ matrix.python-version == '3.13' && matrix.os == 'ubuntu-latest' }}
+      - name: Run pre-commit hooks
+        uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
+        if: ${{ matrix.python-version == '3.13' && matrix.os == 'ubuntu-latest' }}

.github/workflows/docker-build.ecr.yml

@@ -0,0 +1,82 @@
+name: Build & Push Container
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '*'
+  merge_group:
+  pull_request:
+    types: [labeled, synchronize, reopened, ready_for_review, opened]
+
+env:
+  PUSH_FROM_PR: >-
+    ${{ github.event_name == 'pull_request' &&
+       (
+         contains(github.event.pull_request.labels.*.name, 'push-container') ||
+         contains(github.event.pull_request.labels.*.name, 'deploy-pr-temp-env')
+       )
+    }}
+
+jobs:
+  terraform:
+    name: "ECR"
+    runs-on: ubuntu-latest
+    if: github.repository == 'coderamp-labs/gitingest'
+
+    permissions:
+      id-token: write
+      contents: read
+      pull-requests: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.CODERAMP_AWS_ECR_REGISTRY_PUSH_ROLE_ARN }}
+          role-session-name: GitHub_to_AWS_via_FederatedOIDC
+          aws-region: eu-west-1
+
+      - name: Set current timestamp
+        id: vars
+        run: |
+          echo "timestamp=$(date +%s)" >> $GITHUB_OUTPUT
+          echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Docker Meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ secrets.ECR_REGISTRY_URL }}
+          flavor: |
+            latest=false
+          tags: |
+            type=ref,event=branch,branch=main,suffix=-${{ steps.vars.outputs.sha_short }}-${{ steps.vars.outputs.timestamp }}
+            type=ref,event=pr,suffix=-${{ steps.vars.outputs.sha_short }}-${{ steps.vars.outputs.timestamp }}
+            type=pep440,pattern={{raw}}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64, linux/arm64
+          push: ${{ github.event_name != 'pull_request' || env.PUSH_FROM_PR == 'true' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/docker_image.yml .github/workflows/docker-build.ghcr.yml.github/workflows/docker_image.yml renamed to .github/workflows/docker-build.ghcr.yml

@@ -17,7 +17,6 @@ concurrency:
 env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
-  # Now allow pushing from PRs when either 'push-container' OR 'deploy-pr-temp-env' is present:
   PUSH_FROM_PR: >-
     ${{ github.event_name == 'pull_request' &&
        (
@@ -31,6 +30,7 @@ permissions:
 
 jobs:
   docker-build:
+    name: "GHCR"
     runs-on: ubuntu-latest
     permissions:
       contents: read

.github/workflows/publish_to_pypi.yml

@@ -31,6 +31,7 @@ jobs:
         run: |
           python -m pip install --upgrade pip
           python -m pip install build twine
+          python -m build
           twine check dist/*
       - name: Upload dist artefact
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2

.github/workflows/rebase-needed.yml

@@ -0,0 +1,29 @@
+name: PR Needs Rebase
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: '0 * * * *'
+
+permissions:
+  pull-requests: write
+
+jobs:
+  label-rebase-needed:
+    runs-on: ubuntu-latest
+    if: github.repository == 'coderamp-labs/gitingest'
+
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Check for merge conflicts
+        uses: eps1lon/actions-label-merge-conflict@v3
+        with:
+          dirtyLabel: 'rebase needed :construction:'
+          repoToken: '${{ secrets.GITHUB_TOKEN }}'
+          commentOnClean: This pull request has resolved merge conflicts and is ready for review.
+          commentOnDirty: This pull request has merge conflicts that must be resolved before it can be merged.
+          retryMax: 30
+          continueOnMissingPermissions: false

.github/workflows/stale.yml

@@ -0,0 +1,32 @@
+name: "Close stale issues and PRs"
+
+on:
+  schedule:
+    - cron: "0 6 * * *"
+  workflow_dispatch: {}
+
+permissions:
+  issues: write
+  pull-requests: write
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/stale@v9
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          days-before-stale: 45
+          days-before-close: 10
+          stale-issue-label: stale
+          stale-pr-label: stale
+          stale-issue-message: |
+            Hi there! We haven’t seen activity here for 45 days, so I’m marking this issue as stale.
+            If you’d like to keep it open, please leave a comment within 10 days. Thanks!
+          stale-pr-message: |
+            Hi there! We haven’t seen activity on this pull request for 45 days, so I’m marking it as stale.
+            If you’d like to keep it open, please leave a comment within 10 days. Thanks!
+          close-issue-message: |
+            Hi there! We haven’t heard anything for 10 days, so I’m closing this issue. Feel free to reopen if you’d like to continue the discussion. Thanks!
+          close-pr-message: |
+            Hi there! We haven’t heard anything for 10 days, so I’m closing this pull request. Feel free to reopen if you’d like to continue working on it. Thanks!

.pre-commit-config.yaml

@@ -89,7 +89,7 @@ repos:
     hooks:
       - id: markdownlint
         description: 'Lint markdown files.'
-        args: ['--disable=line-length']
+        args: ['--disable=line-length', '--ignore=CHANGELOG.md']
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
     rev: v0.12.2
@@ -113,6 +113,7 @@ repos:
         files: ^src/
         additional_dependencies:
           [
+            boto3>=1.28.0,
             click>=8.0.0,
             'fastapi[standard]>=0.109.1',
             httpx,
@@ -139,6 +140,7 @@ repos:
           - --rcfile=tests/.pylintrc
         additional_dependencies:
           [
+            boto3>=1.28.0,
             click>=8.0.0,
             'fastapi[standard]>=0.109.1',
             httpx,

.release-please-manifest.json

@@ -1 +1 @@
-{".":"0.1.5"}
+{".":"0.2.1"}