adapting some of the CISA development guidelines

.bandit.yml

@@ -0,0 +1,14 @@
+---
+# Configuration file for the Bandit python security scanner
+# https://bandit.readthedocs.io/en/latest/config.html
+# This config is applied to bandit when scanning the "tests" tree
+
+# Tests are first included by `tests`, and then excluded by `skips`.
+# If `tests` is empty, all tests are are considered included.
+
+tests:
+# - B101
+# - B102
+
+skips:
+  - B101  # skip "assert used" check since assertions are required in pytests

.coveragerc

@@ -0,0 +1,12 @@
+# This is the configuration for code coverage checks
+# https://coverage.readthedocs.io/en/latest/config.html
+
+[run]
+source = src/navv
+omit =
+branch = true
+
+[report]
+exclude_lines =
+    if __name__ == "__main__":
+show_missing = true

.dockerignore

@@ -2,4 +2,11 @@ build
 builds
 dist
 package
-*.egg-info
+
+## Python ##
+__pycache__
+.coverage
+.mypy_cache
+.pytest_cache
+.python-version
+*.egg-info

.flake8

@@ -0,0 +1,25 @@
+[flake8]
+max-line-length = 80
+# Select (turn on)
+# * Complexity violations reported by mccabe (C) -
+#   http://flake8.pycqa.org/en/latest/user/error-codes.html#error-violation-codes
+# * Documentation conventions compliance reported by pydocstyle (D) -
+#   http://www.pydocstyle.org/en/stable/error_codes.html
+# * Default errors and warnings reported by pycodestyle (E and W) -
+#   https://pycodestyle.readthedocs.io/en/latest/intro.html#error-codes
+# * Default errors reported by pyflakes (F) -
+#   http://flake8.pycqa.org/en/latest/glossary.html#term-pyflakes
+# * Default warnings reported by flake8-bugbear (B) -
+#   https://github.com/PyCQA/flake8-bugbear#list-of-warnings
+# * The B950 flake8-bugbear opinionated warning -
+#   https://github.com/PyCQA/flake8-bugbear#opinionated-warnings
+select = C,D,E,F,W,B,B950
+# Ignore flake8's default warning about maximum line length, which has
+# a hard stop at the configured value.  Instead we use
+# flake8-bugbear's B950, which allows up to 10% overage.
+#
+# Also ignore flake8's warning about line breaks before binary
+# operators.  It no longer agrees with PEP8.  See, for example, here:
+# https://github.com/ambv/black/issues/21. Guido agrees here:
+# https://github.com/python/peps/commit/c59c4376ad233a62ca4b3a6060c81368bd21e85b.
+ignore = E501,W503

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# Seth Grover - [email protected]
+* @mmguero

.github/dependabot.yml

@@ -0,0 +1,13 @@
+---
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/lineage.yml

@@ -0,0 +1,5 @@
+---
+lineage:
+  skeleton:
+    remote-url: https://github.com/cisagov/skeleton-python-library.git
+version: '1'

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,68 @@
+---
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "CodeQL"
+
+on:
+  push:
+    # Dependabot triggered push events have read-only access, but uploading code
+    # scanning requires write access.
+    branches-ignore: [dependabot/**]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [develop]
+  schedule:
+    - cron: '0 14 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Override automatic language detection by changing the below list
+        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript',
+        # 'python']
+        language: ['python']
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a
+          # config file. By default, queries listed here will override any
+          # specified in a config file. Prefix the list here with "+" to use
+          # these queries and those in the config file. queries:
+          # ./path/to/local/query, your-org/your-repo/queries@main
+
+      # Autobuild attempts to build any compiled languages  (C/C++, C#, or
+      # Java). If this step fails, then you should remove it and run the build
+      # manually (see below)
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 https://git.io/JvXDl
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following
+      # three lines and modify them (or add more) to build your code if your
+      # project uses a compiled language
+
+      # - run: |
+      #   make bootstrap
+      #   make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.github/workflows/navv-build-push-ghcr.yml

@@ -3,7 +3,7 @@ name: navv-build-push-ghcr
 on:
   push:
     branches:
-      - 'main'
+      - 'develop'
   workflow_dispatch:
 
 jobs:

.gitignore

@@ -2,6 +2,13 @@ build
 builds
 dist
 package
-*.egg-info
 *.pkl
 *.xlsx
+
+## Python ##
+__pycache__
+.coverage
+.mypy_cache
+.pytest_cache
+.python-version
+*.egg-info

.isort.cfg

@@ -0,0 +1,10 @@
+[settings]
+combine_star=true
+force_sort_within_sections=true
+
+import_heading_stdlib=Standard Python Libraries
+import_heading_thirdparty=Third-Party Libraries
+import_heading_firstparty=cisagov Libraries
+
+# Run isort under the black profile to align with our other Python linting
+profile=black

.mdl_config.yaml

@@ -0,0 +1,50 @@
+---
+
+# Default state for all rules
+default: true
+
+# MD003/heading-style/header-style - Heading style
+MD003:
+  # Enforce the ATX-closed style of header
+  style: "atx_closed"
+
+# MD004/ul-style - Unordered list style
+MD004:
+  # Enforce dashes for unordered lists
+  style: "dash"
+
+# MD013/line-length - Line length
+MD013:
+  # Do not enforce for code blocks
+  code_blocks: false
+  # Do not enforce for tables
+  tables: false
+
+# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the
+# same content
+MD024:
+  # Allow headers with the same content as long as they are not in the same
+  # parent heading
+  allow_different_nesting: true
+
+# MD029/ol-prefix - Ordered list item prefix
+MD029:
+  # Enforce the `1.` style for ordered lists
+  style: "one"
+
+# MD033/no-inline-html - Inline HTML
+MD033:
+  # The h1 and img elements are allowed to permit header images
+  allowed_elements:
+    - h1
+    - img
+
+# MD035/hr-style - Horizontal rule style
+MD035:
+  # Enforce dashes for horizontal rules
+  style: "---"
+
+# MD046/code-block-style Code block style
+MD046:
+  # Enforce the fenced style for code blocks
+  style: "fenced"