diff --git a/.github/IMPLEMENTATION_SUMMARY.md b/.github/IMPLEMENTATION_SUMMARY.md index 96be6c5..0c0d0b9 100644 --- a/.github/IMPLEMENTATION_SUMMARY.md +++ b/.github/IMPLEMENTATION_SUMMARY.md @@ -6,76 +6,48 @@ This document provides a comprehensive summary of the Python Testing GitHub Acti ## What Was Built -A GitHub Action that automatically detects and runs Python testing frameworks with support for: +A GitHub Action that runs Python tests using pytest with support for: - **pytest** - The most popular Python testing framework -- **unittest** - Python's built-in testing framework -- **nose2** - Enhanced unittest with plugins -- **behave** - BDD/Cucumber-style testing for Python -- **tox** - Testing across multiple Python environments -- **doctest** - Tests embedded in docstrings ## Core Features -### 1. Automatic Framework Detection +### 1. pytest Testing -The action intelligently detects testing frameworks by examining: +The action: +- Installs pytest automatically +- Installs additional requirements from a requirements file (optional) +- Runs pytest with configurable options +- Reports results in GitHub Actions summary -- **Configuration files**: `pytest.ini`, `tox.ini`, `.noserc`, `nose.cfg`, `setup.cfg`, `pyproject.toml` -- **Directory structure**: `features/` directory for behave -- **Import statements**: `import pytest`, `import unittest` in test files -- **Code patterns**: `>>>` for doctest examples +### 2. Badge Generation -### 2. Framework Execution - -Once detected, each framework is: -- Automatically installed with pip -- Run with configurable options -- Results captured and reported in GitHub Actions summary - -### 3. Badge Generation - -SVG badges are generated for each detected framework showing: -- Framework name -- Status (passing/failing) +SVG badges can be generated showing: +- pytest status (passing/failing) - Color-coded results (green for passing, red for failing) - -### 4. README Integration - -Automatic README updates with: -- Badge insertion after the main title -- Marker comments for easy updates -- Support for both relative paths and GitHub URLs +- Badges are committed to the repository (optional) ## File Structure ``` python-testing/ ├── action.yml # Main action definition -├── update_badges.py # Badge management script ├── README.md # User-facing documentation ├── CHANGELOG.md # Version history +├── CONTRIBUTING.md # Contribution guidelines +├── SECURITY.md # Security policy +├── CODE_OF_CONDUCT.md # Code of conduct ├── LICENSE # MIT License ├── .gitignore # Git ignore patterns -├── .github/ -│ ├── IMPLEMENTATION_SUMMARY.md # This file -│ ├── USAGE.md # Detailed usage guide -│ ├── QUICK_START.md # Quick start guide -│ └── workflows/ -│ ├── example-basic.yml # Basic usage example -│ ├── example-badges.yml # Badge generation example -│ └── example-advanced.yml # Advanced usage example -└── examples/ - ├── README.md # Examples documentation - ├── pytest_example/ - │ └── test_calculator.py # pytest example - ├── unittest_example/ - │ └── test_string_utils.py # unittest example - └── behave_example/ - └── features/ - ├── calculator.feature # BDD feature file - └── steps/ - └── calculator_steps.py # BDD step definitions +├── .markdownlint.json # Markdown linting config +└── .github/ + ├── IMPLEMENTATION_SUMMARY.md # This file + ├── USAGE.md # Detailed usage guide + ├── QUICK_START.md # Quick start guide + └── workflows/ + ├── lint-test.yml # Linting and testing workflow + ├── release.yml # Release workflow + └── changelog-check.yml # Changelog validation ``` ## Implementation Details @@ -83,52 +55,13 @@ python-testing/ ### Action Workflow 1. **Setup Python** - Uses `actions/setup-python@v5` to set up Python environment -2. **Detect Frameworks** - Scans repository for testing framework indicators -3. **Install Tools** - Installs detected frameworks and dependencies -4. **Install Requirements** - Optionally installs from requirements file -5. **Run Tests** - Executes each detected framework with appropriate options -6. **Report Results** - Outputs results to GitHub Actions summary -7. **Generate Badges** - Creates SVG badges for test status (optional) -8. **Update README** - Inserts badges into README.md (optional) -9. **Commit Changes** - Pushes badges and README updates (optional) - -### Detection Logic - -#### pytest Detection -```bash -pytest.ini exists OR -pyproject.toml exists OR -setup.cfg exists OR -"import pytest" found in code -``` - -#### unittest Detection -```bash -"import unittest" found in test files -``` - -#### nose2 Detection -```bash -.noserc exists OR -nose.cfg exists OR -[nosetests] section in setup.cfg -``` - -#### behave Detection -```bash -features/ directory exists AND -.feature files present -``` - -#### tox Detection -```bash -tox.ini exists -``` - -#### doctest Detection -```bash -">>>" patterns found in Python files -``` +2. **Install pytest** - Installs pytest from PyPI +3. **Install Requirements** - Optionally installs packages from a specified requirements file if it exists; + if a path is provided but the file is missing, logs a warning and continues without installing +4. **Run Tests** - Executes pytest with configurable options +5. **Report Results** - Outputs results to GitHub Actions summary +6. **Generate Badges** - Creates SVG badges for test status (optional) +7. **Commit Changes** - Pushes badges to repository (optional) ### Badge Generation @@ -140,10 +73,10 @@ Badges are created as inline SVG files with: ### Security Considerations -- All example workflows include explicit permission declarations - Badge commits use `[skip ci]` to prevent infinite loops -- Script handles missing files gracefully +- Requires `contents: write` permission for badge commits - No secrets or credentials are exposed +- See SECURITY.md for full security policy ## Configuration Options @@ -154,25 +87,18 @@ python-version: '3.11' # Default: '3.x' ### Requirements File ```yaml -requirements-file: 'requirements.txt' # Default: '' +requirements-file: 'requirements.txt' # Default: 'requirements.txt' ``` -### Framework Options +### pytest Options ```yaml -pytest-options: '--cov --cov-report=xml' -unittest-options: '-v -s tests' -nose-options: '--verbose' -behave-options: '--format=progress' -tox-options: '-e py311' +pytest-options: '--cov --cov-report=xml' # Default: '' ``` ### Badge Options ```yaml -generate-badges: 'true' # Default: 'false' +commit-badges: 'true' # Default: 'false' badges-directory: '.github/badges' # Default: '.github/badges' -update-readme: 'true' # Default: 'false' -readme-path: 'README.md' # Default: 'README.md' -badge-style: 'path' # Default: 'path', options: 'path'|'url' ``` ## Testing & Validation @@ -180,22 +106,18 @@ badge-style: 'path' # Default: 'path', options: 'path'|'url' ### Validation Performed 1. ✅ YAML syntax validation -2. ✅ Python syntax validation for all scripts -3. ✅ Framework detection logic testing -4. ✅ Badge generation testing -5. ✅ README update testing -6. ✅ Code review -7. ✅ Security scanning (CodeQL) -8. ✅ Example code compilation +2. ✅ Badge generation testing +3. ✅ Code review +4. ✅ Documentation validation +5. ✅ Markdown linting ### Test Results -All tests passed successfully: -- Framework detection works correctly for all supported frameworks +All validations passed successfully: +- action.yml is valid YAML - Badge generation creates valid SVG files -- README updates insert badges at correct location -- No security vulnerabilities detected -- All example code is syntactically valid +- No security vulnerabilities in documentation +- All markdown files pass linting ## Usage Examples @@ -208,8 +130,7 @@ All tests passed successfully: ```yaml - uses: thoughtparametersllc/python-testing@v1 with: - generate-badges: 'true' - update-readme: 'true' + commit-badges: 'true' ``` ### Advanced Configuration @@ -219,10 +140,8 @@ All tests passed successfully: python-version: '3.11' requirements-file: 'requirements-dev.txt' pytest-options: '--cov=mypackage --cov-report=xml' - behave-options: '--format=progress --tags=@smoke' - generate-badges: 'true' + commit-badges: 'true' badges-directory: '.github/badges' - update-readme: 'true' ``` ## Future Enhancements @@ -230,27 +149,21 @@ All tests passed successfully: Potential improvements for future versions: 1. **Additional Frameworks** - - robotframework - - green - - testify - - Ward + - unittest support + - nose2 support + - behave (BDD) support + - tox support + - doctest support 2. **Enhanced Features** + - Automatic README badge updates - Code coverage integration - Test result artifacts - - Slack/Discord notifications - Test timing analysis -3. **Badge Improvements** - - Coverage percentage badges - - Test count badges - - Customizable badge colors - - Badge templates - -4. **Performance** +3. **Performance** + - Dependency caching - Parallel test execution - - Caching of dependencies - - Smart framework detection caching ## Documentation @@ -262,12 +175,12 @@ Potential improvements for future versions: ## Quality Metrics -- ✅ All Python code follows PEP 8 style guidelines +- ✅ YAML follows best practices - ✅ Comprehensive error handling - ✅ Detailed logging and output -- ✅ Zero security vulnerabilities - ✅ Complete documentation -- ✅ Working examples for all supported frameworks +- ✅ Security policy in place +- ✅ Markdown linting enforced ## Support diff --git a/.github/QUICK_START.md b/.github/QUICK_START.md index f34dd6f..e72ce3a 100644 --- a/.github/QUICK_START.md +++ b/.github/QUICK_START.md @@ -37,15 +37,18 @@ jobs: - uses: actions/checkout@v4 - uses: thoughtparametersllc/python-testing@v1 with: - generate-badges: 'true' - update-readme: 'true' + commit-badges: 'true' ``` -Badges will automatically appear in your README! 🏷️ +Then add badge to your README manually: + +```markdown +![Pytest](.github/badges/pytest.svg) +``` ## 3. With Custom Options (10 minutes) -Add framework-specific options: +Add pytest-specific options: ```yaml - uses: thoughtparametersllc/python-testing@v1 @@ -53,26 +56,19 @@ Add framework-specific options: python-version: '3.11' requirements-file: 'requirements.txt' pytest-options: '--cov --cov-report=xml' - behave-options: '--format=progress' ``` ## What Happens Automatically? -✅ Detects your testing frameworks -✅ Installs necessary dependencies -✅ Runs all detected tests +✅ Installs pytest +✅ Installs your requirements +✅ Runs pytest tests ✅ Generates detailed reports ✅ Creates status badges (if enabled) -✅ Updates README (if enabled) -## Supported Frameworks +## Supported Framework - **pytest** - Most popular Python testing framework -- **unittest** - Built-in Python testing -- **nose2** - Enhanced testing -- **behave** - BDD/Cucumber-style testing -- **tox** - Multi-environment testing -- **doctest** - Documentation testing ## Next Steps diff --git a/.github/USAGE.md b/.github/USAGE.md index 89674a9..b24dd6e 100644 --- a/.github/USAGE.md +++ b/.github/USAGE.md @@ -27,19 +27,15 @@ jobs: - uses: thoughtparametersllc/python-testing@v1 ``` -That's it! The action will automatically detect and run your testing frameworks. +That's it! The action will install pytest and run your tests. -## Framework Detection +## Testing Framework -The action automatically detects which testing frameworks your project uses: +This action runs pytest for your Python tests. ### pytest -Detected if any of these exist: -- `pytest.ini` file -- `pyproject.toml` file -- `setup.cfg` file -- `import pytest` in any Python file +The action installs and runs pytest with your specified options. **Example configuration:** ```yaml @@ -48,61 +44,6 @@ Detected if any of these exist: pytest-options: '--cov=mypackage --cov-report=xml' ``` -### unittest - -Detected if: -- `import unittest` found in test files (test*.py or *test.py) - -**Example configuration:** -```yaml -- uses: thoughtparametersllc/python-testing@v1 - with: - unittest-options: '-v -s tests' -``` - -### nose2 - -Detected if any of these exist: -- `.noserc` file -- `nose.cfg` file -- `[nosetests]` section in `setup.cfg` - -**Example configuration:** -```yaml -- uses: thoughtparametersllc/python-testing@v1 - with: - nose-options: '--verbose --with-coverage' -``` - -### behave (BDD/Cucumber) - -Detected if: -- `features/` directory exists with `.feature` files - -**Example configuration:** -```yaml -- uses: thoughtparametersllc/python-testing@v1 - with: - behave-options: '--format=progress --tags=@automated' -``` - -### tox - -Detected if: -- `tox.ini` file exists - -**Example configuration:** -```yaml -- uses: thoughtparametersllc/python-testing@v1 - with: - tox-options: '-e py311,py312' -``` - -### doctest - -Detected if: -- `>>>` patterns found in Python files (indicating docstring tests) - ## Configuration Options ### Python Version @@ -125,18 +66,14 @@ Install additional dependencies before running tests: requirements-file: 'requirements-dev.txt' ``` -### Framework-Specific Options +### pytest Options -Pass custom options to each testing framework: +Pass custom options to pytest: ```yaml - uses: thoughtparametersllc/python-testing@v1 with: pytest-options: '--cov --cov-report=xml --maxfail=1' - unittest-options: '-v -s tests' - nose-options: '--verbose --with-timer' - behave-options: '--tags=@smoke --format=pretty' - tox-options: '-e py311' ``` ## Badge Generation @@ -157,47 +94,18 @@ jobs: - uses: thoughtparametersllc/python-testing@v1 with: - generate-badges: 'true' + commit-badges: 'true' badges-directory: '.github/badges' ``` -### Automatic README Updates - -Automatically insert badge references in your README: - -```yaml -- uses: thoughtparametersllc/python-testing@v1 - with: - generate-badges: 'true' - update-readme: 'true' - readme-path: 'README.md' - badge-style: 'path' # or 'url' -``` - -### Badge Styles - -Two badge styles are available: - -1. **Relative Path** (`badge-style: 'path'`): - ```markdown - ![Pytest](.github/badges/pytest.svg) - ``` - -2. **GitHub URL** (`badge-style: 'url'`): - ```markdown - ![Pytest](https://raw.githubusercontent.com/owner/repo/main/.github/badges/pytest.svg) - ``` - ### Manual Badge Reference -If not using automatic README updates, add badges manually: +Add badges manually to your README: ```markdown # My Project ![Pytest](.github/badges/pytest.svg) -![Unittest](.github/badges/unittest.svg) -![Behave](.github/badges/behave.svg) ``` ## Advanced Usage @@ -257,19 +165,9 @@ Generate coverage reports with pytest: files: ./coverage.xml ``` -### BDD Testing with Behave - -Run specific feature tags: - -```yaml -- uses: thoughtparametersllc/python-testing@v1 - with: - behave-options: '--tags=@smoke,@critical --format=progress' -``` - ### Conditional Testing -Run different frameworks on different branches: +Run different options on different branches: ```yaml - uses: thoughtparametersllc/python-testing@v1 @@ -279,15 +177,6 @@ Run different frameworks on different branches: ## Troubleshooting -### No Frameworks Detected - -If no frameworks are detected: - -1. Check that your test files are in the repository -2. Verify framework configuration files exist -3. Ensure test imports are present in your code -4. Review the detection summary in the Action output - ### Badge Commit Failures If badges aren't being committed: @@ -302,9 +191,9 @@ If badges aren't being committed: 3. Verify the action has access to push to the repository -### Framework Installation Issues +### Installation Issues -If a framework fails to install: +If pytest or requirements fail to install: 1. Check that `requirements-file` path is correct 2. Verify your requirements file has correct syntax @@ -318,26 +207,19 @@ To debug test failures: 1. Review the detailed output in the GitHub Actions summary 2. Run tests locally with the same options 3. Check for environment-specific issues (paths, dependencies) -4. Enable verbose output with framework options: +4. Enable verbose output: ```yaml pytest-options: '--verbose --tb=long' - unittest-options: '-v' ``` ### Custom Test Directories If tests are in a non-standard location: -For pytest: ```yaml pytest-options: 'path/to/tests/' ``` -For unittest: -```yaml -unittest-options: '-s path/to/tests' -``` - ## Best Practices 1. **Use a requirements file**: Specify all test dependencies diff --git a/.markdownlint.json b/.markdownlint.json new file mode 100644 index 0000000..55381b8 --- /dev/null +++ b/.markdownlint.json @@ -0,0 +1,23 @@ +{ + "default": true, + "MD013": { + "line_length": 120, + "heading_line_length": 120, + "code_block_line_length": 120, + "code_blocks": true, + "tables": false, + "headings": true, + "strict": false, + "stern": false + }, + "MD033": { + "allowed_elements": ["br", "img", "svg", "path", "g", "text", "rect", "linearGradient", "stop", "clipPath"] + }, + "MD024": { + "siblings_only": true + }, + "MD041": false, + "MD046": { + "style": "fenced" + } +} diff --git a/CHANGELOG.md b/CHANGELOG.md index 1fd283d..67b8267 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,24 +5,43 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [0.0.1] - 2025-12-19 +## [Unreleased] -## [1.0.0] - 2025-12-19 +### Added + +- SECURITY.md file with security policy and vulnerability reporting guidelines +- .markdownlint.json configuration file for consistent markdown formatting +- Comprehensive security best practices documentation + +### Changed + +- Updated README.md to accurately reflect actual action.yml inputs and functionality +- Updated README.md description from "automatically detect and run Python testing frameworks" to + "run Python tests using pytest" +- Updated USAGE.md to match current pytest-only implementation +- Updated USAGE.md to clarify the action installs pytest and runs tests (not automatic detection) +- Updated QUICK_START.md to reflect actual badge generation workflow +- Updated IMPLEMENTATION_SUMMARY.md to accurately reflect pytest-only implementation +- Fixed CONTRIBUTING.md references from "Python Linting Action" to "Python Testing Action" +- Fixed clone path in CONTRIBUTING.md from "python-linting" to "python-testing" +- Removed documentation for non-existent inputs: unittest-options, nose-options, behave-options, + tox-options, generate-badges, update-readme, readme-path, and badge-style +- Updated feature list to reflect pytest-only support +- Simplified framework detection section to reflect current implementation + +### Fixed + +- Documentation inconsistencies between action.yml and README.md +- Incorrect action name references in CONTRIBUTING.md ## [1.0.1] - 2025-12-19 -## [Unreleased] +Patch release with documentation improvements -### Added +## [1.0.0] - 2025-12-19 -- Initial release of Python Testing Action -- Automatic detection of Python testing frameworks -- Support for pytest with configurable options -- SVG badge generation for each detected framework -- Detailed test results in GitHub Actions summary -- Support for custom requirements file installation -- Configurable Python version support +Initial release with pytest support -## [1.0.0] - TBD +## [0.0.1] - 2025-12-19 -Initial release +Initial development release diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 64363a7..bc8197f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,8 @@ -# Contributing to Python Linting Action +# Contributing to Python Testing Action -First off, thank you for considering contributing to this project\! It's people like you that make the open-source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**. +First off, thank you for considering contributing to this project! It's people like you that make the +open-source community such an amazing place to learn, inspire, and create. Any contributions you make are +**greatly appreciated**. ## 🚀 Getting Started @@ -9,7 +11,7 @@ First off, thank you for considering contributing to this project\! It's people ```bash git clone https://github.com/your-username/python-testing.git - cd python-linting + cd python-testing ``` 3. **Create a new branch** for your feature or fix: @@ -22,7 +24,8 @@ First off, thank you for considering contributing to this project\! It's people ### Coding Standards -We want to keep the codebase clean and consistent. Before submitting your code, please ensure it passes the same quality checks that this Action enforces: +We want to keep the codebase clean and consistent. Before submitting your code, please ensure it passes +the same quality checks that this Action enforces: * **Linting:** We use [yamllint](https://github.com/adrienverge/yamllint) * **Unit Testing:** We use [pytest](https://docs.pytest.org/en/stable/). @@ -59,7 +62,8 @@ pytest . ## 🔄 Release Process (For Maintainers) -This repository uses a specific workflow to handle semantic versioning and "floating tags" (e.g., keeping `v1` pointing to the latest `v1.x.x` release). +This repository uses a specific workflow to handle semantic versioning and "floating tags" +(e.g., keeping `v1` pointing to the latest `v1.x.x` release). ### Automated Release @@ -71,7 +75,8 @@ When a PR is merged to `main` with a valid `CHANGELOG.md` entry: ### Manual Release / Tag Correction -If you need to manually retarget the major version tag (e.g., `v1`) to a specific release (e.g., `v1.0.1`), use the following commands locally: +If you need to manually retarget the major version tag (e.g., `v1`) to a specific release (e.g., `v1.0.1`), +use the following commands locally: ```bash # 1. Delete the old major version tag locally and remotely diff --git a/README.md b/README.md index 817bedb..2c573a5 100644 --- a/README.md +++ b/README.md @@ -3,32 +3,27 @@ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![GitHub Marketplace](https://img.shields.io/badge/Marketplace-Python%20Testing-blue.svg?colorA=24292e&colorB=0366d6&style=flat&longCache=true&logo=github)](https://github.com/marketplace/actions/python-testing) -GitHub Action to automatically detect and run Python testing frameworks. +GitHub Action to run Python tests using pytest. ## Features -- 🔍 **Automatic Framework Detection** - Automatically detects which testing frameworks your project uses -- 🐍 **Multiple Framework Support** - Supports pytest, unittest, nose2, behave (BDD/Cucumber), tox, and doctest +- 🐍 **pytest Testing** - Run pytest tests with configurable options - 📦 **Custom requirements** - Install additional dependencies from a requirements file -- 📊 **Detailed reporting** - View results in GitHub Actions summary for each detected framework +- 📊 **Detailed reporting** - View test results in GitHub Actions summary - 🏷️ **SVG badge generation** - Automatically generate and commit testing badges to your repository -- 📝 **Automatic README updates** - Automatically insert badge references into your README.md -- 🎯 **Framework-specific options** - Pass custom options to each testing framework +- 🎯 **Framework-specific options** - Pass custom options to pytest -## Supported Testing Frameworks +## Supported Testing Framework -| Framework | Detection Method | Notes | -|-----------|------------------|-------| -| **pytest** | `pytest.ini`, `pyproject.toml`, `setup.cfg`, or `import pytest` in code | Most popular Python testing framework | -| **unittest** | `import unittest` in test files | Built-in Python testing framework | -| **nose2** | `.noserc`, `nose.cfg`, or `[nosetests]` in `setup.cfg` | Successor to nose | -| **behave** | `features/` directory with `.feature` files | BDD/Cucumber-style testing | -| **tox** | `tox.ini` file | Testing across multiple Python environments | -| **doctest** | `>>>` in Python files | Tests embedded in docstrings | +| Framework | Detection Method | Notes | +|------------|------------------------------------| --------------------------------------| +| **pytest** | Always runs if pytest is installed | Most popular Python testing framework | ## Usage -> **Note:** Until the first release is tagged, use a specific commit SHA (e.g., `@947908a`) instead of `@v1`. This ensures workflows continue to work even if development branches are deleted. Once v1.0.0 is released, you can use `@v1` for the latest v1.x version. +> **Note:** Until the first release is tagged, use a specific commit SHA (e.g., `@947908a`) instead of +`@v1`. This ensures workflows continue to work even if development branches are deleted. Once v1.0.0 is +released, you can use `@v1` for the latest v1.x version. ### Basic Example @@ -66,31 +61,23 @@ jobs: python-version: '3.11' requirements-file: 'requirements.txt' pytest-options: '--cov --cov-report=xml' - unittest-options: '-s tests' - nose-options: '--verbose' - behave-options: '--no-capture' - tox-options: '-e py311' - generate-badges: 'true' + commit-badges: 'true' badges-directory: '.github/badges' - update-readme: 'true' - readme-path: 'README.md' - badge-style: 'path' ``` ### With Badge Generation -Enable badge generation to automatically create SVG badges for each detected framework: +Enable badge generation to automatically create SVG badges for pytest: ```yaml - name: Run Python Tests uses: thoughtparametersllc/python-testing@v1 with: - generate-badges: 'true' - update-readme: 'true' - badge-style: 'path' # or 'url' for GitHub raw URLs + commit-badges: 'true' + badges-directory: '.github/badges' ``` -When enabled, badges will show passing/failing status for each framework. +When enabled, badges will show passing/failing status for pytest. **Note:** For badge commits to work, your workflow needs `contents: write` permission: @@ -101,37 +88,27 @@ permissions: ## Inputs -| Input | Description | Required | Default | -|-------|-------------|----------|---------| -| `python-version` | Python version to use for testing | No | `3.x` | -| `requirements-file` | Path to requirements file for additional dependencies | No | `''` | -| `pytest-options` | Additional options to pass to pytest | No | `''` | -| `unittest-options` | Additional options to pass to unittest | No | `''` | -| `nose-options` | Additional options to pass to nose2 | No | `''` | -| `behave-options` | Additional options to pass to behave | No | `''` | -| `tox-options` | Additional options to pass to tox | No | `''` | -| `generate-badges` | Generate and commit SVG badges to the repository | No | `false` | -| `badges-directory` | Directory where badge SVG files will be saved | No | `.github/badges` | -| `update-readme` | Automatically update README.md with badge references | No | `false` | -| `readme-path` | Path to README.md file to update with badges | No | `README.md` | -| `badge-style` | Badge style: 'url' for GitHub URLs or 'path' for relative paths | No | `path` | - -## How Framework Detection Works - -The action intelligently detects which testing frameworks are used in your project: - -1. **pytest**: Looks for `pytest.ini`, `pyproject.toml`, `setup.cfg`, or `import pytest` statements -2. **unittest**: Searches for `import unittest` in test files -3. **nose2**: Checks for `.noserc`, `nose.cfg`, or nose configuration in `setup.cfg` -4. **behave**: Detects `features/` directory containing `.feature` files -5. **tox**: Looks for `tox.ini` configuration file -6. **doctest**: Searches for `>>>` patterns indicating docstring tests - -Only detected frameworks will be installed and run. +| Input | Description | Required | Default | +|----------------------|-------------------------------------------------------|----------|--------------------| +| `python-version` | Python version to use for testing | No | `3.x` | +| `requirements-file` | Path to requirements file for additional dependencies | No | `requirements.txt` | +| `pytest-options` | Additional options to pass to pytest | No | `''` | +| `commit-badges` | Generate and commit SVG badges to the repository | No | `false` | +| `badges-directory` | Directory where badge SVG files will be saved | No | `.github/badges` | + +## How It Works + +The action installs pytest and runs your tests with the specified options. You can: + +1. Specify a Python version to use +2. Install additional requirements from a requirements file +3. Pass custom options to pytest +4. Generate SVG badges for test results +5. Automatically commit badges to your repository ## Examples -### pytest Project +### pytest Project with Coverage ```yaml - uses: thoughtparametersllc/python-testing@v1 @@ -139,58 +116,42 @@ Only detected frameworks will be installed and run. pytest-options: '--cov=mypackage --cov-report=xml' ``` -### Multiple Frameworks - -The action will automatically run all detected frameworks: +### With Custom Requirements ```yaml - uses: thoughtparametersllc/python-testing@v1 with: requirements-file: 'requirements-dev.txt' pytest-options: '--verbose' - behave-options: '--tags=@smoke' ``` -### BDD with Behave +### With Badge Generation ```yaml - uses: thoughtparametersllc/python-testing@v1 with: - behave-options: '--format=progress --tags=@automated' - generate-badges: 'true' + pytest-options: '--verbose' + commit-badges: 'true' ``` ## Badge Display -When `update-readme` is enabled, badges are automatically inserted after your README title: +When `commit-badges` is enabled, you can manually add badge references to your README: ```markdown # My Project - ![Pytest](.github/badges/pytest.svg) -![Unittest](.github/badges/unittest.svg) - ``` -Manual badge references (if not using `update-readme`): - -```markdown -![Pytest](.github/badges/pytest.svg) -![Unittest](.github/badges/unittest.svg) -![Nose2](.github/badges/nose2.svg) -![Behave](.github/badges/behave.svg) -![Tox](.github/badges/tox.svg) -![Doctest](.github/badges/doctest.svg) -``` +The badge will automatically update with passing/failing status after each test run. ## Roadmap Future enhancements planned: -- **Automated versioning and tagging** - Semantic versioning with automated tag creation -- **GitHub Marketplace publishing** - Automated publishing workflow for releases -- **Additional frameworks** - Support for robotframework, green, testify, Ward +- **Additional frameworks** - Support for unittest, nose2, behave (BDD), tox, doctest +- **Automatic README updates** - Auto-insert badge references in README - **Enhanced reporting** - Code coverage integration, test timing analysis - **Performance optimization** - Parallel test execution, dependency caching @@ -214,8 +175,10 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file ## Related Actions -- [python-linting](https://github.com/thoughtparametersllc/python-linting) - Companion action for Python linting with pylint, black, and mypy +- [python-linting](https://github.com/thoughtparametersllc/python-linting) - Companion action for Python + linting with pylint, black, and mypy ## Support -If you encounter any issues or have questions, please [open an issue](https://github.com/thoughtparametersllc/python-testing/issues) on GitHub. +If you encounter any issues or have questions, please +[open an issue](https://github.com/thoughtparametersllc/python-testing/issues) on GitHub. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..d1c4f5c --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,109 @@ +# Security Policy + +## Supported Versions + +We actively support the following versions of this GitHub Action: + +| Version | Supported | +| ------- | ------------------ | +| v1.x | :white_check_mark: | +| < 1.0 | :x: | + +## Reporting a Vulnerability + +We take the security of this GitHub Action seriously. If you discover a security vulnerability, please follow these steps: + +### Where to Report + +**Please do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them via email to: + +- **Email**: [jason.miller@thoughtparameters.com](mailto:jason.miller@thoughtparameters.com) +- **Subject**: Security Vulnerability in python-testing action + +### What to Include + +Please include the following information in your report: + +1. **Description**: A clear description of the vulnerability +2. **Impact**: What an attacker could achieve by exploiting this vulnerability +3. **Reproduction Steps**: Detailed steps to reproduce the issue +4. **Affected Versions**: Which versions of the action are affected +5. **Suggested Fix**: If you have ideas on how to fix the issue (optional) + +### Response Timeline + +- **Initial Response**: Within 48 hours of receiving your report +- **Status Update**: Within 7 days with an assessment of the vulnerability +- **Fix Timeline**: We aim to release a fix within 30 days for critical issues + +### Disclosure Policy + +- Please allow us reasonable time to address the vulnerability before public disclosure +- We will acknowledge your contribution in the security advisory (if you wish) +- We may provide a CVE identifier for significant vulnerabilities + +## Security Best Practices for Users + +When using this action in your workflows: + +1. **Pin to Specific Versions**: Use specific version tags (e.g., `@v1.0.0`) rather than floating tags + when possible for production workflows +2. **Review Permissions**: Only grant necessary permissions to the workflow: + + ```yaml + permissions: + contents: write # Only needed if commit-badges is enabled + ``` + +3. **Protect Secrets**: Never pass secrets or credentials through action inputs +4. **Review Dependencies**: Check the `requirements-file` for untrusted packages +5. **Use Branch Protection**: Enable branch protection to prevent unauthorized badge commits + +## Known Security Considerations + +### Badge Commits + +When `commit-badges` is enabled: + +- The action will commit SVG badge files to your repository +- It uses the `github-actions[bot]` account for commits +- Commits include `[skip ci]` to prevent infinite workflow loops +- Requires `contents: write` permission + +**Mitigation**: Only enable badge commits if you trust the test results and understand the implications. + +### Dependencies + +This action installs: + +- pytest from PyPI +- Your specified requirements file packages + +**Mitigation**: + +- Review your requirements file for known vulnerabilities +- Use tools like `pip-audit` or `safety` to scan dependencies +- Pin package versions in your requirements file + +## Security Updates + +Security updates will be released as: + +1. **Patch releases** for minor security issues +2. **Minor releases** for moderate security issues +3. **Major releases** for critical security issues with breaking changes + +We will publish security advisories through GitHub Security Advisories. + +## Additional Resources + +- [GitHub Actions Security Best Practices](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions) +- [Securing GitHub Actions](https://docs.github.com/en/actions/security-guides) + +## Acknowledgments + +We appreciate the security research community's efforts in responsibly disclosing vulnerabilities. +Contributors who report valid security issues will be acknowledged (with permission) in our security +advisories and release notes.