Merge pull request #37 from salesforce/add/publish-automation

Add publishing automation; support Python 3.8

Author: kmcquade

.github/workflows/ci.yml

@@ -5,13 +5,16 @@ on: [push, pull_request]
 jobs:
   ci:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.7', '3.8', '3.9']
     steps:
       - uses: actions/checkout@v2
 
       - name: Setup Python
-        uses: actions/setup-python@v1
+        uses: actions/setup-python@v2
         with:
-          python-version: 3.9
+          python-version: ${{ matrix.python-version }}
 
       - name: Install dependencies
         run: |

.github/workflows/publish.yml

@@ -0,0 +1,88 @@
+name: Publish
+
+on:
+  release:
+    types: [ published ]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.7', '3.8', '3.9']
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          make setup-dev
+
+      - name: Run pytest (unit tests) and bandit (security test)
+        run: |
+          make test
+
+      - name: Install the package to make sure nothing is randomly broken
+        run: |
+          make install
+
+  publish-package:
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Set up Python 3.7
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+
+
+      - name: Install dependencies
+        run: |
+          pip install -r requirements.txt
+          pip install -r requirements-dev.txt
+      - name: create python package
+        run: |
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+          git fetch --tags
+          git pull origin main
+          pip install setuptools wheel twine
+          python -m setup sdist bdist_wheel
+      - name: Publish package
+        uses: pypa/gh-action-pypi-publish@master
+        with:
+          user: __token__
+          password: ${{ secrets.PYPI_PASSWORD }}
+
+
+  update-brew:
+    needs: publish-package
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Set up Python 3.7
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.7
+      - name: publish brew
+        run: |
+          sleep 5m
+          git config --local user.email "[email protected]"
+          git config --local user.name "GitHub Action"
+          pip install homebrew-pypi-poet
+          pip install endgame -U
+          git fetch origin
+          git checkout --track origin/main
+          latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
+          echo "latest tag: $latest_tag"
+          git pull origin $latest_tag
+          mkdir -p "HomebrewFormula" && touch "HomebrewFormula/endgame.rb"
+          poet -f endgame > HomebrewFormula/endgame.rb
+          git add .
+          git commit -m "update brew formula" endgame/bin/cli.py HomebrewFormula/endgame.rb || echo "No brew changes to commit"
+          git push -u origin main

.gitignore

@@ -67,4 +67,5 @@ packer_cache/
 
 #### Repository specific
 .notes/*
-**/private.tf
+**/private.tf
+.python-version

endgame/bin/version.py

@@ -1 +1 @@
-__version__ = "0.1.1"
+__version__ = "0.1.2"

endgame/command/list_resources.py

@@ -122,7 +122,7 @@ def get_all_resources_for_all_services(profile: str, region: str, current_accoun
 
 
 def get_all_resources(translated_service: str, profile: str, provided_service: str, region: str,
-                      current_account_id: str, cloak: bool = False) -> list[ListResourcesResponse]:
+                      current_account_id: str, cloak: bool = False) -> [ListResourcesResponse]:
     """Get resource objects for every resource under an AWS service"""
     results = []
     client = get_boto3_client(profile=profile, service=translated_service, region=region, cloak=cloak)

endgame/exposure_via_resource_policies/acm_pca.py

@@ -180,7 +180,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "certificate-authority"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/cloudwatch_logs.py

@@ -173,7 +173,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "resource-policy"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/common.py

@@ -134,5 +134,5 @@ def __str__(self):
 
     @property
     @abstractmethod
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         raise NotImplementedError("Must override property 'resources'")

endgame/exposure_via_resource_policies/ecr.py

@@ -83,7 +83,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "repository"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/efs.py

@@ -81,7 +81,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "file-system"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/elasticsearch.py

@@ -81,7 +81,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "domain"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/glacier_vault.py

@@ -80,7 +80,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "vaults"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/iam.py

@@ -84,7 +84,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "role"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/kms.py

@@ -97,7 +97,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.current_account_id = current_account_id
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
 
         # https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/kms.html#KMS.Paginator.ListKeys

endgame/exposure_via_resource_policies/lambda_function.py

@@ -132,7 +132,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "function"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/lambda_layer.py

@@ -177,7 +177,7 @@ def layer_version_arns(self, layer_name):
         return resources
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/s3.py

@@ -84,7 +84,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "bucket"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         response = self.client.list_buckets()
         resources = []

endgame/exposure_via_resource_policies/secrets_manager.py

@@ -76,7 +76,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "secret"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/ses.py

@@ -132,7 +132,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "identity"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/exposure_via_resource_policies/sns.py

@@ -174,7 +174,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "topic"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         these_resources = []
 

endgame/exposure_via_resource_policies/sqs.py

@@ -164,7 +164,7 @@ def __init__(self, client: boto3.Session.client, current_account_id: str, region
         self.resource_type = "queue"
 
     @property
-    def resources(self) -> list[ListResourcesResponse]:
+    def resources(self) -> [ListResourcesResponse]:
         """Get a list of these resources"""
         resources = []
 

endgame/shared/policy_document.py

@@ -35,7 +35,7 @@ def __str__(self):
     def __repr__(self):
         return json.dumps(self.json)
 
-    def _statements(self, statement_structure) -> list[StatementDetail]:
+    def _statements(self, statement_structure) -> [StatementDetail]:
         # Statement can be a list or a string, but we prefer strings for uniformity
         if not isinstance(statement_structure, list):
             statement_structure = [statement_structure]  # pragma: no cover

setup.py

@@ -46,5 +46,5 @@ def get_description():
     entry_points={"console_scripts": "endgame=endgame.bin.cli:main"},
     zip_safe=True,
     keywords="aws iam security",
-    python_requires=">=3.9",
+    python_requires=">=3.7",
 )