Merge pull request #18 from infobip/infobip/ib-tjuhasz-workflows

Build, Snyk, Sonar workflows, bumped dependencies.

Author: ib-tjuhasz

.github/workflows/build.yml

@@ -0,0 +1,26 @@
+name: Python build
+
+on: [push]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install pip
+      run: python -m pip install --upgrade pip
+    - name: Install dependencies
+      run: pip install -r requirements.txt
+    - name: Install dependencies
+      run: pip install -r test-requirements.txt
+    - name: Install build
+      run: python -m pip install build
+    - name: Run tests
+      run: python -m pytest

.github/workflows/snyk.yml

@@ -0,0 +1,20 @@
+name: Snyk vulnerability scan
+
+on: push
+jobs:
+  security:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@master
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/python@master
+        continue-on-error: true
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+            --severity-threshold=high
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: snyk.sarif

.github/workflows/sonar.yml

@@ -0,0 +1,25 @@
+name: SonarCloud analysis
+
+on: [push]
+
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: [ "3.8" ]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - name: Install tox
+        run: pip install tox
+      - name: Run tox
+        run: tox -e py
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

CHANGELOG.md

@@ -10,11 +10,18 @@ and this library adheres to [Semantic Versioning](http://semver.org/) as mention
 ⚠ IMPORTANT NOTE: From this point onward Python 3.7 is no longer supported. The minimum supported version is Python 3.8 due to dependency updates.
 
 ### Added
-- `calls.md` which contains examples and explanations for the Calls API
+- `calls.md` which contains examples and explanations for the Calls API.
+- `build.yml` workflow to ensure project build and test integrity.
+- `snyk.yml` workflow, which serves the purpose of identifying and addressing dependency vulnerabilities in the project.
+- `sonar.yml` workflow to analyze the source code, enhancing code quality and maintainability.
 
 ### Security
-* Bumped werkzeug dependency from 2.1.2 to 3.0.3
-* Bumped pytest-httpserver dependency from 1.0.4 to 1.0.8
+- Bumped werkzeug dependency from `2.1.2` to `3.0.3`.
+- Bumped pytest-httpserver dependency from `1.0.4` to `1.0.8`.
+- Bumped setuptools dependency to `72.1.0`.
+
+### Removed
+- `wheel` dependency due to an upgrade of `setuptools` to version `72.0.1`. As of `setuptools` version `70.1`, it is no longer necessary to have `wheel` installed for functionality.
 
 ## [ [4.0.0](https://github.com/infobip/infobip-api-python-client/releases/tag/4.0.0) ] - 2024-06-13
 🎉 **NEW Major Version of `infobip_api_client`.**

README.md

@@ -3,6 +3,7 @@
 <img src="https://cdn-web.infobip.com/uploads/2023/01/Infobip-logo.svg" height="93px" alt="Infobip" />
 
 [![Pypi index](https://badgen.net/pypi/v/infobip-api-python-client)](https://pypi.org/project/infobip-api-python-client/)
+[![Snyk](https://snyk.io/test/github/infobip/infobip-api-python-client/badge.svg)](https://snyk.io/test/github/infobip/infobip-api-python-client)
 [![MIT License](https://badgen.net/github/license/infobip/infobip-api-python-client)](https://opensource.org/licenses/MIT)
 
 This is a Python package for Infobip API and you can use it as a dependency to add [Infobip APIs][apidocs] to your application.

requirements.txt

@@ -1,5 +1,5 @@
 python_dateutil >= 2.5.3
-setuptools >= 21.0.0
+setuptools >= 72.1.0
 urllib3 >= 1.25.3, < 2.1.0
 pydantic >= 2
 typing-extensions >= 4.7.1

sonar-project.properties

@@ -0,0 +1,4 @@
+sonar.projectKey=infobip_infobip-api-python-client
+sonar.organization=infobip
+
+sonar.python.coverage.reportPaths=coverage.xml

test-requirements.txt

@@ -2,5 +2,4 @@ pytest==6.2.5
 pytest-httpserver==1.0.8
 pytest-cases==3.6.8
 pytest-cov==3.0.0
-wheel==0.38.0
 werkzeug==3.0.3

tox.ini

@@ -0,0 +1,18 @@
+[tox]
+envlist = py38
+skipsdist = True
+
+[testenv]
+deps =
+    pytest
+    coverage
+commands =
+    pip install -r requirements.txt
+    pip install -r test-requirements.txt
+    coverage run -m pytest
+    coverage xml
+
+[coverage:run]
+relative_files = True
+source = infobip_api_client/
+branch = True