feat: initial upload of Python module

Signed-off-by: Dr Yann Golanski <[email protected]>

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,29 @@
+### Check list
+
+<!--- Please follow these steps. -->
+
+- [ ] I did check there are no other issue relating to this.
+- [ ] I am running a _supported_ version.
+- [ ] Setupr version given by `pynpc --version`:
+- [ ] Python version given by `python --version`:
+
+### What are the steps to reproduce it?
+
+<!--- Please detail how we can reproduce the issue. -->
+
+1. …
+1. …
+1. …
+
+### What did you expect to happen?
+
+<!--- What should have happened instead of the issue? -->
+
+### What actually happened?
+
+<!--- Could you please give as much detail as possible? -->
+
+### Any more details?
+
+<!--- Anything that could be useful to use: log files, screen shots, and
+videos are all good examples. -->

.github/codeql/codeql-config.yml

@@ -0,0 +1,11 @@
+name: 'My CodeQL config'
+
+queries:
+  - uses: security-and-quality
+paths:
+  - pynpc
+  - tests
+  - docs
+paths-ignore:
+  - '.venv/**'
+  - '.*cache/**'

.github/dependabot.yml

@@ -0,0 +1,23 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "chore(GHA):"
+    pull-request-branch-name:
+      separator: "-"
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "chore(pip):"
+    pull-request-branch-name:
+      separator: "-"

.github/workflows/bandit.yml

@@ -0,0 +1,52 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# Bandit is a security linter designed to find common security issues in Python code.
+# This action will run Bandit on your codebase.
+# The results of the scan will be found under the Security tab of your repository.
+
+# https://github.com/marketplace/actions/bandit-scan is ISC licensed, by abirismyname
+# https://pypi.org/project/bandit/ is Apache v2.0 licensed, by PyCQA
+
+name: Bandit
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["main"]
+  schedule:
+    - cron: "44 13 * * 4"
+
+jobs:
+  bandit:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Bandit Scan
+        uses: shundor/python-bandit-scan@9cc5aa4a006482b8a7f91134412df6772dbda22c
+
+        with: # optional arguments
+          # exit with 0, even with results found
+          exit_zero: true # optional, default is DEFAULT
+          # Github token of the repository (automatically created by Github)
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information.
+          # File or directory to run bandit on
+          path: ./setupr
+          # Report only issues of a given severity level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
+          # level: # optional, default is UNDEFINED
+          # Report only issues of a given confidence level or higher. Can be LOW, MEDIUM or HIGH. Default is UNDEFINED (everything)
+          # confidence: # optional, default is UNDEFINED
+          # comma-separated list of paths (glob patterns supported) to exclude from scan (note that these are in addition to the excluded paths provided in the config file) (default: .svn,CVS,.bzr,.hg,.git,__pycache__,.tox,.eggs,*.egg)
+          # excluded_paths: # optional, default is DEFAULT
+          # comma-separated list of test IDs to skip
+          # skips: # optional, default is DEFAULT
+          # path to a .bandit file that supplies command line arguments
+          # ini_path: # optional, default is DEFAULT

.github/workflows/codeql.yml

@@ -0,0 +1,59 @@
+name: 'CodeQL'
+
+on:
+    push:
+        branches: ['main']
+    pull_request:
+        # The branches below must be a subset of the branches above
+        branches: ['main']
+    schedule:
+        #         ┌───────────── minute (0 - 59)
+        #         │  ┌───────────── hour (0 - 23)
+        #         │  │ ┌───────────── day of the month (1 - 31)
+        #         │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+        #         │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+        #         │  │ │ │ │
+        #         │  │ │ │ │
+        #         │  │ │ │ │
+        #         *  * * * *
+        - cron: '30 08 * * 1'
+
+jobs:
+    analyze:
+        name: Analyze
+        runs-on: ubuntu-latest
+        permissions:
+            actions: read
+            contents: read
+            security-events: write
+
+        strategy:
+            fail-fast: false
+            matrix:
+                language: ['python']
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v3
+
+            # Initializes the CodeQL tools for scanning.
+            - name: Initialize CodeQL
+              uses: github/codeql-action/init@v2
+              with:
+                  languages: ${{ matrix.language }}
+                  config-file: ./.github/codeql/codeql-config.yml
+
+            # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
+            # If this step fails, then you should remove it and run the build manually (see below)
+            - name: Autobuild
+              uses: github/codeql-action/autobuild@v2
+
+            #   If the Autobuild fails above, remove it and uncomment the following three lines.
+            # - run: |
+            #   echo "Run, Build Application using script"
+            #   ./location_of_script_within_repo/buildscript.sh
+
+            - name: Perform CodeQL Analysis
+              uses: github/codeql-action/analyze@v2
+              with:
+                  category: '/language:${{matrix.language}}'

.github/workflows/dependabot-review.yml

@@ -0,0 +1,17 @@
+# https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+    contents: read
+
+jobs:
+    dependency-review:
+        runs-on: ubuntu-latest
+        steps:
+            - name: 'Checkout Repository'
+              uses: actions/checkout@v3
+            - name: 'Dependency Review'
+              uses: actions/dependency-review-action@v3
+              with:
+                  fail-on-severity: low

.github/workflows/on-pull-request.yml

@@ -0,0 +1,101 @@
+on:
+  merge_group:
+  pull_request:
+    types: [opened, synchronize, reopened]
+
+name: on-pull-request
+
+jobs:
+  # print_title_of_pr:
+  #   runs-on: ubuntu-20.04
+  #   if: contains(github.event.pull_request.title, "chore\(pip\):")
+  #   steps:
+  #   - name : Print Title of PR
+  #     run: echo The Title of your PR is ${{ github.event.pull_request.title }}
+
+  quality:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Check out'
+        uses: actions/checkout@v3
+
+      - name: 'Set up the environment'
+        uses: ./.github/workflows/setup-poetry-env
+
+      - name: 'Install Task'
+        uses: arduino/setup-task@v1
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          version: 3.x
+
+      - name: 'Run checks'
+        uses: ./.github/workflows/run-checks
+
+  matrix:
+    runs-on: ubuntu-latest
+    needs: quality
+    strategy:
+      matrix:
+        python-version: ['3.8', '3.9', '3.10', '3.11']
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: 'Setup Python version'
+        uses: actions/setup-python@v4
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: 'Set up the environment'
+        uses: ./.github/workflows/setup-poetry-env
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: 'Setup GnuPG'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gnupg
+
+      - name: 'Test with pytest-cov'
+        run: |
+          mkdir -p ./artifacts
+          source .venv/bin/activate
+          pytest \
+            --slow \
+            --junitxml=./artifacts/pytest-${{ matrix.python-version }}.xml \
+            --cov-report=term-missing \
+            --cov=pynpc \
+            --cov=tests \
+            tests/ \
+            | tee ./artifacts/pytest-${{ matrix.python-version }}.txt
+
+      - name: 'Upload pytest test results'
+        uses: actions/upload-artifact@v3
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          name: pytest-coverage-${{ matrix.python-version }}
+          path: ./artifacts/
+        if: ${{ always() }}
+
+  coverage:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+    needs: matrix
+    steps:
+      - name: 'Check out'
+        uses: actions/checkout@v3
+
+      - uses: actions/download-artifact@master
+        with:
+          name: pytest-coverage-3.11
+          path: ./artifacts/
+
+      - name: 'Pytest coverage comment'
+        uses: MishaKav/pytest-coverage-comment@main
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          pytest-coverage-path: artifacts/pytest-3.11.txt
+          junitxml-path: artifacts/pytest-3.11.xml