Add CI tests

.bandit.yaml

@@ -0,0 +1,15 @@
+---
+# Bandit config file.
+# BEWARE: Bandit does not use any configuration file by default
+#         so you need to specify it using -c.
+# If you have lines in your code triggering vulnerability errors
+# and you are certain that this is acceptable, they can be individually
+# silenced by appending # nosec to the line:
+exclude_dirs:
+ - .tox
+ - .git
+ - .mypy_cache
+ - .pytest_cache
+ - .github
+ - venv
+ - tests

.github/workflows/lint.yml

@@ -0,0 +1,32 @@
+# Run the SuperLinter action with some custom setup.
+
+name: Lint
+
+on:
+  push:
+    branches: ["2.x"]
+  pull_request:
+    branches: ["2.x"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+jobs:
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v2
+
+      - name: Super-Linter
+        uses: github/[email protected]
+        env:
+          VALIDATE_MARKDOWN: false
+          # Disabled for conflicts with the isort version used in pre-commit
+          #   you can re-enable it if you align your local isort with
+          #   the one in the super-linter image.
+          VALIDATE_PYTHON_ISORT: false
+          VALIDATE_XML: false
+          VALIDATE_NATURAL_LANGUAGE: false

.github/workflows/security-bandit.yml

@@ -0,0 +1,30 @@
+# This is a basic workflow to help you get started with Actions
+
+name: "security-bandit"
+
+# Controls when the action will run. Triggers the workflow on push or pull request
+# events but only for the master branch
+on:
+  push:
+    branches: [ "2.x" ]
+  pull_request:
+    branches: [ "2.x" ]
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+
+    # Runs a single command using the runners shell
+    - name: Python security check using Bandit
+      uses: ioggstream/[email protected]
+      with:
+        project_path: .
+        config_file: .bandit.yaml

.github/workflows/test.yml

@@ -0,0 +1,48 @@
+# This workflow template runs:
+#   - a tox container with tests
+#   - a service container (eg. a database) to be used by tox tests.
+
+name: Test
+
+on:
+  push:
+    branches: [ 2.x ]
+  pull_request:
+    branches: [ 2.x ]
+
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+
+  test-tox-job:
+    runs-on: ubuntu-latest
+    container: python:3.9-slim
+
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      #  IMPORTANT!! By default `actions/checkout` just checkouts HEAD, so if you want
+      #              to checkout tags and branches too (eg. to auto-version your deployments)
+      #              you need to pass the `fetch-depth: 0` option. eg
+      #
+      #              uses: actions/checkout@v2
+      #              with:
+      #                fetch-depth: 0
+      - uses: actions/checkout@v2
+
+      - name: Run tests.
+        run: |
+          pip3 install tox
+          tox
+  test-pre-commit:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+    container: python:3.9
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Run commit hooks.
+        run: |
+          pip3 --no-cache-dir install pre-commit
+          git --version
+          pre-commit run -a

.pre-commit-config.yaml

@@ -0,0 +1,64 @@
+#
+# Run pre-commit hooks. You can run them without installing
+#  the hook with
+#
+# $ pre-commit run --all-files
+#
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v3.2.0
+    hooks:
+    -   id: trailing-whitespace
+    -   id: end-of-file-fixer
+    -   id: check-xml
+    -   id: detect-private-key
+    -   id: check-yaml
+        args: [--allow-multiple-documents]
+    -   id: check-added-large-files
+- repo: https://github.com/myint/autoflake
+  rev: b330072a26bb13aea8843f8083cee5332d71f78f
+  hooks:
+    - id: autoflake
+      args:
+        - --in-place
+        - --remove-unused-variables
+        - --remove-all-unused-imports
+-   repo: https://github.com/psf/black
+    rev: 22.3.0
+    hooks:
+    -   id: black
+- repo: https://github.com/pycqa/isort
+  rev: 5.8.0
+  hooks:
+    - id: isort
+      name: isort (python)
+      # Use black profile for isort to avoid conflicts
+      #   see https://github.com/PyCQA/isort/issues/1518
+      args: ["--profile", "black"]
+    - id: isort
+      name: isort (cython)
+      types: [cython]
+    - id: isort
+      name: isort (pyi)
+      types: [pyi]
+- repo: https://gitlab.com/pycqa/flake8
+  rev: 3.9.0
+  hooks:
+  - id: flake8
+- repo: https://github.com/PyCQA/bandit
+  rev: 1.7.0
+  hooks:
+    - id: bandit
+      name: bandit
+      args: ["-c", ".bandit.yaml"]
+      description: 'Bandit is a tool for finding common security issues in Python code'
+      entry: bandit
+      language: python
+      language_version: python3
+      types: [python]
+- repo: https://github.com/Lucas-C/pre-commit-hooks-safety
+  rev: v1.2.1
+  hooks:
+    - id: python-safety-dependencies-check

pylode/cli.py

@@ -160,7 +160,7 @@ def main(args=None):
 
         # args are present so getting RDF from input file or uri into an rdflib Graph
         if args.inputfile:
-            logger.log(logging.DEBUG, f"args.inputfile: {args.inputfile.name}")
+            logger.log(logging.DEBUG, f"args.inputfile: {args.inputfile}")
             h = MakeDocco(
                 input_data_file=args.inputfile,
                 outputformat=args.outputformat,
@@ -171,7 +171,7 @@ def main(args=None):
                 get_curies_online=get_curies_online,
             )
         elif args.url:
-            logger.log(logging.DEBUG, f"args.url: {args.url.name}")
+            logger.log(logging.DEBUG, f"args.url: {args.url}")
             h = MakeDocco(
                 input_uri=args.url,
                 outputformat=args.outputformat,

requirements.txt

@@ -1,4 +1,4 @@
-jinja2
-markdown
-rdflib>=6.1.1,<7.0.0
-requests
+Jinja2>=3.1.2
+Markdown>=3.4.1
+rdflib>=6.2.0,<7.0.0
+requests>=2.28.1

tox.ini

@@ -0,0 +1,70 @@
+[tox]
+envlist = py3, safety
+skipsdist=True
+
+[testenv]
+deps =
+  -rrequirements.txt
+  -rrequirements.dev.txt
+
+# Uncomment here to set an extra PIP_INDEX_URL
+# setenv =
+#    PIP_EXTRA_INDEX_URL = https://mypypiserver.org
+
+setenv =
+  PYTHONPATH=:.:
+
+# To show pytest logs in console, use
+#   tox -- --log-cli-level=DEBUG
+commands =
+  pytest {posargs}
+
+[testenv:safety]
+deps =
+  -rrequirements.txt
+  -rrequirements.dev.txt
+  safety
+
+setenv =
+  PYTHONPATH=:.:
+
+commands =
+  safety check --short-report -r requirements.txt
+
+[flake8]
+# Ignore long lines in flake8 because
+#   they are managed by black and we
+#   want to support links.
+max-line-length = 150
+
+[testenv:release]
+# Release with tox via:
+#
+#    tox -e release -- $PARAMETERS
+#
+# passing the repo references you would set via
+# twine, eg:
+#  --repository-url https://test.pypi.org/legacy/
+#
+# To pass
+deps =
+  wheel
+  twine
+
+# Limit TWINE_* to this section.
+passenv =
+  TWINE_USERNAME
+  TWINE_PASSWORD
+  TWINE_REPOSITORY_URL
+
+commands =
+#  rm dist -rf
+  python setup.py bdist_wheel  # sdist, or whatever
+  twine upload {posargs} dist/*
+
+
+# Uncomment the following section if you want to
+#  test the installation on the test pypi
+# [testenv:test-release]
+#commands =
+#  pip install --index-url=https://test.pypi.org/simple