Merge pull request #19 from chains-project/diogo/push-to-pypi

feat: add TestPyPi CD pushing

.github/workflows/publish_on_pypi.yml

@@ -0,0 +1,34 @@
+name: Upload Python Package to TestPyPI
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.x'
+
+    - name: Install build dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install build twine
+
+    - name: Build package
+      run: python -m build
+
+    - name: Publish to Test PyPI
+      env:
+        TWINE_USERNAME: __token__
+        TWINE_PASSWORD: ${{ secrets.TEST_PYPI_API_KEY }}
+        TWINE_REPOSITORY: testpypi
+      run: |
+        twine upload --repository testpypi dist/*

MANIFEST.in

@@ -0,0 +1,6 @@
+include README.md
+include LICENSE
+include requirements.txt
+recursive-include tool *.py
+recursive-exclude * __pycache__
+recursive-exclude * *.py[cod]

pyproject.toml

@@ -1,3 +1,7 @@
+[build-system]
+requires = ["setuptools"]
+build-backend = "setuptools.build_meta"
+
 [tool.ruff]
 # Enable pycodestyle (`E`), Pyflakes (`F`), and import sorting (`I`)
 select = ["E", "F", "I", "N", "S", "B", "COM", "C4", "SIM", "RET", "UP"]
@@ -46,4 +50,4 @@ max-complexity = 10
 known-first-party = ["tool"]
 
 [tool.ruff.flake8-quotes]
-docstring-quotes = "double"
+docstring-quotes = "double"

setup.cfg

@@ -0,0 +1,54 @@
+[metadata]
+name = dirty-waters
+version = 0.1.1
+author = CHAINS research project at KTH Royal Institute of Technology
+author_email = <[email protected]>
+description = Automatically detect software supply chain smells and issues
+long_description = file: README.md
+long_description_content_type = text/markdown
+url = https://github.com/chains-project/dirty-waters
+project_urls =
+    Bug Tracker = https://github.com/chains-project/dirty-waters/issues
+keywords = software supply chain, ssc, dependencies, npm
+classifiers =
+    Intended Audience :: Developers
+    Topic :: Software Development :: Build Tools
+    Programming Language :: Python :: 3
+    License :: OSI Approved :: MIT License
+    Operating System :: OS Independent
+
+[options]
+package_dir =
+    = .
+packages = find:
+python_requires = >=3.8
+# TODO: this should only include the packages the program minimally requires
+install_requires =
+    attrs==24.2.0
+    cattrs==24.1.2
+    certifi==2024.8.30
+    charset-normalizer==3.4.0
+    exceptiongroup==1.2.2
+    idna==3.10
+    numpy==2.1.2
+    pandas==2.2.3
+    platformdirs==4.3.6
+    python-dateutil==2.9.0.post0
+    pytz==2024.2
+    requests==2.32.3
+    requests-cache==1.2.1
+    six==1.16.0
+    tabulate==0.9.0
+    tqdm==4.66.5
+    typing_extensions==4.12.2
+    tzdata==2024.2
+    url-normalize==1.4.3
+    urllib3==2.2.3
+
+[options.packages.find]
+where = .
+include = tool*
+exclude =
+    tests*
+    docs*
+    example_reports*

tool/__init__.py

@@ -0,0 +1,12 @@
+"""
+dirty-waters - A tool to detect software supply chain smells and issues
+"""
+
+from .main import main
+from .report_static import write_summary
+from .report_diff import generate_diff_report
+
+__version__ = "0.1.1"
+__author__ = "CHAINS research project at KTH Royal Institute of Technology"
+
+__all__ = ["main", "write_summary", "generate_diff_report"]