chore: update from template

.github/actions/setup_environment/action.yaml

@@ -6,48 +6,58 @@ inputs:
     description: "Task version"
     required: true
     default: "3.33.1"
-  trivy-version:
-    description: "Trivy version"
+  task-enabled:
+    description: "Task enabled"
     required: true
-    default: "v0.57.1"
+    default: "true"
   python-version:
     description: "Python version"
     required: true
     default: "3.12.1"
-  with-python:
-    description: "Python needed"
+  python-enabled:
+    description: "Python enabled"
     required: true
-    default: "true"
+    default: "false"
   poetry-version:
     description: "Poetry version"
     required: true
     default: "1.7.1"
-  with-poetry:
-    description: "Poetry needed"
+  poetry-enabled:
+    description: "Poetry enabled"
     required: true
-    default: "true"
+    default: "false"
+  trivy-version:
+    description: "Trivy version"
+    required: true
+    default: "v0.57.1"
+  trivy-enabled:
+    description: "Trivy enabled"
+    required: true
+    default: "false"
 
 runs:
   using: "composite"
   steps:
-    - name: Install Task
+    - name: Setup Task
+      if: ${{ inputs.task-enabled == 'true' }}
       uses: arduino/setup-task@v1
       with:
         version: ${{ inputs.task-version }}
 
-    - name: Install Trivy
-      uses: aquasecurity/[email protected]
-      with:
-        version: ${{ inputs.trivy-version }}
-
-    - name: Set up Python
-      if: ${{ inputs.with-python == 'true' }}
+    - name: Setup Python
+      if: ${{ inputs.python-enabled == 'true' }}
       uses: actions/setup-python@v4
       with:
         python-version: ${{ inputs.python-version }}
 
-    - name: Install and configure Poetry
-      if: ${{ inputs.with-poetry == 'true' }}
+    - name: Setup Poetry
+      if: ${{ inputs.poetry-enabled == 'true' }}
       uses: snok/install-poetry@v1
       with:
         version: ${{ inputs.poetry-version }}
+
+    - name: Setup Trivy
+      if: ${{ inputs.trivy-enabled == 'true' }}
+      uses: aquasecurity/[email protected]
+      with:
+        version: ${{ inputs.trivy-version }}

.github/workflows/check-pr-title.yaml

@@ -13,8 +13,12 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout repository
+      - name: Checkout config file
         uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            commitlint.config.js
+          sparse-checkout-cone-mode: false
 
       - name: Commitlint PR Title
         uses: ovsds/commitlint-pr-title-action@v1

.github/workflows/check-pr.yaml

@@ -20,6 +20,9 @@ jobs:
 
       - name: Setup Environment
         uses: ./.github/actions/setup_environment
+        with:
+          python-enabled: true
+          poetry-enabled: true
 
       - name: Install Dependencies
         run: |

.github/workflows/release-pr.yaml

@@ -23,8 +23,7 @@ jobs:
       - name: Setup Environment
         uses: ./.github/actions/setup_environment
         with:
-          with-python: "false"
-          with-poetry: "false"
+          trivy-enabled: true
 
       - name: Get Image Data
         id: get-image-data

.github/workflows/release-scan.yaml

@@ -21,8 +21,7 @@ jobs:
       - name: Setup Environment
         uses: ./.github/actions/setup_environment
         with:
-          with-python: "false"
-          with-poetry: "false"
+          trivy-enabled: true
 
       - name: Get latest image tag
         id: get_tag

.github/workflows/release.yaml

@@ -20,8 +20,7 @@ jobs:
       - name: Setup Environment
         uses: ./.github/actions/setup_environment
         with:
-          with-python: "false"
-          with-poetry: "false"
+          trivy-enabled: true
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3

.prettierignore

@@ -1,13 +1,14 @@
+# Environment variables
+.env
+
 # Python Dependencies
 .venv/
 
 # Python cache
 __pycache__/
 .pytest_cache/
 .ruff_cache/
+.coverage/
 
-# Backend coverage reports
-backend/.coverage
-
-# Environment variables
-.env
+# Backend temporary files
+backend/example/state

Taskfile.yaml

@@ -132,6 +132,9 @@ tasks:
         owner_github_login='ovsds'
         scripts='true'
         services='backend'
+        with_python='true'
+        with_cookiecutter='false'
+        with_trivy='true'
     vars:
       TEMPLATE_PATH: '{{.TEMPLATE_PATH | default "https://github.com/ovsds/template-repository"}}'
 

backend/Dockerfile

@@ -1,4 +1,4 @@
-FROM base_builder AS builder
+FROM base_builder AS common_builder
 
 RUN python -m pip install 'poetry>=1.7.0,<1.8.0'
 
@@ -10,32 +10,31 @@ COPY --from=sources poetry.toml /opt/app/poetry.toml
 WORKDIR /opt/app
 RUN poetry install
 
-FROM base_runtime AS runtime
+FROM base_runtime AS common_runtime
 
 RUN mkdir --parents /opt/app
-COPY --from=builder /opt/app/.venv /opt/app/.venv
 COPY --from=sources bin /opt/app/bin
 COPY --from=sources lib /opt/app/lib
 
 WORKDIR /opt/app
 CMD [".venv/bin/python", "-m", "bin.main"]
 
-FROM builder AS builder_dev
+FROM common_builder AS builder
 
-RUN poetry install --with dev
+FROM common_runtime AS runtime
 
-FROM base_runtime AS runtime_dev
+COPY --from=builder /opt/app/.venv /opt/app/.venv
 
-RUN mkdir --parents /opt/app
-COPY --from=builder_dev /opt/app/.venv /opt/app/.venv
-COPY --from=sources bin /opt/app/bin
-COPY --from=sources lib /opt/app/lib
-COPY --from=sources pyproject.toml /opt/app/pyproject.toml
+FROM common_builder AS builder_dev
 
-WORKDIR /opt/app
+RUN poetry install --with dev
 
-FROM runtime_dev AS tests
+FROM common_runtime AS runtime_dev
 
+COPY --from=builder_dev /opt/app/.venv /opt/app/.venv
 COPY --from=sources tests /opt/app/tests
+COPY --from=sources pyproject.toml /opt/app/pyproject.toml
+
+FROM runtime_dev AS tests_dev
 
 CMD [".venv/bin/python", "-m", "pytest", "tests"]

backend/README.md

@@ -266,7 +266,7 @@ tasks:
 
 ### Global dependencies
 
-- poetry
+- [poetry](https://python-poetry.org/docs/#installation)
 
 ### Taskfile commands
 

backend/Taskfile.yaml

@@ -114,9 +114,23 @@ tasks:
       - echo 'Running pyright fixes...'
       - task: _pyright
 
-  bake:
+  image-bake:
     cmds:
-      - docker buildx bake {{.COMMAND}}
+      - echo 'Building image {{.TARGET}}...'
+      - docker buildx bake {{.TARGET}}
+
+  image-run:
+    desc: Run image in container
+    requires:
+      vars:
+        - TARGET
+    cmds:
+      - echo 'Running image {{.TARGET}} target...'
+      - docker run
+        --env-file <( env| cut -f1 -d= )
+        --env GITHUB_WATCHER_SETTINGS_YAML=example/settings.yaml
+        --volume $(pwd)/example:/opt/app/example
+        {{.DEFAULT_IMAGE_NAME}}:{{.TARGET}}
 
   image-scan:
     desc: Scan image for vulnerabilities
@@ -137,12 +151,10 @@ tasks:
   test-container:
     desc: Run tests in container
     cmds:
-      - task: bake
-        vars: { COMMAND: tests_docker }
-
-      - echo 'Running tests...'
-      - docker run
-        {{.DEFAULT_IMAGE_NAME}}:tests
+      - task: image-bake
+        vars: { TARGET: tests_dev }
+      - task: image-run
+        vars: { TARGET: tests }
 
   test-coverage-run:
     desc: Run tests with coverage
@@ -203,14 +215,10 @@ tasks:
   dev-server-start-container:
     desc: Start development application in container
     cmds:
-      - task: bake
-        vars: { COMMAND: runtime_docker }
-
-      - echo 'Running container...'
-      - docker run
-        -e GITHUB_WATCHER_SETTINGS_YAML=example/settings.yaml
-        -v $(pwd)/example:/opt/app/example
-        {{.DEFAULT_IMAGE_NAME}}:runtime
+      - task: image-bake
+        vars: { TARGET: runtime_dev }
+      - task: image-run
+        vars: { TARGET: runtime }
 
   update-from-template:
     desc: Update project from template
@@ -224,6 +232,7 @@ tasks:
         service_name="Github Watcher Backend"
         service_slug="github-watcher"
         service_short_slug="backend"
+        with_trivy="true"
     vars:
       TEMPLATE_PATH: '{{.TEMPLATE_PATH | default "https://github.com/ovsds/template-service-python"}}'
 
@@ -234,8 +243,8 @@ tasks:
         - IMAGE_TAG
         - IMAGE_REGISTRY
     cmds:
-      - task: bake
-        vars: { COMMAND: runtime }
+      - task: image-bake
+        vars: { TARGET: runtime }
 
   ci-image-scan:
     desc: Scan image for vulnerabilities

backend/docker-bake.hcl

@@ -31,17 +31,17 @@ target "runtime" {
   ]
 }
 
-target "runtime_docker" {
+target "runtime_dev" {
   inherits = ["base"]
-  target = "runtime"
+  target = "runtime_dev"
   output = ["type=docker"]
   tags = ["${IMAGE_NAME}:runtime"]
 }
 
-target "tests_docker" {
+target "tests_dev" {
   inherits = ["base"]
+  target = "tests_dev"
   output = ["type=docker"]
   tags = ["${IMAGE_NAME}:tests"]
-  target = "tests"
 }
 

backend/lib/app/app.py

@@ -143,6 +143,7 @@ def from_settings(cls, settings: app_settings.Settings) -> typing.Self:
         lifecycle_manager = lifecycle_manager_utils.LifecycleManager(logger=logger)
 
         # Startup
+
         lifecycle_manager.add_startup_callback(
             callback=lifecycle_manager_utils.StartupCallback(
                 callback=task_queue_state_service.load(),

package.json

@@ -2,11 +2,11 @@
   "private": true,
   "name": "github-watcher",
   "devDependencies": {
-    "@commitlint/cli": "^19.0.3",
-    "@commitlint/config-conventional": "^19.0.3",
-    "husky": "^9.1.1",
-    "lint-staged": "^15.2.0",
-    "prettier": "^3.1.1",
+    "@commitlint/cli": "^19.6.1",
+    "@commitlint/config-conventional": "^19.6.0",
+    "husky": "^9.1.7",
+    "lint-staged": "^15.2.11",
+    "prettier": "^3.4.2",
     "pyright": "1.1.389"
   },
   "hooks": {