chore: bandit and isort

Author: Justintime50

.github/workflows/build.yml

@@ -1,6 +1,18 @@
 name: build
 
-on: [push, pull_request]
+on: 
+  push:
+    paths:
+      - '.github/workflows/build.yml'
+      - '**/*.py'
+    branches:
+      - "**"
+    tags:
+      - "!**"
+  pull_request:
+    paths:
+      - '.github/workflows/build.yml'
+      - '**/*.py'
 
 jobs:
   lint:
@@ -16,6 +28,8 @@ jobs:
         run: make install
       - name: Check format
         run: make format-check
+      - name: Scan for security vulnerabilities
+        run: make scan
   test:
     runs-on: ubuntu-latest
     strategy:

.github/workflows/release.yml

@@ -20,6 +20,6 @@ jobs:
           make install
           make build
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@master
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
           password: ${{ secrets.PYPI_API_TOKEN }}

Makefile

@@ -56,8 +56,12 @@ lint:
 mypy:
 	$(VIRTUAL_BIN)/mypy $(PROJECT_NAME)/ $(TEST_DIR)/
 
+## scan - Scans the project for security vulnerabilities
+scan:
+	$(VIRTUAL_BIN)/bandit -r $(PROJECT_NAME)/
+
 ## test - Test the project
 test:
 	$(VIRTUAL_BIN)/pytest
 
-.PHONY: help build coverage clean black black-check format format-check install isort isort-check lint mypy test
+.PHONY: help build coverage clean black black-check format format-check install isort isort-check lint mypy scan test

pullbug/__init__.py

@@ -1,6 +1,7 @@
 from pullbug.bug import Pullbug
 from pullbug.messages import Message
 
+
 __all__ = [
     'Pullbug',
     'Message',

pullbug/bug.py

@@ -1,12 +1,24 @@
 import os
-from typing import Any, Dict, List, Tuple
+from typing import (
+    Any,
+    Dict,
+    List,
+    Tuple,
+)
 
 import woodchips
-from github import Github, Issue, NamedUser, PaginatedList, PullRequest
+from github import (
+    Github,
+    Issue,
+    NamedUser,
+    PaginatedList,
+    PullRequest,
+)
 from typing_extensions import Literal
 
 from pullbug.messages import Message
 
+
 GITHUB_STATE_CHOICES = Literal[
     'all',
     'closed',
@@ -33,7 +45,7 @@
 
 
 class Pullbug:
-    def __init__(
+    def __init__(  # nosec - no hardcoded token here, ignore
         self,
         github_owner: str,
         github_token: str = None,

pullbug/messages.py

@@ -1,10 +1,20 @@
 import math
-from typing import List, Tuple, Union
+from typing import (
+    List,
+    Tuple,
+    Union,
+)
 
 import requests
 import slack
 import woodchips
-from github import Issue, NamedUser, PullRequest, Team
+from github import (
+    Issue,
+    NamedUser,
+    PullRequest,
+    Team,
+)
+
 
 LOGGER_NAME = 'pullbug'
 

pyproject.toml

@@ -5,3 +5,11 @@ skip-string-normalization = true
 
 [tool.isort]
 profile = "black"
+line_length = 120
+indent = 4
+force_grid_wrap = 2
+multi_line_output = 3
+sections = "FUTURE,STDLIB,THIRDPARTY,FIRSTPARTY,LOCALFOLDER"
+lines_after_imports = 2
+include_trailing_comma = true
+use_parentheses = true

setup.py

@@ -1,5 +1,6 @@
 import setuptools
 
+
 with open('README.md', 'r') as fh:
     long_description = fh.read()
 
@@ -12,6 +13,7 @@
 ]
 
 DEV_REQUIREMENTS = [
+    'bandit == 1.7.*',
     'black == 22.*',
     'build == 0.7.*',
     'coveralls == 3.*',

test/unit/test_bug.py

@@ -1,4 +1,7 @@
-from unittest.mock import MagicMock, patch
+from unittest.mock import (
+    MagicMock,
+    patch,
+)
 
 import pytest
 

test/unit/test_messages.py

@@ -1,9 +1,15 @@
-from unittest.mock import MagicMock, patch
+from unittest.mock import (
+    MagicMock,
+    patch,
+)
 
 import pytest
 import requests
 import slack
-from github import NamedUser, Team
+from github import (
+    NamedUser,
+    Team,
+)
 
 from pullbug.messages import Message