Merge pull request #2 from fleXRPL/feature/#1

feature/#1 - Initial project setup with CI/CD, documentation, and build scripts

Author: garotm

.flake8

@@ -0,0 +1,14 @@
+[flake8]
+max-line-length = 100
+exclude = 
+    .git,
+    __pycache__,
+    build,
+    dist,
+    *.egg-info,
+    .venv,
+    .tox,
+    .pytest_cache
+statistics = True
+count = True
+show-source = True 

.github/dependabot.yml

@@ -0,0 +1,42 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 5
+    target-branch: "main"
+    labels:
+      - "security"
+      - "dependencies"
+    commit-message:
+      prefix: "security"
+      include: "scope"
+    reviewers:
+      - "garotm"
+    assignees:
+      - "garotm"
+    versioning-strategy:
+      increase-if-necessary: true
+    allow:
+      - dependency-type: "direct"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-minor", "version-update:semver-patch"]
+    security-updates-only: true
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    open-pull-requests-limit: 3
+    labels:
+      - "security"
+      - "github-actions"
+    commit-message:
+      prefix: "security"
+      include: "scope"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-minor", "version-update:semver-patch"]
+    security-updates-only: true 

.github/workflows/sonarcloud.yml

@@ -0,0 +1,51 @@
+name: SonarCloud Analysis
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:
+
+jobs:
+  sonarcloud:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+          pip install pytest pytest-cov
+
+      - name: Run tests with coverage
+        run: |
+          pytest tests/ --cov=githubauthlib --cov-report=xml --cov-report=term-missing
+
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          args: >
+            -Dsonar.organization=flexrpl
+            -Dsonar.projectKey=fleXRPL_githubauthlib
+            -Dsonar.python.coverage.reportPaths=coverage.xml
+            -Dsonar.sources=githubauthlib
+            -Dsonar.tests=tests
+            -Dsonar.python.version=3
+            -Dsonar.sourceEncoding=UTF-8
+            -Dsonar.exclusions=docs/**,scripts/**
+            -Dsonar.coverage.exclusions=tests/**,docs/**,scripts/**
+            -Dsonar.python.xunit.reportPath=test-results.xml 

.github/workflows/workflow.yml

@@ -0,0 +1,57 @@
+name: workflow
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ 'v*' ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        python-version: ['3.8', '3.9', '3.10', '3.11', '3.12']
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install black isort flake8 pytest pytest-cov
+    - name: Run tests and linting
+      run: |
+        black --check githubauthlib tests
+        isort --check githubauthlib tests
+        flake8 githubauthlib tests
+        pytest tests/ --cov=githubauthlib --cov-report=xml --cov-fail-under=90
+
+  publish:
+    needs: test
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    environment: pypi
+    permissions:
+      id-token: write
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.12'
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install build
+    - name: Build package
+      run: python -m build
+    - name: Publish to PyPI
+      uses: pypa/gh-action-pypi-publish@release/v1 

PYPI.md

@@ -47,7 +47,7 @@ You'll need `twine` to securely upload your package to PyPI. If you don't have i
 
     ```bash
     pip install twine
-    ``````
+    ```
 
 5. Upload the package to PyPI:
 Use `twine` to upload your package to PyPI. Run the following command:
@@ -98,3 +98,87 @@ Now that your package is on PyPI, you can install it using `pip` like any other
 That's it! Your package is now available on PyPI and can be easily installed by others using `pip install githubauthlib`.
 
 Keep in mind that publishing packages on PyPI is a public act, and it's essential to ensure your code is properly documented, well-tested, and adheres to best practices. Make sure to thoroughly test your package and keep it up-to-date with new releases if necessary.
+
+# Publishing to PyPI using GitHub Actions Trusted Publisher
+
+This project uses GitHub Actions and PyPI's trusted publisher workflow for secure, automated package publishing.
+
+## Overview
+
+Instead of manual uploads or stored credentials, we use GitHub's OIDC (OpenID Connect) integration with PyPI for secure publishing. This means:
+
+- No API tokens or credentials needed
+- Automated publishing on version tags
+- Secure authentication via OIDC
+
+## Publishing Process
+
+1. **Local Build and Test**
+
+   ```bash
+   # Run the build script to verify everything locally
+   ./scripts/build_and_publish.sh
+   ```
+
+   This will:
+   - Create a virtual environment
+   - Run all tests and checks
+   - Build the package locally
+   - Clean up afterward
+
+2. **Create and Push a Version Tag**
+
+   ```bash
+   # Create and push a new version tag
+   git tag v1.0.0
+   git push origin v1.0.0
+   ```
+
+   The version number should match what's in `setup.py`.
+
+3. **Automated Publishing**
+   - GitHub Actions will trigger on the tag push
+   - The workflow will:
+     - Run all tests
+     - Build the package
+     - Publish to PyPI using OIDC authentication
+   - Monitor the Actions tab for progress
+
+4. **Verify Publication**
+   - Check the package page: https://pypi.org/project/githubauthlib/
+   - Try installing the package:
+
+     ```bash
+     pip install githubauthlib
+     ```
+
+## PyPI Project Configuration
+
+The PyPI project is configured with the following trusted publisher settings:
+
+- **Publisher**: GitHub Actions
+- **Organization**: fleXRPL
+- **Repository**: githubauthlib
+- **Workflow name**: workflow.yml
+- **Environment**: pypi
+
+## Security Notes
+
+- No credentials are stored in the repository or GitHub secrets
+- Authentication is handled via OIDC between GitHub and PyPI
+- Only tagged commits from the main branch can trigger publishing
+- All publishing attempts are logged and auditable
+
+## Troubleshooting
+
+If publishing fails:
+
+1. Check the GitHub Actions logs
+2. Verify the version tag matches setup.py
+3. Ensure the workflow file matches PyPI's trusted publisher configuration
+4. Verify the package builds locally with `./scripts/build_and_publish.sh`
+
+## Related Links
+
+- [PyPI Trusted Publishers Documentation](https://docs.pypi.org/trusted-publishers/)
+- [GitHub Actions OIDC Documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect)

README.md

@@ -1,5 +1,19 @@
 # GitHub Authentication Library (githubauthlib)
 
+[![PyPI version](https://badge.fury.io/py/githubauthlib.svg)](https://pypi.org/project/githubauthlib/)
+[![Python](https://img.shields.io/pypi/pyversions/githubauthlib.svg)](https://pypi.org/project/githubauthlib/)
+[![Tests](https://github.com/fleXRPL/githubauthlib/actions/workflows/tests.yml/badge.svg)](https://github.com/fleXRPL/githubauthlib/actions/workflows/tests.yml)
+[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=fleXRPL_githubauthlib&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=fleXRPL_githubauthlib)
+[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=fleXRPL_githubauthlib&metric=coverage)](https://sonarcloud.io/summary/new_code?id=fleXRPL_githubauthlib)
+[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=fleXRPL_githubauthlib&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=fleXRPL_githubauthlib)
+[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=fleXRPL_githubauthlib&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=fleXRPL_githubauthlib)
+[![Vulnerabilities](https://sonarcloud.io/api/project_badges/measure?project=fleXRPL_githubauthlib&metric=vulnerabilities)](https://sonarcloud.io/summary/new_code?id=fleXRPL_githubauthlib)
+[![Dependabot Status](https://img.shields.io/badge/Dependabot-enabled-success.svg)](https://github.com/fleXRPL/githubauthlib/blob/main/.github/dependabot.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black)
+[![Security: bandit](https://img.shields.io/badge/security-bandit-yellow.svg)](https://github.com/PyCQA/bandit)
+[![Downloads](https://pepy.tech/badge/githubauthlib)](https://pepy.tech/project/githubauthlib)
+
 A Python library for securely retrieving GitHub tokens from system keychains across different operating systems.
 
 ## Features

githubauthlib/__init__.py

@@ -5,13 +5,10 @@
 from various system-specific secure storage solutions.
 """
 
-from .github_auth import (
-    get_github_token,
-    GitHubAuthError,
-    CredentialHelperError,
-    UnsupportedPlatformError
-)
+from .github_auth import get_github_token
 
-__version__ = '1.0.0'
-__author__ = 'garotm'
-__license__ = 'MIT'
+__version__ = "1.0.0"
+__author__ = "garotm"
+__license__ = "MIT"
+
+__all__ = ["get_github_token"]