Initial commit

.github/workflows/ci.yml

@@ -0,0 +1,149 @@
+name: CI
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+jobs:
+  code-quality:
+    name: Code Quality
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12"]
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Cache pip dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt', 'pyproject.toml') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[dev]"
+
+    - name: Code formatting with Black
+      run: |
+        black --check --diff meshcore_mqtt/ tests/
+
+    - name: Linting with Flake8
+      run: |
+        flake8 meshcore_mqtt/ tests/
+
+    - name: Type checking with MyPy
+      run: |
+        mypy meshcore_mqtt/ tests/
+
+    - name: Import sorting with isort
+      run: |
+        isort --check-only --diff meshcore_mqtt/ tests/
+
+  test:
+    name: Tests
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12"]
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Cache pip dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements*.txt', 'pyproject.toml') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[dev]"
+
+    - name: Run tests with pytest
+      run: |
+        pytest -v --cov=meshcore_mqtt --cov-report=xml --cov-report=term-missing
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        file: ./coverage.xml
+        flags: unittests
+        name: codecov-umbrella
+        fail_ci_if_error: false
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -e ".[dev]"
+
+    - name: Run Bandit security scan
+      run: |
+        bandit -r meshcore_mqtt/ -f json -o bandit-report.json || true
+        bandit -r meshcore_mqtt/
+
+    # - name: Run Safety check
+    #   run: |
+    #     safety check --json --output safety-report.json || true
+    #     safety check
+
+  build-test:
+    name: Build Test
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install build dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install build twine
+
+    - name: Build package
+      run: |
+        python -m build
+
+    - name: Check package
+      run: |
+        twine check dist/*
+
+    - name: Test installation
+      run: |
+        pip install dist/*.whl
+        python -c "import meshcore_mqtt; print('Package installed successfully')"

.github/workflows/code-quality.yml

@@ -0,0 +1,72 @@
+name: Code Quality
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+jobs:
+  lint:
+    name: Lint and Format Check
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Cache pip dependencies
+      uses: actions/cache@v4
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-lint-${{ hashFiles('**/requirements-dev.txt') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-lint-
+
+    - name: Install linting dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install black flake8 mypy isort bandit
+
+    - name: Check code formatting with Black
+      run: |
+        echo "::group::Black formatting check"
+        black --check --diff --color meshcore_mqtt/ tests/
+        echo "::endgroup::"
+
+    - name: Check import sorting with isort
+      run: |
+        echo "::group::Import sorting check"
+        isort --check-only --diff meshcore_mqtt/ tests/
+        echo "::endgroup::"
+
+    - name: Lint with Flake8
+      run: |
+        echo "::group::Flake8 linting"
+        flake8 meshcore_mqtt/ tests/ --statistics
+        echo "::endgroup::"
+
+    - name: Type check with MyPy
+      run: |
+        echo "::group::MyPy type checking"
+        # Install package dependencies for type checking
+        pip install -r requirements-dev.txt
+        mypy meshcore_mqtt/ tests/
+        echo "::endgroup::"
+
+    - name: Security check with Bandit
+      run: |
+        echo "::group::Bandit security scan"
+        bandit -r meshcore_mqtt/ -ll
+        echo "::endgroup::"
+
+    # - name: Dependency security check with Safety
+    #   run: |
+    #     echo "::group::Safety dependency check"
+    #     pip install -r requirements.txt
+    #     safety check
+    #     echo "::endgroup::"

.github/workflows/docker-build.yml

@@ -0,0 +1,94 @@
+name: Docker Build and Push
+
+on:
+  push:
+    branches: [ main, develop ]
+    tags: [ 'v*' ]
+  pull_request:
+    branches: [ main, develop ]
+  release:
+    types: [ published ]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      attestations: write
+      id-token: write
+      security-events: write
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Log in to Container Registry
+      if: github.event_name != 'pull_request'
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}}
+          type=raw,value=latest,enable=${{ startsWith(github.ref, 'refs/tags/') }}
+        labels: |
+          org.opencontainers.image.title=MeshCore MQTT Bridge
+          org.opencontainers.image.description=A robust bridge service that connects MeshCore devices to MQTT brokers
+          org.opencontainers.image.vendor=MeshCore MQTT Bridge Team
+          org.opencontainers.image.licenses=GPL-3.0
+
+    - name: Build and push Docker image
+      id: build
+      uses: docker/build-push-action@v6
+      with:
+        context: .
+        platforms: linux/amd64,linux/arm64
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+        provenance: true
+        sbom: true
+
+    - name: Generate artifact attestation
+      if: github.event_name != 'pull_request'
+      uses: actions/attest-build-provenance@v1
+      with:
+        subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+        subject-digest: ${{ steps.build.outputs.digest }}
+        push-to-registry: true
+
+    - name: Run Trivy vulnerability scanner
+      if: github.event_name != 'pull_request'
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+
+    - name: Upload Trivy scan results to GitHub Security tab
+      if: github.event_name != 'pull_request'
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: 'trivy-results.sarif'

.github/workflows/test.yml

@@ -0,0 +1,133 @@
+name: Tests
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main, develop ]
+
+jobs:
+  test:
+    name: Test Suite
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest]
+        python-version: ["3.11", "3.12"]
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v5
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Cache pip dependencies
+      uses: actions/cache@v4
+      with:
+        path: |
+          ~/.cache/pip
+          ~/.local/share/virtualenvs
+        key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('**/requirements*.txt') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-${{ matrix.python-version }}-
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install -r requirements-dev.txt
+
+    - name: Run tests with pytest
+      run: |
+        pytest -v --tb=short --cov=meshcore_mqtt --cov-report=xml --cov-report=term-missing --cov-report=html
+
+    - name: Generate coverage report
+      if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+      run: |
+        echo "## Test Coverage Report" >> $GITHUB_STEP_SUMMARY
+        echo "```" >> $GITHUB_STEP_SUMMARY
+        coverage report --show-missing >> $GITHUB_STEP_SUMMARY
+        echo "```" >> $GITHUB_STEP_SUMMARY
+
+    - name: Upload coverage to Codecov
+      if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+      uses: codecov/codecov-action@v3
+      with:
+        file: ./coverage.xml
+        flags: unittests
+        name: codecov-umbrella
+        fail_ci_if_error: false
+
+    - name: Archive coverage reports
+      if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+      uses: actions/upload-artifact@v4
+      with:
+        name: coverage-report
+        path: htmlcov/
+
+    - name: Test CLI functionality
+      run: |
+        # Test CLI help
+        python -m meshcore_mqtt.main --help
+
+        # Test version info (if available)
+        python -c "import meshcore_mqtt; print('Package version check passed')"
+
+  test-examples:
+    name: Test Configuration Examples
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: "3.12"
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install pyyaml
+
+    - name: Validate JSON configuration examples
+      run: |
+        python -c "
+        import json
+        with open('config.example.json', 'r') as f:
+            config = json.load(f)
+            print('✓ config.example.json is valid JSON')
+            print(f'✓ Contains {len(config)} top-level keys')
+        "
+
+    - name: Validate YAML configuration examples
+      run: |
+        python -c "
+        import yaml
+        with open('config.example.yaml', 'r') as f:
+            config = yaml.safe_load(f)
+            print('✓ config.example.yaml is valid YAML')
+            print(f'✓ Contains {len(config)} top-level keys')
+        "
+
+    - name: Test configuration loading
+      run: |
+        python -c "
+        from meshcore_mqtt.config import Config
+
+        # Test JSON config loading
+        config_json = Config.from_file('config.example.json')
+        print('✓ JSON configuration loads successfully')
+        print(f'✓ MQTT broker: {config_json.mqtt.broker}')
+        print(f'✓ Events configured: {len(config_json.meshcore.events)}')
+
+        # Test YAML config loading
+        config_yaml = Config.from_file('config.example.yaml')
+        print('✓ YAML configuration loads successfully')
+        print(f'✓ MQTT broker: {config_yaml.mqtt.broker}')
+        print(f'✓ Events configured: {len(config_yaml.meshcore.events)}')
+        "