Test packaging

.github/ISSUE_TEMPLATE/BUG-REPORT.yml

@@ -48,10 +48,7 @@ body:
     id: screenshot
     attributes:
       label: "Screenshots"
-      description: If applicable, add screenshots to help explain your problem.
-      value: |
-        ![DESCRIPTION](LINK.png)
-      render: bash
+      description: If applicable, add screenshots to help explain your problem. Paste images in the text area, or use the `![DESCRIPTION](LINK.png)` syntax.
     validations:
       required: false
   - type: textarea

.github/ISSUE_TEMPLATE/FEATURE-REQUEST.yml

@@ -25,10 +25,7 @@ body:
     id: screenshot
     attributes:
       label: "Screenshots"
-      description: If applicable, add screenshots to help explain your problem.
-      value: |
-        ![DESCRIPTION](LINK.png)
-      render: bash
+      description: If applicable, add screenshots to help explain your problem. Paste images in the text area, or use the `![DESCRIPTION](LINK.png)` syntax.
     validations:
       required: false
   - type: textarea

.github/dependabot.yml

@@ -0,0 +1,24 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: / # Location of package manifests
+    schedule:
+      interval: daily
+    rebase-strategy: disabled
+    commit-message:
+      prefix: fix  # production dependency group
+      prefix-development: chore  # development dependency group
+      include: scope
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    rebase-strategy: disabled
+    commit-message:
+      prefix: chore
+      include: scope

.github/workflows/build.yml → .github/workflows/build-and-push-to-gcr.yml

@@ -1,4 +1,4 @@
-name: build
+name: Build and push a Docker image to Google Cloud Platform (GCP) Registry
 
 on:
   push:
@@ -7,12 +7,13 @@ on:
       - deploy-*
     tags:
       - v*.*.*
+
 jobs:
   cloudbuild:
     runs-on: ubuntu-latest
     environment: prod
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
           python-version: '3.9'
@@ -26,12 +27,16 @@ jobs:
               echo "match=true" >> $GITHUB_OUTPUT
           fi
 
+      - name: Authenticate to GCP
+        id: authenticate
+        uses: google-github-actions/auth@v1
+        with:
+          credentials_json: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
+
       - name: Set up Cloud SDK
-        uses: google-github-actions/setup-gcloud@v0
+        uses: google-github-actions/setup-gcloud@v1
         with:
           project_id: ${{ secrets.PROJECT_ID }}
-          service_account_key: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
-          export_default_credentials: true
 
       - name: Build Docker container and publish on GCR
         run: make cloudbuild || true

.github/workflows/build-and-push-to-ghcr.yml

@@ -0,0 +1,56 @@
+# Based on https://docs.github.com/en/actions/publishing-packages/publishing-docker-images#publishing-images-to-github-packages
+name: Build and push a Docker image to GitHub Container Registry (GHCR)
+
+on:
+  push:
+    branches:
+      - master
+      - deploy-*
+    tags:
+      - v*.*.*
+
+# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
+    permissions:
+      contents: read
+      packages: write
+      # 
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
+      - name: Log in to the Container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          tags: |
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+      # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
+      # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
+      # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/deploy.yml

@@ -14,7 +14,7 @@ jobs:
     environment: prod
     concurrency: prod
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Check release version
         id: check-tag
@@ -24,12 +24,16 @@ jobs:
               echo "match=true" >> $GITHUB_OUTPUT
           fi
 
+      - name: Authenticate to GCP
+        id: authenticate
+        uses: google-github-actions/auth@v1
+        with:
+          credentials_json: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
+
       - name: Set up Cloud SDK
-        uses: google-github-actions/setup-gcloud@v0
+        uses: google-github-actions/setup-gcloud@v1
         with:
           project_id: ${{ secrets.PROJECT_ID }}
-          service_account_key: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
-          export_default_credentials: true
 
       - name: Wait for container image build
         uses: tomchv/[email protected]

.github/workflows/release.yml

@@ -9,7 +9,7 @@ jobs:
   release-pypi:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
           python-version: '3.9'

.github/workflows/scorecard.yml

@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '37 19 * * 2'
+  push:
+    branches: [ "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        with:
+          sarif_file: results.sarif

.github/workflows/test.yml

@@ -10,10 +10,10 @@ jobs:
       matrix:
         os: [ubuntu-latest]
         architecture: ['x64']
-        python-version: ['3.7', '3.8', '3.9', '3.10']
+        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11']
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
@@ -31,10 +31,10 @@ jobs:
       matrix:
         os: [ubuntu-latest]
         architecture: ['x64']
-        python-version: ['3.7', '3.8', '3.9', '3.10']
+        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11']
     runs-on: ${{ matrix.os }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
@@ -55,7 +55,7 @@ jobs:
   docker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: docker-practice/actions-setup-docker@master
 
       - name: Build Docker image

.gitignore

@@ -49,3 +49,4 @@ reports/
 .mypy_cache
 .pytest_cache/
 .pytype/
+.pip-wheel-metadata/

.pre-commit-config.yaml

@@ -34,7 +34,7 @@ repos:
   hooks:
     - id: black
 - repo: https://github.com/PyCQA/isort
-  rev: 5.10.1
+  rev: 5.12.0
   hooks:
     - id: isort
 - repo: https://github.com/PyCQA/pylint

CHANGELOG.md

@@ -1,5 +1,54 @@
 # Changelog
 
+## [2.5.2](https://github.com/google/slo-generator/compare/v2.5.1...v2.5.2) (2023-11-10)
+
+
+### Bug Fixes
+
+* add `query_bad` option to Datadog backend ([#377](https://github.com/google/slo-generator/issues/377)) ([6ecc728](https://github.com/google/slo-generator/commit/6ecc72803a6bd7dbfe2035e978cc3c2b0a3349f3))
+
+## [2.5.1](https://github.com/google/slo-generator/compare/v2.5.0...v2.5.1) (2023-10-13)
+
+
+### Bug Fixes
+
+* get_human_time() should not hard-code the human-readable timezone ([#350](https://github.com/google/slo-generator/issues/350)) ([1948694](https://github.com/google/slo-generator/commit/194869473887c22948b1029bcbfda3e5b535c160))
+
+## [2.5.0](https://github.com/google/slo-generator/compare/v2.4.0...v2.5.0) (2023-10-11)
+
+
+### Features
+
+* add support for OpenSearch backend ([#348](https://github.com/google/slo-generator/issues/348)) ([f7bb0d9](https://github.com/google/slo-generator/commit/f7bb0d90850b7e56edd3d84091accda571c891e8))
+* upgrade google-* packages ([#354](https://github.com/google/slo-generator/issues/354)) ([e18fe5d](https://github.com/google/slo-generator/commit/e18fe5d5d295be7b4332a1004c06a3f3f3cd74de))
+
+
+### Bug Fixes
+
+* avoid CVEs reported by `safety check` ([#353](https://github.com/google/slo-generator/issues/353)) ([fb35d87](https://github.com/google/slo-generator/commit/fb35d870f80a86d7dcc7aae05725e5cf713b11a8))
+
+## [2.4.0](https://github.com/google/slo-generator/compare/v2.3.4...v2.4.0) (2023-06-21)
+
+
+### Features
+
+* add support for Splunk backend ([#335](https://github.com/google/slo-generator/issues/335)) ([5171318](https://github.com/google/slo-generator/commit/51713189f8bf473e7e384ed46653640f282c0dcb))
+
+
+### Bug Fixes
+
+* bump version of iSort to avoid non-deterministic error during pre-commit checks ([5542a06](https://github.com/google/slo-generator/commit/5542a065d5ca3d255b84ea20bebe42ff5d8c09aa))
+
+## [2.3.4](https://github.com/google/slo-generator/compare/v2.3.3...v2.3.4) (2023-02-27)
+
+
+### Bug Fixes
+
+* convert timestamp to UTC in Cloud Monitoring MQL backend ([#331](https://github.com/google/slo-generator/issues/331)) ([0b7cbcc](https://github.com/google/slo-generator/commit/0b7cbcc6ef9bf36277cca316a5255993824a7f46))
+* implicit Optional type hints are now forbidden (cf. PEP 484) ([#301](https://github.com/google/slo-generator/issues/301)) ([c1351e0](https://github.com/google/slo-generator/commit/c1351e065a3c0767ce8a50460c98f1ebb42326f6))
+* **lint:** replace too generic exceptions (Exception) with more specific ones (ValueError) ([d2eadbf](https://github.com/google/slo-generator/commit/d2eadbf5a3f5ce7032c36c0446c914dcd1c55d0f))
+* wrong environment variable name for `--target` option in `api` command ([#320](https://github.com/google/slo-generator/issues/320)) ([3303735](https://github.com/google/slo-generator/commit/3303735b28803bf92905554dc501e2772c707232))
+
 ## [2.3.3](https://github.com/google/slo-generator/compare/v2.3.2...v2.3.3) (2022-11-02)
 
 

Dockerfile

@@ -21,8 +21,9 @@ RUN apt-get update && \
     locales
 ADD . /app
 WORKDIR /app
+RUN pip install pip==24.2
 RUN pip install -U setuptools
-RUN pip install ."[api, datadog, dynatrace, prometheus, elasticsearch, pubsub, cloud_monitoring, cloud_service_monitoring, cloud_storage, bigquery, cloudevent, adeo_package, dev]"
+RUN pip install .[api,datadog,dynatrace,prometheus,elasticsearch,opensearch,splunk,pubsub,cloud_monitoring,cloud_service_monitoring,cloud_storage,bigquery,cloudevent,dev]
 RUN rm /etc/localtime && ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
 ENTRYPOINT [ "slo-generator" ]
 CMD ["-v"]