Merge pull request 'Pull request demo' (#1) from pull_request_demo into main

Reviewed-on: #1

.gitea/workflows/001_manual_trigger.yaml

@@ -0,0 +1,37 @@
+name: Conditional Steps  # Name of workflow
+
+on:
+  workflow_dispatch:  
+
+jobs:
+  example_job:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Step 1 - Exit Code 0
+        id: successful_step
+        run: |
+          echo "exit code 0"
+          exit 0  # Success (exit code 0)
+        shell: bash  # If you want you can change the shell per step
+
+      - name: Step 2 - Execute If Previous Succeeded
+        # The syntax bellow ${{}} is expression syntax in github actions
+        # Success and failure are status expressions
+        if: ${{ success() }}  # Only run this step if the previous step succeeded
+        run: |
+          echo "Running because the previous step has succeeded"
+
+      - name: Step 3 - I am Failing
+        run: |
+          echo "I am failing"
+          exit 1  # Failure (non-zero exit code)
+
+      - name: Step 4 - I Will Never Execute # Because of failure of Step 3
+        run: |
+          echo "I will never execute"
+
+      - name: Step 5 - Execute on Workflow Failure
+        if: ${{ failure() }}  # Only run this step if the workflow failed
+        run: |
+          echo "Workflow failed"

.gitea/workflows/002_parallel_jobs.yaml

@@ -0,0 +1,26 @@
+name: Parallel Jobs
+
+on:
+  workflow_dispatch:  
+  
+jobs:
+  linting:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Linting
+        run: echo "Running linting..."
+
+  unit_tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Unit Tests
+        run: echo "Running unit tests..."
+
+  integration_tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set Up Test Environment
+        run: echo "Setting up test environment..."
+
+      - name: Integration Tests
+        run: echo "Running integration tests..."

.gitea/workflows/003_first_workflow.yaml

@@ -0,0 +1,23 @@
+name: workflow_dispatch # Name of workflow
+
+on:
+  workflow_dispatch:
+    inputs:
+      username:
+        description: 'Username'
+        default: 'Hang'
+        required: true
+        type: string
+      age:
+        description: 'Age'
+        required: true
+        type: number
+
+jobs:
+  echo-username-age: # Name of job
+    runs-on: ubuntu-latest
+    steps:
+      - name: Echo Username and Age
+        run: |
+          echo "Username: ${{ inputs.username }}"
+          echo "Age: ${{ inputs.age }}"

.gitea/workflows/003_second_workflow.yaml

@@ -0,0 +1,17 @@
+name: workflow_run # Name of workflow
+
+on:
+  workflow_run: # Depend on the workflow completion of "workflow_dispatch"
+    workflows: ["workflow_dispatch"]
+    types:
+      - completed
+
+jobs:
+  echo-hi-all: # Name of job
+    # Only run if the first workflow succeeded
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Echo "Hi all"
+        run: |
+          echo "Hi all (chained via workflow_run)"

.gitea/workflows/004_checkout_example.yaml

@@ -0,0 +1,19 @@
+name: Checkout Example
+
+on:
+  workflow_dispatch:
+
+jobs:
+  demo-checkout:
+    runs-on: ubuntu-latest
+    steps:
+      - name: List space
+        # workspace is a special variable containing the path to the working directory 
+        # on the runner machine. Github is a context which we can access in expression ${{}}. 
+        run: ls -la ${{ github.workspace }}
+      
+      - name: Checkout source code 
+        uses: actions/checkout@v4 # use github action from repo github.com/actions/checkout
+      
+      - name: List space again
+        run: ls -la ${{ github.workspace }}

.gitea/workflows/005_passing_data_between_jobs.yaml

@@ -0,0 +1,24 @@
+name: Passing Data Between Jobs
+
+on:
+  workflow_dispatch:
+
+jobs:
+  data-sender:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Create data
+        id: sender # Set the output name for this step to Apple
+        run: |
+          echo "name=Apple" >> $GITHUB_OUTPUT
+    outputs:
+      name: ${{ steps.sender.outputs.name }}
+
+  data-receiver:
+    runs-on: ubuntu-22.04
+    needs: ["data-sender"] 
+    steps: # In order to have data for receiver sender needs to first produce some data.
+      - name: Receive data
+        # Notice how we use needs object to access the sender job's outputs
+        run: |
+          echo ${{ needs.data-sender.outputs.name }} 

.gitea/workflows/005_passing_data_between_steps.yaml

@@ -0,0 +1,17 @@
+name: Passing Data Between Steps
+
+on:
+  workflow_dispatch:
+
+jobs:
+  data-passing:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Create data
+        id: sender # Set the output name for this step to Apple
+        run: |                                 
+          echo "name=Apple" >> $GITHUB_OUTPUT 
+
+      - name: Receive data
+        run: | 
+          echo ${{ steps.sender.outputs.name }}

.gitea/workflows/006_upload_artifact.yaml

@@ -0,0 +1,26 @@
+name: Upload Artifacts
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build-and-upload:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Create an artifact
+        run: |
+          ls -la ${{ github.workspace }}
+          cd backend
+          echo "This is my artifact content." > artifact.txt
+          ls -la ${{ github.workspace }}/backend
+          stat ./artifact.txt
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: build-artifact # Folder name of artifact.txt
+          path: ${{ github.workspace }}/backend/artifact.txt
+          retention-days: 5 # Optional: Set the retention period for the artifact

.gitea/workflows/007_passing_artifact.yaml

@@ -0,0 +1,51 @@
+name: Passing Files In Artifacts
+
+on:
+  workflow_dispatch:
+    
+jobs:
+  unit-tests:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository 
+        uses: actions/checkout@v4
+
+      - name: Install Python 3.10.12 # Setup Python inside the runner
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10.12'
+
+      - name: Install tox # Tool used for Python unit tests
+        run: pip install tox
+      - name: Run unit tests
+        run: | # Use zip to take care of .hidden_files
+          cd backend
+          apt install zip
+          COVERAGE_FILE=.coverage tox -e unit
+          ls -la ${{ github.workspace }}/backend
+          stat ./.coverage
+          zip coverage.zip ./.coverage 
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: build-coverage
+          path: ${{ github.workspace }}/backend/coverage.zip
+          if-no-files-found: error
+  
+  load-file-example:
+    runs-on: ubuntu-22.04
+    needs: [unit-tests]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: build-coverage
+          path: ${{ github.workspace }} # Move the coverage to ${{ github.workspace }}
+
+      - name: List folder 
+        run: |
+          ls -la ${{ github.workspace }}
+          unzip coverage.zip
+          ls -la ${{ github.workspace }}
+

.gitea/workflows/008_secrets_and_variables.yaml

@@ -0,0 +1,38 @@
+name: Secrets And Variables
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-22.04
+
+    env:
+      DEPLOYMENT_ENV: 'production'  # Define a workflow-level environment variable
+
+    steps:
+      - name: Build
+        run: | # Build your application here
+          echo "Building the application"
+          echo "API_KEY: ${{ secrets.API_KEY }}"
+          echo $SECRET_API_KEY
+          echo "DEPLOYMENT_ENV: ${{ env.DEPLOYMENT_ENV }}"
+          echo $CONFIG_VARIABLE
+          echo "USERNAME: ${{ vars.USERNAME }}"
+          echo $STEPS_USERNAME
+        env:
+          SECRET_API_KEY: ${{ secrets.API_KEY }}        # Access a secret as an environment variable
+          STEPS_USERNAME: ${{ vars.USERNAME }}
+          CONFIG_VARIABLE: ${{ env.DEPLOYMENT_ENV }}    # Use a workflow-level environment variable
+
+      - name: Deploy
+        run: | # Deploy your application using the secrets and variables
+          echo "Global job variable ${{ env.DEPLOYMENT_ENV }}"
+          echo "Variable from this step ${CONFIG_VARIABLE2} environment"
+          echo "Local step variable ${ANOTHER_VARIABLE}"
+          echo "Secret print ${{ secrets.API_KEY }}"
+          echo "Step's secret variable ${SECRET_API_KEY}"
+        env:
+          SECRET_API_KEY: ${{ secrets.API_KEY }}
+          CONFIG_VARIABLE2: ${{ env.DEPLOYMENT_ENV }}  # Use a workflow-level environment variable
+          ANOTHER_VARIABLE: 'some value'               # Define a variable directly in the workflow

.gitea/workflows/009_matrix.yaml

@@ -0,0 +1,29 @@
+name: Matrix 
+
+on:
+  workflow_dispatch:
+    
+jobs:
+  run-tests:
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [ubuntu-20.04, ubuntu-22.04]
+        python-version: ['3.8', '3.10']
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout source code 
+        uses: actions/checkout@v4
+
+      - name: Install Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "${{ matrix.python-version }}"
+        
+      - name: Install tox
+        run: pip install tox
+        
+      - name: Run unit tests
+        run: |
+          cd backend
+          tox -e unit

.gitea/workflows/010_ci_docker_image.yaml

@@ -0,0 +1,150 @@
+name: Example CI
+
+on:
+  workflow_dispatch:
+    inputs:
+      image-name:
+        description: "Name for image"
+        default: "gitea.cuihang1201.synology.me/hangpersonal/ci-test"
+        type: string
+        required: true
+      image-tag: 
+        description: "Tag for image"
+        default: "latest"
+        type: string
+        required: true
+      container-name: 
+        description: "Name for container"
+        default: "ci-test"
+        type: string
+        required: true
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code 
+        uses: actions/checkout@v4
+      - name: Install Python 3.10
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: Install tox
+        run: pip install tox
+      - name: Run lint
+        run: |
+          cd backend
+          tox -e lint
+  
+  unit-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout source code 
+        uses: actions/checkout@v4
+      - name: Install Python 3.10
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.10'
+      - name: Install tox
+        run: pip install tox
+      - name: Run unit tests
+        run: |
+          cd backend
+          tox -e unit
+
+  build-image:
+    runs-on: ubuntu-latest
+    needs: [lint, unit-test]  # Specify that build-image depends on lint and unit-test
+    steps:
+      - name: Checkout source code 
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build and export
+        uses: docker/build-push-action@v5 # Build Docker image via Dockerfile
+        with:
+          context: backend # Directory of Dockerfile
+          tags: ${{ inputs.image-name }}:${{ inputs.image-tag }} 
+          outputs: type=docker,dest=/tmp/image.tar
+      - name: Upload artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: image
+          path: /tmp/image.tar
+          retention-days: 1
+
+  integration-tests:
+    runs-on: ubuntu-latest
+    needs: [build-image]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp
+      - name: Load image
+        run: |
+          docker load --input /tmp/image.tar
+          docker image ls -a
+          docker run --rm -p 8143:80 --name ${{ inputs.container-name }} -d ${{ inputs.image-name }}:${{ inputs.image-tag }} 
+          sleep 5
+          curl -s "http://${{ vars.LOCALHOST }}:8143/" ; echo
+          echo "Stop container: "
+          docker container stop ${{ inputs.container-name }}
+
+  vulnerability-scan:
+    runs-on: ubuntu-latest
+    needs: [build-image]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp
+      - name: Install Trivy CLI
+        run: |
+          set -euo pipefail
+          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh \
+            | sh -s -- -b /usr/local/bin v0.65.0
+          trivy --version
+      - name: Scan saved image tar with Trivy
+        run: |
+          ls -la /tmp || true
+          trivy image \
+            --input /tmp/image.tar \
+            --format json \
+            --output /tmp/trivy-results.json \
+            --severity CRITICAL,HIGH \
+            --ignore-unfixed
+      - name: Upload results
+        uses: actions/upload-artifact@v3
+        with:
+          name: trivy-results
+          path: /tmp/trivy-results.json
+          retention-days: 1
+          
+  publish-image:
+    runs-on: ubuntu-latest
+    needs: [integration-tests, vulnerability-scan]
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: image
+          path: /tmp
+      - name: Load image
+        run: |
+          docker load --input /tmp/image.tar
+          docker image ls -a
+      - name: Login to Gitea Docker Registry
+        run: |
+          echo "${{ secrets.REGISTRY_TOKEN }}" | \
+          docker login gitea.cuihang1201.synology.me -u ${{ secrets.REGISTRY_USER }} --password-stdin
+      - name: Push Docker image
+        run: |
+          docker image ls -a
+          docker push ${{ inputs.image-name }}:${{ inputs.image-tag }}
+      - name: Clean Docker image on Host
+        run: |
+          docker rmi ${{ inputs.image-name }}:${{ inputs.image-tag }}
+          docker image ls -a          

.gitea/workflows/011_permissions.yaml

@@ -0,0 +1,23 @@
+name: "Permissions"
+
+on:
+  workflow_dispatch:
+
+jobs:
+  example-job:
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Attempt Write Operation
+        run: |
+          touch permissions-test.txt
+          git config --global user.name 'hangpersonal'
+          git config --global user.email 'hangcui1201@gmail.com'
+          git add permissions-test.txt
+          git commit -m "Attempt to write"
+          git push origin ${{ github.ref }}

.gitea/workflows/011_permissions_error.yaml

@@ -0,0 +1,29 @@
+name: "Permissions Error"
+
+on:
+  workflow_dispatch:
+
+permissions:
+  contents: read  # only read commits/tags cannot create ones from this workflow 
+
+jobs:
+  example-job:
+    # It can be also here for job scope
+    # permissions:
+    #   contents: read
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Attempt Write Operation
+        run: |
+          # This is an intentional error to demonstrate lack of write permissions
+          touch new-file.txt
+          git config --global user.name 'hangpersonal'
+          git config --global user.email 'hangcui1201@gmail.com'
+          git add new-file.txt
+          git commit -m "Attempt to write"
+          git push origin ${{ github.ref }}
+        continue-on-error: true

.gitea/workflows/012_pat.yaml

@@ -0,0 +1,26 @@
+name: Pat Bump Tag
+
+on:
+  pull_request:
+    types:
+      - closed
+    branches:
+      - main
+
+jobs:
+  build:
+    # Accessing the context for Github
+    if: ${{  github.event.pull_request.merged == true }}  
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.merge_commit_sha }}
+        fetch-depth: '0'
+
+    - name: Bump version and push tag
+      uses: anothrNick/github-tag-action@1.64.0 
+      env:
+        # if you don't want to set write permissions use a PAT token
+        GITHUB_TOKEN: ${{ secrets.REGISTRY_TOKEN }} 
+        WITH_V: true

.gitea/workflows/ci.yml

@@ -1,16 +1,19 @@
 name: CI Workflow
 
+#on:
+#  push:
+#    branches:
+#      - "**"
+
 on:
-  push:
+  workflow_dispatch:  
-    branches:
-      - "**"
   
 jobs:
   build-and-test:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v4

.gitea/workflows/docker-build.yml

@@ -1,25 +1,55 @@
 name: Docker Build
 
-on:
+"on":
-  push:
+  workflow_dispatch:
-    branches:
+  # Uncomment if you also want auto-builds on pushes:
-      - main
+  # push:
+  #   branches: [ "main" ]
 
 jobs:
   docker:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
       - name: Log in to Gitea Registry
-        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login gitea.cuihang1201.synology.me -u hangpersonal --password-stdin
+        uses: docker/login-action@v3
+        with:
+          registry: gitea.cuihang1201.synology.me
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
 
-      - name: Build Docker image
+      - name: Build and push image
-        run: docker build -t gitea.cuihang1201.synology.me/hangpersonal/myapp:latest .
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          push: true
+          tags: gitea.cuihang1201.synology.me/hangpersonal/docker-build:latest
     
-      - name: Run Docker image
+      # Optional quick health check, runs detached and then cleaned up
-        run: docker run --rm gitea.cuihang1201.synology.me/hangpersonal/myapp:latest   
+      - name: Smoke test
+        run: |
+          docker run --name docker-build \
+            gitea.cuihang1201.synology.me/hangpersonal/docker-build:latest
+          sleep 5
+        if: ${{ always() }}
 
-      - name: Push Docker image
+      - name: Cleanup local container/images
-        run: docker push gitea.cuihang1201.synology.me/hangpersonal/myapp:latest
+        if: always()
+        run: |
+          echo "Stop container: "
+          docker stop docker-build
+          echo "Remove container: "
+          docker rm -f docker-build 2>/dev/null || true
+          echo "Remove image: "
+          docker rmi gitea.cuihang1201.synology.me/hangpersonal/docker-build:latest
+          docker image ls -a

.gitea/workflows/release.yml

@@ -1,21 +1,23 @@
 name: Release Workflow
 
 on:
-  # The workflow only runs with push a Git tag
+  workflow_dispatch:  
-  push: 
+  
-    tags:
+#on: # The workflow only runs with push a Git tag
-      - "v*.*.*" # v1.0.0, v2.5.3, v10.23.7
+#  push: 
+#    tags:
+#      - "v*.*.*" # v1.0.0, v2.5.3, v10.23.7
 
 jobs:
   # Defines a job named release
   release:
     # According to the Gitea documentation, the ubuntu-latest label is mapped 
     # internally to Ubuntu 22.04 environments  
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
         # Pulls your repo into the runner so it has access to the source code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Build artifact
         # Makes a directory dist/

.gitignore

@@ -0,0 +1,9 @@
+venv/
+build/
+*.charm
+.tox/
+.coverage
+__pycache__/
+.pytest_cache/
+*.py[cod]
+.idea

README.md

@@ -1,2 +1,3 @@
 # Gitea_Action_Test
 
+Test pull request with 012_pat.yaml

backend/Dockerfile

@@ -0,0 +1,9 @@
+FROM python:3.10-slim
+
+WORKDIR /app
+COPY requirements.txt /app/requirements.txt
+RUN pip install -r requirements.txt
+COPY . /app
+
+EXPOSE 80
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "80"]

backend/main.py

@@ -0,0 +1,8 @@
+from fastapi import FastAPI
+
+app = FastAPI()
+
+
+@app.get("/")
+def read_root():
+    return {"message": "Hello, World!"}

backend/requirements-fmt.txt

@@ -0,0 +1,24 @@
+#
+# This file is autogenerated by pip-compile with Python 3.8
+# by the following command:
+#
+#    pip-compile requirements-fmt.in
+#
+black==23.9.1
+    # via -r requirements-fmt.in
+click==8.1.7
+    # via black
+isort==5.12.0
+    # via -r requirements-fmt.in
+mypy-extensions==1.0.0
+    # via black
+packaging==23.1
+    # via black
+pathspec==0.11.2
+    # via black
+platformdirs==3.10.0
+    # via black
+tomli==2.0.1
+    # via black
+typing-extensions==4.8.0
+    # via black

backend/requirements-lint.txt

@@ -0,0 +1,51 @@
+#
+# This file is autogenerated by pip-compile with Python 3.8
+# by the following command:
+#
+#    pip-compile requirements-lint.in
+#
+black==23.9.1
+    # via -r requirements-lint.in
+click==8.1.7
+    # via black
+codespell==2.2.5
+    # via -r requirements-lint.in
+flake8==6.0.0
+    # via
+    #   -r requirements-lint.in
+    #   flake8-builtins
+    #   pep8-naming
+    #   pyproject-flake8
+flake8-builtins==2.1.0
+    # via -r requirements-lint.in
+flake8-copyright==0.2.4
+    # via -r requirements-lint.in
+isort==5.12.0
+    # via -r requirements-lint.in
+mccabe==0.7.0
+    # via flake8
+mypy-extensions==1.0.0
+    # via black
+packaging==23.1
+    # via black
+pathspec==0.11.2
+    # via black
+pep8-naming==0.13.3
+    # via -r requirements-lint.in
+platformdirs==3.10.0
+    # via black
+pycodestyle==2.10.0
+    # via flake8
+pyflakes==3.0.1
+    # via flake8
+pyproject-flake8==6.0.0.post1
+    # via -r requirements-lint.in
+tomli==2.0.1
+    # via
+    #   black
+    #   pyproject-flake8
+typing-extensions==4.8.0
+    # via black
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools

backend/requirements-unit.txt

@@ -0,0 +1,5 @@
+coverage
+fastapi
+httpx
+pytest
+uvicorn

backend/requirements.txt

@@ -0,0 +1,4 @@
+fastapi
+httpx
+pytest
+uvicorn

backend/tests/test_main.py

@@ -0,0 +1,11 @@
+from fastapi.testclient import TestClient
+
+from main import app
+
+client = TestClient(app)
+
+
+def test_read_root():
+    response = client.get("/")
+    assert response.status_code == 200
+    assert response.json() == {"message": "Hello, World!"}

backend/tox.ini

@@ -0,0 +1,54 @@
+[flake8]
+max-line-length = 100
+
+[tox]
+skipsdist = True
+skip_missing_interpreters = True
+envlist = fmt, lint, unit, integration
+
+[vars]
+all_path = {[vars]src_path} {[vars]tst_path}
+src_path = {toxinidir}
+tst_path = {toxinidir}/tests/
+
+[testenv]
+passenv =
+    PYTHONPATH
+    CHARM_BUILD_DIR
+    MODEL_SETTINGS
+    KUBECONFIG
+setenv =
+    PYTHONPATH = {toxinidir}:{toxinidir}/lib:{[vars]src_path}
+    PYTHONBREAKPOINT=ipdb.set_trace
+    PY_COLORS=1
+
+[testenv:fmt]
+commands =
+    isort {[vars]all_path}
+    black {[vars]all_path}
+deps =
+    -r requirements-fmt.txt
+description = Apply coding style standards to code
+
+[testenv:lint]
+commands =
+    codespell {toxinidir}/. --skip {toxinidir}/.git --skip {toxinidir}/.tox \
+      --skip {toxinidir}/build --skip {toxinidir}/lib --skip {toxinidir}/venv \
+      --skip {toxinidir}/.mypy_cache \
+      --skip {toxinidir}/icon.svg --skip *.json.tmpl
+    # pflake8 wrapper supports config from pyproject.toml
+    pflake8 {[vars]all_path}
+    isort --check-only --diff {[vars]all_path}
+    black --check --diff {[vars]all_path}
+deps =
+    -r requirements-lint.txt
+description = Check code against coding style standards
+
+[testenv:unit]
+commands =
+    coverage run --source={[vars]src_path} \
+        -m pytest -vv --tb native {posargs}
+    coverage report
+deps =
+    -r requirements-unit.txt
+description = Run unit tests