Merge pull request 'Fix list view to be a rich table' (#6) from fix_list_view into main

Reviewed-on: #6

.gitea/workflows/trivy-scan.yml

@@ -0,0 +1,61 @@
+---
+name: Trivy Scan
+on:
+  schedule:
+    - cron: 17 8 * * *
+  workflow_dispatch:
+
+jobs:
+  security-scan:
+    runs-on: running-man
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Trivy scan via Docker
+        id: trivy
+        continue-on-error: true
+        run: |
+          docker run --rm \
+            --volumes-from "$HOSTNAME" \
+            aquasec/trivy:latest \
+            fs /workspace/guardutils/chguard \
+              --scanners vuln \
+              --pkg-types library \
+              --include-dev-deps \
+              --severity MEDIUM,HIGH,CRITICAL \
+              --ignore-unfixed \
+              --format json \
+              --output /workspace/guardutils/chguard/trivy.json \
+              --exit-code 1
+
+      - name: Notify Node-RED on vulnerabilities
+        if: steps.trivy.outcome == 'failure'
+        run: |
+          jq -r '
+          {
+            repo: "guardutils/chguard",
+            summary: (
+              "Total: " +
+              ((.Results[].Vulnerabilities | length) | tostring)
+            ),
+            vulnerabilities: [
+              .Results[].Vulnerabilities[] | {
+                library: .PkgName,
+                cve: .VulnerabilityID,
+                severity: .Severity,
+                installed: .InstalledVersion,
+                fixed: .FixedVersion,
+                title: .Title,
+                url: .PrimaryURL
+              }
+            ]
+          }
+          ' trivy.json \
+          | curl -s -X POST https://nodered.sysmd.uk/trivy-alert \
+              -H "Content-Type: application/json" \
+              --data-binary @-
+
+      - name: Fail workflow if vulnerabilities found
+        if: steps.trivy.outcome == 'failure'
+        run: exit 1

chguard/cli.py

@@ -331,14 +331,31 @@ def main() -> None:
             console.print("No saved states.")
             return
 
+        table = Table(box=box.SIMPLE, header_style="bold")
+
+        table.add_column("State")
+        table.add_column("Root path")
+        table.add_column("Created")
+
         for name, root, created in rows:
             dt = datetime.fromisoformat(created)
             ts = dt.strftime("%Y-%m-%d %H:%M:%S %z")
-            if name.startswith("auto-"):
-                console.print(f"[cyan]{name}[/cyan]\t{root}\t{ts}")
-            else:
-                console.print(f"{name}\t{root}\t{ts}")
-        return
+
+            state_name = (
+                f"[bright_cyan]{name}[/bright_cyan]"
+                if name.startswith("auto-")
+                else name
+            )
+            root = f"[bright_magenta]{root}[/bright_magenta]"
+            ts = f"[bright_cyan]{created}[/bright_cyan]"
+
+            table.add_row(
+                state_name,
+                root,
+                ts,
+            )
+
+        console.print(table)
 
     if args.delete:
         if delete_state(conn, args.delete) == 0:

poetry.lock

@@ -38,13 +38,13 @@ files = [
 
 [[package]]
 name = "filelock"
-version = "3.20.1"
+version = "3.20.3"
 description = "A platform independent file lock."
 optional = false
 python-versions = ">=3.10"
 files = [
-    {file = "filelock-3.20.1-py3-none-any.whl", hash = "sha256:15d9e9a67306188a44baa72f569d2bfd803076269365fdea0934385da4dc361a"},
-    {file = "filelock-3.20.1.tar.gz", hash = "sha256:b8360948b351b80f420878d8516519a2204b07aefcdcfd24912a5d33127f188c"},
+    {file = "filelock-3.20.3-py3-none-any.whl", hash = "sha256:4b0dda527ee31078689fc205ec4f1c1bf7d56cf88b6dc9426c4f230e46c2dce1"},
+    {file = "filelock-3.20.3.tar.gz", hash = "sha256:18c57ee915c7ec61cff0ecf7f0f869936c7c30191bb0cf406f1341778d0834e1"},
 ]
 
 [[package]]
@@ -267,18 +267,18 @@ files = [
 
 [[package]]
 name = "virtualenv"
-version = "20.35.4"
+version = "20.36.1"
 description = "Virtual Python Environment builder"
 optional = false
 python-versions = ">=3.8"
 files = [
-    {file = "virtualenv-20.35.4-py3-none-any.whl", hash = "sha256:c21c9cede36c9753eeade68ba7d523529f228a403463376cf821eaae2b650f1b"},
-    {file = "virtualenv-20.35.4.tar.gz", hash = "sha256:643d3914d73d3eeb0c552cbb12d7e82adf0e504dbf86a3182f8771a153a1971c"},
+    {file = "virtualenv-20.36.1-py3-none-any.whl", hash = "sha256:575a8d6b124ef88f6f51d56d656132389f961062a9177016a50e4f507bbcc19f"},
+    {file = "virtualenv-20.36.1.tar.gz", hash = "sha256:8befb5c81842c641f8ee658481e42641c68b5eab3521d8e092d18320902466ba"},
 ]
 
 [package.dependencies]
 distlib = ">=0.3.7,<1"
-filelock = ">=3.12.2,<4"
+filelock = {version = ">=3.20.1,<4", markers = "python_version >= \"3.10\""}
 platformdirs = ">=3.9.1,<5"
 typing-extensions = {version = ">=4.13.2", markers = "python_version < \"3.11\""}
 
@@ -289,4 +289,4 @@ test = ["covdefaults (>=2.3)", "coverage (>=7.2.7)", "coverage-enable-subprocess
 [metadata]
 lock-version = "2.0"
 python-versions = ">=3.10,<4.0"
-content-hash = "4a5c993fcc16fe3739c43eb00bed750ce0803d45e37c7a786aa0b83bb4930267"
+content-hash = "8cfa38f4e2f17dba430ea08f7be3c91890a0c7a4535b69d9565b84d714f589bc"

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "chguard"
-version = "0.3.0"
+version = "0.3.3"
 description = "Safety-first tool to snapshot and restore filesystem ownership and permissions."
 authors = ["Marco D'Aleo <marco@marcodaleo.com>"]
 license = "GPL-3.0-or-later"
@@ -12,8 +12,8 @@ repository = "https://git.sysmd.uk/guardutils/chguard"
 python = ">=3.10,<4.0"
 rich = ">=12"
 argcomplete = ">=2"
-platformdirs = ">=4.5.1"
-filelock = ">=3.20.1"
+platformdirs = ">=4.2.2"
+filelock = ">=3.15.4"
 
 [tool.poetry.scripts]
 chguard = "chguard.cli:main"