Remove internal dependencies

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# These owners will be the default owners for everything in
+# the repo.
+*       @alfinkel @drsm79

.github/ISSUE_TEMPLATE/proposed-change.md

@@ -33,8 +33,3 @@ _Provide the test process that will be followed to adequately verify that the
 approach above satisfies the requirements provided.  This level of detail may
 not be available at the time of issue creation and can be completed at a later
 time._
-
-## Time-line and Components
-
-_If the resolution of the issue needs to be split into multiple units of work
-then provide a task/component breakdown.  Otherwise, N/A for not applicable._

.github/PULL_REQUEST_TEMPLATE.md

@@ -18,8 +18,7 @@ _Provide a bulleted list of the changes included in the pull request._
 _Provide a bulleted list of tests included in the pull request and/or tests
 performed to validate the work included in the pull request._
 
-## Issue(s)
+## Context
 
-_Provide a bulleted list of links to any GitHub issue, or any other task
-management reference (FogBugz, Box Note, etc...) that reviewers can reference
+_Provide a bulleted list of GitHub issues, or any other references (mailing list discussion, etc...) that reviewers can reference
 for additional information regarding scope of the pull request._

.github/workflows/python-publish.yml

@@ -0,0 +1,35 @@
+# This workflows will upload a Python Package using Twine when a release is created
+# For more information see: https://help.github.com/en/actions/language-and-framework-guides/using-python-with-github-actions#publishing-to-package-registries
+
+name: PyPI upload
+
+on:
+  release:
+    types: [created]
+
+jobs:
+  deploy:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.x'
+    - name: Install dependencies
+      run: |
+        make develop
+    - name: Test & lint
+      run: |
+        make code-lint
+        make test
+
+    - name: Build and publish
+      env:
+        TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
+        TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
+      run: |
+        python setup.py sdist bdist_wheel
+        twine upload dist/*

.github/workflows/python-test.yml

@@ -0,0 +1,26 @@
+name: format | lint | test
+on: [push, pull_request]
+jobs:
+  lint_unit_tests_coverage:
+    name: Run code validation steps
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: '3.7'
+    - name: Install dependencies
+      run: |
+        make develop
+    - name: Run formatter
+      run: |
+        make code-format
+    - name: Run linter
+      run: |
+        make code-lint
+    - name: Run unit tests with coverage
+      run: |
+        make test

CONTRIBUTING.md

@@ -1,29 +1,6 @@
 # Contributing
 
-If you want to add to the prune tool, please familiarize yourself with the code & our [Coding Standards][].
-Before you submit a PR, please [file an issue][new collab] to request collaborator access.
-
-## Assumptions and pre-requisites
-
-The following is a list of topics that contributors **should already** be comfortable
-with in order to contribute to `plant`.  Details on these topics are outside of
-the scope of the `plant` documentation.
-
-- [Python][python]
-
-  Moderate to advanced experience with Python code is necessary to contribute
-  to the `plant`.
-
-- Python [unit tests][python-unit-tests]
-
-  An understanding of the Python unit testing framework including mocking and patching is
-  expected and needed to write unit tests for any `plant` contribution.
-
-- Auditree [compliance framework][auditree-framework]
-
-  A typical use case for `plant` centers around adding external evidence to an evidence locker.
-  To that end, a general understanding of the Auditree [compliance framework][auditree-framework] is
-  useful.
+If you want to add to plant, please familiarise yourself with the code & our [Coding Standards][]. Before you submit a PR, please [file an issue][new collab] to request collaborator access.
 
 ## Code formatting and style
 
@@ -47,10 +24,5 @@ suite locally by using:
 make test
 ```
 
-[Coding Standards]: https://github.com/ComplianceAsCode/auditree-plant/blob/master/doc/coding-standards.rst
-[flake8]: https://gitlab.com/pycqa/flake8
+[Coding Standards]: https://github.com/ComplianceAsCode/auditree-framework/blob/master/doc/coding-standards.rst
 [new collab]: https://github.com/ComplianceAsCode/auditree-plant/issues/new?template=new-collaborator.md
-[yapf]: https://github.com/google/yapf
-[python]: https://www.python.org/
-[python-unit-tests]: https://docs.python.org/3/library/unittest.html
-[auditree-framework]: https://github.com/ComplianceAsCode/auditree-framework

README.md

@@ -1,8 +1,10 @@
-# auditree-plant
-
 [![OS Compatibility][platform-badge]](#prerequisites)
 [![Python Compatibility][python-badge]][python-dl]
 [![pre-commit][pre-commit-badge]][pre-commit]
+[![Code validation](https://github.com/ComplianceAsCode/auditree-plant/workflows/format%20%7C%20lint%20%7C%20test/badge.svg)][lint-test]
+[![Upload Python Package](https://github.com/ComplianceAsCode/auditree-plant/workflows/PyPI%20upload/badge.svg)][pypi-upload]
+
+# auditree-plant
 
 The Auditree tool for adding external evidence.
 
@@ -25,13 +27,13 @@ site or installed using your package manager.
 Python version can be checked with:
 
 ```sh
-> python --version
+python --version
 ```
 
 or
 
 ```sh
-> python3 --version
+python3 --version
 ```
 
 The `plant` tool is available for download from [PyPI](https://pypi.org/).
@@ -42,23 +44,28 @@ It is best practice, but not mandatory, to run `plant` from a dedicated Python
 virtual environment.  Assuming that you have the Python [virtualenv][virtual-env]
 package already installed, you can create a virtual environment named `venv` by
 executing `virtualenv venv` which will create a `venv` folder at the location of
-where you executed the command.
+where you executed the command.  Alternatively you can use the python `venv` module
+to do the same.
+
+```sh
+python3 -m venv venv
+```
 
 Assuming that you have a virtual environment and that virtual environment is in
-the current directory then to install a new instance of `prune`, activate
-your virtual environment and use `pip` to install `prune` like so:
+the current directory then to install a new instance of `plant`, activate
+your virtual environment and use `pip` to install `plant` like so:
 
 ```sh
-> . ./venv/bin/activate
-> pip install auditree-plant
+. ./venv/bin/activate
+pip install auditree-plant
 ```
 
 As we add new features to `plant` you will want to upgrade your `plant`
 package.  To upgrade `plant` to the most recent version do:
 
 ```sh
-> . ./venv/bin/activate
-> pip install auditree-plant --upgrade
+. ./venv/bin/activate
+pip install auditree-plant --upgrade
 ```
 
 See [pip documentation][pip-docs] for additional options when using `pip`.
@@ -95,15 +102,15 @@ fetchers and checks.
 As most CLIs, Auditree `plant` comes with a help facility.
 
 ```sh
-> plant -h
+plant -h
 ```
 
 ```sh
-> plant push-remote -h
+plant push-remote -h
 ```
 
 ```sh
-> plant dry-run -h
+plant dry-run -h
 ```
 
 ### push-remote mode
@@ -114,15 +121,15 @@ key/value pairs as you need as part of the `--config` or as contents of your
 `--config-file`.
 
 ```sh
-> plant push-remote org-foo repo-bar --config '{"/absolute/path/to/my/evidence.ext":{"category":"foo"}}'
+plant push-remote https://github.com/org-foo/repo-bar --config '{"/absolute/path/to/my/evidence.ext":{"category":"foo"}}'
 ```
 
 ```sh
-> plant push-remote org-foo repo-bar --config-file ./path/to/my/config_file.json
+plant push-remote https://github.com/org-foo/repo-bar --config-file ./path/to/my/config_file.json
 ```
 
 ```sh
-> plant push-remote org-foo repo-bar --repo-path $TMPDIR"compliance" --config-file ./path/to/my/config_file.json
+plant push-remote https://github.com/org-foo/repo-bar --repo-path $TMPDIR"compliance" --config-file ./path/to/my/config_file.json
 ```
 
 ### dry-run mode
@@ -134,15 +141,15 @@ You can provide as many _evidence path_/_evidence detail_ key/value pairs as you
 need as part of the `--config` or as contents of your `--config-file`.
 
 ```sh
-> plant dry-run org-foo repo-bar --config '{"/absolute/path/to/my/evidence.ext":{"category":"foo"}}'
+plant dry-run https://github.com/org-foo/repo-bar --config '{"/absolute/path/to/my/evidence.ext":{"category":"foo"}}'
 ```
 
 ```sh
-> plant dry-run org-foo repo-bar --config-file ./path/to/my/config_file.json
+plant dry-run https://github.com/org-foo/repo-bar --config-file ./path/to/my/config_file.json
 ```
 
 ```sh
-> plant dry-run org-foo repo-bar --repo-path $TMPDIR"compliance" --config-file ./path/to/my/config_file.json
+plant dry-run https://github.com/org-foo/repo-bar --repo-path $TMPDIR"compliance" --config-file ./path/to/my/config_file.json
 ```
 
 
@@ -154,3 +161,5 @@ need as part of the `--config` or as contents of your `--config-file`.
 [pip-docs]: https://pip.pypa.io/en/stable/reference/pip/
 [virtual-env]: https://pypi.org/project/virtualenv/
 [auditree-framework]: https://github.com/ComplianceAsCode/auditree-framework
+[lint-test]: https://github.com/ComplianceAsCode/auditree-plant/actions?query=workflow%3A%22Test+python+code+%26+lint%22
+[pypi-upload]: https://github.com/ComplianceAsCode/auditree-plant/actions?query=workflow%3A%22Upload+Python+Package%22

plant/__init__.py

@@ -14,4 +14,4 @@
 # limitations under the License.
 """The Auditree tool for adding evidence to an evidence locker."""
 
-__version__ = '0.1.1'
+__version__ = '1.0.0'

plant/cli.py

@@ -18,25 +18,26 @@
 import os
 import shutil
 import tempfile
+from urllib.parse import urlparse
 
 from compliance.evidence import ExternalEvidence, YEAR
+from compliance.utils.credentials import Config
 
 from ilcli import Command
 
 from plant import __version__ as version
 from plant.locker import PlantLocker
 
-from utilitarian import config_spec, credentials
-
 
 class _CorePlantCommand(Command):
 
     def _init_arguments(self):
         self.add_argument(
-            'org', help='the organization (owner) of a repository'
-        )
-        self.add_argument(
-            'repo', help='the name of a repository within an organization'
+            'locker',
+            help=(
+                'the URL to the evidence locker repository, '
+                'as an example https://github.com/my-org/my-repo'
+            )
         )
         self.add_argument(
             '--creds',
@@ -95,6 +96,12 @@ def _init_arguments(self):
         )
 
     def _validate_arguments(self, args):
+        parsed = urlparse(args.locker)
+        if not (parsed.scheme and parsed.hostname and parsed.path):
+            return (
+                'ERROR: locker url must be of the form '
+                'https://hostname/org/repo'
+            )
         if bool(args.config) == bool(args.config_file):
             return 'ERROR: Provide either a --config or a --config-file.'
         if args.git_config and args.git_config_file:
@@ -113,11 +120,7 @@ def _run(self, args):
         #   - dry-run translates to locker no-push mode
         #   - push-remote translates to locker full-remote mode
         locker_args = [
-            f'{args.org}/{args.repo}',
-            args.creds,
-            self.name,
-            gitconfig,
-            args.repo_path
+            args.locker, args.creds, self.name, gitconfig, args.repo_path
         ]
         files = args.config
         if not files:
@@ -154,8 +157,8 @@ def _get_locker(self, repo, creds, mode, gitconfig=None, repo_path=None):
             )
         return PlantLocker(
             name=locker_name,
-            repo_url=f'https://github.ibm.com/{repo}',
-            creds=credentials.Config(creds, spec=config_spec.NullConfigSpec()),
+            repo_url=repo,
+            creds=Config(creds),
             do_push=True if mode == 'push-remote' else False,
             gitconfig=gitconfig,
             repo_path=repo_path

setup.cfg

@@ -1,40 +1,46 @@
 [metadata]
-name = auditree_plant
+name = auditree-plant
 version = attr: plant.__version__
 description = The Auditree tool for adding external evidence
 author = Auditree Security and Compliance
 author_email = [email protected]
-url = https://github.com/ComplianceAsCode/auditree-plant
-license = IBM internal use
+url = https://auditree.github.io/
+license = Apache License 2.0
 classifiers =
-    Programming Language :: Python :: 3
     Programming Language :: Python :: 3.6
     Programming Language :: Python :: 3.7
     Programming Language :: Python :: 3.8
-long_description = https://github.com/ComplianceAsCode/auditree-plant
+    Programming Language :: Python :: 3.9
+    License :: OSI Approved :: Apache Software License
+    Operating System :: MacOS :: MacOS X
+    Operating System :: POSIX :: Linux
+long_description_content_type = text/markdown
+long_description = file: README.md
 
 [options]
 packages = find:
 install_requires =
-    compliance-tool>=0.44.2
-    ilcli>=0.2.3
-    utilitarian>=0.44.6
+    auditree-framework>=1.0.0
 
 [options.packages.find]
 exclude =
+    test.*
     test
 
 [bdist_wheel]
 universal = 1
 
+[options.entry_points]
+console_scripts =
+    plant=plant.cli:run
+
 [options.extras_require]
 dev =
     pre-commit>=2.4.0
     pytest>=4.4.1
     pytest-cov>=2.6.1
     recommonmark
     Sphinx>=1.7.2
-
-[options.entry_points]
-console_scripts =
-    plant=plant.cli:run
+    setuptools
+    wheel
+    twine

test/fixtures/faux_creds.ini

@@ -1,3 +1,3 @@
-[github_enterprise]
+[github]
 username=that-guy
 token=1a2b3c4d5e6f7g8h9i0