Update workflows

.github/CONTRIBUTING.md

@@ -0,0 +1,62 @@
+# Contributing to CloudProxy
+
+Thank you for your interest in contributing to CloudProxy!
+
+## Branch Workflow
+
+We use a simple branch workflow:
+
+- **Feature branches**: For development work (`feature/your-feature`)
+- **`dev`**: Staging branch where features are integrated
+- **`main`**: Production-ready code
+
+```
+feature branch → dev → main
+```
+
+## Quick Start
+
+### 1. Fork and Clone
+
+```bash
+git clone https://github.com/YOUR_USERNAME/cloudproxy.git
+cd cloudproxy
+git remote add upstream https://github.com/claffin/cloudproxy.git
+```
+
+### 2. Create a Feature Branch
+
+```bash
+git checkout dev
+git pull upstream dev
+git checkout -b feature/your-feature-name
+```
+
+### 3. Develop and Test
+
+```bash
+# Make your changes
+pytest  # Run tests
+```
+
+### 4. Submit a Pull Request
+
+1. Push your branch: `git push origin feature/your-feature-name`
+2. Go to GitHub and create a PR to the `dev` branch
+3. Fill out the PR template
+
+## Adding a New Provider
+
+1. Create a directory under `cloudproxy/providers/` with the provider name
+2. Implement the required functions (create, delete, list proxies)
+3. Update `cloudproxy/providers/__init__.py`
+4. Add documentation and tests
+
+## Building Locally
+
+```bash
+docker build -t cloudproxy:test .
+docker run -p 8000:8000 -e PROXY_USERNAME=test -e PROXY_PASSWORD=test cloudproxy:test
+```
+
+By contributing to CloudProxy, you agree that your contributions will be licensed under the project's MIT License. 

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,29 @@
+# Pull Request
+
+## Description
+
+<!-- Briefly describe what this PR does and why it's needed -->
+
+## Type of Change
+
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Enhancement to existing functionality
+- [ ] Documentation update
+
+## Testing
+
+<!-- Describe how you tested your changes -->
+
+## Checklist
+
+- [ ] I've run `pytest` locally and all tests pass
+- [ ] I've added tests for new functionality (if applicable)
+- [ ] My code follows the project's style
+- [ ] I've updated documentation if needed
+
+## Important Note
+
+All PRs must pass the automated test suite before they can be merged. The GitHub Actions workflow will automatically run `pytest` on your changes.
+
+<!-- Feel free to add any other context or screenshots about the PR here --> 

.github/workflows/branch-protection.yml

@@ -0,0 +1,54 @@
+name: Branch Protection
+
+on:
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches:
+      - dev
+      - main
+
+jobs:
+  # First job enforces branch rules
+  enforce-branch-rules:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check PR target
+        if: github.event.pull_request.base.ref == 'main' && github.event.pull_request.head.ref != 'dev'
+        run: |
+          echo "ERROR: Pull requests to main branch are only allowed from the dev branch"
+          echo "Your PR is from ${{ github.event.pull_request.head.ref }} to main"
+          exit 1
+
+  # Separate job for tests that will show up as a required status check
+  test-suite:
+    name: Run Test Suite
+    runs-on: ubuntu-latest
+    needs: enforce-branch-rules
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pytest pytest-mock pytest-cov
+          if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+
+      - name: Run pytest
+        id: pytest
+        run: |
+          pytest
+
+      - name: Generate coverage report
+        run: |
+          pytest --cov=./ --cov-report=xml
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }} 

.github/workflows/dev-workflow.yml

@@ -0,0 +1,82 @@
+name: Development Workflow
+
+on:
+  push:
+    branches:
+      - dev
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+  pull_request:
+    branches:
+      - dev
+    paths-ignore:
+      - '**.md'
+      - 'docs/**'
+
+jobs:
+  test-suite:
+    name: Run Test Suite
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python 3.11
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install pytest pytest-mock pytest-cov
+          if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
+
+      - name: Run pytest
+        id: pytest
+        run: |
+          pytest
+
+      - name: Generate coverage report
+        run: |
+          pytest --cov=./ --cov-report=xml
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+  build-test-image:
+    needs: test-suite
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build Docker image (without pushing)
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: false
+          load: true
+          tags: cloudproxy:dev-test
+
+      - name: Test Docker image
+        run: |
+          docker run --name cloudproxy-test -d cloudproxy:dev-test
+          # Wait for container to initialize
+          sleep 5
+          # Check if container is running
+          if ! docker ps | grep -q cloudproxy-test; then
+            echo "Container failed to start"
+            docker logs cloudproxy-test
+            exit 1
+          fi
+          # Cleanup
+          docker stop cloudproxy-test
+          docker rm cloudproxy-test 

.github/workflows/main.yml → .github/workflows/release-workflow.yml

@@ -1,4 +1,4 @@
-name: CI/CD
+name: Release Workflow
 
 on:
   push:
@@ -9,7 +9,43 @@ on:
       - 'docs/**'
 
 jobs:
-  test-and-release:
+  verify-source-branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Verify push came from dev branch
+        run: |
+          # Get the commit before the merge into main
+          LAST_MERGE_COMMIT=$(git log --merges -n 1 --pretty=format:"%H")
+
+          if [ -z "$LAST_MERGE_COMMIT" ]; then
+            echo "ERROR: Direct push to main detected. Please use a pull request from dev branch instead."
+            exit 1
+          fi
+
+          # Get the branches that were merged
+          MERGE_PARENTS=$(git show --no-patch --format="%P" $LAST_MERGE_COMMIT)
+          PARENT_BRANCHES=""
+
+          for parent in $MERGE_PARENTS; do
+            branch=$(git name-rev --name-only $parent)
+            PARENT_BRANCHES="$PARENT_BRANCHES $branch"
+          done
+
+          if [[ ! $PARENT_BRANCHES == *"dev"* ]]; then
+            echo "ERROR: Last merge was not from dev branch"
+            echo "Source branches: $PARENT_BRANCHES"
+            exit 1
+          fi
+
+          echo "Verified merge from dev branch"
+
+  release:
+    needs: verify-source-branch
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -61,7 +97,7 @@ jobs:
           tag_name: ${{ env.NEW_VERSION }}
           release_name: Release ${{ env.NEW_VERSION }}
           body: |
-            Automated release for changes in main branch
+            Release from dev branch to main
 
             Changes in this release:
             ${{ github.event.head_commit.message }}
@@ -84,4 +120,4 @@ jobs:
           push: true
           tags: |
             laffin/cloudproxy:latest
-            laffin/cloudproxy:${{ env.NEW_VERSION }}
+            laffin/cloudproxy:${{ env.NEW_VERSION }}