fix: requirements-dev.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
2024-07-10 18:03:45 +00:00
4 changed files with 57 additions and 83 deletions
--- a/.github/renovate.json
+++ b/.github/renovate.json
@ -5,7 +5,7 @@
    ":semanticCommitTypeAll(fix)"
  ],
  "baseBranches": [
-    "main"
+    "next"
  ],
  "platformCommit": true,
  "dependencyDashboardAutoclose": true,
--- a/.github/workflows-old/release.yml
+++ b/.github/workflows-old/release.yml
@ -1,64 +0,0 @@
-name: Build
-on:
-  push:
-    branches: [main]
-
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-
-jobs:
-  release:
-    name: Release
-    runs-on: ubuntu-latest
-    outputs:
-      new_tag: ${{ steps.tag_version.outputs.new_tag }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Bump version and push tag
-        id: tag_version
-        uses: mathieudutour/github-tag-action@v6.2
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          default_bump: minor
-      - name: Create a GitHub release
-        uses: ncipollo/release-action@v1
-        with:
-          tag: ${{ steps.tag_version.outputs.new_tag }}
-          name: ${{ steps.tag_version.outputs.new_tag }}
-          body: ${{ steps.tag_version.outputs.changelog }}
-          generateReleaseNotes: true
-
-  publish:
-    name: GitHub Container Registry
-    runs-on: ubuntu-latest
-    needs: release
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to GitHub Container Registry
-        run: echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
-      - name: Build image for GitHub Package Registry
-        run: |
-          docker build . --file Dockerfile \
-          --build-arg "version=${{ needs.release.outputs.new_tag }}" \
-          --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }} \
-          --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-      - name: Push image to GitHub Package Registry
-        run: |
-          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }}
-
-  # deploy:
-  #   name: Update Portainer Deployment
-  #   runs-on: ubuntu-latest
-  #   needs: publish
-  #   steps:
-  #     - uses: fjogeleit/http-request-action@v1
-  #       with:
-  #         url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
-  #         method: POST
-  #         timeout: 60000
-  #         preventFailureOnNoResponse: "true"
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -1,18 +1,57 @@
-name: Release
+name: Build
 on:
-  workflow_dispatch:
-  schedule:
-    - cron: "0 9 * * *"
+  push:
+    branches: [main]

 jobs:
-  create_release:
-    name: Create Release
-    uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    outputs:
+      new_tag: ${{ steps.tag_version.outputs.new_tag }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Bump version and push tag
+        id: tag_version
+        uses: mathieudutour/github-tag-action@v6.2
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          default_bump: minor
+      - name: Create a GitHub release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.tag_version.outputs.new_tag }}
+          name: ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+          generateReleaseNotes: true

-  create_docker:
-    name: Create Docker Image
-    needs: create_release
-    if: ${{ needs.create_release.outputs.success == 'true' }}
-    uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main
-    with:
-        release: ${{ needs.create_release.outputs.release_name }}
+  publish:
+    name: GitHub Container Registry
+    runs-on: ubuntu-latest
+    needs: release
+    steps:
+      - uses: actions/checkout@v4
+      - name: Login to GitHub Container Registry
+        run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin
+      - name: Build image for GitHub Package Registry
+        run: |
+          docker build . --file Dockerfile \
+          --build-arg "version=${{ needs.release.outputs.new_tag }}" \
+          --tag ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }} \
+          --tag ghcr.io/luketainton/roboluke-tasks:latest
+      - name: Push image to GitHub Package Registry
+        run: |
+          docker push ghcr.io/luketainton/roboluke-tasks:latest
+          docker push ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }}
+
+  deploy:
+    name: Update Portainer Deployment
+    runs-on: ubuntu-latest
+    needs: publish
+    steps:
+      - uses: fjogeleit/http-request-action@v1
+        with:
+          url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
+          method: POST
+          timeout: 60000
+          preventFailureOnNoResponse: "true"
--- a/requirements.txt
+++ b/requirements.txt
@ -1,5 +1,5 @@
 appdirs==1.4.4
-astroid==3.2.3
+astroid==3.2.2
 attrs==23.2.0
 autopep8==2.3.1
 backoff==2.2.1
@ -33,11 +33,11 @@ python-dotenv==1.0.1
 PyYAML==6.0.1
 requests==2.32.3
 requests-toolbelt==1.0.0
-sentry-sdk==2.10.0
+sentry-sdk==2.7.1
 six==1.16.0
 toml==0.10.2
 tomli==2.0.1
-tomlkit==0.13.0
+tomlkit==0.12.5
 urllib3==2.2.2
 virtualenv==20.26.3
 webex-bot==0.5.1
@ -45,4 +45,3 @@ webexteamssdk==1.6.1
 websockets==11.0.3
 wrapt==1.16.0
 xmltodict==0.13.0
-zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability