fix: requirements-dev.txt to reduce vulnerabilities

The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899

.github/renovate.json

@@ -5,7 +5,7 @@
     ":semanticCommitTypeAll(fix)"
   ],
   "baseBranches": [
-    "main"
+    "next"
   ],
   "platformCommit": true,
   "dependencyDashboardAutoclose": true,

.github/workflows-old/release.yml

@@ -1,64 +0,0 @@
-name: Build
-on:
-  push:
-    branches: [main]
-
-env:
-  REGISTRY: ghcr.io
-  IMAGE_NAME: ${{ github.repository }}
-
-jobs:
-  release:
-    name: Release
-    runs-on: ubuntu-latest
-    outputs:
-      new_tag: ${{ steps.tag_version.outputs.new_tag }}
-    steps:
-      - uses: actions/checkout@v4
-      - name: Bump version and push tag
-        id: tag_version
-        uses: mathieudutour/github-tag-action@v6.2
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          default_bump: minor
-      - name: Create a GitHub release
-        uses: ncipollo/release-action@v1
-        with:
-          tag: ${{ steps.tag_version.outputs.new_tag }}
-          name: ${{ steps.tag_version.outputs.new_tag }}
-          body: ${{ steps.tag_version.outputs.changelog }}
-          generateReleaseNotes: true
-
-  publish:
-    name: GitHub Container Registry
-    runs-on: ubuntu-latest
-    needs: release
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - uses: actions/checkout@v4
-      - name: Login to GitHub Container Registry
-        run: echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
-      - name: Build image for GitHub Package Registry
-        run: |
-          docker build . --file Dockerfile \
-          --build-arg "version=${{ needs.release.outputs.new_tag }}" \
-          --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }} \
-          --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-      - name: Push image to GitHub Package Registry
-        run: |
-          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
-          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }}
-
-  # deploy:
-  #   name: Update Portainer Deployment
-  #   runs-on: ubuntu-latest
-  #   needs: publish
-  #   steps:
-  #     - uses: fjogeleit/http-request-action@v1
-  #       with:
-  #         url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
-  #         method: POST
-  #         timeout: 60000
-  #         preventFailureOnNoResponse: "true"

.github/workflows/release.yml

@@ -1,18 +1,57 @@
-name: Release
+name: Build
 on:
-  workflow_dispatch:
+  push:
-  schedule:
+    branches: [main]
-    - cron: "0 9 * * *"
 
 jobs:
-  create_release:
+  release:
-    name: Create Release
+    name: Release
-    uses: luketainton/gha-workflows/.github/workflows/create-release.yml@main
+    runs-on: ubuntu-latest
-
+    outputs:
-  create_docker:
+      new_tag: ${{ steps.tag_version.outputs.new_tag }}
-    name: Create Docker Image
+    steps:
-    needs: create_release
+      - uses: actions/checkout@v4
-    if: ${{ needs.create_release.outputs.success == 'true' }}
+      - name: Bump version and push tag
-    uses: luketainton/gha-workflows/.github/workflows/build-push-attest-docker.yml@main
+        id: tag_version
+        uses: mathieudutour/github-tag-action@v6.2
         with:
-        release: ${{ needs.create_release.outputs.release_name }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          default_bump: minor
+      - name: Create a GitHub release
+        uses: ncipollo/release-action@v1
+        with:
+          tag: ${{ steps.tag_version.outputs.new_tag }}
+          name: ${{ steps.tag_version.outputs.new_tag }}
+          body: ${{ steps.tag_version.outputs.changelog }}
+          generateReleaseNotes: true
+
+  publish:
+    name: GitHub Container Registry
+    runs-on: ubuntu-latest
+    needs: release
+    steps:
+      - uses: actions/checkout@v4
+      - name: Login to GitHub Container Registry
+        run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin
+      - name: Build image for GitHub Package Registry
+        run: |
+          docker build . --file Dockerfile \
+          --build-arg "version=${{ needs.release.outputs.new_tag }}" \
+          --tag ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }} \
+          --tag ghcr.io/luketainton/roboluke-tasks:latest
+      - name: Push image to GitHub Package Registry
+        run: |
+          docker push ghcr.io/luketainton/roboluke-tasks:latest
+          docker push ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }}
+
+  deploy:
+    name: Update Portainer Deployment
+    runs-on: ubuntu-latest
+    needs: publish
+    steps:
+      - uses: fjogeleit/http-request-action@v1
+        with:
+          url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
+          method: POST
+          timeout: 60000
+          preventFailureOnNoResponse: "true"

requirements.txt

@@ -1,5 +1,5 @@
 appdirs==1.4.4
-astroid==3.2.3
+astroid==3.2.2
 attrs==23.2.0
 autopep8==2.3.1
 backoff==2.2.1
@@ -33,11 +33,11 @@ python-dotenv==1.0.1
 PyYAML==6.0.1
 requests==2.32.3
 requests-toolbelt==1.0.0
-sentry-sdk==2.10.0
+sentry-sdk==2.7.1
 six==1.16.0
 toml==0.10.2
 tomli==2.0.1
-tomlkit==0.13.0
+tomlkit==0.12.5
 urllib3==2.2.2
 virtualenv==20.26.3
 webex-bot==0.5.1
@@ -45,4 +45,3 @@ webexteamssdk==1.6.1
 websockets==11.0.3
 wrapt==1.16.0
 xmltodict==0.13.0
-zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability