[Snyk] Security upgrade requests from 2.31.0 to 2.32.0 #210
2
.github/renovate.json
vendored
2
.github/renovate.json
vendored
@ -5,7 +5,7 @@
|
||||
":semanticCommitTypeAll(fix)"
|
||||
],
|
||||
"baseBranches": [
|
||||
"next"
|
||||
"main"
|
||||
],
|
||||
"platformCommit": true,
|
||||
"dependencyDashboardAutoclose": true,
|
||||
|
||||
@ -3,6 +3,10 @@ on:
|
||||
push:
|
||||
branches: [main]
|
||||
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
IMAGE_NAME: ${{ github.repository }}
|
||||
|
||||
jobs:
|
||||
release:
|
||||
name: Release
|
||||
@ -29,29 +33,32 @@ jobs:
|
||||
name: GitHub Container Registry
|
||||
runs-on: ubuntu-latest
|
||||
needs: release
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Login to GitHub Container Registry
|
||||
run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin
|
||||
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
|
||||
- name: Build image for GitHub Package Registry
|
||||
run: |
|
||||
docker build . --file Dockerfile \
|
||||
--build-arg "version=${{ needs.release.outputs.new_tag }}" \
|
||||
--tag ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }} \
|
||||
--tag ghcr.io/luketainton/roboluke-tasks:latest
|
||||
--tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }} \
|
||||
--tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||
- name: Push image to GitHub Package Registry
|
||||
run: |
|
||||
docker push ghcr.io/luketainton/roboluke-tasks:latest
|
||||
docker push ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }}
|
||||
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }}
|
||||
|
||||
deploy:
|
||||
name: Update Portainer Deployment
|
||||
runs-on: ubuntu-latest
|
||||
needs: publish
|
||||
steps:
|
||||
- uses: fjogeleit/http-request-action@v1
|
||||
with:
|
||||
url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
|
||||
method: POST
|
||||
timeout: 60000
|
||||
preventFailureOnNoResponse: "true"
|
||||
# deploy:
|
||||
# name: Update Portainer Deployment
|
||||
# runs-on: ubuntu-latest
|
||||
# needs: publish
|
||||
# steps:
|
||||
# - uses: fjogeleit/http-request-action@v1
|
||||
# with:
|
||||
# url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
|
||||
# method: POST
|
||||
# timeout: 60000
|
||||
# preventFailureOnNoResponse: "true"
|
||||
36
.github/workflows/create_release.yml
vendored
Normal file
36
.github/workflows/create_release.yml
vendored
Normal file
@ -0,0 +1,36 @@
|
||||
name: Create Release
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: "0 9 * * *"
|
||||
|
||||
jobs:
|
||||
create_release:
|
||||
name: Create Release
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
new_tag: ${{ steps.tag_version.outputs.new_tag }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Bump version and push tag
|
||||
id: tag_version
|
||||
uses: mathieudutour/github-tag-action@v6.2
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
default_bump: minor
|
||||
|
||||
- name: Create a GitHub release
|
||||
uses: ncipollo/release-action@v1
|
||||
with:
|
||||
tag: ${{ steps.tag_version.outputs.new_tag }}
|
||||
name: ${{ steps.tag_version.outputs.new_tag }}
|
||||
body: ${{ steps.tag_version.outputs.changelog }}
|
||||
generateReleaseNotes: true
|
||||
|
||||
create_docker:
|
||||
name: Create Docker Image
|
||||
needs: create_release
|
||||
uses: luketainton/roboluke-tasks/.github/workflows/docker_publish.yml@main
|
||||
with:
|
||||
release: ${{ needs.create_release.outputs.new_tag }}
|
||||
61
.github/workflows/docker_publish.yml
vendored
Normal file
61
.github/workflows/docker_publish.yml
vendored
Normal file
@ -0,0 +1,61 @@
|
||||
name: Publish Docker Image
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
release:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
publish:
|
||||
name: Publish Docker image
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
packages: write
|
||||
contents: read
|
||||
attestations: write
|
||||
id-token: write
|
||||
steps:
|
||||
- name: Check out the repo
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ inputs.release }}
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Log in to GitHub Container Registry
|
||||
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
|
||||
with:
|
||||
registry: ghcr.io
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Extract metadata (tags, labels) for Docker
|
||||
id: meta
|
||||
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
|
||||
with:
|
||||
images: |
|
||||
ghcr.io/${{ github.repository }}
|
||||
tags: |
|
||||
type=semver,pattern=v{{version}},value=${{ inputs.release }}
|
||||
|
||||
- name: Build and push Docker image
|
||||
id: push
|
||||
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
# provenance: mode=max
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
tags: |
|
||||
ghcr.io/${{ github.repository }}:latest
|
||||
ghcr.io/${{ github.repository }}:${{ inputs.release }}
|
||||
|
||||
- name: Generate artifact attestation
|
||||
uses: actions/attest-build-provenance@v1
|
||||
with:
|
||||
subject-name: ghcr.io/${{ github.repository }}
|
||||
subject-digest: ${{ steps.push.outputs.digest }}
|
||||
push-to-registry: true
|
||||
@ -4,3 +4,4 @@ isort
|
||||
pylint
|
||||
pylint-exit
|
||||
pytest
|
||||
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
|
||||
|
||||
@ -1,47 +1,48 @@
|
||||
appdirs==1.4.4
|
||||
astroid==3.2.2
|
||||
astroid==3.2.3
|
||||
attrs==23.2.0
|
||||
autopep8==2.1.0
|
||||
autopep8==2.3.1
|
||||
backoff==2.2.1
|
||||
certifi==2024.2.2
|
||||
certifi==2024.7.4
|
||||
cfgv==3.4.0
|
||||
charset-normalizer==3.3.2
|
||||
click==8.1.7
|
||||
coloredlogs==15.0.1
|
||||
dill==0.3.8
|
||||
distlib==0.3.8
|
||||
filelock==3.14.0
|
||||
filelock==3.15.4
|
||||
future==1.0.0
|
||||
humanfriendly==10.0
|
||||
identify==2.5.36
|
||||
identify==2.6.0
|
||||
idna==3.7
|
||||
iniconfig==2.0.0
|
||||
lazy-object-proxy==1.10.0
|
||||
mccabe==0.7.0
|
||||
mypy-extensions==1.0.0
|
||||
nodeenv==1.8.0
|
||||
packaging==24.0
|
||||
nodeenv==1.9.1
|
||||
packaging==24.1
|
||||
pathspec==0.12.1
|
||||
platformdirs==4.2.2
|
||||
pluggy==1.5.0
|
||||
py==1.11.0
|
||||
pycodestyle==2.11.1
|
||||
pycodestyle==2.12.0
|
||||
PyJWT==2.8.0
|
||||
pyparsing==3.1.2
|
||||
python-dateutil==2.9.0.post0
|
||||
python-dotenv==1.0.1
|
||||
PyYAML==6.0.1
|
||||
requests==2.32.1
|
||||
requests==2.32.3
|
||||
requests-toolbelt==1.0.0
|
||||
sentry-sdk==2.2.1
|
||||
sentry-sdk==2.9.0
|
||||
six==1.16.0
|
||||
toml==0.10.2
|
||||
tomli==2.0.1
|
||||
tomlkit==0.12.5
|
||||
urllib3==2.2.1
|
||||
virtualenv==20.26.2
|
||||
tomlkit==0.13.0
|
||||
urllib3==2.2.2
|
||||
virtualenv==20.26.3
|
||||
webex-bot==0.5.1
|
||||
webexteamssdk==1.6.1
|
||||
websockets==11.0.3
|
||||
wrapt==1.16.0
|
||||
xmltodict==0.13.0
|
||||
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user