repos/roboluke
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Releases 50 Activity

[Snyk] Security upgrade requests from 2.31.0 to 2.32.0 #210

Closed
luketainton wants to merge 2 commits from snyk-fix-9a3f572cfcec764fe96fc9d5ac4cbf22 into main
pull from: snyk-fix-9a3f572cfcec764fe96fc9d5ac4cbf22
merge into: repos:main
Conversation 1 Commits 2 Files Changed - +136 -30
6 changed files with 136 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 4d185a4d2b - Show all commits

2
.github/renovate.json vendored
View File

@ -5,7 +5,7 @@
":semanticCommitTypeAll(fix)" ":semanticCommitTypeAll(fix)"
], ],
"baseBranches": [ "baseBranches": [
"next" "main"
], ],
"platformCommit": true, "platformCommit": true,
"dependencyDashboardAutoclose": true, "dependencyDashboardAutoclose": true,

39
.github/workflows/release.yml → .github/workflows-old/release.yml vendored
View File

@ -3,6 +3,10 @@ on:
push: push:
branches: [main] branches: [main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs: jobs:
release: release:
name: Release name: Release
@ -29,29 +33,32 @@ jobs:
name: GitHub Container Registry name: GitHub Container Registry
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: release needs: release
permissions:
contents: read
packages: write
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin run: echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
- name: Build image for GitHub Package Registry - name: Build image for GitHub Package Registry
run: | run: |
docker build . --file Dockerfile \ docker build . --file Dockerfile \
--build-arg "version=${{ needs.release.outputs.new_tag }}" \ --build-arg "version=${{ needs.release.outputs.new_tag }}" \
--tag ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }} \ --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }} \
--tag ghcr.io/luketainton/roboluke-tasks:latest --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
- name: Push image to GitHub Package Registry - name: Push image to GitHub Package Registry
run: | run: |
docker push ghcr.io/luketainton/roboluke-tasks:latest docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
docker push ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }} docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }}
deploy: # deploy:
name: Update Portainer Deployment # name: Update Portainer Deployment
runs-on: ubuntu-latest # runs-on: ubuntu-latest
needs: publish # needs: publish
steps: # steps:
- uses: fjogeleit/http-request-action@v1 # - uses: fjogeleit/http-request-action@v1
with: # with:
url: ${{ secrets.PORTAINER_WEBHOOK_URL }} # url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
method: POST # method: POST
timeout: 60000 # timeout: 60000
preventFailureOnNoResponse: "true" # preventFailureOnNoResponse: "true"

36
.github/workflows/create_release.yml vendored Normal file
View File

@ -0,0 +1,36 @@
name: Create Release
on:
workflow_dispatch:
schedule:
- cron: "0 9 * * *"
jobs:
create_release:
name: Create Release
runs-on: ubuntu-latest
outputs:
new_tag: ${{ steps.tag_version.outputs.new_tag }}
steps:
- uses: actions/checkout@v4
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v6.2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
default_bump: minor
- name: Create a GitHub release
uses: ncipollo/release-action@v1
with:
tag: ${{ steps.tag_version.outputs.new_tag }}
name: ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
generateReleaseNotes: true
create_docker:
name: Create Docker Image
needs: create_release
uses: luketainton/roboluke-tasks/.github/workflows/docker_publish.yml@main
with:
release: ${{ needs.create_release.outputs.new_tag }}

61
.github/workflows/docker_publish.yml vendored Normal file
View File

@ -0,0 +1,61 @@
name: Publish Docker Image
on:
workflow_call:
inputs:
release:
required: true
type: string
jobs:
publish:
name: Publish Docker image
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
attestations: write
id-token: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
ref: ${{ inputs.release }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern=v{{version}},value=${{ inputs.release }}
- name: Build and push Docker image
id: push
uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
with:
context: .
push: true
# provenance: mode=max
labels: ${{ steps.meta.outputs.labels }}
tags: |
ghcr.io/${{ github.repository }}:latest
ghcr.io/${{ github.repository }}:${{ inputs.release }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

1
requirements-dev.txt
View File

@ -4,3 +4,4 @@ isort
pylint pylint
pylint-exit pylint-exit
pytest pytest
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

27
requirements.txt
View File

@ -1,47 +1,48 @@
appdirs==1.4.4 appdirs==1.4.4
astroid==3.2.2 astroid==3.2.3
attrs==23.2.0 attrs==23.2.0
autopep8==2.1.0 autopep8==2.3.1
backoff==2.2.1 backoff==2.2.1
certifi==2024.2.2 certifi==2024.7.4
cfgv==3.4.0 cfgv==3.4.0
charset-normalizer==3.3.2 charset-normalizer==3.3.2
click==8.1.7 click==8.1.7
coloredlogs==15.0.1 coloredlogs==15.0.1
dill==0.3.8 dill==0.3.8
distlib==0.3.8 distlib==0.3.8
filelock==3.14.0 filelock==3.15.4
future==1.0.0 future==1.0.0
humanfriendly==10.0 humanfriendly==10.0
identify==2.5.36 identify==2.6.0
idna==3.7 idna==3.7
iniconfig==2.0.0 iniconfig==2.0.0
lazy-object-proxy==1.10.0 lazy-object-proxy==1.10.0
mccabe==0.7.0 mccabe==0.7.0
mypy-extensions==1.0.0 mypy-extensions==1.0.0
nodeenv==1.8.0 nodeenv==1.9.1
packaging==24.0 packaging==24.1
pathspec==0.12.1 pathspec==0.12.1
platformdirs==4.2.2 platformdirs==4.2.2
pluggy==1.5.0 pluggy==1.5.0
py==1.11.0 py==1.11.0
pycodestyle==2.11.1 pycodestyle==2.12.0
PyJWT==2.8.0 PyJWT==2.8.0
pyparsing==3.1.2 pyparsing==3.1.2
python-dateutil==2.9.0.post0 python-dateutil==2.9.0.post0
python-dotenv==1.0.1 python-dotenv==1.0.1
PyYAML==6.0.1 PyYAML==6.0.1
requests==2.32.1 requests==2.32.3
requests-toolbelt==1.0.0 requests-toolbelt==1.0.0
sentry-sdk==2.2.1 sentry-sdk==2.9.0
six==1.16.0 six==1.16.0
toml==0.10.2 toml==0.10.2
tomli==2.0.1 tomli==2.0.1
tomlkit==0.12.5 tomlkit==0.13.0
urllib3==2.2.1 urllib3==2.2.2
virtualenv==20.26.2 virtualenv==20.26.3
webex-bot==0.5.1 webex-bot==0.5.1
webexteamssdk==1.6.1 webexteamssdk==1.6.1
websockets==11.0.3 websockets==11.0.3
wrapt==1.16.0 wrapt==1.16.0
xmltodict==0.13.0 xmltodict==0.13.0
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability