repos/roboluke
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Releases 50 Activity

[Snyk] Security upgrade urllib3 from 2.0.7 to 2.2.2 #230

Closed
luketainton wants to merge 2 commits from snyk-fix-cba8cd5bc195bb4c2abc039f74d5333e into main
pull from: snyk-fix-cba8cd5bc195bb4c2abc039f74d5333e
merge into: repos:main
Conversation 0 Commits 2 Files Changed - +131 -25
6 changed files with 131 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 8166ac80bd - Show all commits

2
.github/renovate.json vendored
View File

@ -5,7 +5,7 @@
":semanticCommitTypeAll(fix)"
],
"baseBranches": [
"next"
"main"
],
"platformCommit": true,
"dependencyDashboardAutoclose": true,

39
.github/workflows/release.yml → .github/workflows-old/release.yml vendored
View File

@ -3,6 +3,10 @@ on:
push:
branches: [main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs:
release:
name: Release
@ -29,29 +33,32 @@ jobs:
name: GitHub Container Registry
runs-on: ubuntu-latest
needs: release
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- name: Login to GitHub Container Registry
run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin
run: echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
- name: Build image for GitHub Package Registry
run: |
docker build . --file Dockerfile \
--build-arg "version=${{ needs.release.outputs.new_tag }}" \
--tag ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }} \
--tag ghcr.io/luketainton/roboluke-tasks:latest
--tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }} \
--tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
- name: Push image to GitHub Package Registry
run: |
docker push ghcr.io/luketainton/roboluke-tasks:latest
docker push ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }}
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }}
deploy:
name: Update Portainer Deployment
runs-on: ubuntu-latest
needs: publish
steps:
- uses: fjogeleit/http-request-action@v1
with:
url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
method: POST
timeout: 60000
preventFailureOnNoResponse: "true"
# deploy:
# name: Update Portainer Deployment
# runs-on: ubuntu-latest
# needs: publish
# steps:
# - uses: fjogeleit/http-request-action@v1
# with:
# url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
# method: POST
# timeout: 60000
# preventFailureOnNoResponse: "true"

36
.github/workflows/create_release.yml vendored Normal file
View File

@ -0,0 +1,36 @@
name: Create Release
on:
workflow_dispatch:
schedule:
- cron: "0 9 * * *"
jobs:
create_release:
name: Create Release
runs-on: ubuntu-latest
outputs:
new_tag: ${{ steps.tag_version.outputs.new_tag }}
steps:
- uses: actions/checkout@v4
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v6.2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
default_bump: minor
- name: Create a GitHub release
uses: ncipollo/release-action@v1
with:
tag: ${{ steps.tag_version.outputs.new_tag }}
name: ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
generateReleaseNotes: true
create_docker:
name: Create Docker Image
needs: create_release
uses: luketainton/roboluke-tasks/.github/workflows/docker_publish.yml@main
with:
release: ${{ needs.create_release.outputs.new_tag }}

61
.github/workflows/docker_publish.yml vendored Normal file
View File

@ -0,0 +1,61 @@
name: Publish Docker Image
on:
workflow_call:
inputs:
release:
required: true
type: string
jobs:
publish:
name: Publish Docker image
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
attestations: write
id-token: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
ref: ${{ inputs.release }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@a64d0487d7069df33b279515d35d60fa80e2ea62
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern=v{{version}},value=${{ inputs.release }}
- name: Build and push Docker image
id: push
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c
with:
context: .
push: true
# provenance: mode=max
labels: ${{ steps.meta.outputs.labels }}
tags: |
ghcr.io/${{ github.repository }}:latest
ghcr.io/${{ github.repository }}:${{ inputs.release }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

1
requirements-dev.txt
View File

@ -4,3 +4,4 @@ isort
pylint
pylint-exit
pytest
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability

17
requirements.txt
View File

@ -1,19 +1,19 @@
appdirs==1.4.4
astroid==3.2.2
astroid==3.2.3
attrs==23.2.0
autopep8==2.2.0
autopep8==2.3.1
backoff==2.2.1
certifi==2024.6.2
certifi==2024.7.4
cfgv==3.4.0
charset-normalizer==3.3.2
click==8.1.7
coloredlogs==15.0.1
dill==0.3.8
distlib==0.3.8
filelock==3.15.1
filelock==3.15.4
future==1.0.0
humanfriendly==10.0
identify==2.5.36
identify==2.6.0
idna==3.7
iniconfig==2.0.0
lazy-object-proxy==1.10.0
@ -33,15 +33,16 @@ python-dotenv==1.0.1
PyYAML==6.0.1
requests==2.32.3
requests-toolbelt==1.0.0
sentry-sdk==2.5.1
sentry-sdk==2.9.0
six==1.16.0
toml==0.10.2
tomli==2.0.1
tomlkit==0.12.5
tomlkit==0.13.0
urllib3==2.2.2
virtualenv==20.26.2
virtualenv==20.26.3
webex-bot==0.5.1
webexteamssdk==1.6.1
websockets==11.0.3
wrapt==1.16.0
xmltodict==0.13.0
zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability