repos/roboluke
3
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Releases 50 Activity

[Snyk] Security upgrade zipp from 3.15.0 to 3.19.1 #248

Closed
luketainton wants to merge 2 commits from snyk-fix-d5b059882ce793c75b611452aca70f6c into main
pull from: snyk-fix-d5b059882ce793c75b611452aca70f6c
merge into: repos:main
Conversation 0 Commits 2 Files Changed - +123 -19
5 changed files with 123 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b53c77e875 - Show all commits

2
.github/renovate.json vendored
View File

@ -5,7 +5,7 @@
":semanticCommitTypeAll(fix)" ":semanticCommitTypeAll(fix)"
], ],
"baseBranches": [ "baseBranches": [
"next" "main"
], ],
"platformCommit": true, "platformCommit": true,
"dependencyDashboardAutoclose": true, "dependencyDashboardAutoclose": true,

39
.github/workflows/release.yml → .github/workflows-old/release.yml vendored
View File

@ -3,6 +3,10 @@ on:
push: push:
branches: [main] branches: [main]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
jobs: jobs:
release: release:
name: Release name: Release
@ -29,29 +33,32 @@ jobs:
name: GitHub Container Registry name: GitHub Container Registry
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: release needs: release
permissions:
contents: read
packages: write
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: Login to GitHub Container Registry - name: Login to GitHub Container Registry
run: echo ${{ secrets.GHCR_ACCESS_TOKEN }} | docker login ghcr.io -u luketainton --password-stdin run: echo ${{ secrets.GITHUB_TOKEN }} | docker login ${{ env.REGISTRY }} -u ${{ github.actor }} --password-stdin
- name: Build image for GitHub Package Registry - name: Build image for GitHub Package Registry
run: | run: |
docker build . --file Dockerfile \ docker build . --file Dockerfile \
--build-arg "version=${{ needs.release.outputs.new_tag }}" \ --build-arg "version=${{ needs.release.outputs.new_tag }}" \
--tag ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }} \ --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }} \
--tag ghcr.io/luketainton/roboluke-tasks:latest --tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
- name: Push image to GitHub Package Registry - name: Push image to GitHub Package Registry
run: | run: |
docker push ghcr.io/luketainton/roboluke-tasks:latest docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
docker push ghcr.io/luketainton/roboluke-tasks:${{ needs.release.outputs.new_tag }} docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.new_tag }}
deploy: # deploy:
name: Update Portainer Deployment # name: Update Portainer Deployment
runs-on: ubuntu-latest # runs-on: ubuntu-latest
needs: publish # needs: publish
steps: # steps:
- uses: fjogeleit/http-request-action@v1 # - uses: fjogeleit/http-request-action@v1
with: # with:
url: ${{ secrets.PORTAINER_WEBHOOK_URL }} # url: ${{ secrets.PORTAINER_WEBHOOK_URL }}
method: POST # method: POST
timeout: 60000 # timeout: 60000
preventFailureOnNoResponse: "true" # preventFailureOnNoResponse: "true"

36
.github/workflows/create_release.yml vendored Normal file
View File

@ -0,0 +1,36 @@
name: Create Release
on:
workflow_dispatch:
schedule:
- cron: "0 9 * * *"
jobs:
create_release:
name: Create Release
runs-on: ubuntu-latest
outputs:
new_tag: ${{ steps.tag_version.outputs.new_tag }}
steps:
- uses: actions/checkout@v4
- name: Bump version and push tag
id: tag_version
uses: mathieudutour/github-tag-action@v6.2
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
default_bump: minor
- name: Create a GitHub release
uses: ncipollo/release-action@v1
with:
tag: ${{ steps.tag_version.outputs.new_tag }}
name: ${{ steps.tag_version.outputs.new_tag }}
body: ${{ steps.tag_version.outputs.changelog }}
generateReleaseNotes: true
create_docker:
name: Create Docker Image
needs: create_release
uses: luketainton/roboluke-tasks/.github/workflows/docker_publish.yml@main
with:
release: ${{ needs.create_release.outputs.new_tag }}

61
.github/workflows/docker_publish.yml vendored Normal file
View File

@ -0,0 +1,61 @@
name: Publish Docker Image
on:
workflow_call:
inputs:
release:
required: true
type: string
jobs:
publish:
name: Publish Docker image
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
attestations: write
id-token: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
ref: ${{ inputs.release }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@a64d0487d7069df33b279515d35d60fa80e2ea62
with:
images: |
ghcr.io/${{ github.repository }}
tags: |
type=semver,pattern=v{{version}},value=${{ inputs.release }}
- name: Build and push Docker image
id: push
uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c
with:
context: .
push: true
# provenance: mode=max
labels: ${{ steps.meta.outputs.labels }}
tags: |
ghcr.io/${{ github.repository }}:latest
ghcr.io/${{ github.repository }}:${{ inputs.release }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@v1
with:
subject-name: ghcr.io/${{ github.repository }}
subject-digest: ${{ steps.push.outputs.digest }}
push-to-registry: true

4
requirements.txt
View File

@ -1,5 +1,5 @@
appdirs==1.4.4 appdirs==1.4.4
astroid==3.2.2 astroid==3.2.3
attrs==23.2.0 attrs==23.2.0
autopep8==2.3.1 autopep8==2.3.1
backoff==2.2.1 backoff==2.2.1
@ -33,7 +33,7 @@ python-dotenv==1.0.1
PyYAML==6.0.1 PyYAML==6.0.1
requests==2.32.3 requests==2.32.3
requests-toolbelt==1.0.0 requests-toolbelt==1.0.0
sentry-sdk==2.7.1 sentry-sdk==2.9.0
six==1.16.0 six==1.16.0
toml==0.10.2 toml==0.10.2
tomli==2.0.1 tomli==2.0.1