From 2658d00179f502af7e22ca089cd8ec14b25905f2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 15:22:51 +0000 Subject: [PATCH 1/7] Bump viewstate from 0.5.3 to 0.6.0 Bumps [viewstate](https://github.com/yuvadm/viewstate) from 0.5.3 to 0.6.0. - [Release notes](https://github.com/yuvadm/viewstate/releases) - [Commits](https://github.com/yuvadm/viewstate/compare/v0.5.3...v0.6.0) --- updated-dependencies: - dependency-name: viewstate dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- poetry.lock | 9 +++++---- pyproject.toml | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/poetry.lock b/poetry.lock index 4f67b77..54e7328 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1571,12 +1571,13 @@ zstd = ["zstandard (>=0.18.0)"] [[package]] name = "viewstate" -version = "0.5.3" +version = "0.6.0" description = "ASP.NET View State Decoder" optional = false -python-versions = ">=3.5.0" +python-versions = "<4.0,>=3.8" files = [ - {file = "viewstate-0.5.3.tar.gz", hash = "sha256:4d3703c914167ab2208afe8f162e8213231cad4f11d0d5b591bf33e6468e2fdc"}, + {file = "viewstate-0.6.0-py3-none-any.whl", hash = "sha256:98eb05fd68c41b25d9f3555bca1197ac438168246468e35d6c6f2d1e5f8dcccc"}, + {file = "viewstate-0.6.0.tar.gz", hash = "sha256:82746f28cc51262f64d0b26e84bfbcaae2b93dfa416d6ae296f779e0957aad9b"}, ] [[package]] @@ -1711,4 +1712,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = "^3.9" -content-hash = "337f18e9bc8d0c9e2d8dc4bd622cfb96ae5ae1f64dd6a07201bc05e7099d072c" +content-hash = "25a2bc86e354f2731f4ddb30dac7255db97fa52a5ce2415dda717b62106f219e" diff --git a/pyproject.toml b/pyproject.toml index d6d682d..8c113d3 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -17,7 +17,7 @@ poetry-dynamic-versioning = {extras = ["plugin"], version = "^0.21.1"} [tool.poetry.dependencies] python = "^3.9" pycryptodome = "^3.15.0" -viewstate = "^0.5.3" +viewstate = ">=0.5.3,<0.7.0" flask-unsign = "^1.2.0" Django = "^4.1.2" pyjwt = {extras = ["crypto"], version = "^2.6.0"} From 13f5daec8b47899cc18bfc141862a9ebc136e49d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 15:26:55 +0000 Subject: [PATCH 2/7] Bump pytest-cov from 4.1.0 to 6.0.0 Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 4.1.0 to 6.0.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v4.1.0...v6.0.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- poetry.lock | 14 +++++++------- pyproject.toml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/poetry.lock b/poetry.lock index 0294f27..0d72a72 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1260,21 +1260,21 @@ dev = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "pygments [[package]] name = "pytest-cov" -version = "4.1.0" +version = "6.0.0" description = "Pytest plugin for measuring coverage." optional = false -python-versions = ">=3.7" +python-versions = ">=3.9" files = [ - {file = "pytest-cov-4.1.0.tar.gz", hash = "sha256:3904b13dfbfec47f003b8e77fd5b589cd11904a21ddf1ab38a64f204d6a10ef6"}, - {file = "pytest_cov-4.1.0-py3-none-any.whl", hash = "sha256:6ba70b9e97e69fcc3fb45bfeab2d0a138fb65c4d0d6a41ef33983ad114be8c3a"}, + {file = "pytest-cov-6.0.0.tar.gz", hash = "sha256:fde0b595ca248bb8e2d76f020b465f3b107c9632e6a1d1705f17834c89dcadc0"}, + {file = "pytest_cov-6.0.0-py3-none-any.whl", hash = "sha256:eee6f1b9e61008bd34975a4d5bab25801eb31898b032dd55addc93e96fcaaa35"}, ] [package.dependencies] -coverage = {version = ">=5.2.1", extras = ["toml"]} +coverage = {version = ">=7.5", extras = ["toml"]} pytest = ">=4.6" [package.extras] -testing = ["fields", "hunter", "process-tests", "pytest-xdist", "six", "virtualenv"] +testing = ["fields", "hunter", "process-tests", "pytest-xdist", "virtualenv"] [[package]] name = "pytest-mock" @@ -1712,4 +1712,4 @@ type = ["pytest-mypy"] [metadata] lock-version = "2.0" python-versions = "^3.9" -content-hash = "25a2bc86e354f2731f4ddb30dac7255db97fa52a5ce2415dda717b62106f219e" +content-hash = "4ba30698f4b8d42f6768cd8b4f9438272947260ae9765e1af3300dcf3ffd13f9" diff --git a/pyproject.toml b/pyproject.toml index 8c113d3..29a7644 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -9,7 +9,7 @@ readme = "README.md" [tool.poetry.dev-dependencies] requests-mock = "^1.10.0" pytest = "^8.3.3" -pytest-cov = "^4.0.0" +pytest-cov = "^6.0.0" mock = "^4.0.3" pytest-mock = "^3.10.0" poetry-dynamic-versioning = {extras = ["plugin"], version = "^0.21.1"} From f8ac540e9bb2198138939b4fe7661d7ead6b0f79 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Fri, 8 Nov 2024 13:27:53 -0500 Subject: [PATCH 3/7] changing auto-tagging behavior --- .github/workflows/tests.yaml | 42 +++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 19c5cef..0c643da 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -76,20 +76,38 @@ jobs: python -m pip install --upgrade pip pip install poetry build poetry self add "poetry-dynamic-versioning[plugin]" - - name: Build Pypi package - if: github.ref == 'refs/heads/main' - run: python -m build - - name: Publish Pypi package - if: github.ref == 'refs/heads/main' - uses: pypa/gh-action-pypi-publish@release/v1.5 - with: - password: ${{ secrets.PYPI_API_TOKEN }} - name: Get current version from Poetry id: get_version - run: echo "::set-output name=VERSION::$(poetry version --short)" - - name: Create Git tag + run: echo "VERSION=$(poetry version --short)" >> $GITHUB_ENV + + - name: Fetch latest tag + run: | + git fetch --tags + LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1)) + echo "LATEST_TAG=${LATEST_TAG}" >> $GITHUB_ENV + + - name: Check for major or minor version change + id: check_major_minor_version + run: | + CURRENT_VERSION=${{ env.VERSION }} + LATEST_VERSION=${{ env.LATEST_TAG }} + CURRENT_MAJOR_MINOR=$(echo $CURRENT_VERSION | cut -d '.' -f 1-2) + LATEST_MAJOR_MINOR=$(echo $LATEST_VERSION | cut -d '.' -f 1-2) + if [ "$CURRENT_MAJOR_MINOR" == "$LATEST_MAJOR_MINOR" ]; then + echo "VERSION_CHANGE=false" >> $GITHUB_ENV + else + echo "VERSION_CHANGE=true" >> $GITHUB_ENV + + - name: Build and publish if major or minor version changed + if: env.VERSION_CHANGE == 'true' + run: | + python -m build + twine upload dist/* -u __token__ -p ${{ secrets.PYPI_API_TOKEN }} + + - name: Tag the release if major or minor version changed + if: env.VERSION_CHANGE == 'true' run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" - git tag -a "$(echo ${{ steps.get_version.outputs.VERSION }})" -m "Release ${{ steps.get_version.outputs.VERSION }}" - git push origin "$(echo ${{ steps.get_version.outputs.VERSION }})" + git tag -a "${{ env.VERSION }}" -m "Release ${{ env.VERSION }}" + git push origin "refs/tags/${{ env.VERSION }}" From 34b19ae85673b07960a669221484cc4786672345 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Fri, 8 Nov 2024 13:32:58 -0500 Subject: [PATCH 4/7] changing target branch --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 705dc37..4b19293 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,5 +4,5 @@ updates: directory: "/" schedule: interval: "daily" - target-branch: "main" + target-branch: "dev" open-pull-requests-limit: 10 From 3c5c91be0dd407c82da6f78d1d6bf50ab0534d23 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Fri, 8 Nov 2024 13:38:59 -0500 Subject: [PATCH 5/7] adding back in pypi publish --- .github/workflows/tests.yaml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 0c643da..6a7d774 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -31,6 +31,7 @@ jobs: - name: flake8 run: | flake8 --select F,E722 --ignore F403,F405,F541 + test: runs-on: ubuntu-latest steps: @@ -76,6 +77,7 @@ jobs: python -m pip install --upgrade pip pip install poetry build poetry self add "poetry-dynamic-versioning[plugin]" + - name: Get current version from Poetry id: get_version run: echo "VERSION=$(poetry version --short)" >> $GITHUB_ENV @@ -91,6 +93,7 @@ jobs: run: | CURRENT_VERSION=${{ env.VERSION }} LATEST_VERSION=${{ env.LATEST_TAG }} + # Extract major.minor for comparison CURRENT_MAJOR_MINOR=$(echo $CURRENT_VERSION | cut -d '.' -f 1-2) LATEST_MAJOR_MINOR=$(echo $LATEST_VERSION | cut -d '.' -f 1-2) if [ "$CURRENT_MAJOR_MINOR" == "$LATEST_MAJOR_MINOR" ]; then @@ -98,11 +101,15 @@ jobs: else echo "VERSION_CHANGE=true" >> $GITHUB_ENV - - name: Build and publish if major or minor version changed + - name: Build PyPi package if: env.VERSION_CHANGE == 'true' - run: | - python -m build - twine upload dist/* -u __token__ -p ${{ secrets.PYPI_API_TOKEN }} + run: python -m build + + - name: Publish PyPi package + if: env.VERSION_CHANGE == 'true' + uses: pypa/gh-action-pypi-publish@release/v1.5 + with: + password: ${{ secrets.PYPI_API_TOKEN }} - name: Tag the release if major or minor version changed if: env.VERSION_CHANGE == 'true' From ce6ae1c4ef0a721244f49753b0f13e47570b381d Mon Sep 17 00:00:00 2001 From: liquidsec Date: Fri, 8 Nov 2024 13:44:51 -0500 Subject: [PATCH 6/7] fixing conditions --- .github/workflows/tests.yaml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 6a7d774..202560d 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -63,7 +63,6 @@ jobs: runs-on: ubuntu-latest needs: test if: github.event_name == 'push' && github.ref == 'refs/heads/main' - continue-on-error: true steps: - uses: actions/checkout@v3 with: @@ -93,7 +92,6 @@ jobs: run: | CURRENT_VERSION=${{ env.VERSION }} LATEST_VERSION=${{ env.LATEST_TAG }} - # Extract major.minor for comparison CURRENT_MAJOR_MINOR=$(echo $CURRENT_VERSION | cut -d '.' -f 1-2) LATEST_MAJOR_MINOR=$(echo $LATEST_VERSION | cut -d '.' -f 1-2) if [ "$CURRENT_MAJOR_MINOR" == "$LATEST_MAJOR_MINOR" ]; then @@ -102,17 +100,17 @@ jobs: echo "VERSION_CHANGE=true" >> $GITHUB_ENV - name: Build PyPi package - if: env.VERSION_CHANGE == 'true' + if: github.ref == 'refs/heads/main' && env.VERSION_CHANGE == 'true' run: python -m build - name: Publish PyPi package - if: env.VERSION_CHANGE == 'true' + if: github.ref == 'refs/heads/main' && env.VERSION_CHANGE == 'true' uses: pypa/gh-action-pypi-publish@release/v1.5 with: password: ${{ secrets.PYPI_API_TOKEN }} - name: Tag the release if major or minor version changed - if: env.VERSION_CHANGE == 'true' + if: github.ref == 'refs/heads/main' && env.VERSION_CHANGE == 'true' run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" From 243bc7a4705fc66bd3708e60e1f1ddf6bf1d009a Mon Sep 17 00:00:00 2001 From: liquidsec Date: Fri, 8 Nov 2024 14:30:10 -0500 Subject: [PATCH 7/7] fix workflow --- .github/workflows/tests.yaml | 39 ++++++++++++++++++++++++------------ 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index 202560d..6419c6e 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -58,7 +58,7 @@ jobs: token: ${{ secrets.CODECOV_TOKEN }} files: ./cov.xml verbose: true - + publish: runs-on: ubuntu-latest needs: test @@ -79,26 +79,39 @@ jobs: - name: Get current version from Poetry id: get_version - run: echo "VERSION=$(poetry version --short)" >> $GITHUB_ENV - + run: | + VERSION=$(poetry version --short) + echo "VERSION=$VERSION" >> $GITHUB_ENV + - name: Fetch latest tag run: | git fetch --tags LATEST_TAG=$(git describe --tags $(git rev-list --tags --max-count=1)) - echo "LATEST_TAG=${LATEST_TAG}" >> $GITHUB_ENV - - - name: Check for major or minor version change - id: check_major_minor_version + echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV + + - name: Retrieve and strip "v" prefix if present run: | - CURRENT_VERSION=${{ env.VERSION }} - LATEST_VERSION=${{ env.LATEST_TAG }} - CURRENT_MAJOR_MINOR=$(echo $CURRENT_VERSION | cut -d '.' -f 1-2) - LATEST_MAJOR_MINOR=$(echo $LATEST_VERSION | cut -d '.' -f 1-2) + # Retrieve and strip "v" prefix if present + CURRENT_VERSION="${{ env.VERSION }}" + LATEST_VERSION="${{ env.LATEST_TAG }}" + CURRENT_VERSION="${CURRENT_VERSION#v}" + LATEST_VERSION="${LATEST_VERSION#v}" + + # Extract major.minor for comparison + CURRENT_MAJOR_MINOR=$(echo "$CURRENT_VERSION" | cut -d '.' -f 1-2) + LATEST_MAJOR_MINOR=$(echo "$LATEST_VERSION" | cut -d '.' -f 1-2) + + # Compare versions if [ "$CURRENT_MAJOR_MINOR" == "$LATEST_MAJOR_MINOR" ]; then echo "VERSION_CHANGE=false" >> $GITHUB_ENV else echo "VERSION_CHANGE=true" >> $GITHUB_ENV - + fi + shell: bash + env: + VERSION: ${{ env.VERSION }} # dynamically passed VERSION variable + LATEST_TAG: ${{ env.LATEST_TAG }} # dynamically passed LATEST_TAG variable + - name: Build PyPi package if: github.ref == 'refs/heads/main' && env.VERSION_CHANGE == 'true' run: python -m build @@ -108,7 +121,7 @@ jobs: uses: pypa/gh-action-pypi-publish@release/v1.5 with: password: ${{ secrets.PYPI_API_TOKEN }} - + - name: Tag the release if major or minor version changed if: github.ref == 'refs/heads/main' && env.VERSION_CHANGE == 'true' run: |