From 165ddfda2f4fe604913c418da466980ed8c72007 Mon Sep 17 00:00:00 2001 From: Thomas Carmet Date: Tue, 31 Jan 2023 23:17:11 +0000 Subject: [PATCH 1/6] review security triggers --- .github/workflows/build.yaml | 11 ++++++++++- .github/workflows/trivy.yaml | 3 --- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ef565ca6..fa799a5d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -1,7 +1,16 @@ --- name: build -on: push +on: + push: + branches: + - '**' + schedule: + # Run once a week at 00:00 on Sunday + - cron: '0 0 * * 0' + release: + types: + - created permissions: contents: read diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index a712a375..bfc56b8c 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -3,9 +3,6 @@ name: trivy on: - schedule: - # Every day at noon - - cron: '0 12 * * *' workflow_call: inputs: image: From 16b46b8088a639bb13605d8d812c4e3580b0926e Mon Sep 17 00:00:00 2001 From: Thomas Carmet Date: Tue, 31 Jan 2023 23:17:36 +0000 Subject: [PATCH 2/6] review setup.py build --- .github/workflows/release.yaml | 2 ++ requirements.txt | 1 - setup.py | 12 +++++------- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ee80f296..b31e5765 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -39,6 +39,8 @@ jobs: context: . file: ./Dockerfile push: true + build-args: | + VERSION=${{ github.event.inputs.tag }} tags: | ghcr.io/scality/bert-e:${{ inputs.tag }} registry.scality.com/bert-e/bert-e:${{ inputs.tag }} diff --git a/requirements.txt b/requirements.txt index f65472ff..397fd37d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,4 +18,3 @@ requests==2.28.2 requests-mock==1.10.0 werkzeug==2.2.2 WTForms==2.2.1 -setuptools-scm==1.9.0 diff --git a/setup.py b/setup.py index 49ae6d14..8b20e4e8 100644 --- a/setup.py +++ b/setup.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 from os.path import abspath, dirname, join +import os import pip from setuptools import setup @@ -36,14 +37,11 @@ def requires(): setup( name='bert-e', - use_scm_version={ - 'local_scheme': 'dirty-tag' - }, - setup_requires=[ - 'setuptools_scm' - ], + version=os.getenv('VERSION', '1.0-dev'), + python_requires=">=3.10", + platforms=['any'], description='Scality\'s automated branch merging tool', - url='https://bitbucket.org/scality/bert-e', + url='https://github.com/scality/bert-e', license='Apache', include_package_data=True, packages=[ From 97eed9faa0e92cfdc29ea019a56b080d782120a5 Mon Sep 17 00:00:00 2001 From: Thomas Carmet Date: Tue, 31 Jan 2023 23:18:53 +0000 Subject: [PATCH 3/6] review dockerignore file --- .dockerignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.dockerignore b/.dockerignore index bd23d627..cf6c0159 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,8 @@ venv *.pyc *~ +.git +*.egg-info +__pycache__ +.eggs +.tox From d1bf0b3ad598716022ff4f5fd68e3cf56325ee27 Mon Sep 17 00:00:00 2001 From: Thomas Carmet Date: Tue, 31 Jan 2023 23:35:35 +0000 Subject: [PATCH 4/6] removing deleted file from devcontainer setup --- .devcontainer/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index b566789a..12a74b55 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -8,6 +8,6 @@ FROM mcr.microsoft.com/vscode/devcontainers/python:0-${VARIANT} ARG NODE_VERSION="none" RUN if [ "${NODE_VERSION}" != "none" ]; then su vscode -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install ${NODE_VERSION} 2>&1"; fi -COPY requirements.txt constraints.txt /tmp/pip-tmp/ +COPY requirements.txt /tmp/pip-tmp/ RUN pip3 --disable-pip-version-check --no-cache-dir install -r /tmp/pip-tmp/requirements.txt \ - && pip3 install tox && rm -rf /tmp/pip-tmp \ No newline at end of file + && pip3 install tox && rm -rf /tmp/pip-tmp From 15ab0b01a701c6554e527f4cab4f6f307abe56e0 Mon Sep 17 00:00:00 2001 From: Thomas Carmet Date: Tue, 31 Jan 2023 23:44:11 +0000 Subject: [PATCH 5/6] include requirements.txt in manifest --- MANIFEST.in | 1 + requirements.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/MANIFEST.in b/MANIFEST.in index 27ec3cd4..96e482f1 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,2 +1,3 @@ recursive-include bert_e/templates * recursive-include bert_e/docs * +include requirements.txt diff --git a/requirements.txt b/requirements.txt index 397fd37d..f46fd67a 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,3 +18,4 @@ requests==2.28.2 requests-mock==1.10.0 werkzeug==2.2.2 WTForms==2.2.1 +wheel==0.32.1 \ No newline at end of file From e3d3734cbe7118e071726462c53d32905ce8d991 Mon Sep 17 00:00:00 2001 From: Thomas Carmet Date: Tue, 31 Jan 2023 23:44:29 +0000 Subject: [PATCH 6/6] remove wheel --- requirements.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f46fd67a..397fd37d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -18,4 +18,3 @@ requests==2.28.2 requests-mock==1.10.0 werkzeug==2.2.2 WTForms==2.2.1 -wheel==0.32.1 \ No newline at end of file