diff --git a/.circleci/config.yml b/.circleci/config.yml index 26f19be..1ae6d66 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -37,11 +37,18 @@ jobs: steps: - checkout - run: + name: Setup Python environment command: | sudo .circleci/ci-setup.sh - run: + name: Run tests and self scan command: | .circleci/ci-run.sh + # audit jake with jake + pip3 install -e . + # hot mess to uninstall dev requirements before we self scan. probably should move to pipenv + pip3 uninstall -r requirements-dev.txt -y + jake ddt -q - store_test_results: # Upload test results for display in Test Summary: https://circleci.com/docs/2.0/collect-test-data/ path: test-results - store_artifacts: # Upload test summary for display in Artifacts: https://circleci.com/docs/2.0/artifacts/ @@ -60,3 +67,13 @@ workflows: context: pypi requires: - build + + build_nightly: + triggers: + - schedule: + cron: "20 20 * * *" + filters: + branches: + only: main + jobs: + - build diff --git a/README.md b/README.md index 1b1b611..078122d 100644 --- a/README.md +++ b/README.md @@ -326,6 +326,12 @@ a new issue, or comment on an existing issue, to let others know you are! We use [python-semantic-release](https://python-semantic-release.readthedocs.io/en/latest/) to generate patch releases from commits to the `main` branch. +For example, to perform a "patch" release, add a commit to `main` with a comment like: + +``` +fix: Resolve vulnerability: CVE-2020-27783 in lxml +``` + To avoid performing a release after a commit to the `main` branch, be sure your commit message includes `[skip ci] `. ## The Fine Print diff --git a/requirements.txt b/requirements.txt index 3b1e1fe..79c8375 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,7 +7,7 @@ distlib==0.3.1 idna==2.10 isort==5.6.4 lazy-object-proxy==1.4.3 -lxml==4.6.1 +lxml==4.6.2 mccabe==0.6.1 oyaml==0.9 packaging==20.3