From ab9f4228441116607a1c69f15aaf7b26b3979994 Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 23 Aug 2024 19:46:56 -0700 Subject: [PATCH 1/2] add gha-update, remove scheduled updates --- .github/dependabot.yml | 18 ------------------ .pre-commit-config.yaml | 2 -- pyproject.toml | 5 +++++ tox.ini | 5 +++++ 4 files changed, 10 insertions(+), 20 deletions(-) delete mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 1f47f125..00000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: 2 -updates: - - package-ecosystem: github-actions - directory: / - schedule: - interval: monthly - groups: - github-actions: - patterns: - - '*' - - package-ecosystem: pip - directory: /requirements/ - schedule: - interval: monthly - groups: - python-requirements: - patterns: - - '*' diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index dd86089b..c1db5d10 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,5 +1,3 @@ -ci: - autoupdate_schedule: monthly repos: - repo: https://github.com/astral-sh/ruff-pre-commit rev: v0.4.1 diff --git a/pyproject.toml b/pyproject.toml index 63cabb3c..0e8afa74 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -97,3 +97,8 @@ ignore-init-module-imports = true [tool.ruff.lint.isort] force-single-line = true order-by-type = false + +[tool.gha-update] +tag-only = [ + "slsa-framework/slsa-github-generator", +] diff --git a/tox.ini b/tox.ini index b7c6bc07..c0221fab 100644 --- a/tox.ini +++ b/tox.ini @@ -32,6 +32,11 @@ commands = deps = -r requirements/docs.txt commands = sphinx-build -E -W -b dirhtml docs docs/_build/dirhtml +[testenv:update-actions] +labels = update +deps = gha-update +commands = gha-update + [testenv:update-pre_commit] labels = update deps = pre-commit From 2e1f46b802b056e5fa5fa9e8cbb6ba857de9b767 Mon Sep 17 00:00:00 2001 From: David Lord Date: Fri, 23 Aug 2024 19:49:49 -0700 Subject: [PATCH 2/2] update dev dependencies --- .github/workflows/publish.yaml | 14 ++++---- .github/workflows/tests.yaml | 8 ++--- .pre-commit-config.yaml | 2 +- requirements-skip/tests-min.txt | 4 +-- requirements/build.txt | 4 +-- requirements/dev.txt | 63 ++++++++++++++++----------------- requirements/docs.txt | 32 ++++++++--------- requirements/tests.txt | 4 +-- requirements/typing.txt | 15 ++++---- 9 files changed, 70 insertions(+), 76 deletions(-) diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index ca6615c8..3fc8a284 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -9,8 +9,8 @@ jobs: outputs: hash: ${{ steps.hash.outputs.hash }} steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: '3.x' cache: pip @@ -23,7 +23,7 @@ jobs: - name: generate hash id: hash run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6 with: path: ./dist provenance: @@ -44,7 +44,7 @@ jobs: permissions: contents: write steps: - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - name: create release run: > gh release create --draft --repo ${{ github.repository }} @@ -63,11 +63,11 @@ jobs: permissions: id-token: write steps: - - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - - uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 + - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 + - uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0 with: repository-url: https://test.pypi.org/legacy/ packages-dir: artifact/ - - uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14 + - uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0 with: packages-dir: artifact/ diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml index c0a9bb89..3bd88de1 100644 --- a/.github/workflows/tests.yaml +++ b/.github/workflows/tests.yaml @@ -28,8 +28,8 @@ jobs: - {python: '3.8'} - {name: Minimum Versions, python: '3.11', tox: py-min} steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: ${{ matrix.python }} allow-prereleases: true @@ -40,8 +40,8 @@ jobs: typing: runs-on: ubuntu-latest steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: '3.x' cache: pip diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c1db5d10..acd7bba8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.4.1 + rev: v0.6.2 hooks: - id: ruff - id: ruff-format diff --git a/requirements-skip/tests-min.txt b/requirements-skip/tests-min.txt index 5e5a3fa6..f7f60f8d 100644 --- a/requirements-skip/tests-min.txt +++ b/requirements-skip/tests-min.txt @@ -10,7 +10,7 @@ flask==2.2.5 # via -r tests-min.in itsdangerous==2.2.0 # via flask -jinja2==3.1.3 +jinja2==3.1.4 # via flask markupsafe==2.1.5 # via @@ -18,7 +18,7 @@ markupsafe==2.1.5 # werkzeug sqlalchemy==2.0.16 # via -r tests-min.in -typing-extensions==4.11.0 +typing-extensions==4.12.2 # via sqlalchemy werkzeug==2.2.3 # via diff --git a/requirements/build.txt b/requirements/build.txt index 9ecc4895..4b289ca7 100644 --- a/requirements/build.txt +++ b/requirements/build.txt @@ -6,7 +6,7 @@ # build==1.2.1 # via -r build.in -packaging==24.0 +packaging==24.1 # via build -pyproject-hooks==1.0.0 +pyproject-hooks==1.1.0 # via build diff --git a/requirements/dev.txt b/requirements/dev.txt index 97e268eb..0329c5d1 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -4,17 +4,17 @@ # # pip-compile dev.in # -alabaster==0.7.16 +alabaster==1.0.0 # via # -r docs.txt # sphinx -babel==2.14.0 +babel==2.16.0 # via # -r docs.txt # sphinx -cachetools==5.3.3 +cachetools==5.5.0 # via tox -certifi==2024.2.2 +certifi==2024.7.4 # via # -r docs.txt # requests @@ -34,13 +34,13 @@ docutils==0.21.2 # via # -r docs.txt # sphinx -filelock==3.13.4 +filelock==3.15.4 # via # tox # virtualenv -identify==2.5.36 +identify==2.6.0 # via pre-commit -idna==3.7 +idna==3.8 # via # -r docs.txt # requests @@ -53,7 +53,7 @@ iniconfig==2.0.0 # -r tests.txt # -r typing.txt # pytest -jinja2==3.1.3 +jinja2==3.1.4 # via # -r docs.txt # sphinx @@ -61,18 +61,18 @@ markupsafe==2.1.5 # via # -r docs.txt # jinja2 -mypy==1.10.0 +mypy==1.11.1 # via -r typing.txt mypy-extensions==1.0.0 # via # -r typing.txt # mypy -nodeenv==1.8.0 +nodeenv==1.9.1 # via # -r typing.txt # pre-commit # pyright -packaging==24.0 +packaging==24.1 # via # -r docs.txt # -r tests.txt @@ -82,9 +82,9 @@ packaging==24.0 # pytest # sphinx # tox -pallets-sphinx-themes==2.1.2 +pallets-sphinx-themes==2.1.3 # via -r docs.txt -platformdirs==4.2.1 +platformdirs==4.2.2 # via # tox # virtualenv @@ -94,23 +94,23 @@ pluggy==1.5.0 # -r typing.txt # pytest # tox -pre-commit==3.7.0 +pre-commit==3.8.0 # via -r dev.in -pygments==2.17.2 +pygments==2.18.0 # via # -r docs.txt # sphinx -pyproject-api==1.6.1 +pyproject-api==1.7.1 # via tox -pyright==1.1.360 +pyright==1.1.377 # via -r typing.txt -pytest==8.1.1 +pytest==8.3.2 # via # -r tests.txt # -r typing.txt -pyyaml==6.0.1 +pyyaml==6.0.2 # via pre-commit -requests==2.31.0 +requests==2.32.3 # via # -r docs.txt # sphinx @@ -118,20 +118,20 @@ snowballstemmer==2.2.0 # via # -r docs.txt # sphinx -sphinx==7.3.7 +sphinx==8.0.2 # via # -r docs.txt # pallets-sphinx-themes # sphinxcontrib-log-cabinet -sphinxcontrib-applehelp==1.0.8 +sphinxcontrib-applehelp==2.0.0 # via # -r docs.txt # sphinx -sphinxcontrib-devhelp==1.0.6 +sphinxcontrib-devhelp==2.0.0 # via # -r docs.txt # sphinx -sphinxcontrib-htmlhelp==2.0.5 +sphinxcontrib-htmlhelp==2.1.0 # via # -r docs.txt # sphinx @@ -141,28 +141,25 @@ sphinxcontrib-jsmath==1.0.1 # sphinx sphinxcontrib-log-cabinet==1.0.1 # via -r docs.txt -sphinxcontrib-qthelp==1.0.7 +sphinxcontrib-qthelp==2.0.0 # via # -r docs.txt # sphinx -sphinxcontrib-serializinghtml==1.1.10 +sphinxcontrib-serializinghtml==2.0.0 # via # -r docs.txt # sphinx -tox==4.14.2 +tox==4.18.0 # via -r dev.in -typing-extensions==4.11.0 +typing-extensions==4.12.2 # via # -r typing.txt # mypy -urllib3==2.2.1 +urllib3==2.2.2 # via # -r docs.txt # requests -virtualenv==20.26.0 +virtualenv==20.26.3 # via # pre-commit # tox - -# The following packages are considered to be unsafe in a requirements file: -# setuptools diff --git a/requirements/docs.txt b/requirements/docs.txt index 7b18580d..45476289 100644 --- a/requirements/docs.txt +++ b/requirements/docs.txt @@ -4,54 +4,54 @@ # # pip-compile docs.in # -alabaster==0.7.16 +alabaster==1.0.0 # via sphinx -babel==2.14.0 +babel==2.16.0 # via sphinx -certifi==2024.2.2 +certifi==2024.7.4 # via requests charset-normalizer==3.3.2 # via requests docutils==0.21.2 # via sphinx -idna==3.7 +idna==3.8 # via requests imagesize==1.4.1 # via sphinx -jinja2==3.1.3 +jinja2==3.1.4 # via sphinx markupsafe==2.1.5 # via jinja2 -packaging==24.0 +packaging==24.1 # via # pallets-sphinx-themes # sphinx -pallets-sphinx-themes==2.1.2 +pallets-sphinx-themes==2.1.3 # via -r docs.in -pygments==2.17.2 +pygments==2.18.0 # via sphinx -requests==2.31.0 +requests==2.32.3 # via sphinx snowballstemmer==2.2.0 # via sphinx -sphinx==7.3.7 +sphinx==8.0.2 # via # -r docs.in # pallets-sphinx-themes # sphinxcontrib-log-cabinet -sphinxcontrib-applehelp==1.0.8 +sphinxcontrib-applehelp==2.0.0 # via sphinx -sphinxcontrib-devhelp==1.0.6 +sphinxcontrib-devhelp==2.0.0 # via sphinx -sphinxcontrib-htmlhelp==2.0.5 +sphinxcontrib-htmlhelp==2.1.0 # via sphinx sphinxcontrib-jsmath==1.0.1 # via sphinx sphinxcontrib-log-cabinet==1.0.1 # via -r docs.in -sphinxcontrib-qthelp==1.0.7 +sphinxcontrib-qthelp==2.0.0 # via sphinx -sphinxcontrib-serializinghtml==1.1.10 +sphinxcontrib-serializinghtml==2.0.0 # via sphinx -urllib3==2.2.1 +urllib3==2.2.2 # via requests diff --git a/requirements/tests.txt b/requirements/tests.txt index f5702694..c73968d0 100644 --- a/requirements/tests.txt +++ b/requirements/tests.txt @@ -6,9 +6,9 @@ # iniconfig==2.0.0 # via pytest -packaging==24.0 +packaging==24.1 # via pytest pluggy==1.5.0 # via pytest -pytest==8.1.1 +pytest==8.3.2 # via -r tests.in diff --git a/requirements/typing.txt b/requirements/typing.txt index 533079f6..aad4188d 100644 --- a/requirements/typing.txt +++ b/requirements/typing.txt @@ -6,22 +6,19 @@ # iniconfig==2.0.0 # via pytest -mypy==1.10.0 +mypy==1.11.1 # via -r typing.in mypy-extensions==1.0.0 # via mypy -nodeenv==1.8.0 +nodeenv==1.9.1 # via pyright -packaging==24.0 +packaging==24.1 # via pytest pluggy==1.5.0 # via pytest -pyright==1.1.360 +pyright==1.1.377 # via -r typing.in -pytest==8.1.1 +pytest==8.3.2 # via -r typing.in -typing-extensions==4.11.0 +typing-extensions==4.12.2 # via mypy - -# The following packages are considered to be unsafe in a requirements file: -# setuptools