dependabot[bot]
5f60ee52e5
build(deps): bump the action-dependencies group with 2 updates ( #2856 )
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.2.2 to 5.0.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](11bd71901b...08c6903cd8https://github.com/actions/download-artifact/releases )
- [Commits](d3f86a106a...634f93cb29
2025-08-12 11:20:34 +03:00
dependabot[bot]
8f10e91463
build(deps): bump ossf/scorecard-action in the action-dependencies group ( #2840 )
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](f49aabe0b5...05b42c6244
2025-06-03 12:34:06 +03:00
dependabot[bot]
ec50bc52b8
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/setup-python](https://github.com/actions/setup-python ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/setup-python` from 5.5.0 to 5.6.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](8d9ed9ac5c...a26af69be9https://github.com/actions/download-artifact/releases )
- [Commits](95815c38cf...d3f86a106a
2025-04-28 22:28:44 +00:00
dependabot[bot]
63b2ca5b07
build(deps): bump actions/setup-python in the action-dependencies group ( #2820 )
2025-04-01 09:25:13 +03:00
dependabot[bot]
48262c9b2a
build(deps): bump the action-dependencies group with 2 updates ( #2816 )
2025-03-25 09:23:38 +02:00
dependabot[bot]
6d8b97e3d7
build(deps): bump actions/download-artifact ( #2803 )
2025-03-04 07:41:44 +00:00
dependabot[bot]
d2b6b6d50d
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `actions/upload-artifact` from 4.6.0 to 4.6.1
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](65c4c4a1dd...4cec3d8aa0https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](62b2cac7ed...f49aabe0b5
2025-02-24 21:14:31 +00:00
Jussi Kukkonen
5a2a4f7927
build: Remove workaround for hatchling upgrades
...
Apparently Dependabot now supports upgrading build-system.requires: we
don't need the workarounds anymore.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-02-21 10:05:18 +02:00
NicholasTanz
a6fc606298
make pedantic and silence info logs
...
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
2025-02-20 17:46:48 -05:00
NicholasTanz
41c7922c92
add zizmor for linting workflows.
...
Signed-off-by: NicholasTanz <nicholastanzillo@gmail.com>
2025-02-19 21:53:14 -05:00
dependabot[bot]
df7f9d64b2
build(deps): bump theupdateframework/tuf-conformance
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 2.2.0 to 2.3.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](dee4e23533...9bfc222a37
2025-02-17 13:42:10 +00:00
dependabot[bot]
051cbda20a
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](0b93645e9f...42375524e2
2025-02-03 21:10:31 +00:00
Jussi Kukkonen
554f508a7a
Merge pull request #2764 from jku/fix-spec-version-check
...
workflows: Fix the spec version check
2025-01-29 18:40:42 +02:00
Jussi Kukkonen
d7137f9343
workflows: Add a "all tests pass" check
...
This way we can avoid naming all the matrix tests individually
in "required checks to pass before merging" in GitHub UI (which
requires tweaking everytime supported Python versions change).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2025-01-29 11:44:32 +02:00
dependabot[bot]
8c48095700
build(deps): bump pypa/gh-action-pypi-publish ( #2770 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.12.3 to 1.12.4
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](67339c736f...76f52bc884
2025-01-28 12:00:06 +02:00
dependabot[bot]
e49b613cf8
build(deps): bump actions/upload-artifact ( #2766 )
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.5.0 to 4.6.0
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](6f51ac03b9...65c4c4a1dd
2025-01-14 10:27:24 +02:00
Jussi Kukkonen
e5547e7984
workflows: Fix the spec version check
...
I removed all instances of "pip install -e ." from our scripts
in 4e889e7
2025-01-13 20:14:48 +02:00
Kairo Araujo
467e806614
Merge pull request #2749 from jku/test-fixes
...
Unit test infrastructure fixes
2025-01-06 15:25:55 +01:00
dependabot[bot]
05d405e591
build(deps): bump actions/upload-artifact ( #2755 )
2024-12-24 13:57:37 +02:00
Jussi Kukkonen
4e889e7212
dev env: Stop installing tuf as "editable"
...
This was likely only necessary because the test suite required it:
Now tuf does not get installed at all by tox (or by dev install)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
31bb232ca3
tests: Remove various unneeded coverage workarounds
...
Tests now run from root dir so various coverage complications
can be removed.
Also remove the duplicate .coveragerc and rely on pyproject.toml
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
dependabot[bot]
69222b2e06
build(deps): bump pypa/gh-action-pypi-publish ( #2748 )
2024-12-10 09:04:42 +02:00
dependabot[bot]
acffdc030e
build(deps): bump theupdateframework/tuf-conformance
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](ad0e8bef1a...dee4e23533
2024-11-29 14:16:48 +00:00
dependabot[bot]
e62ac28946
build(deps): bump pypa/gh-action-pypi-publish
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.11.0 to 1.12.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](fb13cb3069...15c56dba36
2024-11-11 21:50:44 +00:00
dependabot[bot]
1346e52373
build(deps): bump pypa/gh-action-pypi-publish ( #2732 )
2024-11-05 00:26:58 +02:00
dependabot[bot]
42c3b2d919
build(deps): bump the action-dependencies group with 2 updates ( #2729 )
2024-10-29 08:50:53 +02:00
Jussi Kukkonen
bd18823b13
Python upgrade: Stop testing 3.8, start testing 3.13 ( #2721 )
...
We don't strictly require 3.9 yet but likely should soon as the
container annotation features are nice.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-10-25 13:30:03 +03:00
dependabot[bot]
bb127ec6ca
build(deps): bump theupdateframework/tuf-conformance ( #2727 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](f4acd16d0e...ad0e8bef1a
2024-10-22 10:30:01 +03:00
Jussi Kukkonen
e30838428e
README: Update badges
...
* Add a badge for conformance
* Shorten the name of the workflow (since that ends up in the badge)
* Tweak badge alt names to be more useful
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-10-17 16:42:27 +03:00
dependabot[bot]
aa1fb97722
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.4.1 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](604373da63...b4b15b8c7c
2024-10-14 21:03:11 +00:00
dependabot[bot]
192a349c1b
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/checkout` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](d632683dd7...eef61447b9https://github.com/actions/upload-artifact/releases )
- [Commits](50769540e7...604373da63https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](897895f1e1...f7600683ef
2024-10-07 21:33:01 +00:00
dependabot[bot]
4fbcfa0e2c
build(deps): bump theupdateframework/tuf-conformance ( #2711 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 1.1.0 to 2.0.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](d8ab40ba95...f4acd16d0e
2024-10-01 11:06:57 +03:00
dependabot[bot]
4ec49e23f7
build(deps): bump actions/checkout in the action-dependencies group ( #2710 )
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.7 to 4.2.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7
2024-10-01 11:00:12 +03:00
dependabot[bot]
d77ab75a4e
build(deps): bump pypa/gh-action-pypi-publish ( #2706 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.10.1 to 1.10.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](0ab0b79471...897895f1e1
2024-09-30 16:24:52 +03:00
dependabot[bot]
5971b09ac2
build(deps): bump theupdateframework/tuf-conformance ( #2704 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 1.0.0 to 1.1.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](5ae68349ec...d8ab40ba95
2024-09-17 13:04:14 +03:00
Jussi Kukkonen
8b2578274e
Merge pull request #2684 from jku/update-tuf-conformance-to-1.0
...
Update tuf conformance to 1.0
2024-09-17 12:46:08 +03:00
Jussi Kukkonen
9b2a931c78
Update permissions
...
This does not really change the default much but it's a decent practice
and makes the SSF Scorecard look better.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-09-12 12:58:12 +03:00
dependabot[bot]
26bcacf1d7
build(deps): bump pypa/gh-action-pypi-publish ( #2696 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.10.0 to 1.10.1
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](8a08d61689...0ab0b79471
2024-09-10 10:12:31 +03:00
dependabot[bot]
dc004e7d2b
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/setup-python` from 5.1.1 to 5.2.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](39cd14951b...f677139bbehttps://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](ec4db0b4dd...8a08d61689
2024-09-02 21:33:56 +00:00
dependabot[bot]
7a47f23872
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.3.5 to 4.3.6
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9
2024-08-12 21:52:40 +00:00
Jussi Kukkonen
3a429984bd
workflows: Enable tuf-conformance for PRs
...
tuf-conformance workflow now pins a release tag so we can enable this
on PRs.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-08-08 15:50:14 +03:00
Jussi Kukkonen
ce560215bf
Update tuf-conformance action to 1.0
...
Also update the client-under-test script
(this is a direct copy from tuf-conformance).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-08-08 15:48:13 +03:00
dependabot[bot]
e74205280d
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.3.4 to 4.3.5
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8
2024-08-05 21:51:28 +00:00
dependabot[bot]
ad69f71181
build(deps): bump ossf/scorecard-action in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7ed
2024-07-29 21:04:16 +00:00
dependabot[bot]
ab6dbf790b
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 5.1.0 to 5.1.1
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](82c7e631bb...39cd14951b
2024-07-15 21:42:17 +00:00
Jussi Kukkonen
40f72b1f14
workflows: Change conformance workflow name
...
Otherwise you can't tell them apart in the UI...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-11 18:41:32 +03:00
Jussi Kukkonen
b14452dac6
workflows: Tweak conformance step name
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-11 18:26:58 +03:00
Jussi Kukkonen
0b85ed570d
Add a conformance test workflow
...
* The conformance test suite is likely to still change quite a bit so
the workflow is not enabled on PRs yet
* The actual conformance client is copied from the tuf-conformance project
* This is mostly a test to see how things should work out, and a
demonstration of how the tuf-conformance project should be used
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-10 16:15:36 +03:00
dependabot[bot]
970dd075f1
build(deps): bump the action-dependencies group with 2 updates ( #2666 )
...
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 09:21:13 +03:00
dependabot[bot]
31e8eeb3f6
build(deps): bump the action-dependencies group with 2 updates ( #2660 )
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](81e9d935c8...ec4db0b4dd
2024-06-18 10:56:02 +03:00
