Jussi Kukkonen
4e889e7212
dev env: Stop installing tuf as "editable"
...
This was likely only necessary because the test suite required it:
Now tuf does not get installed at all by tox (or by dev install)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
Jussi Kukkonen
31bb232ca3
tests: Remove various unneeded coverage workarounds
...
Tests now run from root dir so various coverage complications
can be removed.
Also remove the duplicate .coveragerc and rely on pyproject.toml
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-12-11 10:11:55 +02:00
dependabot[bot]
69222b2e06
build(deps): bump pypa/gh-action-pypi-publish ( #2748 )
2024-12-10 09:04:42 +02:00
dependabot[bot]
acffdc030e
build(deps): bump theupdateframework/tuf-conformance
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 2.1.0 to 2.2.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](ad0e8bef1a...dee4e23533
2024-11-29 14:16:48 +00:00
dependabot[bot]
e62ac28946
build(deps): bump pypa/gh-action-pypi-publish
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.11.0 to 1.12.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](fb13cb3069...15c56dba36
2024-11-11 21:50:44 +00:00
dependabot[bot]
1346e52373
build(deps): bump pypa/gh-action-pypi-publish ( #2732 )
2024-11-05 00:26:58 +02:00
dependabot[bot]
42c3b2d919
build(deps): bump the action-dependencies group with 2 updates ( #2729 )
2024-10-29 08:50:53 +02:00
Jussi Kukkonen
bd18823b13
Python upgrade: Stop testing 3.8, start testing 3.13 ( #2721 )
...
We don't strictly require 3.9 yet but likely should soon as the
container annotation features are nice.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-10-25 13:30:03 +03:00
dependabot[bot]
bb127ec6ca
build(deps): bump theupdateframework/tuf-conformance ( #2727 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](f4acd16d0e...ad0e8bef1a
2024-10-22 10:30:01 +03:00
Jussi Kukkonen
e30838428e
README: Update badges
...
* Add a badge for conformance
* Shorten the name of the workflow (since that ends up in the badge)
* Tweak badge alt names to be more useful
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-10-17 16:42:27 +03:00
dependabot[bot]
aa1fb97722
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.4.1 to 4.4.3
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](604373da63...b4b15b8c7c
2024-10-14 21:03:11 +00:00
dependabot[bot]
192a349c1b
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/checkout` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](d632683dd7...eef61447b9https://github.com/actions/upload-artifact/releases )
- [Commits](50769540e7...604373da63https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](897895f1e1...f7600683ef
2024-10-07 21:33:01 +00:00
dependabot[bot]
4fbcfa0e2c
build(deps): bump theupdateframework/tuf-conformance ( #2711 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 1.1.0 to 2.0.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](d8ab40ba95...f4acd16d0e
2024-10-01 11:06:57 +03:00
dependabot[bot]
4ec49e23f7
build(deps): bump actions/checkout in the action-dependencies group ( #2710 )
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.7 to 4.2.0
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7
2024-10-01 11:00:12 +03:00
dependabot[bot]
d77ab75a4e
build(deps): bump pypa/gh-action-pypi-publish ( #2706 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.10.1 to 1.10.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](0ab0b79471...897895f1e1
2024-09-30 16:24:52 +03:00
dependabot[bot]
5971b09ac2
build(deps): bump theupdateframework/tuf-conformance ( #2704 )
...
Bumps the action-dependencies group with 1 update: [theupdateframework/tuf-conformance](https://github.com/theupdateframework/tuf-conformance ).
Updates `theupdateframework/tuf-conformance` from 1.0.0 to 1.1.0
- [Release notes](https://github.com/theupdateframework/tuf-conformance/releases )
- [Commits](5ae68349ec...d8ab40ba95
2024-09-17 13:04:14 +03:00
Jussi Kukkonen
8b2578274e
Merge pull request #2684 from jku/update-tuf-conformance-to-1.0
...
Update tuf conformance to 1.0
2024-09-17 12:46:08 +03:00
Jussi Kukkonen
9b2a931c78
Update permissions
...
This does not really change the default much but it's a decent practice
and makes the SSF Scorecard look better.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-09-12 12:58:12 +03:00
dependabot[bot]
26bcacf1d7
build(deps): bump pypa/gh-action-pypi-publish ( #2696 )
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.10.0 to 1.10.1
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](8a08d61689...0ab0b79471
2024-09-10 10:12:31 +03:00
dependabot[bot]
dc004e7d2b
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/setup-python` from 5.1.1 to 5.2.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](39cd14951b...f677139bbehttps://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](ec4db0b4dd...8a08d61689
2024-09-02 21:33:56 +00:00
dependabot[bot]
7a47f23872
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.3.5 to 4.3.6
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9
2024-08-12 21:52:40 +00:00
Jussi Kukkonen
3a429984bd
workflows: Enable tuf-conformance for PRs
...
tuf-conformance workflow now pins a release tag so we can enable this
on PRs.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-08-08 15:50:14 +03:00
Jussi Kukkonen
ce560215bf
Update tuf-conformance action to 1.0
...
Also update the client-under-test script
(this is a direct copy from tuf-conformance).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-08-08 15:48:13 +03:00
dependabot[bot]
e74205280d
build(deps): bump actions/upload-artifact
...
Bumps the action-dependencies group with 1 update: [actions/upload-artifact](https://github.com/actions/upload-artifact ).
Updates `actions/upload-artifact` from 4.3.4 to 4.3.5
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8
2024-08-05 21:51:28 +00:00
dependabot[bot]
ad69f71181
build(deps): bump ossf/scorecard-action in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7ed
2024-07-29 21:04:16 +00:00
dependabot[bot]
ab6dbf790b
build(deps): bump actions/setup-python in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 5.1.0 to 5.1.1
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](82c7e631bb...39cd14951b
2024-07-15 21:42:17 +00:00
Jussi Kukkonen
40f72b1f14
workflows: Change conformance workflow name
...
Otherwise you can't tell them apart in the UI...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-11 18:41:32 +03:00
Jussi Kukkonen
b14452dac6
workflows: Tweak conformance step name
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-11 18:26:58 +03:00
Jussi Kukkonen
0b85ed570d
Add a conformance test workflow
...
* The conformance test suite is likely to still change quite a bit so
the workflow is not enabled on PRs yet
* The actual conformance client is copied from the tuf-conformance project
* This is mostly a test to see how things should work out, and a
demonstration of how the tuf-conformance project should be used
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-07-10 16:15:36 +03:00
dependabot[bot]
970dd075f1
build(deps): bump the action-dependencies group with 2 updates ( #2666 )
...
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 09:21:13 +03:00
dependabot[bot]
31e8eeb3f6
build(deps): bump the action-dependencies group with 2 updates ( #2660 )
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](81e9d935c8...ec4db0b4dd
2024-06-18 10:56:02 +03:00
dependabot[bot]
c5c81dd885
---
...
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: action-dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-20 21:18:03 +00:00
dependabot[bot]
02464e9a74
build(deps): bump ossf/scorecard-action in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [ossf/scorecard-action](https://github.com/ossf/scorecard-action ).
Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510
2024-05-13 21:52:50 +00:00
dependabot[bot]
dd9bf7410a
build(deps): bump actions/checkout in the action-dependencies group
...
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout ).
Updates `actions/checkout` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4
2024-05-06 21:50:18 +00:00
dependabot[bot]
8607c56000
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](1d96c772d1...0ad4b8fadahttps://github.com/actions/download-artifact/releases )
- [Commits](9c19ed7fe5...65a9edc588
2024-04-29 21:42:06 +00:00
Jussi Kukkonen
f50693c625
workflows: Add awk magic to GH changelog generation
...
* Create a changelog file with awk
* Add both "dist" and "changelog" to artifact
* This changes the artifact handling: Now the dist
directory is inside the artifact (instead of the contents
of the directory being in the directory): this means the
default path now works for `download-artifact`
* Dump changelog into the release body
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 10:40:47 +03:00
Jussi Kukkonen
5f854b6440
workflows: Only test old Pythons on linux
...
* This fixes current CI (new mac runners do not have old pythons)
* This is also sensible: running the complete matrix seems wasteful
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-24 20:57:49 +03:00
dependabot[bot]
0e5833afb8
build(deps): bump the action-dependencies group with 3 updates
...
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/checkout` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...1d96c772d1https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fdhttps://github.com/actions/download-artifact/releases )
- [Commits](c850b930e6...9c19ed7fe5
2024-04-22 21:40:01 +00:00
Jussi Kukkonen
7d57ab65d2
workflows: Simplify testing
...
* Don't try to handle sslib main test within the matrix
* Put it in a separate workflow
* Include the new workflow in CI but not in CD
* Bonus: Make cache-dependency-path more complete
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-16 10:32:08 +03:00
dependabot[bot]
feaaeab865
build(deps): bump the action-dependencies group with 2 updates
...
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](b4ffde65f4...9bb56186c3https://github.com/actions/setup-python/releases )
- [Commits](0a5c615913...82c7e631bb
2024-04-02 08:02:13 +00:00
dependabot[bot]
87d1778c03
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.8.12 to 1.8.14
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](e53eb8b103...81e9d935c8
2024-03-11 21:41:44 +00:00
dependabot[bot]
20660262a7
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](87c55149d9...c850b930e6
2024-03-04 21:16:03 +00:00
Jussi Kukkonen
f82e0bb88d
docs: Incorporate review suggestions
...
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-29 15:54:18 +02:00
Jussi Kukkonen
143a69ba63
CI: Improve pull request template
...
Trying to make it clearer that
* testing locally is an option
* DCO is required
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-27 16:50:52 +02:00
Jussi Kukkonen
d8a43ac376
Merge pull request #2577 from theupdateframework/dependabot/github_actions/action-dependencies-c371c8bcbb
...
build(deps): bump the action-dependencies group with 1 update
2024-02-27 16:09:22 +02:00
Lukas Pühringer
c93c9ff10e
Merge pull request #2570 from jku/lint-use-github-output-format
...
Lint use GitHub output format
2024-02-27 09:13:38 +01:00
dependabot[bot]
62e7221afe
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish ).
Updates `pypa/gh-action-pypi-publish` from 1.8.11 to 1.8.12
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases )
- [Commits](2f6f737ca5...e53eb8b103
2024-02-27 08:12:31 +00:00
Lukas Pühringer
331863e61d
Merge pull request #2571 from jku/more-lint
...
lint: Start using ruff ruleset "flake8-bandit"
2024-02-27 09:11:40 +01:00
dependabot[bot]
10917d9cc6
build(deps): bump the action-dependencies group with 1 update
...
Bumps the action-dependencies group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact ).
Updates `actions/download-artifact` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](eaceaf801f...87c55149d9
2024-02-26 21:50:43 +00:00
Jussi Kukkonen
009566aa23
lint: Start using ruff ruleset "flake8-bandit"
...
* Remove bandit
* Add ruff ruleset "flake8-bandit"
* verify_release is now checked by bandit
* Avoid some asserts as suggested
* ignore a subprocess.run lint: it seems dumb
* ignore all bandit rules for tests and examples (just like before)
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-02-23 18:27:29 +02:00
