Commit graph

5657 commits

Author SHA1 Message Date
Jussi Kukkonen
c5dafe96e5
Merge pull request #2336 from theupdateframework/dependabot/pip/coverage-7.2.2
build(deps): bump coverage from 7.2.1 to 7.2.2
2023-03-20 10:20:30 +02:00
dependabot[bot]
f2ca2d66f9
build(deps): bump coverage from 7.2.1 to 7.2.2
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.1 to 7.2.2.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.1...7.2.2)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-17 10:57:37 +00:00
Lukas Pühringer
2145b67234
Merge pull request #2321 from jku/repository-annotations
Repository annotations
2023-03-16 12:43:30 +01:00
Lukas Pühringer
9d09c427c7
Merge pull request #2332 from theupdateframework/dependabot/pip/securesystemslib-cryptopynacl--0.27.0
build(deps): bump securesystemslib[crypto,pynacl] from 0.26.0 to 0.27.0
2023-03-15 13:15:17 +01:00
Lukas Pühringer
6df1146092
Merge pull request #2330 from theupdateframework/dependabot/github_actions/pypa/gh-action-pypi-publish-1.7.1
build(deps): bump pypa/gh-action-pypi-publish from 1.6.4 to 1.7.1
2023-03-15 13:10:08 +01:00
dependabot[bot]
0a3291d8b4
build(deps): bump securesystemslib[crypto,pynacl] from 0.26.0 to 0.27.0
Bumps [securesystemslib[crypto,pynacl]](https://github.com/secure-systems-lab/securesystemslib) from 0.26.0 to 0.27.0.
- [Release notes](https://github.com/secure-systems-lab/securesystemslib/releases)
- [Changelog](https://github.com/secure-systems-lab/securesystemslib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/secure-systems-lab/securesystemslib/compare/v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: securesystemslib[crypto,pynacl]
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-15 12:09:44 +00:00
Lukas Pühringer
f84e6e4aba
Merge pull request #2329 from theupdateframework/dependabot/pip/urllib3-1.26.15
build(deps): bump urllib3 from 1.26.14 to 1.26.15
2023-03-15 13:08:52 +01:00
Lukas Pühringer
5ce13d5ef2
Merge pull request #2328 from theupdateframework/dependabot/pip/bandit-1.7.5
build(deps): bump bandit from 1.7.4 to 1.7.5
2023-03-15 13:07:45 +01:00
Lukas Pühringer
78121565c3
Merge pull request #2327 from theupdateframework/dependabot/pip/pylint-2.17.0
build(deps): bump pylint from 2.16.4 to 2.17.0
2023-03-15 13:07:21 +01:00
Jussi Kukkonen
0c6a72e1e4
Merge pull request #2331 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.6
build(deps): bump github/codeql-action from 2.2.5 to 2.2.6
2023-03-13 17:44:53 +02:00
dependabot[bot]
8890b087cd
build(deps): bump github/codeql-action from 2.2.5 to 2.2.6
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.5 to 2.2.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](32dc499307...16964e90ba)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 11:01:00 +00:00
dependabot[bot]
a65568bfef
build(deps): bump pypa/gh-action-pypi-publish from 1.6.4 to 1.7.1
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.6.4 to 1.7.1.
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](c7f29f7ade...22b4d1f125)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 11:00:55 +00:00
dependabot[bot]
65877635e5
build(deps): bump urllib3 from 1.26.14 to 1.26.15
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.14 to 1.26.15.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/1.26.14...1.26.15)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-13 10:57:59 +00:00
dependabot[bot]
9a8c3027ea
build(deps): bump bandit from 1.7.4 to 1.7.5
Bumps [bandit](https://github.com/PyCQA/bandit) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/PyCQA/bandit/releases)
- [Commits](https://github.com/PyCQA/bandit/compare/1.7.4...1.7.5)

---
updated-dependencies:
- dependency-name: bandit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-10 10:57:38 +00:00
dependabot[bot]
b2b72fb4cf
build(deps): bump pylint from 2.16.4 to 2.17.0
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.16.4 to 2.17.0.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.16.4...v2.17.0)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-09 10:57:33 +00:00
Jussi Kukkonen
40c0e40691
Merge pull request #2322 from theupdateframework/dependabot/pip/charset-normalizer-3.1.0
build(deps): bump charset-normalizer from 3.0.1 to 3.1.0
2023-03-08 14:57:24 +02:00
Jussi Kukkonen
ba949d950f examples: Keep mypy happy
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
122c522137 repository: Use new annotated properties in do_*()
This gives us working annotations in do_timestamp() and do_snapshot().

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
75ca67ef44 repository: Add default arg for targets() and edit_targets()
The default value "targets" makes sense because now the top-level
metadata can be accessed in a standard way:
  root(), timestamp(), snapshot() and targets()
and likewise for the edit_X() functions

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
79eb91d278 Add getter functions for Signed objects
These are equivalent to the edit_X() context managers but for cases
where user is not interested in creating a new version of the metadata.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
c3411dc59e repository: Rename snapshot()/timestamp()
New names:
  do_snapshot()
  do_timestamp()
This is in preparation of using the old names for another purpose.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
0262a8ac49 repository: Add typed edit_*() contextmanagers
The advantage here is that code within the context can take advantage
of the correct typing. This is already visible in the example code but
is even more useful in real applications.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-08 10:27:43 +02:00
Jussi Kukkonen
29b14905ba
Merge pull request #2323 from theupdateframework/dependabot/pip/pylint-2.16.4
build(deps): bump pylint from 2.16.3 to 2.16.4
2023-03-08 10:26:45 +02:00
dependabot[bot]
2e2b55a593
build(deps): bump pylint from 2.16.3 to 2.16.4
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.16.3 to 2.16.4.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.16.3...v2.16.4)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-08 08:20:24 +00:00
Jussi Kukkonen
96a147422e
Merge pull request #2324 from theupdateframework/dependabot/pip/mypy-1.1.1
build(deps): bump mypy from 1.0.1 to 1.1.1
2023-03-08 10:19:46 +02:00
dependabot[bot]
07822fb63e
build(deps): bump mypy from 1.0.1 to 1.1.1
Bumps [mypy](https://github.com/python/mypy) from 1.0.1 to 1.1.1.
- [Release notes](https://github.com/python/mypy/releases)
- [Commits](https://github.com/python/mypy/compare/v1.0.1...v1.1.1)

---
updated-dependencies:
- dependency-name: mypy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-07 10:57:49 +00:00
dependabot[bot]
48f9dd587c
build(deps): bump charset-normalizer from 3.0.1 to 3.1.0
Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.0.1 to 3.1.0.
- [Release notes](https://github.com/Ousret/charset_normalizer/releases)
- [Changelog](https://github.com/Ousret/charset_normalizer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/Ousret/charset_normalizer/compare/3.0.1...3.1.0)

---
updated-dependencies:
- dependency-name: charset-normalizer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-06 10:58:00 +00:00
Lukas Pühringer
d1597d74da
Merge pull request #2317 from shabeebk/issue-1248-2
Moved lint to seperate job. Some refactor as well.
2023-03-06 11:26:56 +01:00
Lukas Pühringer
90c9cef9ae
Merge pull request #2320 from theupdateframework/jku-readme-repo
README: Update repository mention
2023-03-06 10:42:09 +01:00
Jussi Kukkonen
203b471895 README: Update repository mention
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2023-03-06 11:34:52 +02:00
Jussi Kukkonen
8b3ae17d8b
Merge pull request #2318 from theupdateframework/dependabot/pip/cryptography-39.0.2
build(deps): bump cryptography from 39.0.1 to 39.0.2
2023-03-04 22:24:02 +02:00
Jussi Kukkonen
0099ae99b6
Merge pull request #2319 from theupdateframework/dependabot/pip/pylint-2.16.3
build(deps): bump pylint from 2.16.2 to 2.16.3
2023-03-04 22:23:24 +02:00
Shabeeb Khalid
b618394c5b
Removed unwanted variable from matrix
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:33:20 -08:00
Shabeeb Khalid
f06fa9d015
Removed unwanted variable from matrix
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:33:10 -08:00
Shabeeb Khalid
ccaa98a643
Refactor
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:31:57 -08:00
Shabeeb Khalid
ce14451bdc
Pass tox environment via command line
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:30:36 -08:00
Shabeeb Khalid
55c8fe0c9d
Removed unwanted env variable
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:30:02 -08:00
Shabeeb Khalid
95226edacb
Revert comment
Co-authored-by: Lukas Pühringer <luk.puehringer@gmail.com>
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 10:29:12 -08:00
dependabot[bot]
49d46b9bd9
build(deps): bump pylint from 2.16.2 to 2.16.3
Bumps [pylint](https://github.com/PyCQA/pylint) from 2.16.2 to 2.16.3.
- [Release notes](https://github.com/PyCQA/pylint/releases)
- [Commits](https://github.com/PyCQA/pylint/compare/v2.16.2...v2.16.3)

---
updated-dependencies:
- dependency-name: pylint
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-03 10:59:44 +00:00
dependabot[bot]
e53dcab0f6
build(deps): bump cryptography from 39.0.1 to 39.0.2
Bumps [cryptography](https://github.com/pyca/cryptography) from 39.0.1 to 39.0.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/39.0.1...39.0.2)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-03 10:16:34 +00:00
Lukas Pühringer
dc7216c4d0
Merge pull request #2303 from jku/upgrade-hatchling
build: Upgrade hatchling to latest release
2023-03-03 09:49:42 +01:00
Shabeeb Khalid
2329e33c9c
Fix: exporting the correct toxenv in lint job
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-03 00:47:08 -08:00
Shabeeb Khalid
482802d030
Moved lint to seperate job. Some refactor as well.
Signed-off-by: Shabeeb Khalid <convey2shabeeb@gmail.com>
2023-03-02 11:02:02 -08:00
Lukas Pühringer
de5e8377f7
Merge pull request #2315 from lukpueh/adopt-sslib-branch-rename
Adopt securesystemslib branch rename master-> main
2023-03-02 11:27:04 +01:00
Lukas Puehringer
951ce045cd Adopt securesystemslib branch rename master-> main
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2023-03-02 09:35:14 +01:00
Jussi Kukkonen
dbce03c60d
Merge pull request #2313 from theupdateframework/dependabot/pip/coverage-7.2.1
build(deps): bump coverage from 7.2.0 to 7.2.1
2023-03-01 11:34:08 +02:00
Jussi Kukkonen
682824a0f9
Merge pull request #2314 from theupdateframework/dependabot/github_actions/github/codeql-action-2.2.5
build(deps): bump github/codeql-action from 2.2.4 to 2.2.5
2023-02-27 19:32:32 +02:00
dependabot[bot]
3fd56facb0
build(deps): bump github/codeql-action from 2.2.4 to 2.2.5
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.4 to 2.2.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](17573ee1cc...32dc499307)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 11:02:26 +00:00
dependabot[bot]
b240528686
build(deps): bump coverage from 7.2.0 to 7.2.1
Bumps [coverage](https://github.com/nedbat/coveragepy) from 7.2.0 to 7.2.1.
- [Release notes](https://github.com/nedbat/coveragepy/releases)
- [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst)
- [Commits](https://github.com/nedbat/coveragepy/compare/7.2.0...7.2.1)

---
updated-dependencies:
- dependency-name: coverage
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-02-27 10:58:27 +00:00
Jussi Kukkonen
8969c3d234
Merge pull request #2310 from jku/tweak-repository
repository: Make snapshot/timetamp helpers non-abstract
2023-02-27 10:56:47 +02:00