Add optional task to maintainer permission review reminder
checklist that suggests to also update the list of significant
contributors in README.md#acknowledgements.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The big change is runtime update from nodejs 12 to nodejs 16: does not
seem to affect us.
Dependabot got confused so this update is done manually to v6.0.0
release commit:
https://github.com/actions/github-script/releases/tag/v6.0.0
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This allows us to control when our workflows change.
Dependabot should now open PRs when the actions update.
This still leaves the actual OS image as a variable but Github does not
support pinning that: we'd have to start using our own containers (and
installing our own pythons, etc) to do that -- not worth the trouble.
Fixes#1826
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This reverts commit 55d6cb47da.
According to changelog setup-python v2.3.2 should include a workaround
for the issue.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This is easy to forget:
* there are multiple different critical services
* some permissions are not visible to everyone
but review is important as every maintainer account increases attack surface.
So let's remind ourselves once a year.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
This commit adds to the CI an automatic check for the TUF
specification version and compares it with the python-tuf metadata
API version.
If the version does not match and there is not a issue already open,
a new issue is opened.
Closes#1598
Signed-off-by: Kairo de Araujo <kdearaujo@vmware.com>
actions/setup-python now supports pip cache: use that instead of
handling cache locations manually.
Cache invalidates when any requirements file changes (same as before):
this is a bit over cautious but probably harder to break.
Fixes#1692
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
* current workflow only needs to read git content
* if the workflow in the future does need write access, it's good to
see permissions explicitly changing
For context: "pull_request" runs never have write access anyway, so this
significantly changes only the "push" runs that happen when branches are
merged to develop.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Python 3.10 is released on October 4-th 2021 and it seems
logical to add support for it as it doesn't require any major effort
from the project.
For reference read:
https://www.python.org/downloads/release/python-3100/
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
We already do not require individual build uploads to succeed: let's
also not require the final step to succeed.
The immediate context for this is that coveralls has been down for
three days now.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
pylint 2.7 supports Python 3.9. This issue might reappear with next
Python release but let's deal with that if it happens.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Currently the github UI dropdown for checks looks useless since
checks are named "Run TUF tests and...".
Tweak the workflow and job names to hopefully fit the actual
step name in the UI.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
Updated/removed documented commands and comments which were referencing Python2. Also updated links to documentation referencing Python2 docs (unchanged where needed)
Signed-off-by: Samuel Gregorovic <samuelgregorovic@gmail.com>
Signed-off-by: samuelgregorovic <samuelgregorovic@gmail.com>
A failure during publishing of the coverage results
on coveralls should not fail the whole build job.
Allow the step to fail.
Signed-off-by: Teodora Sechkova <tsechkova@vmware.com>
- Drop Python 2.7 from GitHub Actions workflows. Note: There is likely
additional cleanup that can be done to the workflow now we no longer
care about supporting Python 2.7.
- No longer tell dependabot to ignore idna updates.
Signed-off-by: Joshua Lock <jlock@vmware.com>
Dependabot pushes to main repository and ends up triggering two builds
every time (one for PR, one for push): limit the rule for build-on-push
to apply to develop branch only.
If release branches are used later on they should be added to list here.
Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
A recent commit reinstates publishing of coverage data to
coveralls.io. This commit re-adds the corresponding badge which
was temporarily removed in #1242.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Prior to this commit our GitHub workflow would set up one Python
version only for each build, which means that the commands to run
the tests and publish coverage (tox and coveralls) were run with
the same Python version as tox runs the tests in.
Given that the coveralls CLI tool dropped py2 a couple of releases
ago, this commit sets up an additional service py3 to run coveralls
(and tox) on when building for py2.
To prevent tox from using the wrong Python version to run the tests
on, this commit changes the toxenv value from the generic 'py'
(uses default python on path) to 'py27'.
For convenience and readability we use the environment variable
TOXENV instead of the tox -e option.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Configure workflow to run all tox environments, where each 'py' env
runs on linux, macos and windows, and sslib master and lint builds
run only Linux/Python3.x only.
The workflow also configures pip caching.
TODO: Adopt publishing of coverage (coveralls) and license (fossa)
data from .travis.yml.
Co-authored-by: Jussi Kukkonen <jkukkonen@vmware.com>
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
