Commit graph

6153 commits

Author SHA1 Message Date
Jussi Kukkonen
dbaf325390
Merge pull request #2622 from theupdateframework/dependabot/github_actions/action-dependencies-e8df6e148d
build(deps): bump actions/checkout from 4.1.4 to 4.1.5 in the action-dependencies group
2024-05-07 11:36:01 +03:00
Jussi Kukkonen
eb97939e94
Merge pull request #2623 from theupdateframework/dependabot/pip/dependencies-8be74a356d
build(deps): bump cryptography from 42.0.5 to 42.0.7 in the dependencies group
2024-05-07 11:31:42 +03:00
dependabot[bot]
baea7fa1bd
build(deps): bump cryptography in the dependencies group
Bumps the dependencies group with 1 update: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 42.0.5 to 42.0.7
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/42.0.5...42.0.7)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-06 21:57:16 +00:00
dependabot[bot]
dd9bf7410a
build(deps): bump actions/checkout in the action-dependencies group
Bumps the action-dependencies group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](0ad4b8fada...44c2b7a8a4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-06 21:50:18 +00:00
Lukas Pühringer
4a26a0c49c
Merge pull request #2617 from jku/sslib-main
WIP: Update to new securesystemslib API
2024-05-03 11:23:06 +02:00
Lukas Puehringer
3e549793e4 Remove SSlibSigner mention in docstring
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2024-05-03 11:18:27 +02:00
Jussi Kukkonen
a7b832b88f Use securesystemslib 1.0.0
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-05-02 14:05:41 +03:00
Lukas Pühringer
878829bde6
Merge pull request #2621 from theupdateframework/dependabot/github_actions/action-dependencies-434113e9b9
build(deps): bump the action-dependencies group with 2 updates
2024-04-30 09:15:35 +02:00
dependabot[bot]
8607c56000
build(deps): bump the action-dependencies group with 2 updates
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/checkout` from 4.1.3 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](1d96c772d1...0ad4b8fada)

Updates `actions/download-artifact` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](9c19ed7fe5...65a9edc588)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-29 21:42:06 +00:00
Jussi Kukkonen
3d1b16cdfa examples: Use Cryptosigner.private_bytes
private_bytes was just added to CryptoSigner, use it.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 14:44:18 +03:00
Jussi Kukkonen
38f309bbbf WIP: Update to new securesystemslib API
* API changes covered:
  * keys and interface modules removed
  * SSlibSigner removed
  * CryptoSigner added: this replaces the removed functionality
  * DSSE "signatures" container type changed
* Currently pins a securesystemslib main branch commit:
  this shoudl be reverted before merging, when securesystemslib
  has made a release
* tests/generated_data/generate_md.py was simplified
* Encrypted test keys in tests/repository_data/keystore were replaced
  with the unencrypted PEM versions of the same keys
* The public test keys in tests/repository_data/keystore were removed
  as they were not used anymore

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 14:27:54 +03:00
Lukas Pühringer
970ddf9df0
Merge pull request #2602 from jku/awk-magic-changelog
workflows: Add awk magic to GH changelog generation
2024-04-25 10:22:10 +02:00
Jussi Kukkonen
f50693c625 workflows: Add awk magic to GH changelog generation
* Create a changelog file with awk
* Add both "dist" and "changelog" to artifact
* This changes the artifact handling: Now the dist
  directory is inside the artifact (instead of the contents
  of the directory being in the directory): this means the
  default path now works for `download-artifact`
* Dump changelog into the release body

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-25 10:40:47 +03:00
Lukas Pühringer
411505d4b7
Merge pull request #2619 from jku/only-test-old-python-on-linux
workflows: Only test old Pythons on linux
2024-04-25 09:28:25 +02:00
Jussi Kukkonen
5f854b6440 workflows: Only test old Pythons on linux
* This fixes current CI (new mac runners do not have old pythons)
* This is also sensible: running the complete matrix seems wasteful

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-24 20:57:49 +03:00
Jussi Kukkonen
ffc1c3f41f
Merge pull request #2614 from theupdateframework/dependabot/github_actions/action-dependencies-fbc4b1338b
build(deps): bump the action-dependencies group with 3 updates
2024-04-23 10:59:17 +03:00
Jussi Kukkonen
8cfb484a23
Merge pull request #2615 from theupdateframework/dependabot/pip/build-and-release-dependencies-cdb6e24264
build(deps): bump hatchling from 1.23.0 to 1.24.2 in the build-and-release-dependencies group
2024-04-23 10:58:22 +03:00
Jussi Kukkonen
c12c4300e2
Merge pull request #2616 from theupdateframework/dependabot/pip/test-and-lint-dependencies-79885ab03b
build(deps): bump ruff from 0.3.7 to 0.4.1 in the test-and-lint-dependencies group
2024-04-23 10:57:55 +03:00
dependabot[bot]
46e9ccae99
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.3.7 to 0.4.1
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.7...v0.4.1)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-22 21:46:15 +00:00
dependabot[bot]
3a2c7b413a
build(deps): bump hatchling in the build-and-release-dependencies group
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch).


Updates `hatchling` from 1.23.0 to 1.24.2
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.23.0...hatchling-v1.24.2)

---
updated-dependencies:
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-22 21:44:58 +00:00
dependabot[bot]
0e5833afb8
build(deps): bump the action-dependencies group with 3 updates
Bumps the action-dependencies group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact).


Updates `actions/checkout` from 4.1.2 to 4.1.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](9bb56186c3...1d96c772d1)

Updates `actions/upload-artifact` from 4.3.1 to 4.3.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](5d5d22a312...65462800fd)

Updates `actions/download-artifact` from 4.1.4 to 4.1.6
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](c850b930e6...9c19ed7fe5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-22 21:40:01 +00:00
Jussi Kukkonen
f165c76fc2
Merge pull request #2613 from NicholasTanz/enableRulesets
Enable rulesets (BLE and RUF)
2024-04-22 16:19:55 +03:00
Jussi Kukkonen
9db9277849
Merge pull request #2610 from jku/simplify-tests
workflows: Simplify testing
2024-04-22 15:09:44 +03:00
Jussi Kukkonen
74882c52ec
Merge pull request #2612 from jku/support-app-user-agent
Support app-specific user-agents
2024-04-22 15:08:08 +03:00
Jussi Kukkonen
fb581453ab tests: Add a test for custom application user agent
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-22 14:54:43 +03:00
E3E
52601e2bd8 add RUF and BLE rulesets; ignore some broad exceptions (BLE001) and RUF012
Signed-off-by: E3E <ntanzill@purdue.edu>
2024-04-21 01:37:40 -04:00
Jussi Kukkonen
fe2068697c Support app-specific user-agents
* application user-agent can be set with UpdaterConfig object
* Setting will affect the default fetcher only
* the application user-agent will be prefixed to the ngclient
  default user-agent

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-19 17:55:29 +03:00
Jussi Kukkonen
7d57ab65d2 workflows: Simplify testing
* Don't try to handle sslib main test within the matrix
* Put it in a separate workflow
* Include the new workflow in CI but not in CD
* Bonus: Make cache-dependency-path more complete

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-16 10:32:08 +03:00
Jussi Kukkonen
c6256875f0
Merge pull request #2608 from theupdateframework/dependabot/pip/test-and-lint-dependencies-b976d329b1
build(deps): bump ruff from 0.3.5 to 0.3.7 in the test-and-lint-dependencies group
2024-04-16 09:29:08 +03:00
Jussi Kukkonen
67e00ce176
Merge pull request #2609 from theupdateframework/dependabot/pip/dependencies-a98e789dc2
build(deps): bump idna from 3.6 to 3.7 in the dependencies group
2024-04-16 09:28:07 +03:00
Jussi Kukkonen
22a6ce578f
Merge pull request #2607 from theupdateframework/dependabot/pip/build-and-release-dependencies-6c3538640a
build(deps): bump hatchling from 1.22.4 to 1.23.0 in the build-and-release-dependencies group
2024-04-16 09:26:15 +03:00
dependabot[bot]
c4404776e9
build(deps): bump idna from 3.6 to 3.7 in the dependencies group
Bumps the dependencies group with 1 update: [idna](https://github.com/kjd/idna).


Updates `idna` from 3.6 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](https://github.com/kjd/idna/compare/v3.6...v3.7)

---
updated-dependencies:
- dependency-name: idna
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:21:22 +00:00
dependabot[bot]
0321caae3d
build(deps): bump ruff in the test-and-lint-dependencies group
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.3.5 to 0.3.7
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.5...v0.3.7)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:20:07 +00:00
dependabot[bot]
c248dd9fbe
build(deps): bump hatchling in the build-and-release-dependencies group
Bumps the build-and-release-dependencies group with 1 update: [hatchling](https://github.com/pypa/hatch).


Updates `hatchling` from 1.22.4 to 1.23.0
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.22.4...hatchling-v1.23.0)

---
updated-dependencies:
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-15 21:19:42 +00:00
Lukas Pühringer
f1f1ed3bc7
Merge pull request #2606 from jku/drop-persist-temp-file
Metadata API: Stop using a deprecated method
2024-04-15 15:51:52 +02:00
Jussi Kukkonen
3605eaf2fb Metadata API: Stop using a deprecated method
persist_temp_file() is deprecated, and seemingly not very useful.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-12 22:41:12 +03:00
Jussi Kukkonen
2d6fc743a4
Merge pull request #2601 from jku/release-v4
Release v4.0.0
2024-04-04 11:27:12 +03:00
Jussi Kukkonen
928702a8ac Release v4.0.0
This is a major bump only because of Metadata API, ngclient is
compatible with 3.x.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-04 10:25:18 +03:00
Lukas Pühringer
892c789374
Merge pull request #2600 from lukpueh/set-max-sslib-version
Constrain securesystemslib dependency to <0.32.0
2024-04-03 18:42:38 +02:00
Lukas Puehringer
bc3ebd8e1e Constrain securesystemslib dependency to <0.32.0
There are several breaking changes coming up in securesystemslib on its
way to 1.0.

To not disrupt tuf users this patch constrains securesystemslib to not
update the current minor version..

Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2024-04-03 17:46:57 +02:00
Jussi Kukkonen
5947bd0155
Merge pull request #2594 from theupdateframework/dependabot/pip/build-and-release-dependencies-0bd4b864f7
build(deps): bump the build-and-release-dependencies group with 2 updates
2024-04-02 12:01:15 +03:00
Jussi Kukkonen
afa46195d3
Merge pull request #2596 from theupdateframework/dependabot/github_actions/action-dependencies-77fe302159
build(deps): bump the action-dependencies group with 2 updates
2024-04-02 11:44:18 +03:00
Jussi Kukkonen
7c5cae36cb
Merge pull request #2595 from theupdateframework/dependabot/pip/test-and-lint-dependencies-87f5007267
build(deps): bump the test-and-lint-dependencies group with 1 update
2024-04-02 11:43:44 +03:00
Jussi Kukkonen
ad2c98aeec
Merge pull request #2593 from theupdateframework/dependabot/pip/dependencies-f63015d7f8
build(deps): bump the dependencies group with 1 update
2024-04-02 11:42:38 +03:00
dependabot[bot]
6cd2d22ad2
build(deps): bump the dependencies group with 1 update
Bumps the dependencies group with 1 update: [pycparser](https://github.com/eliben/pycparser).


Updates `pycparser` from 2.21 to 2.22
- [Release notes](https://github.com/eliben/pycparser/releases)
- [Changelog](https://github.com/eliben/pycparser/blob/main/CHANGES)
- [Commits](https://github.com/eliben/pycparser/compare/release_v2.21...release_v2.22)

---
updated-dependencies:
- dependency-name: pycparser
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:09:47 +00:00
dependabot[bot]
9f4906bbd1
build(deps): bump the test-and-lint-dependencies group with 1 update
Bumps the test-and-lint-dependencies group with 1 update: [ruff](https://github.com/astral-sh/ruff).


Updates `ruff` from 0.3.3 to 0.3.5
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.3.3...v0.3.5)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: test-and-lint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:08:30 +00:00
Jussi Kukkonen
26e6a956f8
Merge pull request #2592 from jku/even-more-rulesets
lint: Enable more ruff rulesets
2024-04-02 11:06:08 +03:00
Jussi Kukkonen
009e1ddbf4 lint: Enable more ruff ulesets
Minor fixes were needed, the only possibly interesting one is
the one in RequestsFetcher (use "yield from").

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
2024-04-02 11:02:48 +03:00
dependabot[bot]
38aeadfe1a
build(deps): bump the build-and-release-dependencies group with 2 updates
Bumps the build-and-release-dependencies group with 2 updates: [build](https://github.com/pypa/build) and [hatchling](https://github.com/pypa/hatch).


Updates `build` from 1.1.1 to 1.2.1
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pypa/build/compare/1.1.1...1.2.1)

Updates `hatchling` from 1.22.2 to 1.22.4
- [Release notes](https://github.com/pypa/hatch/releases)
- [Commits](https://github.com/pypa/hatch/compare/hatchling-v1.22.2...hatchling-v1.22.4)

---
updated-dependencies:
- dependency-name: build
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: build-and-release-dependencies
- dependency-name: hatchling
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: build-and-release-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:02:39 +00:00
dependabot[bot]
feaaeab865
build(deps): bump the action-dependencies group with 2 updates
Bumps the action-dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [actions/setup-python](https://github.com/actions/setup-python).


Updates `actions/checkout` from 4.1.1 to 4.1.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](b4ffde65f4...9bb56186c3)

Updates `actions/setup-python` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](0a5c615913...82c7e631bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: action-dependencies
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-04-02 08:02:13 +00:00