diff --git a/.github/workflows/changie-trigger-release.yml b/.github/workflows/changie-trigger-release.yml new file mode 100644 index 0000000..2fc6e3b --- /dev/null +++ b/.github/workflows/changie-trigger-release.yml @@ -0,0 +1,11 @@ +--- +name: changie-trigger-release +on: + workflow_dispatch: +permissions: + contents: write + pull-requests: write +jobs: + changelog: + uses: delineaxpm/github-workflows/.github/workflows/changie-trigger-release.yml@main + secrets: inherit diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 64f08f0..2f3d247 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,16 +1,9 @@ --- name: lint on: - # Run CI against all pushes (direct commits, also merged PRs), Pull Requests - push: + pull_request: branches: - main - - stable-* - pull_request: - # Run CI once per day (at 06:00 UTC) - # This ensures that even if there haven't been commits that we are still testing against latest version of ansible-test for each ansible-base version - # schedule: - # - cron: '0 6 * * *' workflow_dispatch: permissions: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index de3f901..c1c7642 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,8 +2,8 @@ name: release on: push: - tags: - - "v*" + branches: [main] + paths: [CHANGELOG.md] # your changelog file if different workflow_dispatch: jobs: @@ -12,7 +12,7 @@ jobs: steps: - id: dsv - uses: DelineaXPM/dsv-github-action@v2.0.2 + uses: DelineaXPM/dsv-github-action@2559ec0943aaf9a42b634cfbfef1b689041c4270 # v2.0.3 with: domain: ${{ secrets.DSV_SERVER }} clientId: ${{ secrets.DSV_CLIENT_ID }} @@ -21,13 +21,22 @@ jobs: [ {"secretPath": "ci:publish:pypi", "secretKey": "PYPI_API_TOKEN", "outputVariable": "PYPI_API_TOKEN"} ] - - uses: actions/checkout@v3 - - name: Set up Python - uses: actions/setup-python@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 + - uses: aquaproj/aqua-installer@36dc5833b04eb63f06e3bb818aa6b7a6e6db99a9 # v2.1.2 + continue-on-error: true + with: + aqua_version: v2.10.1 + enable_aqua_install: true + aqua_opts: "--tags release" # if using aqua.yaml config any special items in your repo like Golangci-lint using tags so it only installs what's needed + env: + AQUA_LOG_LEVEL: debug + AQUA_OPTS: "" + - name: setup-python + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5 with: python-version: "3.x" - - name: Install dependencies + - name: python-install-deps run: | python -m pip install --upgrade pip python -m pip install flit @@ -35,8 +44,20 @@ jobs: - name: Build package run: flit build - - name: Publish package - uses: pypa/gh-action-pypi-publish@release/v1 + - name: publish-pypi + uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf #v1.8.11 with: user: __token__ password: "${{ env.PYPI_API_TOKEN }}" # ${{ secrets.PYPI_API_TOKEN }} + - name: create-github-release + env: + GH_TOKEN: ${{ github.token }} + run: | + if [[ "$OSTYPE" == "linux-gnu"* ]]; then + datestring=$(date "+%Y-%m-%d") + elif [[ "$OSTYPE" == "darwin"* ]]; then + datestring=$(date -u "+%Y-%m-%d") + fi + cmd="gh release create \"$(changie latest)\" --title \"$(changie latest) - ${datestring}\" -F \".changes/$(changie latest).md\"" + printf "Command to execute: $cmd\n" + eval "$cmd" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f65fc75..7d953df 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,6 +1,9 @@ name: test -on: [pull_request] +on: + pull_request: + branches: + - main jobs: build: @@ -11,9 +14,9 @@ jobs: python: [3.7, 3.8, 3.9, "3.10", "3.11"] steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 - name: Setup Python - uses: actions/setup-python@v4 + uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5 with: python-version: ${{ matrix.python }} @@ -29,6 +32,6 @@ jobs: DSV_CLIENT_ID: ${{ secrets.DSV_CLIENT_ID }} DSV_CLIENT_SECRET: ${{ secrets.DSV_CLIENT_SECRET }} DSV_BASE_URL: ${{ secrets.DSV_BASE_URL }} - - uses: codecov/codecov-action@v3 + - uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3 with: fail_ci_if_error: false diff --git a/.trunk/.gitignore b/.trunk/.gitignore index cf2f254..15966d0 100644 --- a/.trunk/.gitignore +++ b/.trunk/.gitignore @@ -2,6 +2,8 @@ *logs *actions *notifications +*tools plugins user_trunk.yaml user.yaml +tmp diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 2e6d690..398c3fc 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -1,24 +1,24 @@ version: 0.1 cli: - version: 1.0.1 + version: 1.19.0 plugins: sources: - id: trunk - ref: v0.0.5 + ref: v1.2.1 uri: https://github.com/trunk-io/plugins lint: enabled: - - hadolint@2.10.0 + - hadolint@2.12.0 - yamllint@1.28.0 - - gitleaks@8.15.0 + - gitleaks@8.18.1 - black@22.10.0 - - taplo@release-taplo-cli-0.7.0 - - actionlint@1.6.21 + - taplo@0.8.1 + - actionlint@1.6.26 - isort@5.10.1 - flake8@5.0.4 - git-diff-check - - prettier@2.7.1 - - markdownlint@0.32.2 + - prettier@3.2.4 + - markdownlint@0.38.0 threshold: - linters: [markdownlint] level: high diff --git a/RELEASE.md b/RELEASE.md new file mode 100644 index 0000000..b1ae8df --- /dev/null +++ b/RELEASE.md @@ -0,0 +1,7 @@ +# Release + +- Run [changie-trigger-release](https://github.com/DelineaXPM/python-dsv-sdk/actions/workflows/changie-trigger-release.yml). +- Make sure `python-dsv-sdk/delinea/__init__.py` was included in the pull request. +- Once changie files are merged, the [release](https://github.com/DelineaXPM/python-dsv-sdk/actions/workflows/release.yml) should trigger and publish. + - pypi should be updated: [pypi link](https://pypi.org/project/python-dsv-sdk/) + - [github release should also have been created](https://github.com/DelineaXPM/python-dsv-sdk/releases) (this is just for more consistent releases and also triggering update in slack channels via release). diff --git a/aqua.yaml b/aqua.yaml index 3d4237b..778a12f 100644 --- a/aqua.yaml +++ b/aqua.yaml @@ -3,21 +3,11 @@ # https://aquaproj.github.io/ registries: - type: standard - ref: v3.140.0 # renovate: depName=aquaproj/aqua-registry + ref: v4.122.1 # renovate: depName=aquaproj/aqua-registry packages: - - name: miniscruff/changie@v1.12.0 - - name: golang/go@go1.20.1 - - name: direnv/direnv@v2.32.2 - - name: magefile/mage@v1.14.0 - - name: charmbracelet/glow@v1.5.0 - - name: goreleaser/goreleaser@v1.15.2 - - name: mvdan/gofumpt@v0.4.0 - - name: golang.org/x/tools/gopls@v0.11.0 - - name: golang/tools/gorename@v0.6.0 - - name: golang/tools/stringer@v0.6.0 - - name: golang/tools/gomvpkg@v0.6.0 - - name: golang/tools/godoc@v0.6.0 - - name: golang/tools/guru@v0.6.0 - - name: anchore/syft@v0.74.0 - - name: direnv/direnv@v2.32.2 - - name: thycotic/dsv-cli@v1.40.2 + - name: miniscruff/changie@v1.18.0 + tags: ["release"] + - name: direnv/direnv@v2.33.0 + - name: charmbracelet/glow@v1.5.1 + - name: cli/cli@v2.42.1 + tags: ["release"] diff --git a/pyproject.toml b/pyproject.toml index a9812f9..f6d0636 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["flit_core >=2,<4"] +requires = ["flit_core ==3.9.0"] build-backend = "flit_core.buildapi" [tool.flit.metadata] diff --git a/renovate.json b/renovate.json index 14fb4f6..bc49633 100644 --- a/renovate.json +++ b/renovate.json @@ -1,12 +1,4 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ - "DelineaXPM/renovate-config" - ], - "enabled": false, - "vulnerabilityAlerts": { - "enabled": true, - "semanticCommitType": "security", - "prCreation": "immediate" - } -} \ No newline at end of file + "extends": ["DelineaXPM/renovate-config:security"] +} diff --git a/requirements.txt b/requirements.txt index 81fe3cd..93d9c87 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,6 @@ -requests==2.28.2 +requests==2.32.2 tox pytest python-dotenv -flit \ No newline at end of file +flit +zipp==3.19.2 # not directly required, pinned by Snyk to avoid a vulnerability \ No newline at end of file