From d1a461de3c7ff099045b71a156ad667887c32368 Mon Sep 17 00:00:00 2001 From: Nicolas Drebenstedt Date: Tue, 6 Feb 2024 17:20:19 +0100 Subject: [PATCH] feature/fix dependabot cve, rename cruft job and update versions (#2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit # PR Context - fixes https://github.com/robert-koch-institut/mex-common/actions/runs/7787019895/job/21233174583 - dependabot should only run on `pull_request` trigger, not on `push` - the reason that the cookiecutter job was called `lint` before was just a copy&paste error 🍝 # Changes - rename cookiecutter workflow main job to `cruft` - update poetry and pre-commit dependencies # Fixed - do not run cve on Dependabot push events --- CHANGELOG.md | 4 ++++ .../.github/workflows/cookiecutter.yml | 2 +- .../.github/workflows/cve-scan.yml | 5 +++++ .../.pre-commit-config.yaml | 4 ++-- mex-{{ cookiecutter.project_name }}/pyproject.toml | 8 ++++---- 5 files changed, 16 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 15de8d3..dbdb22c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changes - update workflow triggers and schedules +- rename cookiecutter workflow main job to `cruft` +- update poetry and pre-commit dependencies ### Deprecated @@ -22,4 +24,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed +- do not run cve on Dependabot push events + ### Security diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml index 0871794..f24bb1d 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/cookiecutter.yml @@ -13,7 +13,7 @@ env: PIP_PREFER_BINARY: on jobs: - lint: + cruft: runs-on: ubuntu-latest timeout-minutes: 10 steps: diff --git a/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml b/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml index 88d9949..976423c 100644 --- a/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml +++ b/mex-{{ cookiecutter.project_name }}/.github/workflows/cve-scan.yml @@ -2,6 +2,11 @@ name: CVE Scan on: push: + # Workflows triggered by Dependabot on the "push" event run with read-only access. + # Uploading Code Scanning results requires write access. We therefore only use the + # "pull_request" trigger for Dependabot branches. + branches-ignore: + - 'dependabot/**' pull_request: schedule: - cron: '0 0 * * *' diff --git a/mex-{{ cookiecutter.project_name }}/.pre-commit-config.yaml b/mex-{{ cookiecutter.project_name }}/.pre-commit-config.yaml index 54e2d65..2dc1256 100644 --- a/mex-{{ cookiecutter.project_name }}/.pre-commit-config.yaml +++ b/mex-{{ cookiecutter.project_name }}/.pre-commit-config.yaml @@ -3,12 +3,12 @@ default_language_version: python: python3.11 repos: - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.1.13 + rev: v0.2.0 hooks: - id: ruff args: [--fix, --exit-non-zero-on-fix] - repo: https://github.com/psf/black - rev: 23.12.1 + rev: 24.1.1 hooks: - id: black - repo: https://github.com/pre-commit/pre-commit-hooks diff --git a/mex-{{ cookiecutter.project_name }}/pyproject.toml b/mex-{{ cookiecutter.project_name }}/pyproject.toml index 4e2886d..279379f 100644 --- a/mex-{{ cookiecutter.project_name }}/pyproject.toml +++ b/mex-{{ cookiecutter.project_name }}/pyproject.toml @@ -12,12 +12,12 @@ packages = [{ include = "mex" }] python = "^3.11" [tool.poetry.group.dev.dependencies] -black = "^23.12.1" +black = "^24.1.1" ipdb = "^0.13.13" mypy = "^1.8.0" -pytest = "^7.4.4" +pytest = "^8.0.0" pytest-cov = "^4.1.0" -ruff = "^0.1.13" +ruff = "^0.2.0" sphinx = "^7.2.6" [tool.poetry.scripts] @@ -102,5 +102,5 @@ known-first-party = ["mex", "tests"] convention = "google" [build-system] -requires = ["poetry-core>=1.8.1"] +requires = ["poetry-core>=1.9.0"] build-backend = "poetry.core.masonry.api"