Skip to content

Commit b5d7a41

Browse files
emilejqdependabot[bot]Emileactions-user
authored
Release v2.0.0 (#341)
* Bump actions/create-release from 1.0.1 to 1.1.4 Bumps [actions/create-release](https://github.com/actions/create-release) from 1.0.1 to 1.1.4. - [Release notes](https://github.com/actions/create-release/releases) - [Commits](actions/create-release@v1.0.1...v1.1.4) --- updated-dependencies: - dependency-name: actions/create-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * Bump actions/upload-release-asset from 1.0.1 to 1.0.2 Bumps [actions/upload-release-asset](https://github.com/actions/upload-release-asset) from 1.0.1 to 1.0.2. - [Release notes](https://github.com/actions/upload-release-asset/releases) - [Commits](actions/upload-release-asset@v1.0.1...v1.0.2) --- updated-dependencies: - dependency-name: actions/upload-release-asset dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * Bump github/codeql-action from 1 to 2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump actions/setup-python from 1 to 4 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 1 to 4. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v1...v4) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump actions/checkout from 2 to 3.1.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Run Flake8 & Safety in isolated Tox environments * Bump watchdog from 2.1.7 to 3.0.0 (#297) Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 2.1.7 to 3.0.0. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](gorakhargosh/watchdog@v2.1.7...v3.0.0) --- updated-dependencies: - dependency-name: watchdog dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump coverage from 6.3.2 to 7.2.7 (#298) Bumps [coverage](https://github.com/nedbat/coveragepy) from 6.3.2 to 7.2.7. - [Release notes](https://github.com/nedbat/coveragepy/releases) - [Changelog](https://github.com/nedbat/coveragepy/blob/master/CHANGES.rst) - [Commits](nedbat/coveragepy@6.3.2...7.2.7) --- updated-dependencies: - dependency-name: coverage dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump responses from 0.20.0 to 0.23.3 (#301) Bumps [responses](https://github.com/getsentry/responses) from 0.20.0 to 0.23.3. - [Release notes](https://github.com/getsentry/responses/releases) - [Changelog](https://github.com/getsentry/responses/blob/master/CHANGES) - [Commits](getsentry/responses@0.20.0...0.23.3) --- updated-dependencies: - dependency-name: responses dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump tabulate from 0.8.9 to 0.9.0 (#304) Bumps [tabulate](https://github.com/astanin/python-tabulate) from 0.8.9 to 0.9.0. - [Changelog](https://github.com/astanin/python-tabulate/blob/master/CHANGELOG) - [Commits](astanin/python-tabulate@v0.8.9...v0.9.0) --- updated-dependencies: - dependency-name: tabulate dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump pyyaml from 6.0 to 6.0.1 (#305) Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0 to 6.0.1. - [Changelog](https://github.com/yaml/pyyaml/blob/6.0.1/CHANGES) - [Commits](yaml/pyyaml@6.0...6.0.1) --- updated-dependencies: - dependency-name: pyyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Deprecate support for older versions of Python * Remove Travis CI integration * Deprecate support for Python <3.8 * Bump jsonschema from 4.4.0 to 4.18.4 (#299) Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.4.0 to 4.18.4. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.4.0...v4.18.4) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sphinx from 4.3.0 to 7.1.2 (#303) Bumps [sphinx](https://github.com/sphinx-doc/sphinx) from 4.3.0 to 7.1.2. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/master/CHANGES) - [Commits](sphinx-doc/sphinx@v4.3.0...v7.1.2) --- updated-dependencies: - dependency-name: sphinx dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump m2r2 from 0.3.2 to 0.3.3.post2 (#302) Bumps [m2r2](https://github.com/crossnox/m2r2) from 0.3.2 to 0.3.3.post2. - [Changelog](https://github.com/CrossNox/m2r2/blob/development/CHANGES.md) - [Commits](CrossNox/m2r2@v0.3.2...v0.3.3.post2) --- updated-dependencies: - dependency-name: m2r2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Run Bandit using tox * Add timeout to request to get rules from URL * Rename validation methods * Make ValidatorBase an abstract base class * Bump wheel from 0.38.1 to 0.41.1 (#312) Bumps [wheel](https://github.com/pypa/wheel) from 0.38.1 to 0.41.1. - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.38.1...0.41.1) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Run unit tests using tox; Add coverage check to pipeline * Code cleanup & maintenance * Bump tox from 4.6.4 to 4.8.0 (#316) Bumps [tox](https://github.com/tox-dev/tox) from 4.6.4 to 4.8.0. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.6.4...4.8.0) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jsonschema from 4.18.4 to 4.19.0 (#313) Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.18.4 to 4.19.0. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.18.4...v4.19.0) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump twine from 3.8.0 to 4.0.2 (#310) Bumps [twine](https://github.com/pypa/twine) from 3.8.0 to 4.0.2. - [Release notes](https://github.com/pypa/twine/releases) - [Changelog](https://github.com/pypa/twine/blob/main/docs/changelog.rst) - [Commits](pypa/twine@3.8.0...4.0.2) --- updated-dependencies: - dependency-name: twine dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/checkout from 3.1.0 to 3.5.3 (#314) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.1.0 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.1.0...v3.5.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Set source directory for coverage * Use kwargs for HTTP options when retrieving headers * Minor changes * Reorganise load rules from file/URI * CLI refactoring * Move CLI into separate folder * Configuration options for HTTP request (#335) * Kwargs for HTTP call when init drheader instance * Change default HTTP method when retrieving headers to HEAD * Request kwargs input options for CLI * Integration tests for CLI * Update documentation for the CLI * Bump actions/checkout from 3.5.3 to 4.0.0 (#333) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 4.0.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.5.3...v4.0.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump tox from 4.8.0 to 4.11.3 (#332) Bumps [tox](https://github.com/tox-dev/tox) from 4.8.0 to 4.11.3. - [Release notes](https://github.com/tox-dev/tox/releases) - [Changelog](https://github.com/tox-dev/tox/blob/main/docs/changelog.rst) - [Commits](tox-dev/tox@4.8.0...4.11.3) --- updated-dependencies: - dependency-name: tox dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jsonschema from 4.19.0 to 4.19.1 (#336) Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.19.0 to 4.19.1. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.19.0...v4.19.1) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump wheel from 0.41.1 to 0.41.2 (#323) Bumps [wheel](https://github.com/pypa/wheel) from 0.41.1 to 0.41.2. - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.41.1...0.41.2) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Disable avoid & contain validations when enforced value validation * Improved error handling in the CLI * Default behaviour to follow redirects * Include references to other README files * Update out of date info in the README * Add shorthand options to the CLI * Remove headers key from rules spec * Move rules.yml to resources folder * Update manifest * Bump actions/checkout from 4.0.0 to 4.1.1 (#338) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.0.0 to 4.1.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.0.0...v4.1.1) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: emilejq <[email protected]> * Bump wheel from 0.41.2 to 0.41.3 (#339) Bumps [wheel](https://github.com/pypa/wheel) from 0.41.2 to 0.41.3. - [Changelog](https://github.com/pypa/wheel/blob/main/docs/news.rst) - [Commits](pypa/wheel@0.41.2...0.41.3) --- updated-dependencies: - dependency-name: wheel dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump jsonschema from 4.19.1 to 4.19.2 (#340) Bumps [jsonschema](https://github.com/python-jsonschema/jsonschema) from 4.19.1 to 4.19.2. - [Release notes](https://github.com/python-jsonschema/jsonschema/releases) - [Changelog](https://github.com/python-jsonschema/jsonschema/blob/main/CHANGELOG.rst) - [Commits](python-jsonschema/jsonschema@v4.19.1...v4.19.2) --- updated-dependencies: - dependency-name: jsonschema dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump major version to 2.0.0 * Separate steps to bump version in pull request action into a separate job (#342) * Bump version: 1.7.0 → 2.0.0 --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Emile <[email protected]> Co-authored-by: GitHub Action <[email protected]>
1 parent c2098d5 commit b5d7a41

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+2151
-1644
lines changed

.github/workflows/codeql-analysis.yml

+4-4
Original file line numberDiff line numberDiff line change
@@ -35,11 +35,11 @@ jobs:
3535

3636
steps:
3737
- name: Checkout repository
38-
uses: actions/checkout@v2
38+
uses: actions/checkout@v4.1.1
3939

4040
# Initializes the CodeQL tools for scanning.
4141
- name: Initialize CodeQL
42-
uses: github/codeql-action/init@v1
42+
uses: github/codeql-action/init@v2
4343
with:
4444
languages: ${{ matrix.language }}
4545
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -50,7 +50,7 @@ jobs:
5050
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
5151
# If this step fails, then you should remove it and run the build manually (see below)
5252
- name: Autobuild
53-
uses: github/codeql-action/autobuild@v1
53+
uses: github/codeql-action/autobuild@v2
5454

5555
# ℹ️ Command-line programs to run using the OS shell.
5656
# 📚 https://git.io/JvXDl
@@ -64,4 +64,4 @@ jobs:
6464
# make release
6565

6666
- name: Perform CodeQL Analysis
67-
uses: github/codeql-action/analyze@v1
67+
uses: github/codeql-action/analyze@v2

.github/workflows/pull_request.yml

+33-22
Original file line numberDiff line numberDiff line change
@@ -1,61 +1,72 @@
1-
name: Dr Header Pull Request handler
1+
name: Pull Request Handler
2+
23
on: pull_request
4+
35
jobs:
46
build:
57
runs-on: ubuntu-latest
68
strategy:
79
max-parallel: 4
810
matrix:
9-
python-version: [3.7]
11+
python-version: ["3.8", "3.9", "3.10", "3.11"]
1012
steps:
11-
- name: Checkout Code
12-
uses: actions/checkout@v2
13+
- name: Checkout code
14+
uses: actions/checkout@v4.1.1
1315

1416
- name: Set up Python
15-
uses: actions/setup-python@v1
17+
uses: actions/setup-python@v4
1618
with:
1719
python-version: ${{ matrix.python-version }}
1820

19-
- name: Install PIP Dependencies
21+
- name: Install dependencies
2022
run: |
2123
pip install -r requirements.txt
2224
pip install -r requirements_dev.txt
2325
24-
- name: Test with pytest
25-
run: python -m pytest --junitxml ${{ matrix.python-version }}.results.xml
26+
- name: Run unit tests
27+
env:
28+
version: ${{ matrix.python-version }}
29+
run: tox run -e py$version -- --junitxml $version.results.xml
2630

27-
- name: Upload Test results
31+
- name: Upload test results
2832
uses: actions/upload-artifact@master
2933
with:
3034
name: Results - ${{ matrix.python-version }}
3135
path: ${{ matrix.python-version }}.results.xml
3236

33-
- name: Flake8 styles
34-
run: python -m flake8 drheader
37+
- name: Run lint scan
38+
run: tox run -e lint
39+
40+
- name: Run SAST scan
41+
run: tox run -e sast
42+
43+
- name: Run SCA scan
44+
run: tox run -e sca
3545

36-
- name: Bandit security scan
37-
run: python -m bandit -r ./drheader
46+
bump-version:
47+
if: github.base_ref == 'master'
48+
needs: build
3849

39-
- name: Safety dependency scan
40-
run: python -m safety check
50+
runs-on: ubuntu-latest
51+
steps:
52+
- name: Install dependencies
53+
run: |
54+
pip install bump2version==1.0.1
4155
42-
- name: Checkout origin branch if PR 'to-branch' is master
43-
if: github.base_ref == 'master'
44-
uses: actions/checkout@v2
56+
- name: Checkout head branch
57+
uses: actions/[email protected]
4558
with:
4659
ref: ${{ github.head_ref }}
4760

48-
- name: BumpVersion if PR 'to-branch' is master
49-
if: github.base_ref == 'master'
61+
- name: Bump version
5062
run: |
5163
grep -i 'current_version = ' setup.cfg | head -1 | tr -d 'current_version = '
5264
git config --local user.email "[email protected]"
5365
git config --local user.name "GitHub Action"
5466
bump2version minor
5567
grep -i 'current_version = ' setup.cfg | head -1 | tr -d 'current_version = '
5668
57-
- name: Push changes if PR 'to-branch' is master
58-
if: github.base_ref == 'master'
69+
- name: Push changes to origin
5970
uses: ad-m/github-push-action@master
6071
with:
6172
github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

+16-14
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,13 @@ jobs:
1010
strategy:
1111
max-parallel: 4
1212
matrix:
13-
python-version: [3.7]
13+
python-version: ["3.8", "3.9", "3.10", "3.11"]
1414
steps:
1515
- name: Checkout Code
16-
uses: actions/checkout@v2
16+
uses: actions/checkout@v4.1.1
1717

1818
- name: Set up Python
19-
uses: actions/setup-python@v1
19+
uses: actions/setup-python@v4
2020
with:
2121
python-version: ${{ matrix.python-version }}
2222

@@ -25,17 +25,19 @@ jobs:
2525
pip install -r requirements.txt
2626
pip install -r requirements_dev.txt
2727
28-
- name: Test with pytest
29-
run: python -m pytest --junitxml ${{ matrix.python-version }}.results.xml
28+
- name: Run unit tests
29+
env:
30+
version: ${{ matrix.python-version }}
31+
run: tox run -e py$version -- --junitxml $version.results.xml
3032

31-
- name: Flake8 styles
32-
run: python -m flake8 drheader
33+
- name: Run lint scan
34+
run: tox run -e lint
3335

34-
- name: Bandit security scan
35-
run: python -m bandit -r ./drheader
36+
- name: Run SAST scan
37+
run: tox run -e sast
3638

37-
- name: Safety dependency scan
38-
run: python -m safety check
39+
- name: Run SCA scan
40+
run: tox run -e sca
3941

4042
- name: Make Wheel
4143
run: |
@@ -51,7 +53,7 @@ jobs:
5153

5254
- name: Create Release
5355
id: create_release
54-
uses: actions/create-release@v1.0.1
56+
uses: actions/create-release@v1.1.4
5557
env:
5658
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
5759
with:
@@ -62,7 +64,7 @@ jobs:
6264

6365
- name: Upload Wheel
6466
id: upload_wheel
65-
uses: actions/[email protected].1
67+
uses: actions/[email protected].2
6668
env:
6769
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6870
with:
@@ -73,7 +75,7 @@ jobs:
7375

7476
- name: Upload Changelog
7577
id: upload_changelog
76-
uses: actions/[email protected].1
78+
uses: actions/[email protected].2
7779
env:
7880
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
7981
with:

.travis.yml

-28
This file was deleted.

0 commit comments

Comments
 (0)