From 66684d7ede27a6c627c61cd1589b9a8ac66ecded Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Fri, 1 Nov 2024 11:47:23 +0100 Subject: [PATCH 1/2] Add missing transversal_status --- github_app_geo_project/module/audit/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/github_app_geo_project/module/audit/__init__.py b/github_app_geo_project/module/audit/__init__.py index 55a2feb804..de0837039f 100644 --- a/github_app_geo_project/module/audit/__init__.py +++ b/github_app_geo_project/module/audit/__init__.py @@ -496,7 +496,7 @@ async def process( title=f"dpkg ({version})", ) ) - return ProcessOutput(actions=actions) + return ProcessOutput(actions=actions, transversal_status=context.transversal_status) else: short_message, success = await _process_snyk_dpkg(context, issue_check) From 9a66d2bb50c0919f0805ed220ab4e0280668d24d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Fri, 1 Nov 2024 11:49:57 +0100 Subject: [PATCH 2/2] Uses security.md --- .../module/audit/__init__.py | 6 +++--- github_app_geo_project/module/audit/utils.py | 4 ++-- github_app_geo_project/module/utils.py | 6 +++--- .../module/versions/__init__.py | 5 ++--- poetry.lock | 18 +++++++++++++++++- pyproject.toml | 3 ++- 6 files changed, 29 insertions(+), 13 deletions(-) diff --git a/github_app_geo_project/module/audit/__init__.py b/github_app_geo_project/module/audit/__init__.py index de0837039f..7d606ffd88 100644 --- a/github_app_geo_project/module/audit/__init__.py +++ b/github_app_geo_project/module/audit/__init__.py @@ -12,8 +12,8 @@ import urllib.parse from typing import Any, cast -import c2cciutils.security import github +import security_md import yaml from pydantic import BaseModel @@ -108,7 +108,7 @@ def _process_outdated( try: security_file = repo.get_contents("SECURITY.md") assert isinstance(security_file, github.ContentFile.ContentFile) - security = c2cciutils.security.Security(security_file.decoded_content.decode("utf-8")) + security = security_md.Security(security_file.decoded_content.decode("utf-8")) error_message = audit_utils.outdated_versions(security) _process_error(context, _OUTDATED, issue_check, error_message) @@ -445,7 +445,7 @@ async def process( versions = [] if security_file is not None: assert isinstance(security_file, github.ContentFile.ContentFile) - security = c2cciutils.security.Security(security_file.decoded_content.decode("utf-8")) + security = security_md.Security(security_file.decoded_content.decode("utf-8")) versions = module_utils.get_stabilization_versions(security) else: diff --git a/github_app_geo_project/module/audit/utils.py b/github_app_geo_project/module/audit/utils.py index 714ac4a0d8..500ce22479 100644 --- a/github_app_geo_project/module/audit/utils.py +++ b/github_app_geo_project/module/audit/utils.py @@ -11,8 +11,8 @@ from typing import NamedTuple import apt_repo -import c2cciutils.security import debian_inspector.version +import security_md import yaml # nosec from github_app_geo_project import models, utils @@ -605,7 +605,7 @@ async def _npm_audit_fix( def outdated_versions( - security: c2cciutils.security.Security, + security: security_md.Security, ) -> list[str | models.OutputData]: """ Check that the versions from the SECURITY.md are not outdated. diff --git a/github_app_geo_project/module/utils.py b/github_app_geo_project/module/utils.py index 4049ea11d8..a5a62291de 100644 --- a/github_app_geo_project/module/utils.py +++ b/github_app_geo_project/module/utils.py @@ -9,10 +9,10 @@ import subprocess # nosec from typing import Any, Union, cast -import c2cciutils.security import github import html_sanitizer import markdownify +import security_md from ansi2html import Ansi2HTMLConverter from github_app_geo_project import configuration, models, module @@ -796,7 +796,7 @@ def git_clone(github_project: configuration.GithubProject, branch: str) -> bool: return True -def get_stabilization_versions(security: c2cciutils.security.Security) -> list[str]: +def get_stabilization_versions(security: security_md.Security) -> list[str]: """Get the stabilization versions.""" version_index = security.version_index supported_until_index = security.support_until_index @@ -819,7 +819,7 @@ def get_stabilization_versions(security: c2cciutils.security.Security) -> list[s return [v for v in versions if v not in alternate_tags] -def get_alternate_versions(security: c2cciutils.security.Security, branch: str) -> list[str]: +def get_alternate_versions(security: security_md.Security, branch: str) -> list[str]: """Get the stabilization versions.""" alternate_index = security.alternate_tag_index version_index = security.version_index diff --git a/github_app_geo_project/module/versions/__init__.py b/github_app_geo_project/module/versions/__init__.py index 5a41a9b3b5..4c50ca0570 100644 --- a/github_app_geo_project/module/versions/__init__.py +++ b/github_app_geo_project/module/versions/__init__.py @@ -12,11 +12,10 @@ from typing import Any import c2cciutils.configuration -import c2cciutils.security import github import requests +import security_md import toml -import yaml from pydantic import BaseModel from github_app_geo_project import module, utils @@ -181,7 +180,7 @@ async def process( raise if security_file is not None: assert isinstance(security_file, github.ContentFile.ContentFile) - security = c2cciutils.security.Security(security_file.decoded_content.decode("utf-8")) + security = security_md.Security(security_file.decoded_content.decode("utf-8")) stabilization_versions = module_utils.get_stabilization_versions(security) else: diff --git a/poetry.lock b/poetry.lock index 40e172c75f..f0ee6c0573 100644 --- a/poetry.lock +++ b/poetry.lock @@ -2855,6 +2855,22 @@ dev = ["cython-lint (>=0.12.2)", "doit (>=0.36.0)", "mypy (==1.10.0)", "pycodest doc = ["jupyterlite-pyodide-kernel", "jupyterlite-sphinx (>=0.13.1)", "jupytext", "matplotlib (>=3.5)", "myst-nb", "numpydoc", "pooch", "pydata-sphinx-theme (>=0.15.2)", "sphinx (>=5.0.0,<=7.3.7)", "sphinx-design (>=0.4.0)"] test = ["Cython", "array-api-strict (>=2.0)", "asv", "gmpy2", "hypothesis (>=6.30)", "meson", "mpmath", "ninja", "pooch", "pytest", "pytest-cov", "pytest-timeout", "pytest-xdist", "scikit-umfpack", "threadpoolctl"] +[[package]] +name = "security-md" +version = "0.2.3" +description = "Common utilities for Camptocamp CI" +optional = false +python-versions = ">=3.9" +files = [ + {file = "security_md-0.2.3-py3-none-any.whl", hash = "sha256:e95e454d7c7b9786a7af16c8d5fa657cdad575d76b74c69d4b1f3f88548bbd82"}, + {file = "security_md-0.2.3.tar.gz", hash = "sha256:cc766d03b01d1f5e49ed616480cc5f92469eb5e278466f71066b7acbd011adad"}, +] + +[package.dependencies] +defusedxml = ">=0.0.0,<1.0.0" +markdown = ">=3.0,<4.0" +markdown-table = ">=2020.0.0,<2021.0.0" + [[package]] name = "semver" version = "3.0.2" @@ -3651,4 +3667,4 @@ test = ["zope.testing"] [metadata] lock-version = "2.0" python-versions = ">=3.10,<3.13" -content-hash = "c21063219583bd81b4d55be3df949822967aec1f803aed21345b21703643eac1" +content-hash = "80ba6c504f46ef69696daacdee0aeae40b2e67bd62c2130fb58a313f7c257546" diff --git a/pyproject.toml b/pyproject.toml index 9161418fa1..be76698274 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -60,6 +60,8 @@ delete-old-workflow-runs = "github_app_geo_project.module.delete_old_workflow_ru [tool.poetry.dependencies] python = ">=3.10,<3.13" c2cwsgiutils = { version = "6.0.8", extras = ["standard", "debug", "dev"] } +c2cciutils = "1.6.23" +security-md = "0.2.3" pyramid-mako = "1.1.0" jsonmerge = "1.9.2" pygithub = "2.4.0" @@ -67,7 +69,6 @@ markdown = "3.7" pygments = "2.18.0" html-sanitizer = "2.4.4" ansi2html = "1.9.2" -c2cciutils = "1.6.23" apt-repo = "0.5" debian-inspector = "31.1.0" codespell = "2.3.0"