-
Notifications
You must be signed in to change notification settings - Fork 59
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Use hashed dependencies and fix workflow permissions (#1841)
### What kind of change does this PR introduce? * Addresses several security issues pertaining to workflow permissions * Simplifies the build triggers in `main.yml` * Python3.9 preliminary test is now always run when tests are triggered * `pip-tools` (`pip-compile`) has been run to generate the hashes now found in `CI/requirements_ci.txt` * A workflow bug that causes forked Pull Requests to receive duplicated comments should now be fixed ### Does this PR introduce a breaking change? No. ### Other information: * What is `pip-tools`? [Documentation](https://pip-tools.readthedocs.io/en/latest/) This tool is used to determine the acceptable sha256 hashes for all dependencies (and sub-dependencies) listed in `CI/requirements.in`. Think of this as something similar to `pip freeze` or `conda lock` in its utility. Implementing this approach should resolve several security warnings for potential man-in-the-middle attacks. These hashes should be managed automatically by @dependabot.
- Loading branch information
Showing
16 changed files
with
543 additions
and
64 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
bump-my-version==0.24.2 | ||
coveralls==4.0.1 | ||
deptry==0.16.2 | ||
flit==3.9.0 | ||
pip==24.1.2 | ||
pylint==3.2.5 | ||
tox==4.16.0 | ||
tox-gh==1.3.2 |
Oops, something went wrong.