Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix audit workflow and revert Secrets SDK version #325

Merged
merged 2 commits into from
Aug 27, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion .github/workflows/audit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,14 @@ jobs:
- name: Checkout
uses: actions/checkout@v4

- name: Check Vulnerabilities
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable

- name: Check Python Vulnerabilities
uses: pypa/[email protected]
with:
inputs: requirements.txt docs/requirements.txt

- name: Check Secrets SDK Vulnerabilities
working-directory: src/secrets
run: cargo audit --deny warnings
6 changes: 3 additions & 3 deletions .github/workflows/sdk-release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,9 @@ jobs:
with open(os.environ["GITHUB_OUTPUT"], 'a') as f:
print("version=" + ("-".join(new_version.rsplit(".", 1)) if new_version.count(".") > 2 else new_version), file=f)
- name: Update version (cargo)
run: cargo install cargo-edit && cargo set-version ${{ steps.update-version.outputs.version }}
working-directory: src/secrets
# - name: Update version (cargo)
# run: cargo install cargo-edit && cargo set-version ${{ steps.update-version.outputs.version }}
# working-directory: src/secrets
Comment on lines +53 to +55
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for preventing the unnecessary version bumps here...
going forward, we should be able to rely on the cargo.toml version in order to specify the constrains in the core-sdk 😋


- name: Update version (git)
run: git add src/_version.py src/secrets/Cargo.*
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ pydoclint==0.5.3
pyfakefs
pylama==7.7.1
pylint==3.2.5
pytest==7.1.2
pytest==7.4.4
python-decouple==3.4
PyYAML==6.0.1
requests==2.32.0
Expand Down
2 changes: 1 addition & 1 deletion src/secrets/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion src/secrets/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
name = "keyring"
readme = "README.md"
repository = "https://github.com/zowe/zowe-client-python-sdk"
version = "1.0.0-dev21"
version = "1.0.0-dev12"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
Expand Down
Loading