Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update GitHub actions and Python Dependencies #1821

Merged
merged 36 commits into from
Jan 24, 2023
Merged

Update GitHub actions and Python Dependencies #1821

merged 36 commits into from
Jan 24, 2023

Conversation

jmgrady
Copy link
Collaborator

@jmgrady jmgrady commented Jan 20, 2023
edited by jasonleenaylor
Loading

This PR incorporates a number of maintenance updates to the Python code and the GitHub actions:

  • Updates the Python dependencies for development, the maintenance container, and the deploy container;
  • Updates versions of actions that are used in The Combine workflows:
    • action/checkout to 3.3.0
    • actions/upload-artifact to 3.1.2
    • actions/setup-node to 3.6.0
    • docker/build-push-action to 3.3.0
    • ossf/scorecard-action to 2.1.2
  • Changes the egress-policy to audit for workflow steps that build the backend.

This change is Reviewable

dependabot bot and others added 19 commits January 19, 2023 18:53
@dependabot
Bump actions/setup-node from 3.5.1 to 3.6.0
5d1d101 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@8c91899...64ed1c7)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/checkout from 3.2.0 to 3.3.0
0dc948e 
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3.2.0...ac59398)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump actions/upload-artifact from 2.3.1 to 3.1.2
9e5d0cb 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v2.3.1...0b7f8ab)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump ossf/scorecard-action from 2.0.6 to 2.1.2
3a39ea7 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@99c5375...e38b190)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump python from 3.10 to 3.11
f68328b 
Bumps python from 3.10 to 3.11.

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump docker/build-push-action from 3.2.0 to 3.3.0
3657a0d 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@c56af95...37abced)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@jmgrady
Add api.securityscorecards.dev to allowed-endpoints
3ba5b19
@jmgrady
Merge remote-tracking branch 'origin/dependabot/github_actions/action…
e4a4d93 
…s/upload-artifact-3.1.2' into update-gh-actions
@jmgrady
Merge remote-tracking branch 'origin/dependabot/github_actions/action…
436e2dd 
…s/checkout-3.3.0' into update-gh-actions
@jmgrady
Merge remote-tracking branch 'origin/dependabot/github_actions/action…
16ed1ac 
…s/setup-node-3.6.0' into update-gh-actions
@jmgrady
Update Python dependencies
0c89591
@jmgrady
Remove *.data.mcr.microsoft.com endpoints
553649d
@jmgrady
Print debugging info
83b7274
@jmgrady
Test with bitnami images
b607f6d
@jmgrady
Add docker hub endpoints
1013841
@jmgrady
Fix image name
2c3836e
@jmgrady
Add Cloudflare endpoint for Docker
f0c2288
@jmgrady
Add allowed endpoint
b19139c
@jmgrady
Set egress-policy to audit when building the backend image
dd00ed3
@jmgrady jmgrady added security python dependencies Pull requests that update a dependency file CI/CD labels Jan 20, 2023
@jmgrady jmgrady self-assigned this Jan 20, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 21, 2023
View reviewed changes
Dockerfile Fixed Show resolved Hide resolved
@codecov-commenter
Copy link

codecov-commenter commented Jan 21, 2023
edited
Loading

Codecov Report

Base: 51.53% // Head: 79.19% // Increases project coverage by +27.65% 🎉

Coverage data is based on head (832dd53) compared to base (d5af8e2).
Patch has no changes to coverable lines.

Additional details and impacted files 
@@             Coverage Diff             @@
##           master    #1821       +/-   ##
===========================================
+ Coverage   51.53%   79.19%   +27.65%     
===========================================
  Files         278       39      -239     
  Lines        8593     3532     -5061     
  Branches      631        0      -631     
===========================================
- Hits         4428     2797     -1631     
+ Misses       3658      735     -2923     
+ Partials      507        0      -507
Flag Coverage Δ
backend 79.19% <ø> (ø)
frontend ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
src/goals/HandleFlags/HandleFlags.ts
src/components/Buttons/LoadingDoneButton.tsx
src/components/Buttons/EditTextDialog.tsx
src/api/api/user-edit-api.ts
src/api/api/word-api.ts
src/components/TreeView/TreeViewReducer.ts
.../components/GoalTimeline/GoalTimelineComponent.tsx
src/components/Buttons/FileInputButton.tsx
src/components/SiteSettings/Banners/Banners.tsx
src/goals/CharInventoryCreation/index.ts
... and 229 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 23, 2023
View reviewed changes
Backend/Dockerfile Fixed Show resolved Hide resolved
Backend/Dockerfile Fixed Show resolved Hide resolved
@jmgrady jmgrady marked this pull request as draft January 23, 2023 17:36
@jmgrady jmgrady marked this pull request as ready for review January 23, 2023 21:44
jasonleenaylor
jasonleenaylor approved these changes Jan 24, 2023
View reviewed changes
Copy link
Contributor

@jasonleenaylor jasonleenaylor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewed 1 of 1 files at r1, 9 of 14 files at r2, 2 of 3 files at r3, 2 of 3 files at r4, 3 of 3 files at r5, all commit messages.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @github-code-scanning[bot])

jmgrady
jmgrady commented Jan 24, 2023
View reviewed changes
Copy link
Collaborator Author

@jmgrady jmgrady left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dismissed @github-code-scanning[bot] from 3 discussions.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved (waiting on @jmgrady)

@jmgrady jmgrady merged commit a4cea09 into master Jan 24, 2023
@jmgrady jmgrady deleted the update-gh-actions branch January 24, 2023 02:11
@jmgrady jmgrady mentioned this pull request Jan 24, 2023
Closed
fuencui pushed a commit that referenced this pull request Jan 24, 2023
@jmgrady @dependabot @fuencui
Update GitHub actions and Python Dependencies (#1821)
45cbce9 
* Bump actions/setup-node from 3.5.1 to 3.6.0

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.5.1 to 3.6.0.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@8c91899...64ed1c7)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump actions/checkout from 3.2.0 to 3.3.0

Bumps [actions/checkout](https://github.com/actions/checkout) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3.2.0...ac59398)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump actions/upload-artifact from 2.3.1 to 3.1.2

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.3.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v2.3.1...0b7f8ab)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump ossf/scorecard-action from 2.0.6 to 2.1.2

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.1.2.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@99c5375...e38b190)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump python from 3.10 to 3.11

---
updated-dependencies:
- dependency-name: python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump docker/build-push-action from 3.2.0 to 3.3.0

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@c56af95...37abced)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update allowed-endpoints

* Update Python dependencies

* Restrict permissions for Deploy QA & Deploy Release actions

* Revert to running security scorecard on push to master only

The branch protection checks are only supported on the default branch.

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonleenaylor jasonleenaylor jasonleenaylor approved these changes

Assignees

@jmgrady jmgrady

Labels
CI/CD dependencies Pull requests that update a dependency file python security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jmgrady @codecov-commenter @jasonleenaylor