diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml new file mode 100644 index 0000000..695c8fb --- /dev/null +++ b/.github/linters/.checkov.yaml @@ -0,0 +1,5 @@ +quiet: true +skip-check: + - CKV_GHA_7 + - CKV_DOCKER_2 + - CKV_DOCKER_3 diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index dcc51dc..b52b9b6 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -11,7 +11,7 @@ jobs: permissions: contents: read pull-requests: write - uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yaml@ecdd405ebb379e0713e348440e6e26e85fc06773 + uses: github/ospo-reusable-workflows/.github/workflows/auto-labeler.yaml@10cfc2f9be5fce5e90150dfbffc7c0f4e68108ab with: config-name: release-drafter.yml secrets: diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml new file mode 100644 index 0000000..d7f25c8 --- /dev/null +++ b/.github/workflows/major-version-updater.yml @@ -0,0 +1,34 @@ +name: Update major tag for release +on: + release: + types: [published] + workflow_dispatch: + inputs: + TAG_NAME: + description: "Tag name that the major tag will point to (e.g. v1.2.3)" + required: true +env: + TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.ref}} +permissions: + contents: write +jobs: + update_tag: + name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.ref }} changes + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v4.2.2 + with: + fetch-tags: true + ref: ${{ github.event.inputs.TAG_NAME || github.ref }} + - name: version + id: version + run: | + tag=${TAG_NAME/refs\/tags\//} + version=${tag#v} + major=${version%%.*} + { echo "tag=${tag}"; echo "version=${version}"; echo "major=${major}"; } >> "$GITHUB_OUTPUT" + - name: force update major tag + run: | + git tag -f v${{ steps.version.outputs.major }} ${{ steps.version.outputs.tag }} + git push -f origin v${{ steps.version.outputs.major }} diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 0655a34..e8d9e67 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -12,6 +12,6 @@ jobs: contents: read pull-requests: read statuses: write - uses: github/ospo-reusable-workflows/.github/workflows/pr-title.yaml@ecdd405ebb379e0713e348440e6e26e85fc06773 + uses: github/ospo-reusable-workflows/.github/workflows/pr-title.yaml@10cfc2f9be5fce5e90150dfbffc7c0f4e68108ab secrets: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 43ad0c0..45b1c7b 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -21,7 +21,7 @@ jobs: steps: - uses: actions/checkout@v4.2.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5.4.0 + uses: actions/setup-python@v5.6.0 with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2631fe8..8d81c96 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -12,7 +12,7 @@ jobs: permissions: contents: write pull-requests: read - uses: github/ospo-reusable-workflows/.github/workflows/release.yaml@ecdd405ebb379e0713e348440e6e26e85fc06773 + uses: github/ospo-reusable-workflows/.github/workflows/release.yaml@10cfc2f9be5fce5e90150dfbffc7c0f4e68108ab with: publish: true release-config-name: release-drafter.yml @@ -25,7 +25,7 @@ jobs: packages: write id-token: write attestations: write - uses: github/ospo-reusable-workflows/.github/workflows/release-image.yaml@ecdd405ebb379e0713e348440e6e26e85fc06773 + uses: github/ospo-reusable-workflows/.github/workflows/release-image.yaml@10cfc2f9be5fce5e90150dfbffc7c0f4e68108ab with: image-name: ${{ github.repository_owner }}/stale_repos full-tag: ${{ needs.release.outputs.full-tag }} @@ -40,7 +40,7 @@ jobs: permissions: contents: read discussions: write - uses: github/ospo-reusable-workflows/.github/workflows/release-discussion.yaml@ecdd405ebb379e0713e348440e6e26e85fc06773 + uses: github/ospo-reusable-workflows/.github/workflows/release-discussion.yaml@10cfc2f9be5fce5e90150dfbffc7c0f4e68108ab with: full-tag: ${{ needs.release.outputs.full-tag }} body: ${{ needs.release.outputs.body }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 17258f7..4c01ae6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -42,6 +42,6 @@ jobs: path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12 + uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17 with: sarif_file: results.sarif diff --git a/Dockerfile b/Dockerfile index ce98624..b01f047 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,4 @@ -#checkov:skip=CKV_DOCKER_2 -#checkov:skip=CKV_DOCKER_3 -FROM python:3.13-slim@sha256:8f3aba466a471c0ab903dbd7cb979abd4bda370b04789d25440cc90372b50e04 +FROM python:3.13-slim@sha256:60248ff36cf701fcb6729c085a879d81e4603f7f507345742dc82d4b38d16784 LABEL com.github.actions.name="stale-repos" \ com.github.actions.description="Find stale repositories in a GitHub organization." \ com.github.actions.icon="check-square" \ diff --git a/requirements-test.txt b/requirements-test.txt index 5f3df3d..c5f80cb 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,9 +1,9 @@ black==25.1.0 -flake8==7.1.2 +flake8==7.2.0 mypy==1.15.0 -mypy-extensions==1.0.0 -pylint==3.3.6 +mypy-extensions==1.1.0 +pylint==3.3.7 pytest==8.3.5 -pytest-cov==6.0.0 +pytest-cov==6.1.1 types-python-dateutil==2.9.0.20241206 -types-requests==2.32.0.20250306 +types-requests==2.32.0.20250328 diff --git a/requirements.txt b/requirements.txt index 99ea149..28b53f8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ github3.py==4.0.1 -python-dotenv==1.0.1 +python-dotenv==1.1.0 python_dateutil==2.9.0.post0