From 5759570fd17ca3c945caa332050cbc5f5f7f2ca1 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Wed, 6 Nov 2024 13:17:06 +0100 Subject: [PATCH 1/6] CI: Fix CodeQL and Release jobs --- .github/workflows/codeql.yml | 5 +++-- .github/workflows/release.yml | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 9a5eca89..6a23088d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -28,7 +28,8 @@ jobs: strategy: fail-fast: false - language: [ python ] + matrix: + language: [ python ] steps: - name: Checkout @@ -58,7 +59,7 @@ jobs: - name: Install project run: | - uv pip install --editable=.[test] + uv pip install --system '.[test]' - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b00c58d7..63de61dc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,7 +23,7 @@ jobs: - name: Build package run: | - uv pip install build twine wheel + uv pip install --system build twine wheel python -m build twine check dist/* From 313dd6fe5bad1d6b484c12f33cbd55be65ff8457 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Nov 2024 14:46:15 +0000 Subject: [PATCH 2/6] Update poethepoet requirement from <0.30 to <0.31 Updates the requirements on [poethepoet](https://github.com/nat-n/poethepoet) to permit the latest version. - [Release notes](https://github.com/nat-n/poethepoet/releases) - [Commits](https://github.com/nat-n/poethepoet/compare/v0.1.0...v0.30.0) --- updated-dependencies: - dependency-name: poethepoet dependency-type: direct:development ... Signed-off-by: dependabot[bot] --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index ccece82e..b5c87934 100644 --- a/setup.py +++ b/setup.py @@ -67,7 +67,7 @@ def read(path): "certifi", "createcoverage>=1,<2", "mypy<1.14", - "poethepoet<0.30", + "poethepoet<0.31", "ruff<0.8", "stopit>=1.1.2,<2", "tox>=3,<5", From a126030bc3d4e063488f9d922e0ad95bc9f364a4 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Thu, 14 Nov 2024 00:27:06 +0100 Subject: [PATCH 3/6] Python: Fix "implicit namespace packages" migration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... by omitting `__init__.py` from `crate` namespace package altogether, see "PEP 420" [1] and "Package Discovery and Namespace Package » Finding namespace packages" [2]. [1] https://peps.python.org/pep-0420/ [2] https://setuptools.pypa.io/en/latest/userguide/package_discovery.html#namespace-packages --- CHANGES.rst | 5 +++++ src/crate/__init__.py | 0 2 files changed, 5 insertions(+) delete mode 100644 src/crate/__init__.py diff --git a/CHANGES.rst b/CHANGES.rst index 64141cc5..a77fcc1a 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -4,6 +4,10 @@ Changes for crate Unreleased ========== +- Python: Fixed "implicit namespace packages" migration by omitting + ``__init__.py`` from ``crate`` namespace package, see `PEP 420`_ + and `Package Discovery and Namespace Package » Finding namespace packages`_. + 2024/11/05 1.0.0 ================ @@ -44,6 +48,7 @@ Unreleased .. _Migrate from crate.client to sqlalchemy-cratedb: https://cratedb.com/docs/sqlalchemy-cratedb/migrate-from-crate-client.html +.. _Package Discovery and Namespace Package » Finding namespace packages: https://setuptools.pypa.io/en/latest/userguide/package_discovery.html#namespace-packages .. _PEP 420: https://peps.python.org/pep-0420/ .. _sqlalchemy-cratedb: https://pypi.org/project/sqlalchemy-cratedb/ diff --git a/src/crate/__init__.py b/src/crate/__init__.py deleted file mode 100644 index e69de29b..00000000 From 69b8b690fe010f2d6c4ecd1124b05253dc0b7834 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Thu, 14 Nov 2024 00:45:21 +0100 Subject: [PATCH 4/6] Chore: Suppress unqualified CodeQL admonitions GitHub's CodeQL flags [1] those spots with "Unused global variable" [2]. Based on a suggestion [3], this patch attempts to use the `advanced-security/dismiss-alerts` [4] GitHub Action recipe to provide measures to suppress CodeQL flagging by using inline code annotations. [1] https://github.com/crate/crate-python/security/code-scanning [2] https://codeql.github.com/codeql-query-help/python/py-unused-global-variable/ [3] Issue 11427 at https://github.com/github/codeql/issues [4] https://github.com/advanced-security/dismiss-alerts --- .github/workflows/codeql.yml | 19 +++++++++++++++++++ src/crate/client/__init__.py | 1 + 2 files changed, 20 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6a23088d..0e099fca 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -53,6 +53,8 @@ jobs: languages: ${{ matrix.language }} config-file: ./.github/codeql.yml queries: +security-and-quality + # run an 'alert-suppression' query + packs: "codeql/${{ matrix.language }}-queries:AlertSuppression.ql" #- name: Autobuild # uses: github/codeql-action/autobuild@v2 @@ -62,4 +64,21 @@ jobs: uv pip install --system '.[test]' - name: Perform CodeQL Analysis + id: analyze uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" + # define the output folder for SARIF files + output: sarif-results + + # Unlock inline mechanism to suppress CodeQL warnings. + # https://github.com/github/codeql/issues/11427#issuecomment-1721059096 + - name: Dismiss alerts + # if: github.ref == 'refs/heads/main' + uses: advanced-security/dismiss-alerts@v1 + with: + # specify a 'sarif-id' and 'sarif-file' + sarif-id: ${{ steps.analyze.outputs.sarif-id }} + sarif-file: sarif-results/${{ matrix.language }}.sarif + env: + GITHUB_TOKEN: ${{ github.token }} diff --git a/src/crate/client/__init__.py b/src/crate/client/__init__.py index 35a53d6e..61a61a88 100644 --- a/src/crate/client/__init__.py +++ b/src/crate/client/__init__.py @@ -31,6 +31,7 @@ # regex! __version__ = "1.0.0" +# codeql[py/unused-global-variable] apilevel = "2.0" threadsafety = 1 paramstyle = "qmark" From 854c1daa201f11fd4a84f596a479ecde42879cb3 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Sat, 23 Nov 2024 13:46:14 +0100 Subject: [PATCH 5/6] CI: Migrate to `astral-sh/setup-uv` --- .github/workflows/codeql.yml | 4 +++- .github/workflows/nightly.yml | 4 +++- .github/workflows/release.yml | 4 +++- .github/workflows/tests.yml | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0e099fca..ac07837e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,7 +45,9 @@ jobs: setup.py - name: Install uv - uses: yezz123/setup-uv@v4 + uses: astral-sh/setup-uv@v3 + with: + version: "latest" - name: Initialize CodeQL uses: github/codeql-action/init@v3 diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 74b1bdd1..1b9b74e2 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -33,7 +33,9 @@ jobs: cache-dependency-path: 'setup.py' - name: Install uv - uses: yezz123/setup-uv@v4 + uses: astral-sh/setup-uv@v3 + with: + version: "latest" - name: Invoke tests run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 63de61dc..de847c46 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,9 @@ jobs: cache-dependency-path: 'setup.py' - name: Install uv - uses: yezz123/setup-uv@v4 + uses: astral-sh/setup-uv@v3 + with: + version: "latest" - name: Build package run: | diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index b7b4f964..6f9b0029 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -48,7 +48,9 @@ jobs: cache-dependency-path: setup.py - name: Install uv - uses: yezz123/setup-uv@v4 + uses: astral-sh/setup-uv@v3 + with: + version: "latest" - name: Invoke tests run: | From b2804d4c9edc7631e8208efb085dd8b4bbc882b7 Mon Sep 17 00:00:00 2001 From: Andreas Motl Date: Sat, 23 Nov 2024 14:08:05 +0100 Subject: [PATCH 6/6] Release 1.0.1 --- CHANGES.rst | 5 +++++ src/crate/client/__init__.py | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index a77fcc1a..2cf9c9dd 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -4,6 +4,11 @@ Changes for crate Unreleased ========== + + +2024/11/23 1.0.1 +================ + - Python: Fixed "implicit namespace packages" migration by omitting ``__init__.py`` from ``crate`` namespace package, see `PEP 420`_ and `Package Discovery and Namespace Package » Finding namespace packages`_. diff --git a/src/crate/client/__init__.py b/src/crate/client/__init__.py index 61a61a88..2fec7abd 100644 --- a/src/crate/client/__init__.py +++ b/src/crate/client/__init__.py @@ -29,7 +29,7 @@ # version string read from setup.py using a regex. Take care not to break the # regex! -__version__ = "1.0.0" +__version__ = "1.0.1" # codeql[py/unused-global-variable] apilevel = "2.0" pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy