diff --git a/.github/linters/.python-lint b/.github/linters/.python-lint index 6de8dd2..5fad82e 100644 --- a/.github/linters/.python-lint +++ b/.github/linters/.python-lint @@ -437,6 +437,7 @@ disable=bad-inline-option, too-many-arguments, too-many-branches, too-many-locals, + too-many-positional-arguments, too-many-statements, useless-suppression, use-symbolic-message-instead, diff --git a/.github/workflows/contributors_report.yaml b/.github/workflows/contributors_report.yaml index e77cd36..57041d2 100644 --- a/.github/workflows/contributors_report.yaml +++ b/.github/workflows/contributors_report.yaml @@ -30,7 +30,7 @@ jobs: echo "END_DATE=$end_date" >> "$GITHUB_ENV" - name: Run contributor action - uses: github/contributors@1286dc8d6904a9a7f735e28b7503be164fb7d4b9 + uses: github/contributors@90922d5748ecaf8417a3b7a0eedb4892c8fa1c44 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} START_DATE: ${{ env.START_DATE }} diff --git a/.github/workflows/docker-ci.yml b/.github/workflows/docker-ci.yml index 90fe96b..14cc976 100644 --- a/.github/workflows/docker-ci.yml +++ b/.github/workflows/docker-ci.yml @@ -14,6 +14,6 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4.2.2 - name: Build the Docker image run: docker build . --file Dockerfile --platform linux/amd64 diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml index 066d389..aac4de5 100644 --- a/.github/workflows/major-version-updater.yml +++ b/.github/workflows/major-version-updater.yml @@ -15,7 +15,7 @@ jobs: contents: write steps: - name: Checkout Repo - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4.2.2 - name: version id: version @@ -25,9 +25,7 @@ jobs: tag=${GITHUB_REF/refs\/tags\//}; version=${tag#v} ; major=${version%%.*} ; - echo "tag=${tag}" >> "$GITHUB_OUTPUT" ; - echo "version=${version}" >> "$GITHUB_OUTPUT" ; - echo "major=${major}" >> "$GITHUB_OUTPUT" ; + { echo "tag=${tag}" ; echo "version=${version}" ; echo "major=${major}" ; } >> "$GITHUB_OUTPUT" ; - name: force update major tag run: | diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index ff0f30e..5eef415 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -20,9 +20,9 @@ jobs: matrix: python-version: [3.11, 3.12] steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4.2.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b + uses: actions/setup-python@v5.3.0 with: python-version: ${{ matrix.python-version }} - name: Install dependencies diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e681c61..931a016 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,7 +42,7 @@ jobs: id: get_tag_name run: | short_tag=$(echo ${{ steps.release-drafter.outputs.tag_name }} | cut -d. -f1) - echo "SHORT_TAG=$short_tag" >> $GITHUB_OUTPUT + echo "SHORT_TAG=$short_tag" >> "$GITHUB_OUTPUT" create_action_images: needs: create_release runs-on: ubuntu-latest @@ -53,17 +53,17 @@ jobs: IMAGE_NAME: ${{ github.repository }} steps: - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 - name: Log in to the Container registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@v4.2.2 - name: Push Docker Image if: ${{ success() }} - uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 with: context: . file: ./Dockerfile diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b0f9265..3d475a4 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4.2.2 with: persist-credentials: false @@ -36,12 +36,12 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@v4.5.0 with: name: SARIF file path: results.sarif retention-days: 5 - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..2d8c416 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,21 @@ +name: "Close stale issues" +on: + schedule: + - cron: "30 1 * * *" + +permissions: + issues: write + pull-requests: read + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v9.0.0 + with: + stale-issue-message: "This issue is stale because it has been open 21 days with no activity. Remove stale label or comment or this will be closed in 14 days." + close-issue-message: "This issue was closed because it has been stalled for 35 days with no activity." + days-before-stale: 21 + days-before-close: 14 + days-before-pr-close: -1 + exempt-issue-labels: keep diff --git a/.github/workflows/super-linter.yaml b/.github/workflows/super-linter.yaml index b41f192..2cf68b6 100644 --- a/.github/workflows/super-linter.yaml +++ b/.github/workflows/super-linter.yaml @@ -18,7 +18,7 @@ jobs: statuses: write steps: - name: Checkout Code - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@v4.2.2 with: fetch-depth: 0 - name: Install dependencies @@ -26,7 +26,7 @@ jobs: python -m pip install --upgrade pip pip install -r requirements.txt -r requirements-test.txt - name: Lint Code Base - uses: super-linter/super-linter@b92721f792f381cedc002ecdbb9847a15ece5bb8 + uses: super-linter/super-linter@85f7611e0f7b53c8573cca84aa0ed4344f6f6a4d env: DEFAULT_BRANCH: main GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile b/Dockerfile index 5fdb73b..6fe5a80 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ #checkov:skip=CKV_DOCKER_2 #checkov:skip=CKV_DOCKER_3 -FROM python:3.13-slim@sha256:751d8bece269ba9e672b3f2226050e7e6fb3f3da3408b5dcb5d415a054fcb061 +FROM python:3.13-slim@sha256:1127090f9fff0b8e7c3a1367855ef8a3299472d2c9ed122948a576c39addeaf1 LABEL com.github.actions.name="contributors" \ com.github.actions.description="GitHub Action that given an organization or repository, produces information about the contributors over the specified time period." \ com.github.actions.icon="users" \ diff --git a/requirements-test.txt b/requirements-test.txt index 1be36d2..75c3626 100644 --- a/requirements-test.txt +++ b/requirements-test.txt @@ -1,8 +1,8 @@ black==24.10.0 flake8==7.1.1 -mypy==1.13.0 +mypy==1.14.0 mypy-extensions==1.0.0 -pylint==3.3.1 -pytest==8.3.3 -pytest-cov==5.0.0 +pylint==3.3.3 +pytest==8.3.4 +pytest-cov==6.0.0 types-requests==2.32.0.20241016 diff --git a/test_auth.py b/test_auth.py index 7a595fe..9337abc 100644 --- a/test_auth.py +++ b/test_auth.py @@ -4,6 +4,7 @@ from unittest.mock import MagicMock, patch import auth +import requests class TestAuth(unittest.TestCase): @@ -91,6 +92,42 @@ def test_get_github_app_installation_token(self, mock_post): self.assertEqual(result, dummy_token) + @patch("github3.apps.create_jwt_headers", MagicMock(return_value="gh_token")) + @patch("auth.requests.post") + def test_get_github_app_installation_token_request_failure(self, mock_post): + """ + Test the get_github_app_installation_token function returns None when the request fails. + """ + # Mock the post request to raise a RequestException + mock_post.side_effect = requests.exceptions.RequestException("Request failed") + + # Call the function with test data + result = auth.get_github_app_installation_token( + ghe="https://api.github.com", + gh_app_id=12345, + gh_app_private_key_bytes=b"private_key", + gh_app_installation_id=678910, + ) + + # Assert that the result is None + self.assertIsNone(result) + + @patch("github3.login") + def test_auth_to_github_invalid_credentials(self, mock_login): + """ + Test the auth_to_github function raises correct ValueError + when credentials are present but incorrect. + """ + mock_login.return_value = None + with self.assertRaises(ValueError) as context_manager: + auth.auth_to_github("not_a_valid_token", "", "", b"", "", False) + + the_exception = context_manager.exception + self.assertEqual( + str(the_exception), + "Unable to authenticate to GitHub", + ) + if __name__ == "__main__": unittest.main()