20240930 dependencies (#493)

* fix: dependency bumps and update documentation target (not used) * fix: change from safety to pip-audit * test: GHA upload/download artifact * test: hidden file flag * test: multi-merge * test: gha test2 * test: GHA test3 * test: GHA merge hidden true --------- Co-authored-by: Gavin Adams <[email protected]>
awslabs · Sep 30, 2024 · b0e4c10 · b0e4c10
1 parent bd56a6d
commit b0e4c10
Show file tree

Hide file tree

Showing 6 changed files with 810 additions and 698 deletions.
diff --git a/.github/workflows/constraints.txt b/.github/workflows/constraints.txt
@@ -3,4 +3,4 @@ nox==2022.11.21
 nox-poetry==1.0.3
 poetry-plugin-export==1.6.0
 poetry==1.7.1
-virtualenv==20.24.7
+virtualenv==20.26.4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -57,14 +57,14 @@ jobs:
 
       - name: Publish package on PyPI
         if: steps.check-version.outputs.tag
-        uses: pypa/gh-action-pypi-publish@v1.6.4
+        uses: pypa/gh-action-pypi-publish@v1.10.1
         with:
           user: __token__
           password: ${{ secrets.PYPI_TOKEN }}
 
       - name: Publish package on TestPyPI
         if: (! steps.check-version.outputs.tag)
-        uses: pypa/gh-action-pypi-publish@v1.6.4
+        uses: pypa/gh-action-pypi-publish@v1.10.1
         with:
           user: __token__
           password: ${{ secrets.TEST_PYPI_TOKEN }}

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -13,7 +13,7 @@ jobs:
       matrix:
         include:
           - { python: "3.12", os: "ubuntu-latest", session: "pre-commit" }
-          - { python: "3.12", os: "ubuntu-latest", session: "safety" }
+          - { python: "3.12", os: "ubuntu-latest", session: "pip-audit" }
           - { python: "3.12", os: "ubuntu-latest", session: "mypy" }
           - { python: "3.11", os: "ubuntu-latest", session: "mypy" }
           - { python: "3.10", os: "ubuntu-latest", session: "mypy" }
@@ -106,17 +106,28 @@ jobs:
 
       - name: Upload coverage data
         if: always() && matrix.session == 'tests'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
-          name: coverage-data
+          name: coverage-data-${{ matrix.python }}-${{ matrix.os }}
           path: ".coverage.*"
+          include-hidden-files: true
 
       - name: Upload documentation
         if: matrix.session == 'docs-build'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: docs
           path: docs/_build
+  merge:
+    runs-on: ubuntu-latest
+    needs: tests
+    steps:
+      - name: Merge Artifacts
+        uses: actions/upload-artifact/merge@v4
+        with:
+          name: coverage-data
+          pattern: coverage-data-*
+          include-hidden-files: true
 
   coverage:
     runs-on: ubuntu-latest
@@ -163,7 +174,7 @@ jobs:
           nox --version
 
       - name: Download coverage data
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: coverage-data
 

diff --git a/noxfile.py b/noxfile.py
@@ -32,7 +32,7 @@
 nox.needs_version = ">= 2021.6.6"
 nox.options.sessions = (
     "pre-commit",
-    "safety",
+    "pip-audit",
     "mypy",
     "tests",
     # "typeguard",  # require features of 3.0.0, no recent updates
@@ -143,12 +143,21 @@ def precommit(session: Session) -> None:
         activate_virtualenv_in_precommit_hooks(session)
 
 
-@session(python=python_versions[0])
-def safety(session: Session) -> None:
+# deprecated due to 2.x -> 3.x pricing model. Remove once pip-audit completed.
+# @session(python=python_versions[0])
+# def safety(session: Session) -> None:
+#     """Scan dependencies for insecure packages."""
+#     requirements = session.poetry.export_requirements()
+#     session.install("safety")
+#     session.run("safety", "check", "--full-report", f"--file={requirements}")
+
+
+@session(name="pip-audit", python=python_versions[0])
+def pipaudit(session: Session) -> None:
     """Scan dependencies for insecure packages."""
     requirements = session.poetry.export_requirements()
-    session.install("safety")
-    session.run("safety", "check", "--full-report", f"--file={requirements}")
+    session.install("pip-audit")
+    session.run("pip-audit", "--desc=on", f"--requirement={requirements}")
 
 
 @session(python=python_versions)