Matthias Mair
8bb03b7afd
feat(backend): add oauth2 ( #9333 )
...
* feat(backend): add oauth2
* fix import
* Add inventree roles
* refactor to make lookup more efficient
* fix single scope definitions
* cleanup
* fix schema
* reduce auth methods
* fix OAuth validator
* re-enable token and basic auth again
* Add models to role mapping
* change scope args
* add debug step for schema generation
* add oauth config for schema generation
* improve token -> permission mapping
* fix req
* extend checks to ensure normal auth also passes
* fix api version
* fix ignore
* fix rule name
* bump api version
* remove old modelref
* move scope definition
* make test results easier to work with
* add tests to ensure scopes are in sync with rulesets
* fix docstring
* fix various permissions and their mapping to oauth
* refactor
* simplify
* fix permission mapping
* ignore failure cases
* fix unauthenticated access
* flag oAuth2 till it is done
* Add OIDC support
* add RSA key generation and docs
* fix test
* move imports
* update ignore
* feat(backend): Add API Schema stats
* add scope stats
* fix name
* fix scope output
* feat(backend): test custom command
* add warning for unknown scopes
* reduce diff in launch.json
* cleanup diff
* add error code for ruleset / scope issues
* update structure
* add oauth docs
* add experimetnal feature docs
* simplify metadata endpoint
* add importer model
* refactor(backend): simplify metadata endpoint
* fix imports
* simplify even more
* remove unneeded schema tooling
* fix permission mappings
* fix testing
* fix role calculations
* fix mapping
* remove importer change to unblock this
* remove importer scope everywhere
* fix merge conflict in test
* add missing models
* fix api version
* fix OASToken matcher
* revert permission class change
* reduce size of test log by writing schema
* fix permissions
* fix file path
* extend schema to remove need for TokenMatchesOASRequirements
* cleanup permissions file
* add base object permission
2025-04-18 19:27:32 +10:00
dependabot[bot]
a1b34f5591
Bump actions/setup-python from 5.4.0 to 5.5.0 in the dependencies group ( #9386 )
...
Bumps the dependencies group with 1 update: [actions/setup-python](https://github.com/actions/setup-python ).
Updates `actions/setup-python` from 5.4.0 to 5.5.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](42375524e2...8d9ed9ac5c
2025-03-26 13:49:28 +11:00
Matthias Mair
9bc0d599bc
chore: improve ci security ( #9384 )
...
* pin docker files
* pin github actions
* enforce hashes that are already present
* run style checks on cicd changes
2025-03-26 13:04:45 +11:00
dependabot[bot]
9c2ea28933
Bump docker/login-action from 3.3.0 to 3.4.0 in the dependencies group ( #9328 )
...
Bumps the dependencies group with 1 update: [docker/login-action](https://github.com/docker/login-action ).
Updates `docker/login-action` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](9780b0c442...74a5d14239
2025-03-18 07:23:05 +11:00
Oliver
191c0b1007
Docker Compose Fix ( #9311 )
...
* Fix postgres version in docker-compose file
- Pin to version 16
- Compatible with the alpine image
* Add check for backup and restore procedures
2025-03-16 10:43:40 +11:00
dependabot[bot]
038864e28b
Bump the dependencies group with 6 updates ( #9224 )
...
Bumps the dependencies group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) | `3.4.0` | `3.6.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.9.0` | `3.10.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action ) | `5.6.1` | `5.7.0` |
| [actions/download-artifact](https://github.com/actions/download-artifact ) | `4.1.8` | `4.1.9` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `5.3.1` | `5.4.0` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) | `2.2.0` | `2.2.2` |
Updates `docker/setup-qemu-action` from 3.4.0 to 3.6.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](4574d27a47...29109295f8https://github.com/docker/setup-buildx-action/releases )
- [Commits](f7ce87c1d6...b5ca514318https://github.com/docker/metadata-action/releases )
- [Commits](369eb591f4...902fa8ec7dhttps://github.com/actions/download-artifact/releases )
- [Commits](fa0a91b85d...cc20338598https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](13ce06bfc6...0565863a31https://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](520d128f16...bd77c07785
2025-03-10 21:11:05 +11:00
dependabot[bot]
ce813e0c28
Bump the dependencies group with 5 updates ( #9173 )
...
Bumps the dependencies group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.8.0` | `3.8.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.6.0` | `4.6.1` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.28.9` | `3.28.10` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) | `2.4.0` | `2.4.1` |
| [crowdin/github-action](https://github.com/crowdin/github-action ) | `2.6.0` | `2.6.1` |
Updates `sigstore/cosign-installer` from 3.8.0 to 3.8.1
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](c56c2d3e59...d7d6bc7722https://github.com/actions/upload-artifact/releases )
- [Commits](65c4c4a1dd...4cec3d8aa0https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9e8d0789d4...b56ba49b26https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](62b2cac7ed...f49aabe0b5https://github.com/crowdin/github-action/releases )
- [Commits](a828bb1ae3...2cc7959c56
2025-02-25 07:03:41 +11:00
dependabot[bot]
4df6e980ba
Bump the dependencies group with 3 updates ( #9059 )
...
Bumps the dependencies group with 3 updates: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ), [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/setup-qemu-action` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](53851d1459...4574d27a47https://github.com/docker/setup-buildx-action/releases )
- [Commits](6524bf65af...f7ce87c1d6https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](dd746615b3...9e8d0789d4
2025-02-11 07:53:53 +11:00
dependabot[bot]
d69592ad4b
Bump sigstore/cosign-installer in the dependencies group ( #9034 )
...
Bumps the dependencies group with 1 update: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ).
Updates `sigstore/cosign-installer` from 3.7.0 to 3.8.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](dc72c7d5c4...c56c2d3e59
2025-02-08 15:02:42 +11:00
dependabot[bot]
62c6e3eb7a
Bump the dependencies group with 2 updates ( #9023 )
...
Bumps the dependencies group with 2 updates: [actions/setup-python](https://github.com/actions/setup-python ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/setup-python` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](0b93645e9f...42375524e2https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f6091c0113...dd746615b3
2025-02-04 08:40:15 +11:00
dependabot[bot]
ea1b2e3079
Bump the dependencies group with 4 updates ( #8889 )
...
Bumps the dependencies group with 4 updates: [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ), [actions/upload-artifact](https://github.com/actions/upload-artifact ), [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/setup-qemu-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](49b3bc8e6b...53851d1459https://github.com/actions/upload-artifact/releases )
- [Commits](6f51ac03b9...65c4c4a1ddhttps://github.com/stefanzweifel/git-auto-commit-action/releases )
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md )
- [Commits](8621497c8c...e348103e90https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](48ab28a6f5...b6a472f63d
2025-01-14 07:05:21 +11:00
Oliver
0614f01247
Docker fix ( #8835 )
...
* Fix server command in Dockerfile
* Ensure invoke is installed into the venv
* Run extra check in docker build step
* Improve documentation
* Intercept ModuleNotFoundError
- Clear error message
* Docs updates
* Add extra check to dev docker build
* Cleanup tasks.py
* Prevent double activation of venv
* Change order of operations
---------
Co-authored-by: Matthias Mair <code@mjmair.com>
2025-01-06 09:46:16 +11:00
Oliver
1c2ad94bb7
Remove old script for calculating translation stats ( #8787 )
...
* Remove old script for calculating translation stats
* Update tasks.py
* Adjust unit test call
2024-12-29 20:41:14 +11:00
Matthias Mair
6fc7c4d2fe
Docker improve build times ( #8680 )
...
* Update docker.yaml (#278 )
* update README.md
2024-12-17 10:13:58 +11:00
Matthias Mair
9dc4fc1f8f
[CI] Add zimor to check github action security ( #8639 )
...
* Add zimor to checks
* fix format
* use same version of checkout everywhere
* do only persist credentials if needed
* remove duplicate clones
* fix pin syntax
* fix pins
* fix template injection
* another injection fix
* Revert "remove duplicate clones"
This reverts commit 9a00ae2bbb1ef5c6ab5610dd4efc313ec285f12f.
* Add GH token for further rules
2024-12-17 10:12:51 +11:00
dependabot[bot]
1e4e3e65cc
Bump the dependencies group with 5 updates ( #8673 )
...
Bumps the dependencies group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.7.1` | `3.8.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.17.8` | `0.17.9` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance ) | `2.0.1` | `2.1.0` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.27.6` | `3.27.9` |
| [crowdin/github-action](https://github.com/crowdin/github-action ) | `2.4.0` | `2.5.0` |
Updates `docker/setup-buildx-action` from 3.7.1 to 3.8.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](c47758b77c...6524bf65afhttps://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](55dc4ee224...df80a981bchttps://github.com/actions/attest-build-provenance/releases )
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md )
- [Commits](c4fbc64884...7668571508https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](aa57810251...df409f7d92https://github.com/crowdin/github-action/releases )
- [Commits](a9ffb7d5ac...8dfaf9c206
2024-12-17 08:01:54 +11:00
dependabot[bot]
9ab18f1da7
Bump docker/build-push-action in the dependencies group ( #8620 )
...
Bumps the dependencies group with 1 update: [docker/build-push-action](https://github.com/docker/build-push-action ).
Updates `docker/build-push-action` from 6.9.0 to 6.10.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](4f58ea7922...48aba3b46d
2024-12-03 14:04:51 +11:00
dependabot[bot]
0fa7ed2742
Bump the dependencies group with 5 updates ( #8556 )
...
Bumps the dependencies group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [docker/metadata-action](https://github.com/docker/metadata-action ) | `5.5.1` | `5.6.1` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `5.0.2` | `5.0.7` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.17.7` | `0.17.8` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.27.4` | `3.27.5` |
| [crowdin/github-action](https://github.com/crowdin/github-action ) | `2.3.0` | `2.4.0` |
Updates `docker/metadata-action` from 5.5.1 to 5.6.1
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Commits](8e5442c4ef...369eb591f4https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](5c47607acb...015f24e681https://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](fc46e51fd3...55dc4ee224https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](ea9e4e3799...f09c1c0a94https://github.com/crowdin/github-action/releases )
- [Commits](2d540f18b0...a9ffb7d5ac
2024-11-26 07:34:51 +11:00
dependabot[bot]
5464bc5a8a
Bump the dependencies group across 1 directory with 5 updates ( #8426 )
...
Bumps the dependencies group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `4.2.1` | `4.2.2` |
| [actions/setup-python](https://github.com/actions/setup-python ) | `5.2.0` | `5.3.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action ) | `0.17.4` | `0.17.6` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.26.13` | `3.27.0` |
| [crowdin/github-action](https://github.com/crowdin/github-action ) | `2.2.0` | `2.3.0` |
Updates `actions/checkout` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](eef61447b9...11bd71901bhttps://github.com/actions/setup-python/releases )
- [Commits](f677139bbe...0b93645e9fhttps://github.com/anchore/sbom-action/releases )
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md )
- [Commits](8d0a6505bf...251a468eedhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](f779452ac5...662472033ehttps://github.com/crowdin/github-action/releases )
- [Commits](95d6e895e8...2d540f18b0
2024-11-11 06:18:32 +11:00
dependabot[bot]
44d9484715
Bump the dependencies group with 6 updates ( #8253 )
...
Bumps the dependencies group with 6 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `4.2.0` | `4.2.1` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.6.1` | `3.7.1` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) | `3.6.0` | `3.7.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.4.0` | `4.4.1` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action ) | `4.5.0` | `4.6.0` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.26.10` | `3.26.12` |
Updates `actions/checkout` from 4.2.0 to 4.2.1
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](d632683dd7...eef61447b9https://github.com/docker/setup-buildx-action/releases )
- [Commits](988b5a0280...c47758b77chttps://github.com/sigstore/cosign-installer/releases )
- [Commits](4959ce089c...dc72c7d5c4https://github.com/actions/upload-artifact/releases )
- [Commits](50769540e7...604373da63https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](e28ff129e5...b9fd7d16f6https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](e2b3eafc8d...c36620d31a
2024-10-08 07:38:23 +11:00
dependabot[bot]
019b08af3f
Bump the dependencies group with 2 updates ( #8223 )
...
Bumps the dependencies group with 2 updates: [docker/build-push-action](https://github.com/docker/build-push-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/build-push-action` from 6.8.0 to 6.9.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](32945a3392...4f58ea7922https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](461ef6c76d...e2b3eafc8d
2024-10-01 07:37:11 +10:00
Matthias Mair
cbe4569416
Bump the dependencies group across 1 directory with 5 updates ( #8215 )
...
Bumps the dependencies group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [sqren/backport-github-action](https://github.com/sqren/backport-github-action ) | `8.9.3` | `9.5.1` |
| [actions/checkout](https://github.com/actions/checkout ) | `4.1.7` | `4.2.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action ) | `6.7.0` | `6.8.0` |
| [oasdiff/oasdiff-action](https://github.com/oasdiff/oasdiff-action ) | `a2ff6682b27d175162a74c09ace8771bd3d512f8` | `1c611ffb1253a72924624aa4fb662e302b3565d3` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.26.8` | `3.26.9` |
Updates `sqren/backport-github-action` from 8.9.3 to 9.5.1
- [Release notes](https://github.com/sqren/backport-github-action/releases )
- [Commits](f54e19901f...ad888e9780https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](692973e3d9...d632683dd7https://github.com/docker/build-push-action/releases )
- [Commits](5cd11c3a4c...32945a3392https://github.com/oasdiff/oasdiff-action/releases )
- [Commits](a2ff6682b2...1c611ffb12https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](294a9d9291...461ef6c76d
2024-09-30 21:12:36 +10:00
Matthias Mair
e3205184be
Add namespaces to tasks ( #7904 )
...
* Namespaces for invoke tasks
Fixes #7852
* adjust various places that call re-namespaced tasks
* use full invoke command
easier for future refactors
* fix call name
* move worker to int
* adapt calls in tasks
* fix changed path
* ignore localhost links
* Avoid using internal names
2024-09-05 13:04:57 +10:00
dependabot[bot]
17d087446c
Bump the dependencies group with 3 updates ( #8057 )
...
Bumps the dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/setup-python` from 5.1.1 to 5.2.0
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](39cd14951b...f677139bbehttps://github.com/actions/upload-artifact/releases )
- [Commits](834a144ee9...50769540e7https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2c779ab0d0...4dd16135b6
2024-09-03 10:10:57 +10:00
dependabot[bot]
0c30f7cc99
Bump the dependencies group with 2 updates ( #7925 )
...
Bumps the dependencies group with 2 updates: [docker/build-push-action](https://github.com/docker/build-push-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/build-push-action` from 6.6.1 to 6.7.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](16ebe778df...5cd11c3a4chttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](eb055d739a...883d8588e5
2024-08-20 09:38:02 +10:00
dependabot[bot]
3f2e47497c
Bump the dependencies group with 4 updates ( #7860 )
...
Bumps the dependencies group with 4 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ), [docker/build-push-action](https://github.com/docker/build-push-action ), [actions/upload-artifact](https://github.com/actions/upload-artifact ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `sigstore/cosign-installer` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](59acb6260d...4959ce089chttps://github.com/docker/build-push-action/releases )
- [Commits](5176d81f87...16ebe778dfhttps://github.com/actions/upload-artifact/releases )
- [Commits](89ef406dd8...834a144ee9https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](afb54ba388...eb055d739a
2024-08-13 09:43:07 +10:00
Matthias Mair
41f6dd69b8
Adjust docker labels to modern OCI schema ( #7773 )
...
* adapt namespace
* add new labels
* make baseimage available for labels
* remove unneeded ending
* ensure image name is correct for ghcrio
* ensure the right outputs are used
* fix reference
* fix assigment
* only push docker reg image if authd
* swith back to env
this gets provided by the version ci script
* make repo targets changeable
* make readable
* revert ghcr.io change
2024-08-11 11:03:18 +10:00
dependabot[bot]
3733e8a417
Bump the dependencies group across 1 directory with 5 updates ( #7811 )
...
Bumps the dependencies group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.5.0` | `3.6.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.4` | `4.3.5` |
| [oasdiff/oasdiff-action](https://github.com/oasdiff/oasdiff-action ) | `205ce7e2c5ae1511e720cbd307cae79fd7d4a909` | `a2ff6682b27d175162a74c09ace8771bd3d512f8` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) | `2.3.3` | `2.4.0` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.25.13` | `3.25.15` |
Updates `docker/setup-buildx-action` from 3.5.0 to 3.6.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](aa33708b10...988b5a0280https://github.com/actions/upload-artifact/releases )
- [Commits](0b2256b8c0...89ef406dd8https://github.com/oasdiff/oasdiff-action/releases )
- [Commits](205ce7e2c5...a2ff6682b2https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7edhttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2d790406f5...afb54ba388
2024-08-10 08:13:43 +10:00
dependabot[bot]
b10a20d1ef
Bump the dependencies group with 5 updates ( #7712 )
...
Bumps the dependencies group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) | `3.1.0` | `3.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.4.0` | `3.5.0` |
| [docker/login-action](https://github.com/docker/login-action ) | `3.2.0` | `3.3.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action ) | `6.4.0` | `6.5.0` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.25.12` | `3.25.13` |
Updates `docker/setup-qemu-action` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](5927c834f5...49b3bc8e6bhttps://github.com/docker/setup-buildx-action/releases )
- [Commits](4fd812986e...aa33708b10https://github.com/docker/login-action/releases )
- [Commits](0d4c9c5ea7...9780b0c442https://github.com/docker/build-push-action/releases )
- [Commits](a254f8ca60...5176d81f87https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](4fa2a79536...2d790406f5
2024-07-24 14:09:36 +10:00
dependabot[bot]
0d2424a3d9
Bump the dependencies group with 3 updates ( #7661 )
...
Bumps the dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python ), [docker/build-push-action](https://github.com/docker/build-push-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/setup-python` from 5.1.0 to 5.1.1
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](82c7e631bb...39cd14951bhttps://github.com/docker/build-push-action/releases )
- [Commits](1a162644f9...a254f8ca60https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b611370bb5...4fa2a79536
2024-07-16 09:44:07 +10:00
dependabot[bot]
c05cf86c8e
Bump the dependencies group with 5 updates ( #7590 )
...
Bumps the dependencies group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) | `3.0.0` | `3.1.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.3.0` | `3.4.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action ) | `6.2.0` | `6.3.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.3` | `4.3.4` |
| [actions/download-artifact](https://github.com/actions/download-artifact ) | `4.1.7` | `4.1.8` |
Updates `docker/setup-qemu-action` from 3.0.0 to 3.1.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](68827325e0...5927c834f5https://github.com/docker/setup-buildx-action/releases )
- [Commits](d70bba72b1...4fd812986ehttps://github.com/docker/build-push-action/releases )
- [Commits](15560696de...1a162644f9https://github.com/actions/upload-artifact/releases )
- [Commits](65462800fd...0b2256b8c0https://github.com/actions/download-artifact/releases )
- [Commits](65a9edc588...fa0a91b85d
2024-07-09 13:35:17 +10:00
dependabot[bot]
13ee755ad3
Bump the dependencies group with 2 updates ( #7541 )
...
Bumps the dependencies group with 2 updates: [docker/build-push-action](https://github.com/docker/build-push-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/build-push-action` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](31159d49c0...15560696dehttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](23acc5c183...b611370bb5
2024-07-07 08:07:15 +10:00
dependabot[bot]
c6ad902ccc
Bump docker/build-push-action in the dependencies group ( #7502 )
...
Bumps the dependencies group with 1 update: [docker/build-push-action](https://github.com/docker/build-push-action ).
Updates `docker/build-push-action` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](c382f710d3...31159d49c0
2024-06-25 09:27:07 +10:00
Oliver
432e0c622c
Single table for file attachments ( #7420 )
...
* Add basic model for handling generic attachments
* Refactor migration
* Data migration to convert old files across
* Admin updates
* Increase comment field max_length
* Adjust field name
* Remove legacy serializer classes / endpoints
* Expose new model to API
* Admin site list filters
* Remove legacy attachment models
- Add new mixin class to designate which models can have attachments
* Update data migration
- Ensure other apps are at the correct migration state beforehand
* Add migrations to remove legacy attachment tables
* Fix for "rename_attachment" callback
* Refactor model_type field
- ContentType does not allow easy API serialization
* Set allowed options for admin
* Update model verbose names
* Fix logic for file upload
* Add choices for serializer
* Add API filtering
* Fix for API filter
* Fix for attachment tables in PUI
- Still not solved permission issues
* Bump API version
* Record user when uploading attachment via API
* Refactor <AttachmentTable /> for PUI
* Display 'file_size' in PUI attachment table
* Fix company migrations
* Include permission informtion in roles API endpoint
* Read user permissions in PUI
* Simplify permission checks for <AttachmentTable />
* Automatically clean up old content types
* Cleanup PUI
* Fix typo in data migration
* Add reverse data migration
* Update unit tests
* Use InMemoryStorage for media files in test mode
* Data migration unit test
* Fix "model_type" field
- It is a required field after all
* Add permission check for serializer
* Fix permission check for CUI
* Fix PUI import
* Test python lib against specific branch
- Will be reverted once code is merged
* Revert STORAGES setting
- Might be worth looking into again
* Fix part unit test
* Fix unit test for sales order
* Use 'get_global_setting'
* Use 'get_global_setting'
* Update setting getter
* Unit tests
* Tweaks
* Revert change to settings.py
* More updates for get_global_setting
* Relax API query count requirement
* remove illegal chars and add unit tests
* Fix unit tests
* Fix frontend unit tests
* settings management updates
* Prevent db write under more conditions
* Simplify settings code
* Pop values before creating filters
* Prevent settings write under certain conditions
* Add debug msg
* Clear db on record import
* Refactor permissions checks
- Allows extension / customization of permission checks at a later date
* Unit test updates
* Prevent delete of attachment without correct permissions
* Adjust odcker.yaml
* Cleanup data migrations
* Tweak migration tests for build app
* Update data migration
- Handle case with missing data
* Prevent debug shell in TESTING mode
* Update migration dependencies
- Ensure all apps are "up to date" before removing legacy tables
* add file size test
* Update migration tests
* Revert some settings caching changes
* Fix incorrect logic in migration
* Update unit tests
* Prevent create on CURRENCY_CODES
- Seems to play havoc with bootup sequence
* Fix unit test
* Some refactoring
- Use get_global_setting
* Fix typo
* Revert change
* Add "tags" and "metadata"
* Include "tags" field in API serializer
* add "metadata" endpoint for attachments
2024-06-19 14:38:46 +10:00
dependabot[bot]
2c50620acc
Bump the dependencies group with 4 updates ( #7462 )
...
Bumps the dependencies group with 4 updates: [actions/checkout](https://github.com/actions/checkout ), [docker/build-push-action](https://github.com/docker/build-push-action ), [codecov/codecov-action](https://github.com/codecov/codecov-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9https://github.com/docker/build-push-action/releases )
- [Commits](ca052bb54a...c382f710d3https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](125fc84a9a...e28ff129e5https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](2e230e8fe0...23acc5c183
2024-06-18 23:42:05 +10:00
dependabot[bot]
1a57973b4d
Bump the dependencies group across 1 directory with 3 updates ( #7427 )
...
Bumps the dependencies group with 3 updates in the / directory: [docker/login-action](https://github.com/docker/login-action ), [docker/build-push-action](https://github.com/docker/build-push-action ) and [github/codeql-action](https://github.com/github/codeql-action ).
Updates `docker/login-action` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](e92390c5fb...0d4c9c5ea7https://github.com/docker/build-push-action/releases )
- [Commits](2cdde995de...ca052bb54ahttps://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](9fdb3e4972...2e230e8fe0
2024-06-11 23:30:09 +10:00
Matthias Mair
bdebf878c3
Fixes for installer ( #7344 )
...
* - move reqs file to contrib
- detect previously used python version
- safe extra requirements to INSTALLER_EXTRA
* add missing fi
* move site setting
2024-05-27 17:49:05 +10:00
dependabot[bot]
1c6e81eae5
--- ( #7276 )
...
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-minor
dependency-group: dependencies
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
dependency-group: dependencies
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-21 15:10:06 +10:00
Oliver
2265055785
Docker fix ( #7228 )
...
* Copy requirements file
* Test more files when building docker image
* Refactor install task
* Raise exception
* Run install task
* Fix typos
- The tests work!
2024-05-15 09:19:35 +10:00
dependabot[bot]
770dbb9c35
Bump the dependencies group with 2 updates ( #7169 )
...
Bumps the dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout ) and [codecov/codecov-action](https://github.com/codecov/codecov-action ).
Updates `actions/checkout` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](0ad4b8fada...44c2b7a8a4https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](84508663e9...5ecb98a3c6
2024-05-09 07:04:38 +10:00
dependabot[bot]
6837b0e753
Bump the dependencies group across 1 directory with 5 updates ( #7134 )
...
Bumps the dependencies group with 5 updates in the / directory:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout ) | `3.1.0` | `4.1.4` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) | `3.2.0` | `3.3.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact ) | `4.3.1` | `4.3.3` |
| [actions/download-artifact](https://github.com/actions/download-artifact ) | `4.1.4` | `4.1.7` |
| [github/codeql-action](https://github.com/github/codeql-action ) | `3.25.0` | `3.25.3` |
Updates `actions/checkout` from 3.1.0 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v3.1.0...0ad4b8fadaa221de15dcec353f45205ec38ea70b )
Updates `docker/setup-buildx-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](2b51285047...d70bba72b1https://github.com/actions/upload-artifact/releases )
- [Commits](5d5d22a312...65462800fdhttps://github.com/actions/download-artifact/releases )
- [Commits](c850b930e6...65a9edc588https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](df5a14dc28...d39d31e687
2024-04-30 07:47:18 +10:00
Matthias Mair
d2827df3b8
fix ci filters ( #7121 )
2024-04-27 10:51:42 +10:00
Matthias Mair
938c724395
Pin hashes in requirements ( #7081 )
...
* use global pin for requests
* unify on yaml for workflo files
* format workflow files
* pin action versions
* fix pinned version
* use system venv
* switch args
* remove uv for now and add setting for pyyaml
* use requirements file
* also switch on docker flow
* generate hashes
* added hashes to reqs
* add hashes for CI too
* add hash checking
* require hashes everywhere possible
* require hashes where possible in docker
2024-04-23 17:15:52 +10:00
Matthias Mair
ca03562d25
[CI] Small nitpick changes ( #7016 )
...
* use global pin for requests
* unify on yaml for workflo files
* format workflow files
* pin action versions
* fix pinned version
* use system venv
* switch args
* remove uv for now and add setting for pyyaml
* fix qc args
* bix doc paths
2024-04-21 22:20:13 +10:00
dependabot[bot]
1c67a92958
Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 ( #7035 )
...
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer ) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases )
- [Commits](e1523de757...59acb6260d
2024-04-16 09:56:34 +10:00
Oliver
6730cdbccf
[Docker] Fix broken production image ( #6953 )
...
* Check for presense of manage.py
* Fix directory copying
2024-04-04 23:55:55 +11:00
Oliver
d0fccaf14e
Fix docker push action ( #6934 )
2024-04-03 08:58:17 +00:00
Matthias Mair
0bace3f3af
Code structure refactor ( #5582 )
...
* moved docker files to /contrib/container
* changed code owners to make more precise
* updated CI to use new subdirs
* added manual trigger for testing
* moved ci files
* moved assets into subdir
* moved deploy template file to contrib
* moved django files to src/backend
* updated paths in scripts etc
* updated reqs path
* fixed version file path
* fixed flake8 path
* fixed path to node ressources
* fixed task paths
* added dep path for node
* removed unused yarn lockfile
* removed unused ci script
* updated internal backend paths for tasks
* updated translation stats path
* fixed source path for coverage
* fixed main commit repo path
* fit in changes from testing
* gather packager improvements (#149 )
* Matmair/issue5578 (#143 )
* moved docker files to /contrib/container
* changed code owners to make more precise
* updated CI to use new subdirs
* added manual trigger for testing
* moved ci files
* moved assets into subdir
* moved deploy template file to contrib
* moved django files to src/backend
* updated paths in scripts etc
* updated reqs path
* fixed version file path
* fixed flake8 path
* fixed path to node ressources
* fixed task paths
* added dep path for node
* removed unused yarn lockfile
* removed unused ci script
* updated internal backend paths for tasks
* updated translation stats path
* fixed source path for coverage
* fixed main commit repo path
* fix docker path
* use project dir
* move project dir command
* fixed docker paths
* another fix?
* seperate tasks out
* remove tasks
* some debugging
* ci: add .deepsource.toml
* Update .deepsource.toml
* also ignore migrations
* more debugging
* fix path issues
* remove debug script
* fix style
* change locale path
* Fixed paths for requirements
* Added dummy requirements to fool packager
* fixed exec path
* remove deepsource
---------
Co-authored-by: deepsource-io[bot] <42547082+deepsource-io[bot]@users.noreply.github.com>
* Added docs for file structure
* Fixed style errors
* updated deepsource paths
* fix deepsource paths
* fixed reqs
* merge fixes
* move newly added dirs too
* fix reqs files
* another dep fix
* merge upstream/master
* revert removal of tags
* merge upstream
* enabled detection of old config files
* adapt coverage src
* also detect and support old location for plugins.txt
* style fix
* fix ~/init.sh location
* fix requirements path
* fix config to current master
* move new folders
* fix import order
* fix paths for qc_check
* fix docs build
* fix fix path
* set docker project dir
* just use a cd
* set image path?
* set file correct
* fix copy path
* fix tasks dir
* fix init path
* fix copy path
* set prject dir
* fix paths
* remove old prod files
* fix dev env path
* set docker file
* Fix devcontainer docker compose file
* fix login attempt values
* fix init.sh path
* Fix pathing for Docker
* Docker build fix
- Set INVENTREE_BACKEND_DIR separately
* Update init.sh
* Fix path
* Update requirements.txt
* merge
* fix rq merge
* fix docker compose usage
---------
Co-authored-by: deepsource-io[bot] <42547082+deepsource-io[bot]@users.noreply.github.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2024-04-03 12:16:59 +11:00
Matthias Mair
4db61df8cd
Security improvements ( #6890 )
...
* Set write permissions at job level
* publish scorecard results
* Update scorecard.yml
* Update scorecard.yml
* Create .sonarcloud.properties
* Delete .deepsource.toml
* replace badge
* pin requests, pyyaml, jc
* pin yarn version
* pin uv
* reduce settings
* set test path
2024-04-02 17:35:01 +11:00
dependabot[bot]
7ed51dfff5
Bump actions/setup-python from 5.0.0 to 5.1.0 ( #6864 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](0a5c615913...82c7e631bb
2024-03-27 07:11:37 +11:00
