From 29b5c554d618a51b9c8a9843251431cd3c13dd32 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Fri, 12 Mar 2021 10:42:59 -0800 Subject: [PATCH 1/6] allow automatic version bumping --- .github/workflows/lemur-publish-release-pypi.yml | 10 ++++++++++ lemur/__about__.py | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/lemur-publish-release-pypi.yml b/.github/workflows/lemur-publish-release-pypi.yml index 26185489..816146d0 100644 --- a/.github/workflows/lemur-publish-release-pypi.yml +++ b/.github/workflows/lemur-publish-release-pypi.yml @@ -18,6 +18,16 @@ jobs: uses: actions/setup-python@v2 with: python-version: '3.x' + - name: Autobump version + run: | + # from refs/tags/v0.8.1 get 0.8.1 + VERSION=$(echo $GITHUB_REF | sed 's#.*/v##') + PLACEHOLDER='__version__ = "develop"' + VERSION_FILE='lemur/__about__.py' + # in case placeholder is missing, exists with code 1 and github actions aborts the build + grep "$PLACEHOLDER" "$VERSION_FILE" + sed -i "s/$PLACEHOLDER/__version__ = \"${VERSION}\"/g" "$VERSION_FILE" + shell: bash - name: Install dependencies run: | python -m pip install --upgrade pip diff --git a/lemur/__about__.py b/lemur/__about__.py index b0d09167..2a6db3c1 100644 --- a/lemur/__about__.py +++ b/lemur/__about__.py @@ -15,7 +15,7 @@ __title__ = "lemur" __summary__ = "Certificate management and orchestration service" __uri__ = "https://github.com/Netflix/lemur" -__version__ = "0.8.1" +__version__ = "develop" __author__ = "The Lemur developers" __email__ = "security@netflix.com" From 1d486cf1fd69dc7a37d416866004ea9fc4aafb88 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Fri, 12 Mar 2021 11:49:17 -0800 Subject: [PATCH 2/6] updated docs for automated release --- docs/doing-a-release.rst | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst index 747668fb..02733f89 100644 --- a/docs/doing-a-release.rst +++ b/docs/doing-a-release.rst @@ -1,9 +1,17 @@ Doing a release =============== -Doing a release of ``lemur`` requires a few steps. +Doing a release of ``lemur`` is now mostly automated and consists of the following steps: -Bumping the version number +* Raise a PR to add the release date and summary in the :doc:`/changelog`. +* Merge above PR and create a new `Github release `_: set the tag starting with v, e.g., v0.9.0 + +The `publish workflow `_ uses the git +tag to set the release version. + +The following describes the manual release steps, which is now obsolete: + +Manually Bumping the version number -------------------------- The next step in doing a release is bumping the version number in the @@ -14,7 +22,7 @@ software. * Do a commit indicating this, and raise a pull request with this. * Wait for it to be merged. -Performing the release +Manually Performing the release ---------------------- The commit that merged the version number bump is now the official release From a0a5e66cc3a033ea4da121b651dbb2b152ef7a23 Mon Sep 17 00:00:00 2001 From: Hossein Shafagh Date: Fri, 12 Mar 2021 12:10:38 -0800 Subject: [PATCH 3/6] fixing broken doc --- docs/doing-a-release.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst index 02733f89..8e24e7c1 100644 --- a/docs/doing-a-release.rst +++ b/docs/doing-a-release.rst @@ -12,7 +12,7 @@ tag to set the release version. The following describes the manual release steps, which is now obsolete: Manually Bumping the version number --------------------------- +----------------------------------- The next step in doing a release is bumping the version number in the software. @@ -23,7 +23,7 @@ software. * Wait for it to be merged. Manually Performing the release ----------------------- +------------------------------- The commit that merged the version number bump is now the official release commit for this release. You need an `API key `_, From 0d388a85bb2c2350e1dfcf22709b4d40d6eba85b Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 15 Mar 2021 13:49:12 +0000 Subject: [PATCH 4/6] Bump boto3 from 1.17.22 to 1.17.27 Bumps [boto3](https://github.com/boto/boto3) from 1.17.22 to 1.17.27. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.17.22...1.17.27) Signed-off-by: dependabot-preview[bot] --- requirements-docs.txt | 73 +++++++++++++++++++++++++++++++++++++++--- requirements-tests.txt | 61 +++++++++++++++++++++++++++++++++-- requirements.txt | 44 ++++++++++++++++++++++--- 3 files changed, 165 insertions(+), 13 deletions(-) diff --git a/requirements-docs.txt b/requirements-docs.txt index 84357685..9906a3ea 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -5,7 +5,10 @@ # pip-compile --no-index --output-file=requirements-docs.txt requirements-docs.in # acme==1.13.0 - # via -r requirements-docs.in + # via + # -r requirements-docs.in + # -r requirements-tests.txt + # certbot alabaster==0.7.12 # via sphinx alembic==1.5.5 @@ -48,7 +51,7 @@ blinker==1.4 # flask-mail # flask-principal # raven -boto3==1.17.22 +boto3==1.17.27 # via # -r requirements-docs.in # -r requirements-tests.txt @@ -58,7 +61,7 @@ boto==2.49.0 # via # -r requirements-tests.txt # moto -botocore==1.20.22 +botocore==1.20.27 # via # -r requirements-docs.in # -r requirements-tests.txt @@ -67,6 +70,9 @@ botocore==1.20.22 # moto # s3transfer certbot==1.13.0 + # via + # -r requirements-docs.in + # -r requirements-tests.txt certifi==2020.12.5 # via # -r requirements-tests.txt @@ -94,6 +100,14 @@ click==7.1.2 # flask cloudflare==2.8.15 # via -r requirements-docs.in +configargparse==1.4 + # via + # -r requirements-tests.txt + # certbot +configobj==5.0.6 + # via + # -r requirements-tests.txt + # certbot coverage==5.5 # via -r requirements-tests.txt cryptography==3.4.6 @@ -101,6 +115,7 @@ cryptography==3.4.6 # -r requirements-docs.in # -r requirements-tests.txt # acme + # certbot # josepy # moto # paramiko @@ -111,6 +126,10 @@ decorator==4.4.2 # via # -r requirements-tests.txt # networkx +distro==1.5.0 + # via + # -r requirements-tests.txt + # certbot dnspython3==1.15.0 # via -r requirements-docs.in dnspython==1.15.0 @@ -226,7 +245,9 @@ jmespath==0.9.5 josepy==1.7.0 # via # -r requirements-docs.in + # -r requirements-tests.txt # acme + # certbot jsondiff==1.1.2 # via # -r requirements-tests.txt @@ -293,6 +314,10 @@ packaging==20.3 # sphinx paramiko==2.7.2 # via -r requirements-docs.in +parsedatetime==2.6 + # via + # -r requirements-tests.txt + # certbot pathspec==0.8.0 # via # -r requirements-tests.txt @@ -339,6 +364,7 @@ pynacl==1.4.0 pyopenssl==20.0.1 # via # -r requirements-docs.in + # -r requirements-tests.txt # acme # josepy pyparsing==2.4.7 @@ -346,7 +372,10 @@ pyparsing==2.4.7 # -r requirements-tests.txt # packaging pyrfc3339==1.1 - # via acme + # via + # -r requirements-tests.txt + # acme + # certbot pyrsistent==0.16.0 # via # -r requirements-tests.txt @@ -382,6 +411,7 @@ pytz==2019.3 # -r requirements-tests.txt # acme # babel + # certbot # flask-restful # moto # pyrfc3339 @@ -406,7 +436,9 @@ regex==2020.4.4 requests-mock==1.8.0 # via -r requirements-tests.txt requests-toolbelt==0.9.1 - # via acme + # via + # -r requirements-tests.txt + # acme requests==2.25.1 # via # -r requirements-tests.txt @@ -441,6 +473,7 @@ six==1.15.0 # bandit # bcrypt # cfn-lint + # configobj # docker # ecdsa # fakeredis @@ -564,6 +597,36 @@ zipp==3.1.0 # -r requirements-tests.txt # importlib-metadata # moto +zope.component==4.6.2 + # via + # -r requirements-tests.txt + # certbot +zope.deferredimport==4.3.1 + # via + # -r requirements-tests.txt + # zope.component +zope.deprecation==4.4.0 + # via + # -r requirements-tests.txt + # zope.component +zope.event==4.5.0 + # via + # -r requirements-tests.txt + # zope.component +zope.hookable==5.0.1 + # via + # -r requirements-tests.txt + # zope.component +zope.interface==5.2.0 + # via + # -r requirements-tests.txt + # certbot + # zope.component + # zope.proxy +zope.proxy==4.3.5 + # via + # -r requirements-tests.txt + # zope.deferredimport # The following packages are considered to be unsafe in a requirements file: # setuptools diff --git a/requirements-tests.txt b/requirements-tests.txt index e0591911..49f56952 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -4,6 +4,8 @@ # # pip-compile --no-index --output-file=requirements-tests.txt requirements-tests.in # +acme==1.13.0 + # via certbot appdirs==1.4.3 # via black attrs==19.3.0 @@ -18,19 +20,20 @@ bandit==1.7.0 # via -r requirements-tests.in black==20.8b1 # via -r requirements-tests.in -boto3==1.17.22 +boto3==1.17.27 # via # aws-sam-translator # moto boto==2.49.0 # via moto -botocore==1.20.22 +botocore==1.20.27 # via # aws-xray-sdk # boto3 # moto # s3transfer certbot==1.13.0 + # via -r requirements-tests.in certifi==2020.12.5 # via requests cffi==1.14.0 @@ -43,15 +46,25 @@ click==7.1.2 # via # black # flask +configargparse==1.4 + # via certbot +configobj==5.0.6 + # via certbot coverage==5.5 # via -r requirements-tests.in cryptography==3.4.6 # via + # acme + # certbot + # josepy # moto + # pyopenssl # python-jose # sshpubkeys decorator==4.4.2 # via networkx +distro==1.5.0 + # via certbot docker==4.2.0 # via moto ecdsa==0.14.1 @@ -95,6 +108,10 @@ jmespath==0.9.5 # via # boto3 # botocore +josepy==1.7.0 + # via + # acme + # certbot jsondiff==1.1.2 # via moto jsonpatch==1.25 @@ -125,6 +142,8 @@ nose==1.3.7 # via -r requirements-tests.in packaging==20.3 # via pytest +parsedatetime==2.6 + # via certbot pathspec==0.8.0 # via black pbr==5.4.5 @@ -141,8 +160,16 @@ pycparser==2.20 # via cffi pyflakes==2.2.0 # via -r requirements-tests.in +pyopenssl==20.0.1 + # via + # acme + # josepy pyparsing==2.4.7 # via packaging +pyrfc3339==1.1 + # via + # acme + # certbot pyrsistent==0.16.0 # via jsonschema pytest-flask==1.2.0 @@ -163,7 +190,11 @@ python-dateutil==2.8.1 python-jose[cryptography]==3.1.0 # via moto pytz==2019.3 - # via moto + # via + # acme + # certbot + # moto + # pyrfc3339 pyyaml==5.4.1 # via # -r requirements-tests.in @@ -176,11 +207,15 @@ regex==2020.4.4 # via black requests-mock==1.8.0 # via -r requirements-tests.in +requests-toolbelt==0.9.1 + # via acme requests==2.25.1 # via + # acme # docker # moto # requests-mock + # requests-toolbelt # responses responses==0.10.12 # via moto @@ -193,12 +228,15 @@ six==1.15.0 # aws-sam-translator # bandit # cfn-lint + # configobj # docker # ecdsa # fakeredis + # josepy # jsonschema # moto # packaging + # pyopenssl # pyrsistent # python-dateutil # python-jose @@ -243,6 +281,23 @@ zipp==3.1.0 # via # importlib-metadata # moto +zope.component==4.6.2 + # via certbot +zope.deferredimport==4.3.1 + # via zope.component +zope.deprecation==4.4.0 + # via zope.component +zope.event==4.5.0 + # via zope.component +zope.hookable==5.0.1 + # via zope.component +zope.interface==5.2.0 + # via + # certbot + # zope.component + # zope.proxy +zope.proxy==4.3.5 + # via zope.deferredimport # The following packages are considered to be unsafe in a requirements file: # setuptools diff --git a/requirements.txt b/requirements.txt index 586f6a5c..c70b42c9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,7 +5,9 @@ # pip-compile --no-index --output-file=requirements.txt requirements.in # acme==1.13.0 - # via -r requirements.in + # via + # -r requirements.in + # certbot alembic-autogenerate-enums==0.0.2 # via -r requirements.in alembic==1.4.2 @@ -31,9 +33,9 @@ blinker==1.4 # flask-mail # flask-principal # raven -boto3==1.17.22 +boto3==1.17.27 # via -r requirements.in -botocore==1.20.22 +botocore==1.20.27 # via # -r requirements.in # boto3 @@ -41,6 +43,7 @@ botocore==1.20.22 celery[redis]==4.4.2 # via -r requirements.in certbot==1.13.0 + # via -r requirements.in certifi==2020.12.5 # via # -r requirements.in @@ -58,13 +61,20 @@ click==7.1.2 # via flask cloudflare==2.8.15 # via -r requirements.in +configargparse==1.4 + # via certbot +configobj==5.0.6 + # via certbot cryptography==3.4.6 # via # -r requirements.in # acme + # certbot # josepy # paramiko # pyopenssl +distro==1.5.0 + # via certbot dnspython3==1.15.0 # via -r requirements.in dnspython==1.15.0 @@ -126,7 +136,9 @@ jmespath==0.9.5 # boto3 # botocore josepy==1.7.0 - # via acme + # via + # acme + # certbot jsonlines==1.2.0 # via cloudflare kombu==4.6.8 @@ -151,6 +163,8 @@ ndg-httpsclient==0.5.1 # via -r requirements.in paramiko==2.7.2 # via -r requirements.in +parsedatetime==2.6 + # via certbot pem==21.1.0 # via -r requirements.in psycopg2==2.8.6 @@ -182,7 +196,9 @@ pyopenssl==20.0.1 # josepy # ndg-httpsclient pyrfc3339==1.1 - # via acme + # via + # acme + # certbot python-dateutil==2.8.1 # via # alembic @@ -198,6 +214,7 @@ pytz==2019.3 # via # acme # celery + # certbot # flask-restful # pyrfc3339 pyyaml==5.4.1 @@ -228,6 +245,7 @@ six==1.15.0 # via # -r requirements.in # bcrypt + # configobj # flask-cors # flask-restful # hvac @@ -264,6 +282,22 @@ werkzeug==1.0.1 # via flask xmltodict==0.12.0 # via -r requirements.in +zope.component==4.6.2 + # via certbot +zope.deferredimport==4.3.1 + # via zope.component +zope.deprecation==4.4.0 + # via zope.component +zope.event==4.5.0 + # via zope.component +zope.hookable==5.0.1 + # via zope.component +zope.interface==5.2.0 + # via + # certbot + # zope.component +zope.proxy==4.3.5 + # via zope.deferredimport # The following packages are considered to be unsafe in a requirements file: # setuptools From d097da685aba578d896b4c4b765d33eb8f1d9232 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 15 Mar 2021 18:06:22 +0000 Subject: [PATCH 5/6] Bump pre-commit from 2.11.0 to 2.11.1 Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/master/CHANGELOG.md) - [Commits](https://github.com/pre-commit/pre-commit/compare/v2.11.0...v2.11.1) Signed-off-by: dependabot-preview[bot] --- requirements-dev.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements-dev.txt b/requirements-dev.txt index 8bd7fe60..f6ea8caa 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -50,7 +50,7 @@ packaging==20.9 # via bleach pkginfo==1.5.0.1 # via twine -pre-commit==2.11.0 +pre-commit==2.11.1 # via -r requirements-dev.in pycodestyle==2.6.0 # via flake8 From dc1f1c247ae0017e310b919cda04cdb81694de6d Mon Sep 17 00:00:00 2001 From: Jasmine Schladen Date: Tue, 16 Mar 2021 15:39:22 -0700 Subject: [PATCH 6/6] Add config to uptake GitHub's native Dependabot with auto-merge action --- .github/dependabot.yml | 15 +++++++++++++++ .github/workflows/dependabot-auto-merge.yml | 14 ++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/dependabot-auto-merge.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..46b1d24d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ + version: 2 + updates: + - directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "08:00" + timezone: "America/Los_Angeles" + package-ecosystem: "pip" + reviewers: + - "hosseinsh" + - "csine-nflx" + - "charhate" + - "jtschladen" + versioning-strategy: lockfile-only \ No newline at end of file diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml new file mode 100644 index 00000000..be012941 --- /dev/null +++ b/.github/workflows/dependabot-auto-merge.yml @@ -0,0 +1,14 @@ +name: dependabot-auto-merge + +on: + pull_request: + +jobs: + auto-merge: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: ahmadnassri/action-dependabot-auto-merge@v2 + with: + target: minor + github-token: ${{ secrets.DEPENDABOT_GITHUB_TOKEN }} \ No newline at end of file