diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2054df4f..0d80653b 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -4,9 +4,9 @@ on: push: branches: [ 'main' ] workflow_dispatch: - + env: - PYTHON_VERSION_DEFAULT: "3.10" + PYTHON_VERSION_DEFAULT: "3.11" POETRY_VERSION: "1.1.12" jobs: @@ -22,14 +22,14 @@ jobs: uses: actions/checkout@v3 with: fetch-depth: 0 - + - name: Setup python # see https://github.com/actions/setup-python uses: actions/setup-python@v4 with: python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' - + - name: Install and configure Poetry # See https://github.com/marketplace/actions/install-poetry-action uses: snok/install-poetry@v1 @@ -38,17 +38,17 @@ jobs: virtualenvs-create: true virtualenvs-in-project: true installer-parallel: true - + - name: Install dependencies run: poetry install --no-root - name: View poetry version run: poetry --version - + - name: Python Semantic Release # see https://python-semantic-release.readthedocs.io/en/latest/automatic-releases/github-actions.html # see https://github.com/relekang/python-semantic-release - uses: relekang/python-semantic-release@v7.31.2 + uses: relekang/python-semantic-release@v7.33.2 with: github_token: ${{ secrets.GITHUB_TOKEN }} repository_username: __token__ diff --git a/.github/workflows/poetry.yml b/.github/workflows/poetry.yml index b928870a..4269388e 100644 --- a/.github/workflows/poetry.yml +++ b/.github/workflows/poetry.yml @@ -4,7 +4,7 @@ name: Python CI on: push: - branches: ["master", "main"] + branches: ["main"] pull_request: branches-ignore: ['dependabot/**'] workflow_dispatch: @@ -15,8 +15,8 @@ on: env: REPORTS_DIR: CI_reports - PYTHON_VERISON_DEFAULT: "3.10" - POETRY_VERSION: "1.1.11" + PYTHON_VERSION_DEFAULT: "3.11" + POETRY_VERSION: "1.1.12" jobs: coding-standards: @@ -27,19 +27,23 @@ jobs: - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v3 + - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v4 with: - python-version: ${{ env.PYTHON_VERISON_DEFAULT }} + python-version: ${{ env.PYTHON_VERSION_DEFAULT }} architecture: 'x64' + - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry uses: Gr1N/setup-poetry@v8 with: poetry-version: ${{ env.POETRY_VERSION }} + - name: Install dependencies run: poetry install --no-root + - name: Run tox run: poetry run tox -e flake8 -s false @@ -53,7 +57,7 @@ jobs: include: - # test with the locked dependencies os: ubuntu-latest - python-version: '3.10' + python-version: '3.11' toxenv-factor: 'locked' - # test with the lowest dependencies os: ubuntu-latest @@ -63,19 +67,23 @@ jobs: - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v3 + - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} architecture: 'x64' + - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry uses: Gr1N/setup-poetry@v8 with: poetry-version: ${{ env.POETRY_VERSION }} + - name: Install dependencies run: poetry install --no-root + - name: Run tox run: poetry run tox -e mypy-${{ matrix.toxenv-factor }} -s false @@ -90,7 +98,8 @@ jobs: matrix: os: ['ubuntu-latest', 'windows-latest', 'macos-latest'] python-version: - - "3.10" # highest supported + - "3.11" # highest supported + - "3.10" - "3.9" - "3.8" - "3.7" # lowest supported @@ -105,35 +114,45 @@ jobs: run: | git config --global core.autocrlf false git config --global core.eol lf + - name: Checkout # see https://github.com/actions/checkout uses: actions/checkout@v3 + - name: Create reports directory run: mkdir ${{ env.REPORTS_DIR }} + - name: Setup Python Environment # see https://github.com/actions/setup-python uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} architecture: 'x64' + - name: Validate Python Environment run: echo "import sys; print('Python %s on %s in %s' % (sys.version, sys.platform, sys.getdefaultencoding()))" | python + - name: Install poetry # see https://github.com/marketplace/actions/setup-poetry uses: Gr1N/setup-poetry@v8 with: poetry-version: ${{ env.POETRY_VERSION }} + - name: Install dependencies run: poetry install --no-root + - name: Ensure build successful run: poetry build + - name: Run tox run: poetry run tox -e py-${{ matrix.toxenv-factor }} -s false + - name: Generate coverage reports run: > poetry run coverage report && poetry run coverage xml -o ${{ env.REPORTS_DIR }}/coverage-${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.toxenv-factor }}.xml && poetry run coverage html -d ${{ env.REPORTS_DIR }} + - name: Artifact reports if: ${{ ! cancelled() }} # see https://github.com/actions/upload-artifact diff --git a/poetry.lock b/poetry.lock index 8f8b912b..2708d634 100644 --- a/poetry.lock +++ b/poetry.lock @@ -373,7 +373,7 @@ python-versions = "*" name = "toml" version = "0.10.2" description = "Python Library for Tom's Obvious, Minimal Language" -category = "main" +category = "dev" optional = false python-versions = ">=2.6, !=3.0.*, !=3.1.*, !=3.2.*" @@ -418,20 +418,12 @@ python-versions = ">=3.6" [[package]] name = "types-setuptools" -version = "67.4.0.3" +version = "67.5.0.0" description = "Typing stubs for setuptools" category = "dev" optional = false python-versions = "*" -[[package]] -name = "types-toml" -version = "0.10.8.5" -description = "Typing stubs for toml" -category = "dev" -optional = false -python-versions = "*" - [[package]] name = "typing-extensions" version = "4.5.0" @@ -487,7 +479,7 @@ testing = ["pytest (>=6)", "pytest-checkdocs (>=2.4)", "flake8 (<5)", "pytest-co [metadata] lock-version = "1.1" python-versions = "^3.7" -content-hash = "a777423a21a5e7a7ef3e018a3ca8da6a756bf89fba568b31c5af2e9cb1f3cceb" +content-hash = "79d477774f650de79c2beaddc75586cb69943ce01cb9d826cb060812243affa2" [metadata.files] attrs = [ @@ -826,12 +818,8 @@ typed-ast = [ {file = "typed_ast-1.5.4.tar.gz", hash = "sha256:39e21ceb7388e4bb37f4c679d72707ed46c2fbf2a5609b8b8ebc4b067d977df2"}, ] types-setuptools = [ - {file = "types-setuptools-67.4.0.3.tar.gz", hash = "sha256:19e958dfdbf1c5a628e54c2a7ee84935051afb7278d0c1cdb08ac194757ee3b1"}, - {file = "types_setuptools-67.4.0.3-py3-none-any.whl", hash = "sha256:3c83c3a6363dd3ddcdd054796705605f0fa8b8e5a39390e07a05e5f7af054978"}, -] -types-toml = [ - {file = "types-toml-0.10.8.5.tar.gz", hash = "sha256:bf80fce7d2d74be91148f47b88d9ae5adeb1024abef22aa2fdbabc036d6b8b3c"}, - {file = "types_toml-0.10.8.5-py3-none-any.whl", hash = "sha256:2432017febe43174af0f3c65f03116e3d3cf43e7e1406b8200e106da8cf98992"}, + {file = "types-setuptools-67.5.0.0.tar.gz", hash = "sha256:fa6f231eeb27e86b1d6e8260f73de300e91f99c205b9a5e21debd49f3726a849"}, + {file = "types_setuptools-67.5.0.0-py3-none-any.whl", hash = "sha256:f7f4bf4ab777e88631d3a387bbfdd4d480a2a4693ca896130f8ef738370377b8"}, ] typing-extensions = [ {file = "typing_extensions-4.5.0-py3-none-any.whl", hash = "sha256:fb33085c39dd998ac16d1431ebc293a8b3eedd00fd4a32de0ff79002c19511b4"}, diff --git a/pyproject.toml b/pyproject.toml index 22eb8ac9..f4eb15ac 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -34,6 +34,7 @@ classifiers = [ 'Programming Language :: Python :: 3.8', 'Programming Language :: Python :: 3.9', 'Programming Language :: Python :: 3.10', + 'Programming Language :: Python :: 3.11', 'Typing :: Typed', ] keywords = [ @@ -50,7 +51,6 @@ importlib-metadata = { version = ">= 3.4", python = "< 3.8" } packageurl-python = ">= 0.9" py-serializable = "^0.11.1" setuptools = ">= 47.0.0" -toml = "^0.10.0" sortedcontainers = "^2.4.0" [tool.poetry.dev-dependencies] @@ -68,8 +68,6 @@ jsonschema = ">= 4.4.0" lxml = ">=4.7.0" # `types-setuptools` need to stay in sync with version of `setuptools` - but 47 was not typed... types-setuptools = ">= 57.0.0" -# `types-toml` need to stay in sync with version of `toml` -types-toml = "^0.10.0" xmldiff = ">=2.4" [build-system] diff --git a/requirements.lowest.txt b/requirements.lowest.txt index 79e27ceb..dce1896c 100644 --- a/requirements.lowest.txt +++ b/requirements.lowest.txt @@ -6,5 +6,3 @@ py-serializable == 0.11.1 importlib-metadata == 3.4.0 # ; python_version < '3.8' setuptools == 47.0.0 types-setuptools == 57.0.0 -toml == 0.10.0 -types-toml == 0.10.0 diff --git a/tests/test_output_xml.py b/tests/test_output_xml.py index a5878d9f..d4514222 100644 --- a/tests/test_output_xml.py +++ b/tests/test_output_xml.py @@ -16,12 +16,10 @@ # # SPDX-License-Identifier: Apache-2.0 # Copyright (c) OWASP Foundation. All Rights Reserved. -import unittest from os.path import dirname, join from unittest.mock import Mock, patch from uuid import UUID -from cyclonedx.exception.model import UnknownComponentDependencyException from cyclonedx.model.bom import Bom from cyclonedx.output import get_instance from cyclonedx.schema import SchemaVersion @@ -43,7 +41,6 @@ get_bom_with_component_setuptools_with_release_notes, get_bom_with_component_setuptools_with_vulnerability, get_bom_with_component_toml_1, - get_bom_with_dependencies_invalid, get_bom_with_dependencies_valid, get_bom_with_external_references, get_bom_with_metadata_component_and_dependencies, @@ -262,27 +259,6 @@ def test_bom_v1_4_component_with_vulnerability(self) -> None: fixture='bom_setuptools_with_vulnerabilities.xml' ) - @unittest.skip('Required Vulnerability Extension Schema - dropping support') - def test_bom_v1_3_component_with_vulnerability(self) -> None: - self._validate_xml_bom( - bom=get_bom_with_component_setuptools_with_vulnerability(), schema_version=SchemaVersion.V1_3, - fixture='bom_setuptools_with_vulnerabilities.xml' - ) - - @unittest.skip('Required Vulnerability Extension Schema - dropping support') - def test_bom_v1_2_component_with_vulnerability(self) -> None: - self._validate_xml_bom( - bom=get_bom_with_component_setuptools_with_vulnerability(), schema_version=SchemaVersion.V1_2, - fixture='bom_setuptools_with_vulnerabilities.xml' - ) - - @unittest.skip('Required Vulnerability Extension Schema - dropping support') - def test_bom_v1_1_component_with_vulnerability(self) -> None: - self._validate_xml_bom( - bom=get_bom_with_component_setuptools_with_vulnerability(), schema_version=SchemaVersion.V1_1, - fixture='bom_setuptools_with_vulnerabilities.xml' - ) - def test_bom_v1_0_component_with_vulnerability(self) -> None: self._validate_xml_bom( bom=get_bom_with_component_setuptools_with_vulnerability(), schema_version=SchemaVersion.V1_0, @@ -511,14 +487,6 @@ def test_bom_v1_2_dependencies_for_bom_component(self) -> None: fixture='bom_dependencies_component.xml' ) - @unittest.skip - def test_bom_v1_4_dependencies_invalid(self) -> None: - with self.assertRaises(UnknownComponentDependencyException): - self._validate_xml_bom( - bom=get_bom_with_dependencies_invalid(), schema_version=SchemaVersion.V1_4, - fixture='bom_dependencies.xml' - ) - def test_bom_v1_4_issue_275_components(self) -> None: with self.assertWarns(UserWarning): self._validate_xml_bom( diff --git a/tox.ini b/tox.ini index 930b4e2c..2c2aeca2 100644 --- a/tox.ini +++ b/tox.ini @@ -8,7 +8,7 @@ minversion = 3.10 envlist = flake8 mypy-{locked,lowest} - py{310,39,38,37}-{locked,lowest} + py{311,310,39,38,37}-{locked,lowest} isolated_build = True skip_missing_interpreters = True usedevelop = False