From 7998cf0b5ef75e20546ad026e222148dd0f14bfa Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Thu, 22 Jun 2023 09:27:23 -0700 Subject: [PATCH 01/16] ci: Update GitHub owned actions to be referenced by SHA. Work automated using StepSecurity Signed-off-by: StepSecurity Bot --- .github/workflows/auto-close-stale.yml | 2 +- .github/workflows/benchmark.yml | 6 ++-- .../workflows/boring-open-version-bump.yml | 2 +- .github/workflows/ci.yml | 30 +++++++++---------- .github/workflows/linkcheck.yml | 4 +-- .github/workflows/wheel-builder.yml | 22 +++++++------- 6 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/auto-close-stale.yml b/.github/workflows/auto-close-stale.yml index 46b4d3e2a9cf..3da5e1924ad7 100644 --- a/.github/workflows/auto-close-stale.yml +++ b/.github/workflows/auto-close-stale.yml @@ -13,7 +13,7 @@ jobs: if: github.repository_owner == 'pyca' runs-on: ubuntu-latest steps: - - uses: actions/stale@v8.0.0 + - uses: actions/stale@1160a2240286f5da8ec72b1c0816ce2481aabf84 # v8.0.0 with: only-labels: waiting-on-reporter days-before-stale: 3 diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 1e5a3271240a..f0a44b9489c7 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -21,12 +21,12 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 15 steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 timeout-minutes: 3 with: persist-credentials: false path: "cryptography-pr" - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 timeout-minutes: 3 with: repository: "pyca/cryptography" @@ -35,7 +35,7 @@ jobs: - name: Setup python id: setup-python - uses: actions/setup-python@v4.6.1 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: "3.11" diff --git a/.github/workflows/boring-open-version-bump.yml b/.github/workflows/boring-open-version-bump.yml index 504a71720860..50aceca61a1d 100644 --- a/.github/workflows/boring-open-version-bump.yml +++ b/.github/workflows/boring-open-version-bump.yml @@ -13,7 +13,7 @@ jobs: if: github.repository_owner == 'pyca' runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - id: check-sha-boring run: | SHA=$(git ls-remote https://boringssl.googlesource.com/boringssl refs/heads/master | cut -f1) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index df2ea3dfc78f..58988e37e281 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,13 +60,13 @@ jobs: - {VERSION: "3.11", NOXSESSION: "rust,tests", RUST: "nightly"} timeout-minutes: 15 steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 timeout-minutes: 3 with: persist-credentials: false - name: Setup python id: setup-python - uses: actions/setup-python@v4.6.1 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: ${{ matrix.PYTHON.VERSION }} - name: Setup rust @@ -93,7 +93,7 @@ jobs: CONFIG_FLAGS: ${{ matrix.PYTHON.OPENSSL.CONFIG_FLAGS }} if: matrix.PYTHON.OPENSSL - name: Load OpenSSL cache - uses: actions/cache@v3.3.1 + uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 id: ossl-cache timeout-minutes: 2 with: @@ -178,7 +178,7 @@ jobs: sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release if: matrix.IMAGE.IMAGE == 'alpine:aarch64' - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 timeout-minutes: 3 with: persist-credentials: false @@ -229,7 +229,7 @@ jobs: RUNNER: {OS: [self-hosted, macos, ARM64, tart], ARCH: 'arm64'} timeout-minutes: 15 steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 timeout-minutes: 3 with: persist-credentials: false @@ -240,7 +240,7 @@ jobs: key: ${{ matrix.PYTHON.NOXSESSION }}-${{ matrix.PYTHON.VERSION }} - name: Setup python - uses: actions/setup-python@v4.6.1 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: ${{ matrix.PYTHON.VERSION }} architecture: 'x64' # we force this right now so that it will install the universal2 on arm64 @@ -291,13 +291,13 @@ jobs: - {VERSION: "3.11", NOXSESSION: "tests"} timeout-minutes: 15 steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 timeout-minutes: 3 with: persist-credentials: false - name: Setup python id: setup-python - uses: actions/setup-python@v4.6.1 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: ${{ matrix.PYTHON.VERSION }} architecture: ${{ matrix.WINDOWS.ARCH }} @@ -362,7 +362,7 @@ jobs: name: "Downstream tests for ${{ matrix.DOWNSTREAM }}" timeout-minutes: 15 steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 timeout-minutes: 3 with: persist-credentials: false @@ -370,7 +370,7 @@ jobs: uses: ./.github/actions/cache timeout-minutes: 2 - name: Setup python - uses: actions/setup-python@v4.6.1 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: ${{ matrix.PYTHON }} - run: ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh install @@ -403,7 +403,7 @@ jobs: if: ${{ always() }} timeout-minutes: 3 steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 timeout-minutes: 3 with: persist-credentials: false @@ -413,14 +413,14 @@ jobs: jobs: ${{ toJSON(needs) }} - name: Setup python if: ${{ always() }} - uses: actions/setup-python@v4.6.1 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: '3.11' - run: pip install -c ci-constraints-requirements.txt coverage[toml] if: ${{ always() }} - name: Download coverage data if: ${{ always() }} - uses: actions/download-artifact@v3.0.2 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: coverage-data - name: Combine coverage and fail if it's <100%. @@ -462,14 +462,14 @@ jobs: run: python -m coverage html if: ${{ failure() && steps.combinecoverage.outcome == 'failure' }} - name: Upload HTML report. - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: _html-report path: htmlcov if-no-files-found: ignore if: ${{ failure() && steps.combinecoverage.outcome == 'failure' }} - name: Upload rust HTML report. - uses: actions/upload-artifact@v3.1.2 + uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: _html-rust-report path: rust-coverage diff --git a/.github/workflows/linkcheck.yml b/.github/workflows/linkcheck.yml index 1ee535180993..a69e123c07b3 100644 --- a/.github/workflows/linkcheck.yml +++ b/.github/workflows/linkcheck.yml @@ -21,12 +21,12 @@ jobs: name: "linkcheck" timeout-minutes: 10 steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: persist-credentials: false - name: Setup python id: setup-python - uses: actions/setup-python@v4.6.1 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: 3.11 - name: Cache rust and pip diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index a949c5cac548..3a1834666ee0 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -27,7 +27,7 @@ jobs: runs-on: ubuntu-latest name: sdists steps: - - uses: actions/checkout@v3.5.3 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: # The tag to build or the tag received by the tag event ref: ${{ github.event.inputs.version || github.ref }} @@ -40,11 +40,11 @@ jobs: run: .venv/bin/python -m build --sdist - name: Make sdist and wheel (vectors) run: cd vectors/ && ../.venv/bin/python -m build - - uses: actions/upload-artifact@v3.1.2 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: "cryptography-sdist" path: dist/cryptography* - - uses: actions/upload-artifact@v3.1.2 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: "vectors-sdist-wheel" path: vectors/dist/cryptography* @@ -107,7 +107,7 @@ jobs: sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release if: matrix.MANYLINUX.NAME == 'musllinux_1_1_aarch64' - - uses: actions/download-artifact@v3.0.2 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: cryptography-sdist @@ -140,7 +140,7 @@ jobs: .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" - run: mkdir cryptography-wheelhouse - run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/ - - uses: actions/upload-artifact@v3.1.2 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}" path: cryptography-wheelhouse/ @@ -191,7 +191,7 @@ jobs: ARCHFLAGS: '-arch x86_64' name: "${{ matrix.PYTHON.VERSION }} ABI ${{ matrix.PYTHON.ABI_VERSION }} macOS ${{ matrix.PYTHON.ARCHFLAGS }}" steps: - - uses: actions/download-artifact@v3.0.2 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: cryptography-sdist @@ -203,7 +203,7 @@ jobs: PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }} if: contains(matrix.PYTHON.VERSION, 'pypy') == false - name: Setup pypy - uses: actions/setup-python@v4.6.1 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: ${{ matrix.PYTHON.VERSION }} if: contains(matrix.PYTHON.VERSION, 'pypy') @@ -249,7 +249,7 @@ jobs: - run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/ - run: | echo "CRYPTOGRAPHY_WHEEL_NAME=$(basename $(ls cryptography-wheelhouse/cryptography*.whl))" >> $GITHUB_ENV - - uses: actions/upload-artifact@v3.1.2 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: "${{ env.CRYPTOGRAPHY_WHEEL_NAME }}" path: cryptography-wheelhouse/ @@ -278,12 +278,12 @@ jobs: PYTHON: {VERSION: "pypy-3.10"} name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.WINDOWS }} ${{ matrix.PYTHON.ABI_VERSION }}" steps: - - uses: actions/download-artifact@v3.0.2 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: cryptography-sdist - name: Setup python - uses: actions/setup-python@v4.6.1 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: ${{ matrix.PYTHON.VERSION }} architecture: ${{ matrix.WINDOWS.ARCH }} @@ -324,7 +324,7 @@ jobs: - run: mkdir cryptography-wheelhouse - run: move wheelhouse\cryptography*.whl cryptography-wheelhouse\ - - uses: actions/upload-artifact@v3.1.2 + - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION}}" path: cryptography-wheelhouse\ From 967cb12c29bc5cc93961a1927f4a1468128793e7 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Mon, 3 Jul 2023 21:08:05 -0300 Subject: [PATCH 02/16] ci: create hash-pinned requirements files for build and publish processes Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/build-requirements.in | 4 + .github/workflows/build-requirements.txt | 97 +++++ .github/workflows/publish-requirements.in | 3 + .github/workflows/publish-requirements.txt | 459 +++++++++++++++++++++ 4 files changed, 563 insertions(+) create mode 100644 .github/workflows/build-requirements.in create mode 100644 .github/workflows/build-requirements.txt create mode 100644 .github/workflows/publish-requirements.in create mode 100644 .github/workflows/publish-requirements.txt diff --git a/.github/workflows/build-requirements.in b/.github/workflows/build-requirements.in new file mode 100644 index 000000000000..b6a491474240 --- /dev/null +++ b/.github/workflows/build-requirements.in @@ -0,0 +1,4 @@ +pip +wheel +cffi +setuptools-rust diff --git a/.github/workflows/build-requirements.txt b/.github/workflows/build-requirements.txt new file mode 100644 index 000000000000..2f5abdd1eab9 --- /dev/null +++ b/.github/workflows/build-requirements.txt @@ -0,0 +1,97 @@ +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile --generate-hashes build-requirements.in +# +cffi==1.15.1 \ + --hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \ + --hash=sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef \ + --hash=sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104 \ + --hash=sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426 \ + --hash=sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405 \ + --hash=sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375 \ + --hash=sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a \ + --hash=sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e \ + --hash=sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc \ + --hash=sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf \ + --hash=sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185 \ + --hash=sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497 \ + --hash=sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3 \ + --hash=sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35 \ + --hash=sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c \ + --hash=sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83 \ + --hash=sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 \ + --hash=sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca \ + --hash=sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984 \ + --hash=sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac \ + --hash=sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd \ + --hash=sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee \ + --hash=sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a \ + --hash=sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2 \ + --hash=sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192 \ + --hash=sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7 \ + --hash=sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585 \ + --hash=sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f \ + --hash=sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e \ + --hash=sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27 \ + --hash=sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b \ + --hash=sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e \ + --hash=sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e \ + --hash=sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d \ + --hash=sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c \ + --hash=sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415 \ + --hash=sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82 \ + --hash=sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02 \ + --hash=sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314 \ + --hash=sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325 \ + --hash=sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c \ + --hash=sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3 \ + --hash=sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914 \ + --hash=sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045 \ + --hash=sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d \ + --hash=sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9 \ + --hash=sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5 \ + --hash=sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2 \ + --hash=sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c \ + --hash=sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3 \ + --hash=sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2 \ + --hash=sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8 \ + --hash=sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d \ + --hash=sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d \ + --hash=sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9 \ + --hash=sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162 \ + --hash=sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76 \ + --hash=sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4 \ + --hash=sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e \ + --hash=sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9 \ + --hash=sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6 \ + --hash=sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b \ + --hash=sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01 \ + --hash=sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0 + # via -r build-requirements.in +pycparser==2.21 \ + --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \ + --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206 + # via cffi +semantic-version==2.10.0 \ + --hash=sha256:bdabb6d336998cbb378d4b9db3a4b56a1e3235701dc05ea2690d9a997ed5041c \ + --hash=sha256:de78a3b8e0feda74cabc54aab2da702113e33ac9d9eb9d2389bcf1f58b7d9177 + # via setuptools-rust +setuptools-rust==1.6.0 \ + --hash=sha256:c86e734deac330597998bfbc08da45187e6b27837e23bd91eadb320732392262 \ + --hash=sha256:e28ae09fb7167c44ab34434eb49279307d611547cb56cb9789955cdb54a1aed9 + # via -r build-requirements.in +typing-extensions==4.7.1 \ + --hash=sha256:440d5dd3af93b060174bf433bccd69b0babc3b15b1a8dca43789fd7f61514b36 \ + --hash=sha256:b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2 + # via setuptools-rust +wheel==0.40.0 \ + --hash=sha256:cd1196f3faee2b31968d626e1731c94f99cbdb67cf5a46e4f5656cbee7738873 \ + --hash=sha256:d236b20e7cb522daf2390fa84c55eea81c5c30190f90f29ae2ca1ad8355bf247 + # via -r build-requirements.in + +# WARNING: The following packages were not pinned, but pip requires them to be +# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag. +# pip +# setuptools diff --git a/.github/workflows/publish-requirements.in b/.github/workflows/publish-requirements.in new file mode 100644 index 000000000000..d672d336d19c --- /dev/null +++ b/.github/workflows/publish-requirements.in @@ -0,0 +1,3 @@ +twine +requests +sigstore diff --git a/.github/workflows/publish-requirements.txt b/.github/workflows/publish-requirements.txt new file mode 100644 index 000000000000..0aea81f52b99 --- /dev/null +++ b/.github/workflows/publish-requirements.txt @@ -0,0 +1,459 @@ +# +# This file is autogenerated by pip-compile with Python 3.10 +# by the following command: +# +# pip-compile --generate-hashes publish-requirements.in +# +appdirs==1.4.4 \ + --hash=sha256:7d5d0167b2b1ba821647616af46a749d1c653740dd0d2415100fe26e27afdf41 \ + --hash=sha256:a841dacd6b99318a741b166adb07e19ee71a274450e68237b4650ca1055ab128 + # via sigstore +betterproto==2.0.0b5 \ + --hash=sha256:00a301c70a2db4d3cdd2b261522ae1d34972fb04b655a154d67daaaf4131102e \ + --hash=sha256:d3e6115c7d5136f1d5974e565b7560273f66b43065e74218e472321ee1258f4c + # via sigstore-protobuf-specs +bleach==6.0.0 \ + --hash=sha256:1a1a85c1595e07d8db14c5f09f09e6433502c51c595970edc090551f0db99414 \ + --hash=sha256:33c16e3353dbd13028ab4799a0f89a83f113405c766e9c122df8a06f5b85b3f4 + # via readme-renderer +certifi==2023.5.7 \ + --hash=sha256:0f0d56dc5a6ad56fd4ba36484d6cc34451e1c6548c61daad8c320169f91eddc7 \ + --hash=sha256:c6c2e98f5c7869efca1f8916fed228dd91539f9f1b444c314c06eef02980c716 + # via requests +cffi==1.15.1 \ + --hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \ + --hash=sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef \ + --hash=sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104 \ + --hash=sha256:0e2642fe3142e4cc4af0799748233ad6da94c62a8bec3a6648bf8ee68b1c7426 \ + --hash=sha256:173379135477dc8cac4bc58f45db08ab45d228b3363adb7af79436135d028405 \ + --hash=sha256:198caafb44239b60e252492445da556afafc7d1e3ab7a1fb3f0584ef6d742375 \ + --hash=sha256:1e74c6b51a9ed6589199c787bf5f9875612ca4a8a0785fb2d4a84429badaf22a \ + --hash=sha256:2012c72d854c2d03e45d06ae57f40d78e5770d252f195b93f581acf3ba44496e \ + --hash=sha256:21157295583fe8943475029ed5abdcf71eb3911894724e360acff1d61c1d54bc \ + --hash=sha256:2470043b93ff09bf8fb1d46d1cb756ce6132c54826661a32d4e4d132e1977adf \ + --hash=sha256:285d29981935eb726a4399badae8f0ffdff4f5050eaa6d0cfc3f64b857b77185 \ + --hash=sha256:30d78fbc8ebf9c92c9b7823ee18eb92f2e6ef79b45ac84db507f52fbe3ec4497 \ + --hash=sha256:320dab6e7cb2eacdf0e658569d2575c4dad258c0fcc794f46215e1e39f90f2c3 \ + --hash=sha256:33ab79603146aace82c2427da5ca6e58f2b3f2fb5da893ceac0c42218a40be35 \ + --hash=sha256:3548db281cd7d2561c9ad9984681c95f7b0e38881201e157833a2342c30d5e8c \ + --hash=sha256:3799aecf2e17cf585d977b780ce79ff0dc9b78d799fc694221ce814c2c19db83 \ + --hash=sha256:39d39875251ca8f612b6f33e6b1195af86d1b3e60086068be9cc053aa4376e21 \ + --hash=sha256:3b926aa83d1edb5aa5b427b4053dc420ec295a08e40911296b9eb1b6170f6cca \ + --hash=sha256:3bcde07039e586f91b45c88f8583ea7cf7a0770df3a1649627bf598332cb6984 \ + --hash=sha256:3d08afd128ddaa624a48cf2b859afef385b720bb4b43df214f85616922e6a5ac \ + --hash=sha256:3eb6971dcff08619f8d91607cfc726518b6fa2a9eba42856be181c6d0d9515fd \ + --hash=sha256:40f4774f5a9d4f5e344f31a32b5096977b5d48560c5592e2f3d2c4374bd543ee \ + --hash=sha256:4289fc34b2f5316fbb762d75362931e351941fa95fa18789191b33fc4cf9504a \ + --hash=sha256:470c103ae716238bbe698d67ad020e1db9d9dba34fa5a899b5e21577e6d52ed2 \ + --hash=sha256:4f2c9f67e9821cad2e5f480bc8d83b8742896f1242dba247911072d4fa94c192 \ + --hash=sha256:50a74364d85fd319352182ef59c5c790484a336f6db772c1a9231f1c3ed0cbd7 \ + --hash=sha256:54a2db7b78338edd780e7ef7f9f6c442500fb0d41a5a4ea24fff1c929d5af585 \ + --hash=sha256:5635bd9cb9731e6d4a1132a498dd34f764034a8ce60cef4f5319c0541159392f \ + --hash=sha256:59c0b02d0a6c384d453fece7566d1c7e6b7bae4fc5874ef2ef46d56776d61c9e \ + --hash=sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27 \ + --hash=sha256:5df2768244d19ab7f60546d0c7c63ce1581f7af8b5de3eb3004b9b6fc8a9f84b \ + --hash=sha256:5ef34d190326c3b1f822a5b7a45f6c4535e2f47ed06fec77d3d799c450b2651e \ + --hash=sha256:6975a3fac6bc83c4a65c9f9fcab9e47019a11d3d2cf7f3c0d03431bf145a941e \ + --hash=sha256:6c9a799e985904922a4d207a94eae35c78ebae90e128f0c4e521ce339396be9d \ + --hash=sha256:70df4e3b545a17496c9b3f41f5115e69a4f2e77e94e1d2a8e1070bc0c38c8a3c \ + --hash=sha256:7473e861101c9e72452f9bf8acb984947aa1661a7704553a9f6e4baa5ba64415 \ + --hash=sha256:8102eaf27e1e448db915d08afa8b41d6c7ca7a04b7d73af6514df10a3e74bd82 \ + --hash=sha256:87c450779d0914f2861b8526e035c5e6da0a3199d8f1add1a665e1cbc6fc6d02 \ + --hash=sha256:8b7ee99e510d7b66cdb6c593f21c043c248537a32e0bedf02e01e9553a172314 \ + --hash=sha256:91fc98adde3d7881af9b59ed0294046f3806221863722ba7d8d120c575314325 \ + --hash=sha256:94411f22c3985acaec6f83c6df553f2dbe17b698cc7f8ae751ff2237d96b9e3c \ + --hash=sha256:98d85c6a2bef81588d9227dde12db8a7f47f639f4a17c9ae08e773aa9c697bf3 \ + --hash=sha256:9ad5db27f9cabae298d151c85cf2bad1d359a1b9c686a275df03385758e2f914 \ + --hash=sha256:a0b71b1b8fbf2b96e41c4d990244165e2c9be83d54962a9a1d118fd8657d2045 \ + --hash=sha256:a0f100c8912c114ff53e1202d0078b425bee3649ae34d7b070e9697f93c5d52d \ + --hash=sha256:a591fe9e525846e4d154205572a029f653ada1a78b93697f3b5a8f1f2bc055b9 \ + --hash=sha256:a5c84c68147988265e60416b57fc83425a78058853509c1b0629c180094904a5 \ + --hash=sha256:a66d3508133af6e8548451b25058d5812812ec3798c886bf38ed24a98216fab2 \ + --hash=sha256:a8c4917bd7ad33e8eb21e9a5bbba979b49d9a97acb3a803092cbc1133e20343c \ + --hash=sha256:b3bbeb01c2b273cca1e1e0c5df57f12dce9a4dd331b4fa1635b8bec26350bde3 \ + --hash=sha256:cba9d6b9a7d64d4bd46167096fc9d2f835e25d7e4c121fb2ddfc6528fb0413b2 \ + --hash=sha256:cc4d65aeeaa04136a12677d3dd0b1c0c94dc43abac5860ab33cceb42b801c1e8 \ + --hash=sha256:ce4bcc037df4fc5e3d184794f27bdaab018943698f4ca31630bc7f84a7b69c6d \ + --hash=sha256:cec7d9412a9102bdc577382c3929b337320c4c4c4849f2c5cdd14d7368c5562d \ + --hash=sha256:d400bfb9a37b1351253cb402671cea7e89bdecc294e8016a707f6d1d8ac934f9 \ + --hash=sha256:d61f4695e6c866a23a21acab0509af1cdfd2c013cf256bbf5b6b5e2695827162 \ + --hash=sha256:db0fbb9c62743ce59a9ff687eb5f4afbe77e5e8403d6697f7446e5f609976f76 \ + --hash=sha256:dd86c085fae2efd48ac91dd7ccffcfc0571387fe1193d33b6394db7ef31fe2a4 \ + --hash=sha256:e00b098126fd45523dd056d2efba6c5a63b71ffe9f2bbe1a4fe1716e1d0c331e \ + --hash=sha256:e229a521186c75c8ad9490854fd8bbdd9a0c9aa3a524326b55be83b54d4e0ad9 \ + --hash=sha256:e263d77ee3dd201c3a142934a086a4450861778baaeeb45db4591ef65550b0a6 \ + --hash=sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b \ + --hash=sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01 \ + --hash=sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0 + # via cryptography +charset-normalizer==3.1.0 \ + --hash=sha256:04afa6387e2b282cf78ff3dbce20f0cc071c12dc8f685bd40960cc68644cfea6 \ + --hash=sha256:04eefcee095f58eaabe6dc3cc2262f3bcd776d2c67005880894f447b3f2cb9c1 \ + --hash=sha256:0be65ccf618c1e7ac9b849c315cc2e8a8751d9cfdaa43027d4f6624bd587ab7e \ + --hash=sha256:0c95f12b74681e9ae127728f7e5409cbbef9cd914d5896ef238cc779b8152373 \ + --hash=sha256:0ca564606d2caafb0abe6d1b5311c2649e8071eb241b2d64e75a0d0065107e62 \ + --hash=sha256:10c93628d7497c81686e8e5e557aafa78f230cd9e77dd0c40032ef90c18f2230 \ + --hash=sha256:11d117e6c63e8f495412d37e7dc2e2fff09c34b2d09dbe2bee3c6229577818be \ + --hash=sha256:11d3bcb7be35e7b1bba2c23beedac81ee893ac9871d0ba79effc7fc01167db6c \ + --hash=sha256:12a2b561af122e3d94cdb97fe6fb2bb2b82cef0cdca131646fdb940a1eda04f0 \ + --hash=sha256:12d1a39aa6b8c6f6248bb54550efcc1c38ce0d8096a146638fd4738e42284448 \ + --hash=sha256:1435ae15108b1cb6fffbcea2af3d468683b7afed0169ad718451f8db5d1aff6f \ + --hash=sha256:1c60b9c202d00052183c9be85e5eaf18a4ada0a47d188a83c8f5c5b23252f649 \ + --hash=sha256:1e8fcdd8f672a1c4fc8d0bd3a2b576b152d2a349782d1eb0f6b8e52e9954731d \ + --hash=sha256:20064ead0717cf9a73a6d1e779b23d149b53daf971169289ed2ed43a71e8d3b0 \ + --hash=sha256:21fa558996782fc226b529fdd2ed7866c2c6ec91cee82735c98a197fae39f706 \ + --hash=sha256:22908891a380d50738e1f978667536f6c6b526a2064156203d418f4856d6e86a \ + --hash=sha256:3160a0fd9754aab7d47f95a6b63ab355388d890163eb03b2d2b87ab0a30cfa59 \ + --hash=sha256:322102cdf1ab682ecc7d9b1c5eed4ec59657a65e1c146a0da342b78f4112db23 \ + --hash=sha256:34e0a2f9c370eb95597aae63bf85eb5e96826d81e3dcf88b8886012906f509b5 \ + --hash=sha256:3573d376454d956553c356df45bb824262c397c6e26ce43e8203c4c540ee0acb \ + --hash=sha256:3747443b6a904001473370d7810aa19c3a180ccd52a7157aacc264a5ac79265e \ + --hash=sha256:38e812a197bf8e71a59fe55b757a84c1f946d0ac114acafaafaf21667a7e169e \ + --hash=sha256:3a06f32c9634a8705f4ca9946d667609f52cf130d5548881401f1eb2c39b1e2c \ + --hash=sha256:3a5fc78f9e3f501a1614a98f7c54d3969f3ad9bba8ba3d9b438c3bc5d047dd28 \ + --hash=sha256:3d9098b479e78c85080c98e1e35ff40b4a31d8953102bb0fd7d1b6f8a2111a3d \ + --hash=sha256:3dc5b6a8ecfdc5748a7e429782598e4f17ef378e3e272eeb1340ea57c9109f41 \ + --hash=sha256:4155b51ae05ed47199dc5b2a4e62abccb274cee6b01da5b895099b61b1982974 \ + --hash=sha256:49919f8400b5e49e961f320c735388ee686a62327e773fa5b3ce6721f7e785ce \ + --hash=sha256:53d0a3fa5f8af98a1e261de6a3943ca631c526635eb5817a87a59d9a57ebf48f \ + --hash=sha256:5f008525e02908b20e04707a4f704cd286d94718f48bb33edddc7d7b584dddc1 \ + --hash=sha256:628c985afb2c7d27a4800bfb609e03985aaecb42f955049957814e0491d4006d \ + --hash=sha256:65ed923f84a6844de5fd29726b888e58c62820e0769b76565480e1fdc3d062f8 \ + --hash=sha256:6734e606355834f13445b6adc38b53c0fd45f1a56a9ba06c2058f86893ae8017 \ + --hash=sha256:6baf0baf0d5d265fa7944feb9f7451cc316bfe30e8df1a61b1bb08577c554f31 \ + --hash=sha256:6f4f4668e1831850ebcc2fd0b1cd11721947b6dc7c00bf1c6bd3c929ae14f2c7 \ + --hash=sha256:6f5c2e7bc8a4bf7c426599765b1bd33217ec84023033672c1e9a8b35eaeaaaf8 \ + --hash=sha256:6f6c7a8a57e9405cad7485f4c9d3172ae486cfef1344b5ddd8e5239582d7355e \ + --hash=sha256:7381c66e0561c5757ffe616af869b916c8b4e42b367ab29fedc98481d1e74e14 \ + --hash=sha256:73dc03a6a7e30b7edc5b01b601e53e7fc924b04e1835e8e407c12c037e81adbd \ + --hash=sha256:74db0052d985cf37fa111828d0dd230776ac99c740e1a758ad99094be4f1803d \ + --hash=sha256:75f2568b4189dda1c567339b48cba4ac7384accb9c2a7ed655cd86b04055c795 \ + --hash=sha256:78cacd03e79d009d95635e7d6ff12c21eb89b894c354bd2b2ed0b4763373693b \ + --hash=sha256:80d1543d58bd3d6c271b66abf454d437a438dff01c3e62fdbcd68f2a11310d4b \ + --hash=sha256:830d2948a5ec37c386d3170c483063798d7879037492540f10a475e3fd6f244b \ + --hash=sha256:891cf9b48776b5c61c700b55a598621fdb7b1e301a550365571e9624f270c203 \ + --hash=sha256:8f25e17ab3039b05f762b0a55ae0b3632b2e073d9c8fc88e89aca31a6198e88f \ + --hash=sha256:9a3267620866c9d17b959a84dd0bd2d45719b817245e49371ead79ed4f710d19 \ + --hash=sha256:a04f86f41a8916fe45ac5024ec477f41f886b3c435da2d4e3d2709b22ab02af1 \ + --hash=sha256:aaf53a6cebad0eae578f062c7d462155eada9c172bd8c4d250b8c1d8eb7f916a \ + --hash=sha256:abc1185d79f47c0a7aaf7e2412a0eb2c03b724581139193d2d82b3ad8cbb00ac \ + --hash=sha256:ac0aa6cd53ab9a31d397f8303f92c42f534693528fafbdb997c82bae6e477ad9 \ + --hash=sha256:ac3775e3311661d4adace3697a52ac0bab17edd166087d493b52d4f4f553f9f0 \ + --hash=sha256:b06f0d3bf045158d2fb8837c5785fe9ff9b8c93358be64461a1089f5da983137 \ + --hash=sha256:b116502087ce8a6b7a5f1814568ccbd0e9f6cfd99948aa59b0e241dc57cf739f \ + --hash=sha256:b82fab78e0b1329e183a65260581de4375f619167478dddab510c6c6fb04d9b6 \ + --hash=sha256:bd7163182133c0c7701b25e604cf1611c0d87712e56e88e7ee5d72deab3e76b5 \ + --hash=sha256:c36bcbc0d5174a80d6cccf43a0ecaca44e81d25be4b7f90f0ed7bcfbb5a00909 \ + --hash=sha256:c3af8e0f07399d3176b179f2e2634c3ce9c1301379a6b8c9c9aeecd481da494f \ + --hash=sha256:c84132a54c750fda57729d1e2599bb598f5fa0344085dbde5003ba429a4798c0 \ + --hash=sha256:cb7b2ab0188829593b9de646545175547a70d9a6e2b63bf2cd87a0a391599324 \ + --hash=sha256:cca4def576f47a09a943666b8f829606bcb17e2bc2d5911a46c8f8da45f56755 \ + --hash=sha256:cf6511efa4801b9b38dc5546d7547d5b5c6ef4b081c60b23e4d941d0eba9cbeb \ + --hash=sha256:d16fd5252f883eb074ca55cb622bc0bee49b979ae4e8639fff6ca3ff44f9f854 \ + --hash=sha256:d2686f91611f9e17f4548dbf050e75b079bbc2a82be565832bc8ea9047b61c8c \ + --hash=sha256:d7fc3fca01da18fbabe4625d64bb612b533533ed10045a2ac3dd194bfa656b60 \ + --hash=sha256:dd5653e67b149503c68c4018bf07e42eeed6b4e956b24c00ccdf93ac79cdff84 \ + --hash=sha256:de5695a6f1d8340b12a5d6d4484290ee74d61e467c39ff03b39e30df62cf83a0 \ + --hash=sha256:e0ac8959c929593fee38da1c2b64ee9778733cdf03c482c9ff1d508b6b593b2b \ + --hash=sha256:e1b25e3ad6c909f398df8921780d6a3d120d8c09466720226fc621605b6f92b1 \ + --hash=sha256:e633940f28c1e913615fd624fcdd72fdba807bf53ea6925d6a588e84e1151531 \ + --hash=sha256:e89df2958e5159b811af9ff0f92614dabf4ff617c03a4c1c6ff53bf1c399e0e1 \ + --hash=sha256:ea9f9c6034ea2d93d9147818f17c2a0860d41b71c38b9ce4d55f21b6f9165a11 \ + --hash=sha256:f645caaf0008bacf349875a974220f1f1da349c5dbe7c4ec93048cdc785a3326 \ + --hash=sha256:f8303414c7b03f794347ad062c0516cee0e15f7a612abd0ce1e25caf6ceb47df \ + --hash=sha256:fca62a8301b605b954ad2e9c3666f9d97f63872aa4efcae5492baca2056b74ab + # via requests +cryptography==41.0.1 \ + --hash=sha256:059e348f9a3c1950937e1b5d7ba1f8e968508ab181e75fc32b879452f08356db \ + --hash=sha256:1a5472d40c8f8e91ff7a3d8ac6dfa363d8e3138b961529c996f3e2df0c7a411a \ + --hash=sha256:1a8e6c2de6fbbcc5e14fd27fb24414507cb3333198ea9ab1258d916f00bc3039 \ + --hash=sha256:1fee5aacc7367487b4e22484d3c7e547992ed726d14864ee33c0176ae43b0d7c \ + --hash=sha256:5d092fdfedaec4cbbffbf98cddc915ba145313a6fdaab83c6e67f4e6c218e6f3 \ + --hash=sha256:5f0ff6e18d13a3de56f609dd1fd11470918f770c6bd5d00d632076c727d35485 \ + --hash=sha256:7bfc55a5eae8b86a287747053140ba221afc65eb06207bedf6e019b8934b477c \ + --hash=sha256:7fa01527046ca5facdf973eef2535a27fec4cb651e4daec4d043ef63f6ecd4ca \ + --hash=sha256:8dde71c4169ec5ccc1087bb7521d54251c016f126f922ab2dfe6649170a3b8c5 \ + --hash=sha256:8f4ab7021127a9b4323537300a2acfb450124b2def3756f64dc3a3d2160ee4b5 \ + --hash=sha256:948224d76c4b6457349d47c0c98657557f429b4e93057cf5a2f71d603e2fc3a3 \ + --hash=sha256:9a6c7a3c87d595608a39980ebaa04d5a37f94024c9f24eb7d10262b92f739ddb \ + --hash=sha256:b46e37db3cc267b4dea1f56da7346c9727e1209aa98487179ee8ebed09d21e43 \ + --hash=sha256:b4ceb5324b998ce2003bc17d519080b4ec8d5b7b70794cbd2836101406a9be31 \ + --hash=sha256:cb33ccf15e89f7ed89b235cff9d49e2e62c6c981a6061c9c8bb47ed7951190bc \ + --hash=sha256:d198820aba55660b4d74f7b5fd1f17db3aa5eb3e6893b0a41b75e84e4f9e0e4b \ + --hash=sha256:d34579085401d3f49762d2f7d6634d6b6c2ae1242202e860f4d26b046e3a1006 \ + --hash=sha256:eb8163f5e549a22888c18b0d53d6bb62a20510060a22fd5a995ec8a05268df8a \ + --hash=sha256:f73bff05db2a3e5974a6fd248af2566134d8981fd7ab012e5dd4ddb1d9a70699 + # via + # pyopenssl + # sigstore +docutils==0.20.1 \ + --hash=sha256:96f387a2c5562db4476f09f13bbab2192e764cac08ebbf3a34a95d9b1e4a59d6 \ + --hash=sha256:f08a4e276c3a1583a86dce3e34aba3fe04d02bba2dd51ed16106244e8a923e3b + # via readme-renderer +grpclib==0.4.5 \ + --hash=sha256:bf83ed55aca59497e168761d9555056efc54a8f865316c3b39becd007e9f9a73 + # via betterproto +h2==4.1.0 \ + --hash=sha256:03a46bcf682256c95b5fd9e9a99c1323584c3eec6440d379b9903d709476bc6d \ + --hash=sha256:a83aca08fbe7aacb79fec788c9c0bac936343560ed9ec18b82a13a12c28d2abb + # via grpclib +hpack==4.0.0 \ + --hash=sha256:84a076fad3dc9a9f8063ccb8041ef100867b1878b25ef0ee63847a5d53818a6c \ + --hash=sha256:fc41de0c63e687ebffde81187a948221294896f6bdc0ae2312708df339430095 + # via h2 +hyperframe==6.0.1 \ + --hash=sha256:0ec6bafd80d8ad2195c4f03aacba3a8265e57bc4cff261e802bf39970ed02a15 \ + --hash=sha256:ae510046231dc8e9ecb1a6586f63d2347bf4c8905914aa84ba585ae85f28a914 + # via h2 +id==1.0.0 \ + --hash=sha256:8822ba0454bb8660c4fff439eadbf06236cc354dcabd7ae00d907143d92215f5 \ + --hash=sha256:d4b3e75ce0d5f38c9e467826436babe8b9bc5f78e22bae716a22a6a0add570ea + # via sigstore +idna==3.4 \ + --hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \ + --hash=sha256:90b77e79eaa3eba6de819a0c442c0b4ceefc341a7a2ab77d7562bf49f425c5c2 + # via requests +importlib-metadata==6.7.0 \ + --hash=sha256:1aaf550d4f73e5d6783e7acb77aec43d49da8017410afae93822cc9cca98c4d4 \ + --hash=sha256:cb52082e659e97afc5dac71e79de97d8681de3aa07ff18578330904a9d18e5b5 + # via + # keyring + # twine +importlib-resources==5.12.0 \ + --hash=sha256:4be82589bf5c1d7999aedf2a45159d10cb3ca4f19b2271f8792bc8e6da7b22f6 \ + --hash=sha256:7b1deeebbf351c7578e09bf2f63fa2ce8b5ffec296e0d349139d43cca061a81a + # via sigstore +jaraco-classes==3.2.3 \ + --hash=sha256:2353de3288bc6b82120752201c6b1c1a14b058267fa424ed5ce5984e3b922158 \ + --hash=sha256:89559fa5c1d3c34eff6f631ad80bb21f378dbcbb35dd161fd2c6b93f5be2f98a + # via keyring +keyring==24.2.0 \ + --hash=sha256:4901caaf597bfd3bbd78c9a0c7c4c29fcd8310dab2cffefe749e916b6527acd6 \ + --hash=sha256:ca0746a19ec421219f4d713f848fa297a661a8a8c1504867e55bfb5e09091509 + # via twine +markdown-it-py==3.0.0 \ + --hash=sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 \ + --hash=sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb + # via rich +mdurl==0.1.2 \ + --hash=sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 \ + --hash=sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba + # via markdown-it-py +more-itertools==9.1.0 \ + --hash=sha256:cabaa341ad0389ea83c17a94566a53ae4c9d07349861ecb14dc6d0345cf9ac5d \ + --hash=sha256:d2bc7f02446e86a68911e58ded76d6561eea00cddfb2a91e7019bbb586c799f3 + # via jaraco-classes +multidict==6.0.4 \ + --hash=sha256:01a3a55bd90018c9c080fbb0b9f4891db37d148a0a18722b42f94694f8b6d4c9 \ + --hash=sha256:0b1a97283e0c85772d613878028fec909f003993e1007eafa715b24b377cb9b8 \ + --hash=sha256:0dfad7a5a1e39c53ed00d2dd0c2e36aed4650936dc18fd9a1826a5ae1cad6f03 \ + --hash=sha256:11bdf3f5e1518b24530b8241529d2050014c884cf18b6fc69c0c2b30ca248710 \ + --hash=sha256:1502e24330eb681bdaa3eb70d6358e818e8e8f908a22a1851dfd4e15bc2f8161 \ + --hash=sha256:16ab77bbeb596e14212e7bab8429f24c1579234a3a462105cda4a66904998664 \ + --hash=sha256:16d232d4e5396c2efbbf4f6d4df89bfa905eb0d4dc5b3549d872ab898451f569 \ + --hash=sha256:21a12c4eb6ddc9952c415f24eef97e3e55ba3af61f67c7bc388dcdec1404a067 \ + --hash=sha256:27c523fbfbdfd19c6867af7346332b62b586eed663887392cff78d614f9ec313 \ + --hash=sha256:281af09f488903fde97923c7744bb001a9b23b039a909460d0f14edc7bf59706 \ + --hash=sha256:33029f5734336aa0d4c0384525da0387ef89148dc7191aae00ca5fb23d7aafc2 \ + --hash=sha256:3601a3cece3819534b11d4efc1eb76047488fddd0c85a3948099d5da4d504636 \ + --hash=sha256:3666906492efb76453c0e7b97f2cf459b0682e7402c0489a95484965dbc1da49 \ + --hash=sha256:36c63aaa167f6c6b04ef2c85704e93af16c11d20de1d133e39de6a0e84582a93 \ + --hash=sha256:39ff62e7d0f26c248b15e364517a72932a611a9b75f35b45be078d81bdb86603 \ + --hash=sha256:43644e38f42e3af682690876cff722d301ac585c5b9e1eacc013b7a3f7b696a0 \ + --hash=sha256:4372381634485bec7e46718edc71528024fcdc6f835baefe517b34a33c731d60 \ + --hash=sha256:458f37be2d9e4c95e2d8866a851663cbc76e865b78395090786f6cd9b3bbf4f4 \ + --hash=sha256:45e1ecb0379bfaab5eef059f50115b54571acfbe422a14f668fc8c27ba410e7e \ + --hash=sha256:4b9d9e4e2b37daddb5c23ea33a3417901fa7c7b3dee2d855f63ee67a0b21e5b1 \ + --hash=sha256:4ceef517eca3e03c1cceb22030a3e39cb399ac86bff4e426d4fc6ae49052cc60 \ + --hash=sha256:4d1a3d7ef5e96b1c9e92f973e43aa5e5b96c659c9bc3124acbbd81b0b9c8a951 \ + --hash=sha256:4dcbb0906e38440fa3e325df2359ac6cb043df8e58c965bb45f4e406ecb162cc \ + --hash=sha256:509eac6cf09c794aa27bcacfd4d62c885cce62bef7b2c3e8b2e49d365b5003fe \ + --hash=sha256:52509b5be062d9eafc8170e53026fbc54cf3b32759a23d07fd935fb04fc22d95 \ + --hash=sha256:52f2dffc8acaba9a2f27174c41c9e57f60b907bb9f096b36b1a1f3be71c6284d \ + --hash=sha256:574b7eae1ab267e5f8285f0fe881f17efe4b98c39a40858247720935b893bba8 \ + --hash=sha256:5979b5632c3e3534e42ca6ff856bb24b2e3071b37861c2c727ce220d80eee9ed \ + --hash=sha256:59d43b61c59d82f2effb39a93c48b845efe23a3852d201ed2d24ba830d0b4cf2 \ + --hash=sha256:5a4dcf02b908c3b8b17a45fb0f15b695bf117a67b76b7ad18b73cf8e92608775 \ + --hash=sha256:5cad9430ab3e2e4fa4a2ef4450f548768400a2ac635841bc2a56a2052cdbeb87 \ + --hash=sha256:5fc1b16f586f049820c5c5b17bb4ee7583092fa0d1c4e28b5239181ff9532e0c \ + --hash=sha256:62501642008a8b9871ddfccbf83e4222cf8ac0d5aeedf73da36153ef2ec222d2 \ + --hash=sha256:64bdf1086b6043bf519869678f5f2757f473dee970d7abf6da91ec00acb9cb98 \ + --hash=sha256:64da238a09d6039e3bd39bb3aee9c21a5e34f28bfa5aa22518581f910ff94af3 \ + --hash=sha256:666daae833559deb2d609afa4490b85830ab0dfca811a98b70a205621a6109fe \ + --hash=sha256:67040058f37a2a51ed8ea8f6b0e6ee5bd78ca67f169ce6122f3e2ec80dfe9b78 \ + --hash=sha256:6748717bb10339c4760c1e63da040f5f29f5ed6e59d76daee30305894069a660 \ + --hash=sha256:6b181d8c23da913d4ff585afd1155a0e1194c0b50c54fcfe286f70cdaf2b7176 \ + --hash=sha256:6ed5f161328b7df384d71b07317f4d8656434e34591f20552c7bcef27b0ab88e \ + --hash=sha256:7582a1d1030e15422262de9f58711774e02fa80df0d1578995c76214f6954988 \ + --hash=sha256:7d18748f2d30f94f498e852c67d61261c643b349b9d2a581131725595c45ec6c \ + --hash=sha256:7d6ae9d593ef8641544d6263c7fa6408cc90370c8cb2bbb65f8d43e5b0351d9c \ + --hash=sha256:81a4f0b34bd92df3da93315c6a59034df95866014ac08535fc819f043bfd51f0 \ + --hash=sha256:8316a77808c501004802f9beebde51c9f857054a0c871bd6da8280e718444449 \ + --hash=sha256:853888594621e6604c978ce2a0444a1e6e70c8d253ab65ba11657659dcc9100f \ + --hash=sha256:99b76c052e9f1bc0721f7541e5e8c05db3941eb9ebe7b8553c625ef88d6eefde \ + --hash=sha256:a2e4369eb3d47d2034032a26c7a80fcb21a2cb22e1173d761a162f11e562caa5 \ + --hash=sha256:ab55edc2e84460694295f401215f4a58597f8f7c9466faec545093045476327d \ + --hash=sha256:af048912e045a2dc732847d33821a9d84ba553f5c5f028adbd364dd4765092ac \ + --hash=sha256:b1a2eeedcead3a41694130495593a559a668f382eee0727352b9a41e1c45759a \ + --hash=sha256:b1e8b901e607795ec06c9e42530788c45ac21ef3aaa11dbd0c69de543bfb79a9 \ + --hash=sha256:b41156839806aecb3641f3208c0dafd3ac7775b9c4c422d82ee2a45c34ba81ca \ + --hash=sha256:b692f419760c0e65d060959df05f2a531945af31fda0c8a3b3195d4efd06de11 \ + --hash=sha256:bc779e9e6f7fda81b3f9aa58e3a6091d49ad528b11ed19f6621408806204ad35 \ + --hash=sha256:bf6774e60d67a9efe02b3616fee22441d86fab4c6d335f9d2051d19d90a40063 \ + --hash=sha256:c048099e4c9e9d615545e2001d3d8a4380bd403e1a0578734e0d31703d1b0c0b \ + --hash=sha256:c5cb09abb18c1ea940fb99360ea0396f34d46566f157122c92dfa069d3e0e982 \ + --hash=sha256:cc8e1d0c705233c5dd0c5e6460fbad7827d5d36f310a0fadfd45cc3029762258 \ + --hash=sha256:d5e3fc56f88cc98ef8139255cf8cd63eb2c586531e43310ff859d6bb3a6b51f1 \ + --hash=sha256:d6aa0418fcc838522256761b3415822626f866758ee0bc6632c9486b179d0b52 \ + --hash=sha256:d6c254ba6e45d8e72739281ebc46ea5eb5f101234f3ce171f0e9f5cc86991480 \ + --hash=sha256:d6d635d5209b82a3492508cf5b365f3446afb65ae7ebd755e70e18f287b0adf7 \ + --hash=sha256:dcfe792765fab89c365123c81046ad4103fcabbc4f56d1c1997e6715e8015461 \ + --hash=sha256:ddd3915998d93fbcd2566ddf9cf62cdb35c9e093075f862935573d265cf8f65d \ + --hash=sha256:ddff9c4e225a63a5afab9dd15590432c22e8057e1a9a13d28ed128ecf047bbdc \ + --hash=sha256:e41b7e2b59679edfa309e8db64fdf22399eec4b0b24694e1b2104fb789207779 \ + --hash=sha256:e69924bfcdda39b722ef4d9aa762b2dd38e4632b3641b1d9a57ca9cd18f2f83a \ + --hash=sha256:ea20853c6dbbb53ed34cb4d080382169b6f4554d394015f1bef35e881bf83547 \ + --hash=sha256:ee2a1ece51b9b9e7752e742cfb661d2a29e7bcdba2d27e66e28a99f1890e4fa0 \ + --hash=sha256:eeb6dcc05e911516ae3d1f207d4b0520d07f54484c49dfc294d6e7d63b734171 \ + --hash=sha256:f70b98cd94886b49d91170ef23ec5c0e8ebb6f242d734ed7ed677b24d50c82cf \ + --hash=sha256:fc35cb4676846ef752816d5be2193a1e8367b4c1397b74a565a9d0389c433a1d \ + --hash=sha256:ff959bee35038c4624250473988b24f846cbeb2c6639de3602c073f10410ceba + # via grpclib +pkginfo==1.9.6 \ + --hash=sha256:4b7a555a6d5a22169fcc9cf7bfd78d296b0361adad412a346c1226849af5e546 \ + --hash=sha256:8fd5896e8718a4372f0ea9cc9d96f6417c9b986e23a4d116dda26b62cc29d046 + # via twine +pycparser==2.21 \ + --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \ + --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206 + # via cffi +pydantic==1.10.10 \ + --hash=sha256:20a3b30fd255eeeb63caa9483502ba96b7795ce5bf895c6a179b3d909d9f53a6 \ + --hash=sha256:2b71bd504d1573b0b722ae536e8ffb796bedeef978979d076bf206e77dcc55a5 \ + --hash=sha256:3403a090db45d4027d2344859d86eb797484dfda0706cf87af79ace6a35274ef \ + --hash=sha256:37ebddef68370e6f26243acc94de56d291e01227a67b2ace26ea3543cf53dd5f \ + --hash=sha256:3b8d5bd97886f9eb59260594207c9f57dce14a6f869c6ceea90188715d29921a \ + --hash=sha256:409b810f387610cc7405ab2fa6f62bdf7ea485311845a242ebc0bd0496e7e5ac \ + --hash=sha256:4870f13a4fafd5bc3e93cff3169222534fad867918b188e83ee0496452978437 \ + --hash=sha256:566a04ba755e8f701b074ffb134ddb4d429f75d5dced3fbd829a527aafe74c71 \ + --hash=sha256:67b3714b97ff84b2689654851c2426389bcabfac9080617bcf4306c69db606f6 \ + --hash=sha256:6dab5219659f95e357d98d70577b361383057fb4414cfdb587014a5f5c595f7b \ + --hash=sha256:748d10ab6089c5d196e1c8be9de48274f71457b01e59736f7a09c9dc34f51887 \ + --hash=sha256:762aa598f79b4cac2f275d13336b2dd8662febee2a9c450a49a2ab3bec4b385f \ + --hash=sha256:7a26841be620309a9697f5b1ffc47dce74909e350c5315ccdac7a853484d468a \ + --hash=sha256:7a7db03339893feef2092ff7b1afc9497beed15ebd4af84c3042a74abce02d48 \ + --hash=sha256:7aa75d1bd9cc275cf9782f50f60cddaf74cbaae19b6ada2a28e737edac420312 \ + --hash=sha256:86936c383f7c38fd26d35107eb669c85d8f46dfceae873264d9bab46fe1c7dde \ + --hash=sha256:88546dc10a40b5b52cae87d64666787aeb2878f9a9b37825aedc2f362e7ae1da \ + --hash=sha256:8c40964596809eb616d94f9c7944511f620a1103d63d5510440ed2908fc410af \ + --hash=sha256:990027e77cda6072a566e433b6962ca3b96b4f3ae8bd54748e9d62a58284d9d7 \ + --hash=sha256:9965e49c6905840e526e5429b09e4c154355b6ecc0a2f05492eda2928190311d \ + --hash=sha256:9f62a727f5c590c78c2d12fda302d1895141b767c6488fe623098f8792255fe5 \ + --hash=sha256:a2d5be50ac4a0976817144c7d653e34df2f9436d15555189f5b6f61161d64183 \ + --hash=sha256:a5939ec826f7faec434e2d406ff5e4eaf1716eb1f247d68cd3d0b3612f7b4c8a \ + --hash=sha256:aac218feb4af73db8417ca7518fb3bade4534fcca6e3fb00f84966811dd94450 \ + --hash=sha256:adad1ee4ab9888f12dac2529276704e719efcf472e38df7813f5284db699b4ec \ + --hash=sha256:b69f9138dec566962ec65623c9d57bee44412d2fc71065a5f3ebb3820bdeee96 \ + --hash=sha256:c41bbaae89e32fc582448e71974de738c055aef5ab474fb25692981a08df808a \ + --hash=sha256:c62376890b819bebe3c717a9ac841a532988372b7e600e76f75c9f7c128219d5 \ + --hash=sha256:ce937a2a2c020bcad1c9fde02892392a1123de6dda906ddba62bfe8f3e5989a2 \ + --hash=sha256:db4c7f7e60ca6f7d6c1785070f3e5771fcb9b2d88546e334d2f2c3934d949028 \ + --hash=sha256:e0014e29637125f4997c174dd6167407162d7af0da73414a9340461ea8573252 \ + --hash=sha256:e088e3865a2270ecbc369924cd7d9fbc565667d9158e7f304e4097ebb9cf98dd \ + --hash=sha256:ea9eebc2ebcba3717e77cdeee3f6203ffc0e78db5f7482c68b1293e8cc156e5e \ + --hash=sha256:edfdf0a5abc5c9bf2052ebaec20e67abd52e92d257e4f2d30e02c354ed3e6030 \ + --hash=sha256:f3d4ee957a727ccb5a36f1b0a6dbd9fad5dedd2a41eada99a8df55c12896e18d \ + --hash=sha256:f79db3652ed743309f116ba863dae0c974a41b688242482638b892246b7db21d + # via + # id + # sigstore +pygments==2.15.1 \ + --hash=sha256:8ace4d3c1dd481894b2005f560ead0f9f19ee64fe983366be1a21e171d12775c \ + --hash=sha256:db2db3deb4b4179f399a09054b023b6a586b76499d36965813c71aa8ed7b5fd1 + # via + # readme-renderer + # rich +pyjwt==2.7.0 \ + --hash=sha256:ba2b425b15ad5ef12f200dc67dd56af4e26de2331f965c5439994dad075876e1 \ + --hash=sha256:bd6ca4a3c4285c1a2d4349e5a035fdf8fb94e04ccd0fcbe6ba289dae9cc3e074 + # via sigstore +pyopenssl==23.2.0 \ + --hash=sha256:24f0dc5227396b3e831f4c7f602b950a5e9833d292c8e4a2e06b709292806ae2 \ + --hash=sha256:276f931f55a452e7dea69c7173e984eb2a4407ce413c918aa34b55f82f9b8bac + # via sigstore +python-dateutil==2.8.2 \ + --hash=sha256:0123cacc1627ae19ddf3c27a5de5bd67ee4586fbdd6440d9748f8abb483d3e86 \ + --hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9 + # via betterproto +readme-renderer==40.0 \ + --hash=sha256:9f77b519d96d03d7d7dce44977ba543090a14397c4f60de5b6eb5b8048110aa4 \ + --hash=sha256:e18feb2a1e7706f2865b81ebb460056d93fb29d69daa10b223c00faa7bd9a00a + # via twine +requests==2.31.0 \ + --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f \ + --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1 + # via + # -r publish-requirements.in + # id + # requests-toolbelt + # sigstore + # tuf + # twine +requests-toolbelt==1.0.0 \ + --hash=sha256:7681a0a3d047012b5bdc0ee37d7f8f07ebe76ab08caeccfc3921ce23c88d5bc6 \ + --hash=sha256:cccfdd665f0a24fcf4726e690f65639d272bb0637b9b92dfd91a5568ccf6bd06 + # via twine +rfc3986==2.0.0 \ + --hash=sha256:50b1502b60e289cb37883f3dfd34532b8873c7de9f49bb546641ce9cbd256ebd \ + --hash=sha256:97aacf9dbd4bfd829baad6e6309fa6573aaf1be3f6fa735c8ab05e46cecb261c + # via twine +rich==13.4.2 \ + --hash=sha256:8f87bc7ee54675732fa66a05ebfe489e27264caeeff3728c945d25971b6485ec \ + --hash=sha256:d653d6bccede5844304c605d5aac802c7cf9621efd700b46c7ec2b51ea914898 + # via twine +securesystemslib==0.28.0 \ + --hash=sha256:9e6b9abe36a511d4f52c759069db8f6f650362ba82d6efc7bc7466a458b3f499 \ + --hash=sha256:a27e519247576f2a77b97fb03267d8eeb88eba715d12da64109e845616f919c6 + # via + # sigstore + # tuf +sigstore==1.1.2 \ + --hash=sha256:1252c34b6bf0f5c0680dffe36e1961bd23da9dd77838fc8ece35bcf87a3bf6df \ + --hash=sha256:1f5d74006073a4bc1572290fb133418c25ff76c5a02fcb567c3feb238d425ab3 + # via -r publish-requirements.in +sigstore-protobuf-specs==0.1.0 \ + --hash=sha256:0e7766add04b5bd145181936e6fedbb2609d7e959f2740051cbca12572b277a2 \ + --hash=sha256:622b2d231613a28ed3e6660acd87818675b4e83486f49a0f0c198ac5475fcb81 + # via sigstore +six==1.16.0 \ + --hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \ + --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254 + # via + # bleach + # python-dateutil +tuf==2.1.0 \ + --hash=sha256:ab22d1143d4d8aa20c94d243de27eedc8cd517e251ddaf4a88c10952358a13ea \ + --hash=sha256:dbfe18fbdeba6d76144931db88b76e473fa40c431b60d25b455a9adbb07c2397 + # via sigstore +twine==4.0.2 \ + --hash=sha256:929bc3c280033347a00f847236564d1c52a3e61b1ac2516c97c48f3ceab756d8 \ + --hash=sha256:9e102ef5fdd5a20661eb88fad46338806c3bd32cf1db729603fe3697b1bc83c8 + # via -r publish-requirements.in +typing-extensions==4.7.1 \ + --hash=sha256:440d5dd3af93b060174bf433bccd69b0babc3b15b1a8dca43789fd7f61514b36 \ + --hash=sha256:b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2 + # via pydantic +urllib3==2.0.3 \ + --hash=sha256:48e7fafa40319d358848e1bc6809b208340fafe2096f1725d05d67443d0483d1 \ + --hash=sha256:bee28b5e56addb8226c96f7f13ac28cb4c301dd5ea8a6ca179c0b9835e032825 + # via + # requests + # twine +webencodings==0.5.1 \ + --hash=sha256:a0af1213f3c2226497a97e2b3aa01a7e4bee4f403f95be16fc9acd2947514a78 \ + --hash=sha256:b36a1c245f2d304965eb4e0a82848379241dc04b865afcc4aab16748587e1923 + # via bleach +zipp==3.15.0 \ + --hash=sha256:112929ad649da941c23de50f356a2b5570c954b65150642bccdd66bf194d224b \ + --hash=sha256:48904fc76a60e542af151aded95726c1a5c34ed43ab4134b597665c86d7ad556 + # via importlib-metadata From a87f3d82062e51f50c52f992a08ffe5b98dbd70d Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Tue, 4 Jul 2023 13:20:16 -0300 Subject: [PATCH 03/16] ci: change ci files to install build and publish dependencies using hashes Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/pypi-publish.yml | 10 +++++++++- .github/workflows/wheel-builder.yml | 29 ++++++++++++++++++++++++----- 2 files changed, 33 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 96dad5f8a4d6..ddcf1256a203 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -29,7 +29,15 @@ jobs: with: path: dist/ run_id: ${{ github.event.inputs.run_id || github.event.workflow_run.id }} - - run: pip install twine requests sigstore + + - name: Dowload publish-requirements.txt from repo + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + sparse-checkout: | + .github/workflows/publish-requirements.txt + sparse-checkout-cone-mode: false + - name: Install Python dependencies + run: pip install --require-hashes -r publish-requirements.txt - run: | echo "OIDC_AUDIENCE=pypi" >> $GITHUB_ENV diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index eeaf5cc4221a..5019b041d971 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -108,9 +108,16 @@ jobs: with: name: cryptography-sdist + - name: Dowload build-requirements.txt from repo + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + sparse-checkout: | + .github/workflows/build-requirements.txt + sparse-checkout-cone-mode: false + - run: ls - run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv - name: Install Python dependencies - run: .venv/bin/pip install -U pip wheel cffi setuptools-rust + run: .venv/bin/pip install --require-hashes -r .github/workflows/build-requirements.txt - run: mkdir tmpwheelhouse - name: Build the wheel run: | @@ -219,8 +226,15 @@ jobs: # Add the arm64 target in addition to the native arch (x86_64) target: aarch64-apple-darwin + - name: Dowload build-requirements.txt from repo + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + sparse-checkout: | + .github/workflows/build-requirements.txt + sparse-checkout-cone-mode: false - run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv - - run: venv/bin/pip install -U pip wheel cffi setuptools-rust + - name: Install Python dependencies + run: venv/bin/pip install --require-hashes -r build-requirements.txt - run: mkdir wheelhouse - name: Build the wheel run: | @@ -303,9 +317,14 @@ jobs: echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}" >> $GITHUB_ENV echo "OPENSSL_STATIC=1" >> $GITHUB_ENV shell: bash - - - run: python -m pip install -U pip wheel - - run: python -m pip install cffi setuptools-rust + - name: Dowload build-requirements.txt from repo + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + sparse-checkout: | + .github/workflows/build-requirements.txt + sparse-checkout-cone-mode: false + - name: Install Python dependencies + run: python -m pip install --require-hashes -r build-requirements.txt - run: mkdir wheelhouse - run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then From 18692ed1d05299a62429fd031f86f4ddaf6df01c Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Tue, 4 Jul 2023 15:06:58 -0300 Subject: [PATCH 04/16] ci: fix path to requirements files Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/pypi-publish.yml | 2 +- .github/workflows/wheel-builder.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index ddcf1256a203..a531169fdc96 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -37,7 +37,7 @@ jobs: .github/workflows/publish-requirements.txt sparse-checkout-cone-mode: false - name: Install Python dependencies - run: pip install --require-hashes -r publish-requirements.txt + run: pip install --require-hashes -r .github/workflows/publish-requirements.txt - run: | echo "OIDC_AUDIENCE=pypi" >> $GITHUB_ENV diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 5019b041d971..d0cda3660b6c 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -234,7 +234,7 @@ jobs: sparse-checkout-cone-mode: false - run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv - name: Install Python dependencies - run: venv/bin/pip install --require-hashes -r build-requirements.txt + run: venv/bin/pip install --require-hashes -r .github/workflows/build-requirements.txt - run: mkdir wheelhouse - name: Build the wheel run: | @@ -324,7 +324,7 @@ jobs: .github/workflows/build-requirements.txt sparse-checkout-cone-mode: false - name: Install Python dependencies - run: python -m pip install --require-hashes -r build-requirements.txt + run: python -m pip install --require-hashes -r .github/workflows/build-requirements.txt - run: mkdir wheelhouse - run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then From 27092f981ec2521c12c4ca98e99830f018e3b2dd Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Tue, 4 Jul 2023 15:15:38 -0300 Subject: [PATCH 05/16] ci: rebuild the requirement.txt files using `--allow-unsafe` The flag is needed to create hash-pinned requirements for pip and setup-tools. Find more information about this at these issues from [pip-tools](https://github.com/jazzband/pip-tools/issues/806) and from [pip](https://github.com/pypa/pip/issues/6459). Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/build-requirements.in | 2 +- .github/workflows/build-requirements.txt | 21 +++++++++++++-------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-requirements.in b/.github/workflows/build-requirements.in index b6a491474240..1cf85187d835 100644 --- a/.github/workflows/build-requirements.in +++ b/.github/workflows/build-requirements.in @@ -1,4 +1,4 @@ pip wheel cffi -setuptools-rust +setuptools-rust \ No newline at end of file diff --git a/.github/workflows/build-requirements.txt b/.github/workflows/build-requirements.txt index 2f5abdd1eab9..a165d34770a3 100644 --- a/.github/workflows/build-requirements.txt +++ b/.github/workflows/build-requirements.txt @@ -2,7 +2,7 @@ # This file is autogenerated by pip-compile with Python 3.10 # by the following command: # -# pip-compile --generate-hashes build-requirements.in +# pip-compile --allow-unsafe --generate-hashes requirements.in # cffi==1.15.1 \ --hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \ @@ -69,7 +69,7 @@ cffi==1.15.1 \ --hash=sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b \ --hash=sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01 \ --hash=sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0 - # via -r build-requirements.in + # via -r requirements.in pycparser==2.21 \ --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \ --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206 @@ -81,7 +81,7 @@ semantic-version==2.10.0 \ setuptools-rust==1.6.0 \ --hash=sha256:c86e734deac330597998bfbc08da45187e6b27837e23bd91eadb320732392262 \ --hash=sha256:e28ae09fb7167c44ab34434eb49279307d611547cb56cb9789955cdb54a1aed9 - # via -r build-requirements.in + # via -r requirements.in typing-extensions==4.7.1 \ --hash=sha256:440d5dd3af93b060174bf433bccd69b0babc3b15b1a8dca43789fd7f61514b36 \ --hash=sha256:b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2 @@ -89,9 +89,14 @@ typing-extensions==4.7.1 \ wheel==0.40.0 \ --hash=sha256:cd1196f3faee2b31968d626e1731c94f99cbdb67cf5a46e4f5656cbee7738873 \ --hash=sha256:d236b20e7cb522daf2390fa84c55eea81c5c30190f90f29ae2ca1ad8355bf247 - # via -r build-requirements.in + # via -r requirements.in -# WARNING: The following packages were not pinned, but pip requires them to be -# pinned when the requirements file includes hashes. Consider using the --allow-unsafe flag. -# pip -# setuptools +# The following packages are considered to be unsafe in a requirements file: +pip==23.1.2 \ + --hash=sha256:0e7c86f486935893c708287b30bd050a36ac827ec7fe5e43fe7cb198dd835fba \ + --hash=sha256:3ef6ac33239e4027d9a5598a381b9d30880a1477e50039db2eac6e8a8f6d1b18 + # via -r requirements.in +setuptools==68.0.0 \ + --hash=sha256:11e52c67415a381d10d6b462ced9cfb97066179f0e871399e006c4ab101fc85f \ + --hash=sha256:baf1fdb41c6da4cd2eae722e135500da913332ab3f2f5c7d33af9b492acb5235 + # via setuptools-rust \ No newline at end of file From f26a922ab158c43d672f00b87e7def86d2ee2053 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Tue, 4 Jul 2023 15:43:00 -0300 Subject: [PATCH 06/16] refactor(workflows): move build requirements files to a separated folder Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/pypi-publish.yml | 4 ++-- .../{ => requirements}/build-requirements.in | 0 .../{ => requirements}/build-requirements.txt | 0 .../{ => requirements}/publish-requirements.in | 0 .../{ => requirements}/publish-requirements.txt | 0 .github/workflows/wheel-builder.yml | 12 ++++++------ 6 files changed, 8 insertions(+), 8 deletions(-) rename .github/workflows/{ => requirements}/build-requirements.in (100%) rename .github/workflows/{ => requirements}/build-requirements.txt (100%) rename .github/workflows/{ => requirements}/publish-requirements.in (100%) rename .github/workflows/{ => requirements}/publish-requirements.txt (100%) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index a531169fdc96..be0a28708fa3 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -34,10 +34,10 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: sparse-checkout: | - .github/workflows/publish-requirements.txt + .github/workflows/requirements/publish-requirements.txt sparse-checkout-cone-mode: false - name: Install Python dependencies - run: pip install --require-hashes -r .github/workflows/publish-requirements.txt + run: pip install --require-hashes -r .github/workflows/requirements/publish-requirements.txt - run: | echo "OIDC_AUDIENCE=pypi" >> $GITHUB_ENV diff --git a/.github/workflows/build-requirements.in b/.github/workflows/requirements/build-requirements.in similarity index 100% rename from .github/workflows/build-requirements.in rename to .github/workflows/requirements/build-requirements.in diff --git a/.github/workflows/build-requirements.txt b/.github/workflows/requirements/build-requirements.txt similarity index 100% rename from .github/workflows/build-requirements.txt rename to .github/workflows/requirements/build-requirements.txt diff --git a/.github/workflows/publish-requirements.in b/.github/workflows/requirements/publish-requirements.in similarity index 100% rename from .github/workflows/publish-requirements.in rename to .github/workflows/requirements/publish-requirements.in diff --git a/.github/workflows/publish-requirements.txt b/.github/workflows/requirements/publish-requirements.txt similarity index 100% rename from .github/workflows/publish-requirements.txt rename to .github/workflows/requirements/publish-requirements.txt diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index d0cda3660b6c..00d905187b5b 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -112,12 +112,12 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: sparse-checkout: | - .github/workflows/build-requirements.txt + .github/workflows/requirements/build-requirements.txt sparse-checkout-cone-mode: false - run: ls - run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv - name: Install Python dependencies - run: .venv/bin/pip install --require-hashes -r .github/workflows/build-requirements.txt + run: .venv/bin/pip install --require-hashes -r .github/workflows/requirements/build-requirements.txt - run: mkdir tmpwheelhouse - name: Build the wheel run: | @@ -230,11 +230,11 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: sparse-checkout: | - .github/workflows/build-requirements.txt + .github/workflows/requirements/build-requirements.txt sparse-checkout-cone-mode: false - run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv - name: Install Python dependencies - run: venv/bin/pip install --require-hashes -r .github/workflows/build-requirements.txt + run: venv/bin/pip install --require-hashes -r .github/workflows/requirements/build-requirements.txt - run: mkdir wheelhouse - name: Build the wheel run: | @@ -321,10 +321,10 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: sparse-checkout: | - .github/workflows/build-requirements.txt + .github/workflows/requirements/build-requirements.txt sparse-checkout-cone-mode: false - name: Install Python dependencies - run: python -m pip install --require-hashes -r .github/workflows/build-requirements.txt + run: python -m pip install --require-hashes -r .github/workflows/requirements/build-requirements.txt - run: mkdir wheelhouse - run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then From 7013a37fc9e32cac4201b325b06a1d1d91214db3 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Tue, 4 Jul 2023 17:39:19 -0300 Subject: [PATCH 07/16] fix(workflow): requirements download was erasing work from previous steps Using the actions/checkout to download the requirements.txt was erasing some necessary files that came from previous steps. Thus, this commit changes moves the checkout action to the beginnig of the jobs. Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/pypi-publish.yml | 18 +++++---- .github/workflows/wheel-builder.yml | 61 +++++++++++++++++------------ 2 files changed, 48 insertions(+), 31 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index be0a28708fa3..4056cd0aa481 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -25,19 +25,23 @@ jobs: permissions: id-token: "write" steps: - - uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # v2.27.0 - with: - path: dist/ - run_id: ${{ github.event.inputs.run_id || github.event.workflow_run.id }} - - - name: Dowload publish-requirements.txt from repo + - name: Get publish-requirements.txt from repository uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: sparse-checkout: | .github/workflows/requirements/publish-requirements.txt sparse-checkout-cone-mode: false + # The tag to build or the tag received by the tag event + ref: ${{ github.event.inputs.version || github.ref }} + persist-credentials: false + - run: mv .github/workflows/requirements/publish-requirements.txt . - name: Install Python dependencies - run: pip install --require-hashes -r .github/workflows/requirements/publish-requirements.txt + run: pip install --require-hashes -r publish-requirements.txt + + - uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # v2.27.0 + with: + path: dist/ + run_id: ${{ github.event.inputs.run_id || github.event.workflow_run.id }} - run: | echo "OIDC_AUDIENCE=pypi" >> $GITHUB_ENV diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 00d905187b5b..bf294b28c0b1 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -104,20 +104,24 @@ jobs: sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release if: matrix.MANYLINUX.NAME == 'musllinux_1_1_aarch64' - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - name: cryptography-sdist - - - name: Dowload build-requirements.txt from repo + - name: Get build-requirements.txt from repository uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: + # The tag to build or the tag received by the tag event + ref: ${{ github.event.inputs.version || github.ref }} + persist-credentials: false sparse-checkout: | .github/workflows/requirements/build-requirements.txt sparse-checkout-cone-mode: false - - run: ls + - run: mv .github/workflows/requirements/build-requirements.txt . + - run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv - name: Install Python dependencies - run: .venv/bin/pip install --require-hashes -r .github/workflows/requirements/build-requirements.txt + run: .venv/bin/pip install --require-hashes -r build-requirements.txt + + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: cryptography-sdist - run: mkdir tmpwheelhouse - name: Build the wheel run: | @@ -195,9 +199,16 @@ jobs: ARCHFLAGS: '-arch x86_64' name: "${{ matrix.PYTHON.VERSION }} ABI ${{ matrix.PYTHON.ABI_VERSION }} macOS ${{ matrix.PYTHON.ARCHFLAGS }}" steps: - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + - name: Get build-requirements.txt from repository + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: - name: cryptography-sdist + # The tag to build or the tag received by the tag event + ref: ${{ github.event.inputs.version || github.ref }} + persist-credentials: false + sparse-checkout: | + .github/workflows/requirements/build-requirements.txt + sparse-checkout-cone-mode: false + - run: mv .github/workflows/requirements/build-requirements.txt . - name: Setup python run: | @@ -225,16 +236,13 @@ jobs: toolchain: stable # Add the arm64 target in addition to the native arch (x86_64) target: aarch64-apple-darwin - - - name: Dowload build-requirements.txt from repo - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - sparse-checkout: | - .github/workflows/requirements/build-requirements.txt - sparse-checkout-cone-mode: false - run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv - name: Install Python dependencies - run: venv/bin/pip install --require-hashes -r .github/workflows/requirements/build-requirements.txt + run: venv/bin/pip install --require-hashes -r build-requirements.txt + + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: cryptography-sdist - run: mkdir wheelhouse - name: Build the wheel run: | @@ -289,6 +297,17 @@ jobs: PYTHON: {VERSION: "pypy-3.10"} name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.WINDOWS }} ${{ matrix.PYTHON.ABI_VERSION }}" steps: + - name: Get build-requirements.txt from repository + uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + with: + # The tag to build or the tag received by the tag event + ref: ${{ github.event.inputs.version || github.ref }} + persist-credentials: false + sparse-checkout: | + .github/workflows/requirements/build-requirements.txt + sparse-checkout-cone-mode: false + - run: mv .github/workflows/requirements/build-requirements.txt . + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: cryptography-sdist @@ -317,14 +336,8 @@ jobs: echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}" >> $GITHUB_ENV echo "OPENSSL_STATIC=1" >> $GITHUB_ENV shell: bash - - name: Dowload build-requirements.txt from repo - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - sparse-checkout: | - .github/workflows/requirements/build-requirements.txt - sparse-checkout-cone-mode: false - name: Install Python dependencies - run: python -m pip install --require-hashes -r .github/workflows/requirements/build-requirements.txt + run: python -m pip install --require-hashes -r build-requirements.txt - run: mkdir wheelhouse - run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then From 5546a81fa0dae338b2ee182f92876a747ae44ad2 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Thu, 6 Jul 2023 11:24:56 -0300 Subject: [PATCH 08/16] ci: remove reference to inexistent input in pypi-publish.yml --- .github/workflows/pypi-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 4056cd0aa481..dfbc4370c20f 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -32,7 +32,7 @@ jobs: .github/workflows/requirements/publish-requirements.txt sparse-checkout-cone-mode: false # The tag to build or the tag received by the tag event - ref: ${{ github.event.inputs.version || github.ref }} + ref: ${{ github.ref }} persist-credentials: false - run: mv .github/workflows/requirements/publish-requirements.txt . - name: Install Python dependencies From 0e1db7d89db76308ac0a44bf03c3ab09de488bf8 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Mon, 10 Jul 2023 13:33:16 -0300 Subject: [PATCH 09/16] docs(workflows): remove comment related to a line already delated from code Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/pypi-publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index dfbc4370c20f..5a7f1e71224e 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -31,7 +31,6 @@ jobs: sparse-checkout: | .github/workflows/requirements/publish-requirements.txt sparse-checkout-cone-mode: false - # The tag to build or the tag received by the tag event ref: ${{ github.ref }} persist-credentials: false - run: mv .github/workflows/requirements/publish-requirements.txt . From 916a9bc5a26b906decabbf5ff2cb3575f981785a Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Mon, 10 Jul 2023 14:07:09 -0300 Subject: [PATCH 10/16] refactor(workflows): use a workflow-level env var to define path to build requirements file Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/pypi-publish.yml | 8 +++++--- .github/workflows/wheel-builder.yml | 20 +++++++++----------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 5a7f1e71224e..60f84cb371b5 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -15,6 +15,9 @@ on: workflows: ["Wheel Builder"] types: [completed] +env: + PUBLISH_REQUIREMENTS_PATH: .github/workflows/requirements/publish-requirements.txt + jobs: publish: runs-on: ubuntu-latest @@ -29,13 +32,12 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: sparse-checkout: | - .github/workflows/requirements/publish-requirements.txt + $PUBLISH_REQUIREMENTS_PATH sparse-checkout-cone-mode: false ref: ${{ github.ref }} persist-credentials: false - - run: mv .github/workflows/requirements/publish-requirements.txt . - name: Install Python dependencies - run: pip install --require-hashes -r publish-requirements.txt + run: pip install --require-hashes -r $PUBLISH_REQUIREMENTS_PATH - uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # v2.27.0 with: diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index bf294b28c0b1..f6e716d0f743 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -19,6 +19,9 @@ on: - pyproject.toml - vectors/pyproject.toml +env: + BUILD_REQUIREMENTS_PATH: .github/workflows/requirements/build-requirements.txt + jobs: sdist: runs-on: ubuntu-latest @@ -111,13 +114,11 @@ jobs: ref: ${{ github.event.inputs.version || github.ref }} persist-credentials: false sparse-checkout: | - .github/workflows/requirements/build-requirements.txt + $BUILD_REQUIREMENTS_PATH sparse-checkout-cone-mode: false - - run: mv .github/workflows/requirements/build-requirements.txt . - - run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv - name: Install Python dependencies - run: .venv/bin/pip install --require-hashes -r build-requirements.txt + run: .venv/bin/pip install --require-hashes -r $BUILD_REQUIREMENTS_PATH - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: @@ -206,10 +207,8 @@ jobs: ref: ${{ github.event.inputs.version || github.ref }} persist-credentials: false sparse-checkout: | - .github/workflows/requirements/build-requirements.txt + $BUILD_REQUIREMENTS_PATH sparse-checkout-cone-mode: false - - run: mv .github/workflows/requirements/build-requirements.txt . - - name: Setup python run: | curl "$PYTHON_DOWNLOAD_URL" -o python.pkg @@ -238,7 +237,7 @@ jobs: target: aarch64-apple-darwin - run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv - name: Install Python dependencies - run: venv/bin/pip install --require-hashes -r build-requirements.txt + run: venv/bin/pip install --require-hashes -r $BUILD_REQUIREMENTS_PATH - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: @@ -304,9 +303,8 @@ jobs: ref: ${{ github.event.inputs.version || github.ref }} persist-credentials: false sparse-checkout: | - .github/workflows/requirements/build-requirements.txt + $BUILD_REQUIREMENTS_PATH sparse-checkout-cone-mode: false - - run: mv .github/workflows/requirements/build-requirements.txt . - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: @@ -337,7 +335,7 @@ jobs: echo "OPENSSL_STATIC=1" >> $GITHUB_ENV shell: bash - name: Install Python dependencies - run: python -m pip install --require-hashes -r build-requirements.txt + run: python -m pip install --require-hashes -r $BUILD_REQUIREMENTS_PATH - run: mkdir wheelhouse - run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then From b6d9cb41a568fa2e425fc264e1715efde2a94348 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Mon, 10 Jul 2023 14:38:51 -0300 Subject: [PATCH 11/16] fix(workflows): refer to env vars using ${{ }} sintax Signed-off-by: Diogo Teles Sant'Anna --- .github/workflows/pypi-publish.yml | 4 ++-- .github/workflows/wheel-builder.yml | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 60f84cb371b5..b36599b95ff2 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -32,12 +32,12 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: sparse-checkout: | - $PUBLISH_REQUIREMENTS_PATH + ${{ env.PUBLISH_REQUIREMENTS_PATH }} sparse-checkout-cone-mode: false ref: ${{ github.ref }} persist-credentials: false - name: Install Python dependencies - run: pip install --require-hashes -r $PUBLISH_REQUIREMENTS_PATH + run: pip install --require-hashes -r ${{ env.PUBLISH_REQUIREMENTS_PATH }} - uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615 # v2.27.0 with: diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index f6e716d0f743..e54ce3560713 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -114,11 +114,11 @@ jobs: ref: ${{ github.event.inputs.version || github.ref }} persist-credentials: false sparse-checkout: | - $BUILD_REQUIREMENTS_PATH + ${{ env.BUILD_REQUIREMENTS_PATH }} sparse-checkout-cone-mode: false - run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv - name: Install Python dependencies - run: .venv/bin/pip install --require-hashes -r $BUILD_REQUIREMENTS_PATH + run: .venv/bin/pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }} - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: @@ -207,7 +207,7 @@ jobs: ref: ${{ github.event.inputs.version || github.ref }} persist-credentials: false sparse-checkout: | - $BUILD_REQUIREMENTS_PATH + ${{ env.BUILD_REQUIREMENTS_PATH }} sparse-checkout-cone-mode: false - name: Setup python run: | @@ -237,7 +237,7 @@ jobs: target: aarch64-apple-darwin - run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv - name: Install Python dependencies - run: venv/bin/pip install --require-hashes -r $BUILD_REQUIREMENTS_PATH + run: venv/bin/pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }} - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: @@ -303,7 +303,7 @@ jobs: ref: ${{ github.event.inputs.version || github.ref }} persist-credentials: false sparse-checkout: | - $BUILD_REQUIREMENTS_PATH + ${{ env.BUILD_REQUIREMENTS_PATH }} sparse-checkout-cone-mode: false - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 @@ -335,7 +335,7 @@ jobs: echo "OPENSSL_STATIC=1" >> $GITHUB_ENV shell: bash - name: Install Python dependencies - run: python -m pip install --require-hashes -r $BUILD_REQUIREMENTS_PATH + run: python -m pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }} - run: mkdir wheelhouse - run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then From c8c355d3fb6a16c9a56c12a5d2f7879c62fed7f6 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Mon, 10 Jul 2023 14:52:09 -0300 Subject: [PATCH 12/16] refactor(workflows): move build and publish requirements files Moved from .github/workflows/requirements/ to .github/requirements/ Signed-off-by: Diogo Teles Sant'Anna --- .github/{workflows => }/requirements/build-requirements.in | 0 .github/{workflows => }/requirements/build-requirements.txt | 0 .github/{workflows => }/requirements/publish-requirements.in | 0 .github/{workflows => }/requirements/publish-requirements.txt | 0 .github/workflows/pypi-publish.yml | 2 +- .github/workflows/wheel-builder.yml | 2 +- 6 files changed, 2 insertions(+), 2 deletions(-) rename .github/{workflows => }/requirements/build-requirements.in (100%) rename .github/{workflows => }/requirements/build-requirements.txt (100%) rename .github/{workflows => }/requirements/publish-requirements.in (100%) rename .github/{workflows => }/requirements/publish-requirements.txt (100%) diff --git a/.github/workflows/requirements/build-requirements.in b/.github/requirements/build-requirements.in similarity index 100% rename from .github/workflows/requirements/build-requirements.in rename to .github/requirements/build-requirements.in diff --git a/.github/workflows/requirements/build-requirements.txt b/.github/requirements/build-requirements.txt similarity index 100% rename from .github/workflows/requirements/build-requirements.txt rename to .github/requirements/build-requirements.txt diff --git a/.github/workflows/requirements/publish-requirements.in b/.github/requirements/publish-requirements.in similarity index 100% rename from .github/workflows/requirements/publish-requirements.in rename to .github/requirements/publish-requirements.in diff --git a/.github/workflows/requirements/publish-requirements.txt b/.github/requirements/publish-requirements.txt similarity index 100% rename from .github/workflows/requirements/publish-requirements.txt rename to .github/requirements/publish-requirements.txt diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index b36599b95ff2..c2378f5e23ac 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -16,7 +16,7 @@ on: types: [completed] env: - PUBLISH_REQUIREMENTS_PATH: .github/workflows/requirements/publish-requirements.txt + PUBLISH_REQUIREMENTS_PATH: .github/requirements/publish-requirements.txt jobs: publish: diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index e54ce3560713..94a541bb646f 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -20,7 +20,7 @@ on: - vectors/pyproject.toml env: - BUILD_REQUIREMENTS_PATH: .github/workflows/requirements/build-requirements.txt + BUILD_REQUIREMENTS_PATH: .github/requirements/build-requirements.txt jobs: sdist: From 5919c89280385a45bf3184370deb39e1c8d9fd6a Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Mon, 10 Jul 2023 17:03:51 -0300 Subject: [PATCH 13/16] docs(workflows): add comments on requirements files explaining their relation Signed-off-by: Diogo Teles Sant'Anna --- .github/requirements/build-requirements.in | 6 +++++- .github/requirements/publish-requirements.in | 3 +++ pyproject.toml | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/requirements/build-requirements.in b/.github/requirements/build-requirements.in index 1cf85187d835..dc60296693a8 100644 --- a/.github/requirements/build-requirements.in +++ b/.github/requirements/build-requirements.in @@ -1,4 +1,8 @@ +# Must be kept sync with build-system.requires at pyproject.toml pip wheel cffi -setuptools-rust \ No newline at end of file +setuptools-rust + +# WARN: changing the requirements here DOES NOT update the dependencies used for building at the github workflow, as the build process used build-requirements.txt +# To update build-requirements.txt according to the dependencies here, run pip-compile --allow-unsafe --generate-hashes build-requirements.in \ No newline at end of file diff --git a/.github/requirements/publish-requirements.in b/.github/requirements/publish-requirements.in index d672d336d19c..dd98b8990e7b 100644 --- a/.github/requirements/publish-requirements.in +++ b/.github/requirements/publish-requirements.in @@ -1,3 +1,6 @@ twine requests sigstore + +# WARN: changing the requirements here DOES NOT update the dependencies used for publishing at the github workflow, as the process used publish-requirements.txt +# To update publish-requirements.txt according to the dependencies here, run pip-compile --allow-unsafe --generate-hashes publish-requirements.in \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index ceb5009852f5..560f022c8387 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,4 +1,5 @@ [build-system] +# These requirements must be kept sync with the requirements on ./github/requirements/build-requirements files requires = [ # First version of setuptools to support pyproject.toml configuration "setuptools>=61.0.0", From 96e2b25547ceb52788530813bca63a77f1802fe5 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Mon, 10 Jul 2023 17:14:24 -0300 Subject: [PATCH 14/16] ci(workflows): update build dependencies to match exactly the ones at pyproject.toml Signed-off-by: Diogo Teles Sant'Anna --- .github/requirements/build-requirements.in | 8 ++++---- .github/requirements/build-requirements.txt | 18 ++++++++---------- 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/.github/requirements/build-requirements.in b/.github/requirements/build-requirements.in index dc60296693a8..bdf6916690ca 100644 --- a/.github/requirements/build-requirements.in +++ b/.github/requirements/build-requirements.in @@ -1,8 +1,8 @@ # Must be kept sync with build-system.requires at pyproject.toml -pip +setuptools>=61.0.0 wheel -cffi -setuptools-rust +cffi>=1.12; platform_python_implementation != 'PyPy' +setuptools-rust>=0.11.4 # WARN: changing the requirements here DOES NOT update the dependencies used for building at the github workflow, as the build process used build-requirements.txt -# To update build-requirements.txt according to the dependencies here, run pip-compile --allow-unsafe --generate-hashes build-requirements.in \ No newline at end of file +# To update build-requirements.txt according to the dependencies here, run pip-compile --allow-unsafe --generate-hashes build-requirements.in diff --git a/.github/requirements/build-requirements.txt b/.github/requirements/build-requirements.txt index a165d34770a3..474f31a29b0b 100644 --- a/.github/requirements/build-requirements.txt +++ b/.github/requirements/build-requirements.txt @@ -2,9 +2,9 @@ # This file is autogenerated by pip-compile with Python 3.10 # by the following command: # -# pip-compile --allow-unsafe --generate-hashes requirements.in +# pip-compile --allow-unsafe --generate-hashes build-requirements.in # -cffi==1.15.1 \ +cffi==1.15.1 ; platform_python_implementation != "PyPy" \ --hash=sha256:00a9ed42e88df81ffae7a8ab6d9356b371399b91dbdf0c3cb1e84c03a13aceb5 \ --hash=sha256:03425bdae262c76aad70202debd780501fabeaca237cdfddc008987c0e0f59ef \ --hash=sha256:04ed324bda3cda42b9b695d51bb7d54b680b9719cfab04227cdd1e04e5de3104 \ @@ -69,7 +69,7 @@ cffi==1.15.1 \ --hash=sha256:ed9cb427ba5504c1dc15ede7d516b84757c3e3d7868ccc85121d9310d27eed0b \ --hash=sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01 \ --hash=sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0 - # via -r requirements.in + # via -r build-requirements.in pycparser==2.21 \ --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 \ --hash=sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206 @@ -81,7 +81,7 @@ semantic-version==2.10.0 \ setuptools-rust==1.6.0 \ --hash=sha256:c86e734deac330597998bfbc08da45187e6b27837e23bd91eadb320732392262 \ --hash=sha256:e28ae09fb7167c44ab34434eb49279307d611547cb56cb9789955cdb54a1aed9 - # via -r requirements.in + # via -r build-requirements.in typing-extensions==4.7.1 \ --hash=sha256:440d5dd3af93b060174bf433bccd69b0babc3b15b1a8dca43789fd7f61514b36 \ --hash=sha256:b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2 @@ -89,14 +89,12 @@ typing-extensions==4.7.1 \ wheel==0.40.0 \ --hash=sha256:cd1196f3faee2b31968d626e1731c94f99cbdb67cf5a46e4f5656cbee7738873 \ --hash=sha256:d236b20e7cb522daf2390fa84c55eea81c5c30190f90f29ae2ca1ad8355bf247 - # via -r requirements.in + # via -r build-requirements.in # The following packages are considered to be unsafe in a requirements file: -pip==23.1.2 \ - --hash=sha256:0e7c86f486935893c708287b30bd050a36ac827ec7fe5e43fe7cb198dd835fba \ - --hash=sha256:3ef6ac33239e4027d9a5598a381b9d30880a1477e50039db2eac6e8a8f6d1b18 - # via -r requirements.in setuptools==68.0.0 \ --hash=sha256:11e52c67415a381d10d6b462ced9cfb97066179f0e871399e006c4ab101fc85f \ --hash=sha256:baf1fdb41c6da4cd2eae722e135500da913332ab3f2f5c7d33af9b492acb5235 - # via setuptools-rust \ No newline at end of file + # via + # -r build-requirements.in + # setuptools-rust From 38730f966eac39bde3417e49a9f91969150d8325 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Tue, 11 Jul 2023 10:58:14 -0300 Subject: [PATCH 15/16] ci: remove unnecessary parameter When calling actions/checkout , we were passing the `ref` parameter as `github.ref`, but it will likely be always main, or the vary same value as the default for this parameter. --- .github/workflows/pypi-publish.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index c2378f5e23ac..9f941fa8903a 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -34,7 +34,6 @@ jobs: sparse-checkout: | ${{ env.PUBLISH_REQUIREMENTS_PATH }} sparse-checkout-cone-mode: false - ref: ${{ github.ref }} persist-credentials: false - name: Install Python dependencies run: pip install --require-hashes -r ${{ env.PUBLISH_REQUIREMENTS_PATH }} From 4d34bde10726d1918ba54f58ed0b084fe81e3b75 Mon Sep 17 00:00:00 2001 From: Diogo Teles Sant'Anna Date: Tue, 11 Jul 2023 12:55:10 -0300 Subject: [PATCH 16/16] Update dependabot config to cover build/publish dependencies --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 273a64e735bc..865653e8f1f1 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -36,3 +36,9 @@ updates: schedule: interval: daily open-pull-requests-limit: 1024 + + - package-ecosystem: pip + directory: ".github/requirements" + schedule: + interval: daily + open-pull-requests-limit: 1024