PyPI - bitwarden_workflow_linter - Versions diffs - 1.3.0__tar.gz → 1.3.2__tar.gz - Mend

bitwarden_workflow_linter 1.3.0tar.gz → 1.3.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (94) hide show

bitwarden_workflow_linter-1.3.2/.github/workflows/scan.yml ADDED Viewed

@@ -0,0 +1,56 @@
+name: Scan
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+      - "rc"
+      - "hotfix-rc"
+  pull_request:
+    types: [opened, synchronize, reopened]
+    branches-ignore:
+      - main
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+    branches:
+      - "main"
+permissions: {}
+jobs:
+  check-run:
+    name: Check PR run
+    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
+  sast:
+    name: Checkmarx
+    uses: bitwarden/gh-actions/.github/workflows/_checkmarx.yml@main
+    needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+      id-token: write
+  quality:
+    name: Sonar
+    uses: bitwarden/gh-actions/.github/workflows/_sonar.yml@main
+    needs: check-run
+    secrets:
+      AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+      AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
+      AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
+    permissions:
+      contents: read
+      pull-requests: write
+      id-token: write
+    with:
+      sonar-sources: "src/"
+      sonar-tests: "tests/"

{bitwarden_workflow_linter-1.3.0 → bitwarden_workflow_linter-1.3.2}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bitwarden_workflow_linter
-Version: 1.3.0
+Version: 1.3.2
 Summary: Custom GitHub Action Workflow Linter
 Project-URL: Homepage, https://github.com/bitwarden/workflow-linter
 Project-URL: Issues, https://github.com/bitwarden/workflow-linter/issues

{bitwarden_workflow_linter-1.3.0 → bitwarden_workflow_linter-1.3.2}/src/bitwarden_workflow_linter/__about__.py RENAMED Viewed

@@ -1,3 +1,3 @@
 """Metadata for Workflow Linter."""
-__version__ = "1.3.0"
+__version__ = "1.3.2"

{bitwarden_workflow_linter-1.3.0 → bitwarden_workflow_linter-1.3.2}/src/bitwarden_workflow_linter/default_actions.json RENAMED Viewed

@@ -379,6 +379,11 @@
     "sha": "276d7966e389d888f011539a86c8920025ea0626",
     "version": "v3.0.1"
   },
+  "peter-evans/repository-dispatch": {
+    "name": "peter-evans/repository-dispatch",
+    "sha": "ff45666b9427631e3450c54a1bcbee4d9ff4d7c0",
+    "version": "v3.0.0"
+  },
   "reactivecircus/android-emulator-runner": {
     "name": "reactivecircus/android-emulator-runner",
     "sha": "62dbb605bba737720e10b196cb4220d374026a6d",

{bitwarden_workflow_linter-1.3.0 → bitwarden_workflow_linter-1.3.2}/src/bitwarden_workflow_linter/rules/check_pr_target.py RENAMED Viewed

@@ -58,7 +58,8 @@ class RuleCheckPrTarget(Rule):
             result, check_job = self.has_check_run(obj)
             main_branch_only = self.targets_main_branch(obj)
             if not main_branch_only:
-                Errors.append("Workflows using pull_request_target can only target the main branch")
+                default_branch = self.settings.default_branch
+                Errors.append(f"Workflows using pull_request_target can only target the '{default_branch}' branch")
             if result:
                 missing_jobs = self.check_run_required(obj, check_job)
                 if missing_jobs:

{bitwarden_workflow_linter-1.3.0 → bitwarden_workflow_linter-1.3.2}/tests/rules/test_check_pr_target.py RENAMED Viewed

@@ -30,13 +30,13 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
   quality:
     name: Quality scan
     needs: check-run
     steps:
       - run: echo test
   dependent-job:
      name: Another Dependent Job
      needs:
@@ -85,7 +85,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - run: echo test
   quality:
     name: Quality scan
     steps:
@@ -124,13 +124,13 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
   quality:
     name: Quality scan
     needs: check-run
     steps:
       - run: echo test
   dependent-job:
      name: Another Dependent Job
      needs:
@@ -153,13 +153,13 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
   quality:
     name: Quality scan
     needs: check-run
     steps:
       - run: echo test
   dependent-job:
      name: Another Dependent Job
      needs:
@@ -186,13 +186,13 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
   quality:
     name: Quality scan
     needs: check-run
     steps:
       - run: echo test
   dependent-job:
      name: Another Dependent Job
      needs:
@@ -216,13 +216,13 @@ jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/some-other-repo/.github/workflows/check-run.yml@main
   quality:
     name: Quality scan
     needs: check-run
     steps:
       - run: echo test
   dependent-job:
      name: Another Dependent Job
      needs:
@@ -269,11 +269,11 @@ def test_targets_main_branch_no_default_branch(mock_workflow):
     with patch("src.bitwarden_workflow_linter.utils.Settings.factory") as mock_factory:
         # Simulate the default settings returned by the factory
         mock_factory.return_value = Settings(default_branch="main")
         # Use the mocked factory to create the Settings instance
         settings = Settings.factory()
         rule = RuleCheckPrTarget(settings=settings)
         # Assert that the workflow targets the main branch
         assert rule.targets_main_branch(mock_workflow) is True
@@ -317,14 +317,14 @@ def test_rule_on_dependencies_without_check(rule, dependent_missing_check_workfl
 def test_rule_on_no_branches_workflow(rule, no_branches_workflow):
     result, message = rule.fn(no_branches_workflow)
     assert result is False
-    assert message == "Workflows using pull_request_target can only target the main branch"
+    assert message == "Workflows using pull_request_target can only target the 'main' branch"
 def test_rule_on_only_target_main(rule, bad_branches_workflow):
     result, message = rule.fn(bad_branches_workflow)
     assert result is False
-    assert message == "Workflows using pull_request_target can only target the main branch"
+    assert message == "Workflows using pull_request_target can only target the 'main' branch"
 def test_rule_on_two_failures(rule, two_failures_workflow):
     result, message = rule.fn(two_failures_workflow)
     assert result is False
-    assert message == "Workflows using pull_request_target can only target the main branch\nA check-run job must be included as a direct job dependency when pull_request_target is used"
+    assert message == "Workflows using pull_request_target can only target the 'main' branch\nA check-run job must be included as a direct job dependency when pull_request_target is used"

bitwarden_workflow_linter-1.3.0/.github/workflows/scan.yml DELETED Viewed

@@ -1,126 +0,0 @@
-name: Scan
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - "main"
-      - "rc"
-      - "hotfix-rc"
-  pull_request:
-    types: [opened, synchronize, reopened]
-    branches-ignore:
-      - main
-  pull_request_target:
-    types: [opened, synchronize, reopened]
-    branches:
-      - "main"
-permissions: {}
-jobs:
-  check-run:
-    name: Check PR run
-    uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-    permissions:
-      contents: read
-  sast:
-    name: SAST scan
-    runs-on: ubuntu-22.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-      security-events: write
-      id-token: write
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          ref: ${{  github.event.pull_request.head.sha }}
-      - name: Log in to Azure
-        uses: bitwarden/gh-actions/azure-login@main
-        with:
-          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
-          client_id: ${{ secrets.AZURE_CLIENT_ID }}
-      - name: Get Azure Key Vault secrets
-        id: get-kv-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: gh-org-bitwarden
-          secrets: "CHECKMARX-TENANT,CHECKMARX-CLIENT-ID,CHECKMARX-SECRET"
-      - name: Log out from Azure
-        uses: bitwarden/gh-actions/azure-logout@main
-      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@ef93013c95adc60160bc22060875e90800d3ecfc # 2.3.19
-        env:
-          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
-        with:
-          project_name: ${{ github.repository }}
-          cx_tenant: ${{ steps.get-kv-secrets.outputs.CHECKMARX-TENANT }}
-          base_uri: https://ast.checkmarx.net/
-          cx_client_id: ${{ steps.get-kv-secrets.outputs.CHECKMARX-CLIENT-ID }}
-          cx_client_secret: ${{ steps.get-kv-secrets.outputs.CHECKMARX-SECRET }}
-          additional_params: |
-            --report-format sarif \
-            --filter "state=TO_VERIFY;PROPOSED_NOT_EXPLOITABLE;CONFIRMED;URGENT" \
-            --output-path . ${{ env.INCREMENTAL }}
-      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
-        with:
-          sarif_file: cx_result.sarif
-          sha: ${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.sha || github.sha }}
-          ref: ${{ contains(github.event_name, 'pull_request') && format('refs/pull/{0}/head', github.event.pull_request.number) || github.ref }}
-  quality:
-    name: Quality scan
-    runs-on: ubuntu-22.04
-    needs: check-run
-    permissions:
-      contents: read
-      pull-requests: write
-      id-token: write
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0
-          ref: ${{  github.event.pull_request.head.sha }}
-      - name: Log in to Azure
-        uses: bitwarden/gh-actions/azure-login@main
-        with:
-          subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-          tenant_id: ${{ secrets.AZURE_TENANT_ID }}
-          client_id: ${{ secrets.AZURE_CLIENT_ID }}
-      - name: Get Azure Key Vault secrets
-        id: get-kv-secrets
-        uses: bitwarden/gh-actions/get-keyvault-secrets@main
-        with:
-          keyvault: gh-org-bitwarden
-          secrets: "SONAR-TOKEN"
-      - name: Log out from Azure
-        uses: bitwarden/gh-actions/azure-logout@main
-      - name: Scan with SonarCloud
-        uses: sonarsource/sonarqube-scan-action@2500896589ef8f7247069a56136f8dc177c27ccf # v5.2.0
-        env:
-          SONAR_TOKEN: ${{ steps.get-kv-secrets.outputs.SONAR-TOKEN }}
-        with:
-          args: >
-            -Dsonar.organization=${{ github.repository_owner }}
-            -Dsonar.projectKey=${{ github.repository_owner }}_${{ github.event.repository.name }}
-            -Dsonar.sources=src/
-            -Dsonar.tests=tests/
-            -Dsonar.pullrequest.key=${{ github.event.pull_request.number }}