c2cciutils 1.7.0.dev174__tar.gz → 1.8.0.dev45__tar.gz

{c2cciutils-1.7.0.dev174 → c2cciutils-1.8.0.dev45}/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2020-2023, Camptocamp SA
+Copyright (c) 2020-2025, Camptocamp SA
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

{c2cciutils-1.7.0.dev174 → c2cciutils-1.8.0.dev45}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: c2cciutils
-Version: 1.7.0.dev174
+Version: 1.8.0.dev45
 Summary: Common utilities for Camptocamp CI
 Home-page: https://github.com/camptocamp/c2cciutils
 License: FreeBSD
@@ -18,29 +18,28 @@ Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3
 Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Classifier: Typing :: Typed
 Provides-Extra: audit
 Provides-Extra: checks
-Provides-Extra: pr_checks
+Provides-Extra: pr-checks
 Provides-Extra: publish
-Provides-Extra: publish_plugins
+Provides-Extra: publish-plugins
 Provides-Extra: version
-Requires-Dist: Markdown (>=3.0.0,<4.0.0)
 Requires-Dist: PyYAML (>=6.0.0,<7.0.0)
-Requires-Dist: codespell (==2.2.6); extra == "pr_checks"
 Requires-Dist: debian-inspector (>=31.0.0,<32.0.0)
 Requires-Dist: defusedxml (>=0.0.0,<1.0.0)
-Requires-Dist: google-api-python-client (>=2.0.0,<3.0.0); extra == "publish"
-Requires-Dist: google-auth-httplib2 (>=0.0.0,<1.0.0); extra == "publish"
-Requires-Dist: google-auth-oauthlib (>=1.0.0,<2.0.0); extra == "publish"
-Requires-Dist: markdown-table (>=2020.0.0,<2021.0.0)
-Requires-Dist: multi-repo-automation (>=1.0.0,<2.0.0); extra == "version"
-Requires-Dist: python-magic (>=0.0.0,<1.0.0)
+Requires-Dist: google-api-python-client (>=2.0.0,<3.0.0) ; extra == "publish"
+Requires-Dist: google-auth-httplib2 (>=0.0.0,<1.0.0) ; extra == "publish"
+Requires-Dist: google-auth-oauthlib (>=1.0.0,<2.0.0) ; extra == "publish"
+Requires-Dist: id (>=1.0.0,<2.0.0) ; extra == "publish"
+Requires-Dist: multi-repo-automation (>=1.0.0,<2.0.0) ; extra == "version"
 Requires-Dist: requests (>=2.0.0,<3.0.0)
 Requires-Dist: ruamel.yaml (>=0.0.0,<1.0.0)
-Requires-Dist: toml (>=0.0.0,<1.0.0)
-Requires-Dist: tomlkit (>=0.0.0,<1.0.0); extra == "publish"
-Requires-Dist: twine (>=5.0.0,<6.0.0); extra == "publish"
+Requires-Dist: security-md (>=1.0.0,<2.0.0)
+Requires-Dist: twine (>=6.0.0,<7.0.0) ; extra == "publish"
 Project-URL: Repository, https://github.com/camptocamp/c2cciutils
 Description-Content-Type: text/markdown
 
@@ -48,47 +47,14 @@ Description-Content-Type: text/markdown
 
 ## Publishing
 
-The main goals of C2C CI utils is to offer the commands and the workflows to have the following project structure:
-
-Have stabilization branches named by default `<major>.<minor>`.
-Have the release named by default `<major>.<minor>.<patch>`.
-
-With C2C CI utils you can publish a python package and a Docker image from the same repository.
-
-The default publishing are:
-
-- Push on the `<major>.<minor>` branch will publish Docker images.
-- Create the tag `<major>.<minor>.<patch>` will publish the Docker images, and the Python package.
-- Push on a feature branch (whatever other name) will publish the Docker images.
-- Delete a feature branch will delete the Docker images.
-- Push on the `master` branch will publish the Docker images with the master tag (Publishing a python package is also possible).
-- The version at the last line of the `SECURITY.md` of the `master` branch will be also published using the `latest` tag,
-  this will respect the `tags` present in the configuration
-- In the `SECURITY.md` file of the `master` branch we can also add a column `Alternate Tag` to publish the Docker images with another tag,
-  this will respect the `tags` present in the configuration (only for Docker).
-
-The Docker images are published on Docker Hub and GitHub Container Registry.
-
-You can run the publishing locally in dry-run mode:
-
-```bash
-GITHUB_REF=... c2cciutils-publish --dry-run ...
-```
+The main goals of C2C CI utils is to offer the commands to publish the project,
+see the [documentation](https://github.com/camptocamp/c2cciutils/wiki/Publishing).
 
 ## Changelog
 
 When we create a tag by default with the `changelog` workflow a release is created on GitHub, a changelog is
 generated and added to the release.
 
-## Security
-
-The security is managed by the `c2cciutils-audit` command with Snyk, it will audit the dependencies of the project on every
-stabilization branches, if possible a pull request is created automatically to update the dependencies.
-
-When we publish a Docker image the generated image is monitored by Snyk, this means that Snyk will search
-for all the dependencies and send the list to the Snyk web site to be monitored.
-We also do a test of the image and log the result (This will never cause the build to fail).
-
 ## Checks
 
 C2C CI utils will no more provide a tool to do a check of the project, this is replaced by `pre-commit`,
@@ -123,21 +89,16 @@ workflow will delete the workflows older than 500 days.
 
 C2cciutils make easier to have those workflows in a project:
 
-- `audit.yaml`: Audit the stabilization branches of the application against vulnerabilities in the python and node dependency
 - `auto-review.yaml`: Auto review the Renovate pull requests
 - `backport.yaml`: Trigger the backports (work with labels)
 - `clean.yaml`: Clean the Docker images related on a deleted feature branch
 - `main.yaml`: Main workflow especially with the c2cciutils-checks command
-- `changelog.yaml`: Generate the changelog and create the release on GitHub
-- `delete-old-workflows-run.yaml`: Delete the old workflows
-- `pr-checks.yaml`: Run the checks on the pull requests
 
 All the provided commands used in the workflow:
 
 - `c2cciutils`: some generic tools.
 - `c2cciutils-version`: Create a new version of the project.
-- `c2cciutils-checks`: Run the checks on the code (those checks don't need any project dependencies).
-- `c2cciutils-audit`: Do the audit, the main difference with checks is that it can change between runs on the same code.
+- `c2cciutils-env`: Print some environment information.
 - `c2cciutils-publish`: Publish the project.
 - `c2cciutils-clean`: Delete Docker images on Docker Hub after corresponding branch have been deleted.
 
@@ -198,7 +159,6 @@ You can override the configuration with the file `ci/config.yaml`.
 At the base of the configuration you have:
 
 - `version`: Contains some regular expressions to find the versions branches and tags, and to convert them into application versions.
-- `audit`: The audit configuration, see `c2cciutils/audit.py` for more information.
 - `publish`: The publishing configuration, see `c2cciutils/publish.py` for more information.
 
 Many actions can be disabled by setting the corresponding configuration part to `False`.
@@ -294,11 +254,22 @@ Then by default:
 - Commit on `master` branch after the tag 1.3.0 => release `1.4.0.dev1`
 - Commit on `1.3` branch after the tag 1.3.0 => release `1.3.1.dev1`
 
+#### Authentication
+
+If the file `~/.pypirc` exists we consider that we ar already logged in also
+we will do the login with the `pypi` server with OpenID Connect (OIDC).
+
+The OIDC login is recommended because it didn't needs any additional secrets,
+but it need some configuration on pypi in the package,
+see the [GitHub Documentation](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi#adding-the-identity-provider-to-pypi).
+
+#### Integration if the package directly in a Docker image
+
 To make it working in the `Dockerfile` you should have in the `poetry` stage:
 
 ```Dockerfile
 ENV POETRY_DYNAMIC_VERSIONING_BYPASS=dev
-RUN poetry export --extras=checks --extras=publish --extras=audit --output=requirements.txt \
+RUN poetry export --extras=checks --extras=publish --output=requirements.txt \
     && poetry export --with=dev --output=requirements-dev.txt
 ```
 
@@ -336,7 +307,7 @@ repository:
     # List of kinds of versions you want to publish, that can be: rebuild (specified using --type),
     # version_tag, version_branch, feature_branch, feature_tag (for pull request)
     version:
-    # List of tags we want to publish interpreted with `template(version=version)`
+    # List of tags we want to publish interpreted with `format(version=version)`
     # e.g. if you use `{version}-lite` when you publish the version `1.2.3` the source tag
     # (that should be built by the application build) is `latest-lite`, and it will be published
     # with the tag `1.2.3-lite`.

{c2cciutils-1.7.0.dev174 → c2cciutils-1.8.0.dev45}/README.md

@@ -2,47 +2,14 @@
 
 ## Publishing
 
-The main goals of C2C CI utils is to offer the commands and the workflows to have the following project structure:
-
-Have stabilization branches named by default `<major>.<minor>`.
-Have the release named by default `<major>.<minor>.<patch>`.
-
-With C2C CI utils you can publish a python package and a Docker image from the same repository.
-
-The default publishing are:
-
-- Push on the `<major>.<minor>` branch will publish Docker images.
-- Create the tag `<major>.<minor>.<patch>` will publish the Docker images, and the Python package.
-- Push on a feature branch (whatever other name) will publish the Docker images.
-- Delete a feature branch will delete the Docker images.
-- Push on the `master` branch will publish the Docker images with the master tag (Publishing a python package is also possible).
-- The version at the last line of the `SECURITY.md` of the `master` branch will be also published using the `latest` tag,
-  this will respect the `tags` present in the configuration
-- In the `SECURITY.md` file of the `master` branch we can also add a column `Alternate Tag` to publish the Docker images with another tag,
-  this will respect the `tags` present in the configuration (only for Docker).
-
-The Docker images are published on Docker Hub and GitHub Container Registry.
-
-You can run the publishing locally in dry-run mode:
-
-```bash
-GITHUB_REF=... c2cciutils-publish --dry-run ...
-```
+The main goals of C2C CI utils is to offer the commands to publish the project,
+see the [documentation](https://github.com/camptocamp/c2cciutils/wiki/Publishing).
 
 ## Changelog
 
 When we create a tag by default with the `changelog` workflow a release is created on GitHub, a changelog is
 generated and added to the release.
 
-## Security
-
-The security is managed by the `c2cciutils-audit` command with Snyk, it will audit the dependencies of the project on every
-stabilization branches, if possible a pull request is created automatically to update the dependencies.
-
-When we publish a Docker image the generated image is monitored by Snyk, this means that Snyk will search
-for all the dependencies and send the list to the Snyk web site to be monitored.
-We also do a test of the image and log the result (This will never cause the build to fail).
-
 ## Checks
 
 C2C CI utils will no more provide a tool to do a check of the project, this is replaced by `pre-commit`,
@@ -77,21 +44,16 @@ workflow will delete the workflows older than 500 days.
 
 C2cciutils make easier to have those workflows in a project:
 
-- `audit.yaml`: Audit the stabilization branches of the application against vulnerabilities in the python and node dependency
 - `auto-review.yaml`: Auto review the Renovate pull requests
 - `backport.yaml`: Trigger the backports (work with labels)
 - `clean.yaml`: Clean the Docker images related on a deleted feature branch
 - `main.yaml`: Main workflow especially with the c2cciutils-checks command
-- `changelog.yaml`: Generate the changelog and create the release on GitHub
-- `delete-old-workflows-run.yaml`: Delete the old workflows
-- `pr-checks.yaml`: Run the checks on the pull requests
 
 All the provided commands used in the workflow:
 
 - `c2cciutils`: some generic tools.
 - `c2cciutils-version`: Create a new version of the project.
-- `c2cciutils-checks`: Run the checks on the code (those checks don't need any project dependencies).
-- `c2cciutils-audit`: Do the audit, the main difference with checks is that it can change between runs on the same code.
+- `c2cciutils-env`: Print some environment information.
 - `c2cciutils-publish`: Publish the project.
 - `c2cciutils-clean`: Delete Docker images on Docker Hub after corresponding branch have been deleted.
 
@@ -152,7 +114,6 @@ You can override the configuration with the file `ci/config.yaml`.
 At the base of the configuration you have:
 
 - `version`: Contains some regular expressions to find the versions branches and tags, and to convert them into application versions.
-- `audit`: The audit configuration, see `c2cciutils/audit.py` for more information.
 - `publish`: The publishing configuration, see `c2cciutils/publish.py` for more information.
 
 Many actions can be disabled by setting the corresponding configuration part to `False`.
@@ -248,11 +209,22 @@ Then by default:
 - Commit on `master` branch after the tag 1.3.0 => release `1.4.0.dev1`
 - Commit on `1.3` branch after the tag 1.3.0 => release `1.3.1.dev1`
 
+#### Authentication
+
+If the file `~/.pypirc` exists we consider that we ar already logged in also
+we will do the login with the `pypi` server with OpenID Connect (OIDC).
+
+The OIDC login is recommended because it didn't needs any additional secrets,
+but it need some configuration on pypi in the package,
+see the [GitHub Documentation](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi#adding-the-identity-provider-to-pypi).
+
+#### Integration if the package directly in a Docker image
+
 To make it working in the `Dockerfile` you should have in the `poetry` stage:
 
 ```Dockerfile
 ENV POETRY_DYNAMIC_VERSIONING_BYPASS=dev
-RUN poetry export --extras=checks --extras=publish --extras=audit --output=requirements.txt \
+RUN poetry export --extras=checks --extras=publish --output=requirements.txt \
     && poetry export --with=dev --output=requirements-dev.txt
 ```
 
@@ -290,7 +262,7 @@ repository:
     # List of kinds of versions you want to publish, that can be: rebuild (specified using --type),
     # version_tag, version_branch, feature_branch, feature_tag (for pull request)
     version:
-    # List of tags we want to publish interpreted with `template(version=version)`
+    # List of tags we want to publish interpreted with `format(version=version)`
     # e.g. if you use `{version}-lite` when you publish the version `1.2.3` the source tag
     # (that should be built by the application build) is `latest-lite`, and it will be published
     # with the tag `1.2.3-lite`.

{c2cciutils-1.7.0.dev174 → c2cciutils-1.8.0.dev45}/c2cciutils/__init__.py

@@ -1,6 +1,4 @@
-"""
-c2cciutils shared utils function.
-"""
+"""c2cciutils shared utils function."""
 
 import glob
 import json
@@ -11,7 +9,6 @@ import sys
 from re import Match, Pattern
 from typing import Any, Optional, TypedDict, cast
 
-import magic
 import requests
 import ruamel.yaml
 
@@ -19,10 +16,7 @@ import c2cciutils.configuration
 
 
 def get_repository() -> str:
-    """
-    Get the current GitHub repository like `organization/project`.
-    """
-
+    """Get the current GitHub repository like `organization/project`."""
     if "GITHUB_REPOSITORY" in os.environ:
         return os.environ["GITHUB_REPOSITORY"]
 
@@ -46,12 +40,12 @@ def merge(default_config: Any, config: Any) -> Any:
     Arguments:
         default_config: The default config that will be applied
         config: The base config, will be modified
-    """
 
+    """
     if not isinstance(default_config, dict) or not isinstance(config, dict):
         return config
 
-    for key in default_config.keys():
+    for key in default_config:
         if key not in config:
             config[key] = default_config[key]
         else:
@@ -76,10 +70,7 @@ def get_master_branch(repo: list[str]) -> tuple[str, bool]:
 
 
 def get_config() -> c2cciutils.configuration.Configuration:
-    """
-    Get the configuration, with project and auto detections.
-    """
-
+    """Get the configuration, with project and auto detections."""
     config: c2cciutils.configuration.Configuration = {}
     if os.path.exists("ci/config.yaml"):
         with open("ci/config.yaml", encoding="utf-8") as open_file:
@@ -129,8 +120,6 @@ def get_config() -> c2cciutils.configuration.Configuration:
 
     default_config = {
         "publish": publish_config,
-        "pr-checks": c2cciutils.configuration.PULL_REQUEST_CHECKS_DEFAULT,
-        "audit": c2cciutils.configuration.AUDIT_DEFAULT,
     }
     merge(default_config, config)
 
@@ -161,6 +150,7 @@ def error(
         line: The line number of the error
         col: The column number of the error
         error_type: The kind of error (error or warning)
+
     """
     result = ""
     on_ci = os.environ.get("CI", "false").lower() == "true"
@@ -203,6 +193,7 @@ def compile_re(config: c2cciutils.configuration.VersionTransform, prefix: str =
         prefix: The version prefix
 
     Return the compiled transform config.
+
     """
     result = []
     for conf in config:
@@ -232,6 +223,7 @@ def match(
 
     Returns the re match object, the matched config and the value as a tuple
     On no match it returns None, value
+
     """
     for conf in config:
         matched = conf["from"].match(value)
@@ -249,6 +241,7 @@ def does_match(value: str, config: list[VersionTransform]) -> bool:
         config: The result of `compile`
 
     Returns True it it does match else False
+
     """
     matched, _, _ = match(value, config)
     return matched is not None
@@ -268,6 +261,7 @@ def get_value(matched: Optional[Match[str]], config: Optional[VersionTransform],
         value: The default value on returned no match
 
     Return the value
+
     """
     return matched.expand(config.get("to", r"\1")) if matched is not None and config is not None else value
 
@@ -278,8 +272,8 @@ def print_versions(config: c2cciutils.configuration.PrintVersions) -> bool:
 
     Arguments:
         config: The print configuration
-    """
 
+    """
     for version in config.get("versions", c2cciutils.configuration.PRINT_VERSIONS_VERSIONS_DEFAULT):
         try:
             sys.stdout.flush()
@@ -317,6 +311,7 @@ def gopass(key: str, default: Optional[str] = None) -> Optional[str]:
         default: the value to return if gopass is not found
 
     Return the value
+
     """
     try:
         return subprocess.check_output(["gopass", "show", key]).strip().decode()
@@ -333,6 +328,7 @@ def gopass_put(secret: str, key: str) -> None:
     Arguments:
         secret: The secret value
         key: The key
+
     """
     subprocess.check_output(["gopass", "insert", "--force", key], input=secret.encode())
 
@@ -345,6 +341,7 @@ def add_authorization_header(headers: dict[str, str]) -> dict[str, str]:
         headers: The headers
 
     Return the headers (to be chained)
+
     """
     try:
         token = (
@@ -382,8 +379,8 @@ def graphql(query_file: str, variables: dict[str, Any], default: Any = None) ->
 
     Return the data result
     In case of error it throw an exception
-    """
 
+    """
     with open(os.path.join(os.path.dirname(__file__), query_file), encoding="utf-8") as query_open:
         query = query_open.read()
 
@@ -416,164 +413,8 @@ def graphql(query_file: str, variables: dict[str, Any], default: Any = None) ->
     return cast(dict[str, Any], json_response["data"])
 
 
-def get_git_files_mime(
-    mime_type: Optional[list[str]] = None,
-    extensions: Optional[list[str]] = None,
-    ignore_patterns_re: Optional[list[str]] = None,
-) -> list[str]:
-    """
-    Get list of paths from git with all the files that have the specified mime type.
-
-    Arguments:
-        mime_type: The considered MIME type
-        extensions: The considered extensions
-        ignore_patterns_re: A list of regular expressions of files that we should ignore
-    """
-    if mime_type is None:
-        mime_type = ["text/x-python", "text/x-script.python"]
-    if extensions is None:
-        extensions = [".py"]
-    ignore_patterns_compiled = [re.compile(p) for p in ignore_patterns_re or []]
-    result = []
-
-    for filename in subprocess.check_output(["git", "ls-files"]).decode().strip().split("\n"):
-        if os.path.isfile(filename) and (
-            os.path.splitext(filename)[1] in extensions or magic.from_file(filename, mime=True) in mime_type
-        ):
-            accept = True
-            for pattern in ignore_patterns_compiled:
-                if pattern.search(filename):
-                    accept = False
-                    break
-            if accept:
-                result.append(filename)
-    return result
-
-
-def get_branch(branch: Optional[str], master_branch: str = "master") -> str:
-    """
-    Get the branch name.
-
-    Arguments:
-        branch: The forced to use branch name
-        master_branch: The master branch name, can be used as default value
-
-    Return the branch name
-    """
-
-    if branch is not None:
-        return branch
-    try:
-        branch = (
-            subprocess.run(["git", "rev-parse", "--abbrev-ref", "HEAD"], check=True, stdout=subprocess.PIPE)
-            .stdout.decode()
-            .strip()
-        )
-    except subprocess.CalledProcessError as exception:
-        print(f"Error getting branch: {exception}")
-        branch = "HEAD"
-
-    if branch == "HEAD":
-        branch = os.environ.get("GITHUB_HEAD_REF", master_branch)
-        assert branch is not None
-    return branch
-
-
-def get_based_on_master(
-    repo: list[str],
-    override_current_branch: Optional[str],
-    master_branch: str,
-    config: c2cciutils.configuration.Configuration,
-) -> bool:
-    """
-    Check that we are not on a release branch (to avoid errors in versions check).
-
-    This function will check the last 20 commits in current branch,
-    and for each other branch (max 50) check if any commit in last 10 commits is the current one.
-
-    Arguments:
-        repo: The repository [<organization>, <name>]
-        override_current_branch: The branch to use instead of the current one
-        master_branch: The master branch name
-        config: The full configuration
-    """
-    if os.environ.get("GITHUB_REF", "").startswith("refs/tags/"):
-        # The tags are never consider as based on master
-        return False
-    current_branch = get_branch(override_current_branch, master_branch)
-    if current_branch == master_branch:
-        return True
-    branches_re = compile_re(config["version"].get("branch_to_version_re", []))
-    if does_match(current_branch, branches_re):
-        return False
-    if os.environ.get("GITHUB_BASE_REF"):
-        return os.environ.get("GITHUB_BASE_REF") == master_branch
-    commits_repository_json = graphql(
-        "commits.graphql", {"name": repo[1], "owner": repo[0], "branch": current_branch}
-    ).get("repository", {})
-    commits_json = (
-        commits_repository_json.get("ref", {}).get("target", {}).get("history", {}).get("nodes", [])
-        if commits_repository_json.get("ref")
-        else []
-    )
-    branches_json = [
-        branch
-        for branch in (
-            graphql("branches.graphql", {"name": repo[1], "owner": repo[0]})["repository"]["refs"]["nodes"]
-        )
-        if branch["name"] != current_branch and does_match(branch["name"], branches_re)
-    ]
-    based_branch = master_branch
-    found = False
-    for commit in commits_json:
-        for branch in branches_json:
-            commits = [
-                branch_commit
-                for branch_commit in branch["target"]["history"]["nodes"]
-                if commit["oid"] == branch_commit["oid"]
-            ]
-            if commits:
-                based_branch = branch["name"]
-                found = True
-                break
-        if found:
-            break
-    return based_branch == master_branch
-
-
-def get_codespell_command(config: c2cciutils.configuration.Configuration, fix: bool = False) -> list[str]:
-    """
-    Get the codespell command.
-
-    Arguments:
-        config: The full configuration
-        fix: If we should fix the errors
-    """
-    codespell_config = config.get("codespell", {})
-    codespell_config = codespell_config if isinstance(codespell_config, dict) else {}
-    command = ["codespell"]
-    if fix:
-        command.append("--write-changes")
-    for spell_ignore_file in (
-        ".github/spell-ignore-words.txt",
-        "spell-ignore-words.txt",
-        ".spell-ignore-words.txt",
-    ):
-        if os.path.exists(spell_ignore_file):
-            command.append(f"--ignore-words={spell_ignore_file}")
-            break
-    dictionaries = codespell_config.get(
-        "internal_dictionaries", c2cciutils.configuration.CODESPELL_DICTIONARIES_DEFAULT
-    )
-    if dictionaries:
-        command.append("--builtin=" + ",".join(dictionaries))
-    command += codespell_config.get("arguments", c2cciutils.configuration.CODESPELL_ARGUMENTS_DEFAULT)
-    return command
-
-
 def snyk_exec() -> tuple[str, dict[str, str]]:
     """Get the Snyk cli executable path."""
-
     if not os.path.exists(os.path.join(os.path.dirname(__file__), "node_modules")):
         subprocess.run(["npm", "install"], cwd=os.path.dirname(__file__), check=True)  # nosec
 
@@ -587,59 +428,3 @@ def snyk_exec() -> tuple[str, dict[str, str]]:
         subprocess.run(["snyk", "config", "set", f"org={env['SNYK_ORG']}"], check=True, env=env)
 
     return os.path.join(os.path.dirname(os.path.abspath(__file__)), "node_modules/snyk/bin/snyk"), env
-
-
-def create_pull_request_if_needed(
-    current_branch: str,
-    new_branch: str,
-    commit_message: str,
-    pull_request_extra_arguments: Optional[list[str]] = None,
-) -> bool:
-    """
-    Create a pull request if there are changes.
-    """
-
-    if pull_request_extra_arguments is None:
-        pull_request_extra_arguments = ["--fill"]
-
-    diff_proc = subprocess.run(["git", "diff", "--quiet"])  # pylint: disable=subprocess-run-check
-    if diff_proc.returncode != 0:
-        print("::group::Diff")
-        sys.stdout.flush()
-        sys.stderr.flush()
-        subprocess.run(["git", "diff"], check=True)
-        print("::endgroup::")
-
-        git_hash = subprocess.run(
-            ["git", "rev-parse", "HEAD"], check=True, stdout=subprocess.PIPE, encoding="utf-8"
-        ).stdout.strip()
-        subprocess.run(["git", "checkout", "-b", new_branch], check=True)
-        subprocess.run(["git", "add", "--all"], check=True)
-        subprocess.run(["git", "commit", f"--message={commit_message}"], check=True)
-        if os.environ.get("TEST") != "TRUE":
-            subprocess.run(
-                ["git", "push", "--force", "origin", new_branch],
-                check=True,
-            )
-            env = os.environ.copy()
-            if "GH_TOKEN" not in env:
-                if "GITHUB_TOKEN" in env:
-                    env["GH_TOKEN"] = env["GITHUB_TOKEN"]
-                else:
-                    env["GH_TOKEN"] = str(c2cciutils.gopass("gs/ci/github/token/gopass"))
-            subprocess.run(
-                [
-                    "gh",
-                    "pr",
-                    "create",
-                    f"--base={current_branch}",
-                    *pull_request_extra_arguments,
-                ],
-                check=True,
-                env=env,
-            )
-        else:
-            subprocess.run(["git", "reset", "--hard"], check=True)
-        subprocess.run(["git", "checkout", git_hash], check=True)
-
-    return diff_proc.returncode != 0

c2cciutils-1.8.0.dev45/c2cciutils/applications-versions.yaml

@@ -0,0 +1,4 @@
+# https://docs.renovatebot.com/modules/datasource/#github-releases-datasource
+k3d-io/k3d: v5.7.5 # github-releases
+postgresql: 16.3.5 # helm - https://charts.bitnami.com/bitnami
+helm/chart-releaser: v1.7.0 # github-releases