PyPI - c2cciutils - Versions diffs - 1.8.0.dev64__tar.gz → 1.8.0.dev68__tar.gz - Mend - Supply Chain Defender

c2cciutils 1.8.0.dev64tar.gz → 1.8.0.dev68tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of c2cciutils might be problematic. Click here for more details.

Files changed (38) hide show

{c2cciutils-1.8.0.dev64 → c2cciutils-1.8.0.dev68}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: c2cciutils
-Version: 1.8.0.dev64
+Version: 1.8.0.dev68
 Summary: Common utilities for Camptocamp CI
 License: FreeBSD
 Keywords: ci
@@ -21,24 +21,9 @@ Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
 Classifier: Typing :: Typed
-Provides-Extra: audit
-Provides-Extra: checks
-Provides-Extra: pr-checks
-Provides-Extra: publish
-Provides-Extra: publish-plugins
-Provides-Extra: version
 Requires-Dist: PyYAML (==6.0.2)
-Requires-Dist: debian-inspector (==31.1.0)
-Requires-Dist: defusedxml (==0.7.1)
-Requires-Dist: google-api-python-client (==2.160.0) ; extra == "publish"
-Requires-Dist: google-auth-httplib2 (==0.2.0) ; extra == "publish"
-Requires-Dist: google-auth-oauthlib (==1.2.1) ; extra == "publish"
-Requires-Dist: id (==1.5.0) ; extra == "publish"
-Requires-Dist: multi-repo-automation (==1.5.0) ; extra == "version"
 Requires-Dist: requests (==2.32.3)
 Requires-Dist: ruamel.yaml (==0.18.10)
-Requires-Dist: security-md (==1.0.0)
-Requires-Dist: twine (==6.1.0) ; extra == "publish"
 Project-URL: Repository, https://github.com/camptocamp/c2cciutils
 Description-Content-Type: text/markdown
@@ -90,7 +75,6 @@ C2cciutils make easier to have those workflows in a project:
 - `auto-review.yaml`: Auto review the Renovate pull requests
 - `backport.yaml`: Trigger the backports (work with labels)
-- `clean.yaml`: Clean the Docker images related on a deleted feature branch
 - `main.yaml`: Main workflow especially with the c2cciutils-checks command
 All the provided commands used in the workflow:
@@ -98,8 +82,6 @@ All the provided commands used in the workflow:
 - `c2cciutils`: some generic tools.
 - `c2cciutils-version`: Create a new version of the project.
 - `c2cciutils-env`: Print some environment information.
-- `c2cciutils-publish`: Publish the project.
-- `c2cciutils-clean`: Delete Docker images on Docker Hub after corresponding branch have been deleted.
 ## Utilities
@@ -146,7 +128,6 @@ In the CI we need to have the following secrets::
 ## Use locally, in the projects that use c2cciutils
 Install it: `python3 -m pip install --user --requirement ci/requirements.txt`
-Dry run publish: `GITHUB_REF=... c2cciutils-publish --dry-run ...`
 ## Configuration
@@ -203,205 +184,6 @@ Select a formatter:
 - Configure Default Formatter...
 - Select the formatter
-## Publishing
-### To pypi
-The config is like this:
-```yaml
-versions:
-  # List of kinds of versions you want to publish, that can be:
-  # rebuild (specified with --type),
-  # version_tag, version_branch, feature_branch, feature_tag (for pull request)
-```
-It we have a `setup.py` file, we will be in legacy mode:
-When publishing, the version computed from arguments or `GITHUB_REF` is put in environment variable `VERSION`, thus you should use it in `setup.py`, example:
-```python
-VERSION = os.environ.get("VERSION", "1.0.0")
-```
-Also we consider that we use `poetry` with [poetry-dynamic-versioning](https://pypi.org/project/poetry-dynamic-versioning/) to manage the version, and [poetry-plugin-tweak-dependencies-version](https://pypi.org/project/poetry-plugin-tweak-dependencies-version/) to manage the dependencies versions.
-Example of configuration:
-```toml
-[tool.poetry-dynamic-versioning]
-enable = true
-vcs = "git"
-pattern = "^(?P<base>\\d+(\\.\\d+)*)"
-format-jinja = """
-{%- if env.get("VERSION_TYPE") == "version_branch" -%}
-{{serialize_pep440(bump_version(base, 1 if env.get("IS_MASTER") == "TRUE" else 2), dev=distance)}}
-{%- elif distance == 0 -%}
-{{serialize_pep440(base)}}
-{%- else -%}
-{{serialize_pep440(bump_version(base), dev=distance)}}
-{%- endif -%}
-"""
-```
-Note that we can access to the environment variables `VERSION`,`VERSION_TYPE` and `IS_MASTER`.
-Then by default:
-- Tag with `1.2.3` => release `1.2.3`
-- Commit on feature branch just do a validation
-- Commit on `master` branch after the tag 1.3.0 => release `1.4.0.dev1`
-- Commit on `1.3` branch after the tag 1.3.0 => release `1.3.1.dev1`
-#### Authentication
-If the file `~/.pypirc` exists we consider that we ar already logged in also
-we will do the login with the `pypi` server with OpenID Connect (OIDC).
-The OIDC login is recommended because it didn't needs any additional secrets,
-but it need some configuration on pypi in the package,
-see the [GitHub Documentation](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi#adding-the-identity-provider-to-pypi).
-#### Integration if the package directly in a Docker image
-To make it working in the `Dockerfile` you should have in the `poetry` stage:
-```Dockerfile
-ENV POETRY_DYNAMIC_VERSIONING_BYPASS=dev
-RUN poetry export --extras=checks --extras=publish --output=requirements.txt \
-    && poetry export --with=dev --output=requirements-dev.txt
-```
-And in the `run` stage
-```Dockerfile
-ARG VERSION=dev
-RUN --mount=type=cache,target=/root/.cache \
-    POETRY_DYNAMIC_VERSIONING_BYPASS=${VERSION} python3 -m pip install --disable-pip-version-check --no-deps --editable=.
-```
-And in the `Makefile`:
-```Makefile
-VERSION = $(strip $(shell poetry version --short))
-.PHONY: build
-build: ## Build the Docker images
-    docker build --build-arg=VERSION=$(VERSION) --tag=$(GITHUB_REPOSITORY) .
-```
-### To Docker registry
-The config is like this:
-```yaml
-latest: True
-images:
-  - # The base name of the image we want to publish
-    name:
-repository:
-  <internal_name>:
-    # The fqdn name of the server if not Docker hub
-    server:
-    # List of kinds of versions you want to publish, that can be: rebuild (specified using --type),
-    # version_tag, version_branch, feature_branch, feature_tag (for pull request)
-    version:
-    # List of tags we want to publish interpreted with `format(version=version)`
-    # e.g. if you use `{version}-lite` when you publish the version `1.2.3` the source tag
-    # (that should be built by the application build) is `latest-lite`, and it will be published
-    # with the tag `1.2.3-lite`.
-    tags:
-    # If your images are published by different jobs you can separate them in different groups
-    # and publish them with `c2cciutils-publish --group=<group>`
-    group:
-```
-By default, the last line of the `SECURITY.md` file will be published (`docker`) with the tag
-`latest`. Set `latest` to `False` to disable it.
-With the `c2cciutils-clean` the images on Docker hub for `feature_branch` will be removed on branch removing.
-## Download applications
-In case some executables or applications from GitHub releases or any other URLs are required on the CI host
-and are not handled by any dependency manager, we provide a set of tools to install them and manage upgrades
-through Renovate.
-Create an application file (e.-g. `applications.yaml`) with:
-```yaml
-# yaml-language-server: $schema=https://raw.githubusercontent.com/camptocamp/c2cciutils/master/c2cciutils/schema-applications.json
-# Application from GitHub release
-<organization>/<project>:
-  get-file-name: <file name present in the release>
-  to-file-name: <The file name you want to create in ~/.local/bin>
-  finish-command: # The command you want to run after the file is downloaded
-    - - chmod # To be executable (usually required)
-      - +x
-      - <to-file-name>
-    - - <to-file-name> # Print the version of the application
-      - --version
-# Application from GitHub release in a tar file (or tar.gz)
-<organization>/<project>:
-  get-file-name: <file name present in the release>
-  type: tar
-  tar-file-name: <The file name available in the tar file>
-  to-file-name: <The file name you want to create in ~/.local/bin>
-  finish-command: [...] # The command you want to run after the file is downloaded
-# Application from an URL
-<application reference name>:
-  url-pattern: <The URL used to download the application>
-  to-file-name: <The file name you want to create in ~/.local/bin>
-  finish-command: [...] # The command you want to run after the file is downloaded
-```
-In the attributes `url-pattern`, `get-file-name` you can use the following variables:
-- `{version}`: The version of the application present in the version file.
-- `{version_quote}`: The URL encoded version.
-- `{short_version}`: The version without the `v` prefix.
-The `applications-versions.yaml` file is a map of applications and their versions.
-Add in your Renovate configuration:
-```json5
-  regexManagers: [
-    {
-      fileMatch: ['^applications-versions.yaml$'],
-      matchStrings: [
-        '(?<depName>[^\\s]+): (?<currentValue>[^\\s]+) # (?<datasource>[^\\s]+)',
-      ],
-    },
-  ],
-```
-Now you need to call `c2cciutils-download-applications --applications-file=applications.yaml --versions-file=applications-version.yaml`
-to install required applications on CI host before using them (an already installed application is installed only if needed).
-## Use Renovate to trigger a new build instead of the legacy rebuild
-Run the command `c2cciutils-docker-versions-gen camptocamp/image[:tag]` to generate a file that is a kind of package lock of the Debian packages in the file `ci/dpkg-versions.yaml`.
-Add in your renovate configuration:
-```javascript
-  regexManagers: [
-    {
-      fileMatch: ['^ci/dpkg-versions.yaml$'],
-      matchStrings: [" *(?<depName>[^'\\s]+): '?(?<currentValue>[^'\\s/]*[0-9][^'\\s/]*)'?"],
-      datasourceTemplate: 'repology',
-      versioningTemplate: 'loose',
-    },
-  ],
-```
-When a new version of a Debian package will be available:
-- Renovate will automatically open a pull request to update the file `ci/dpkg-versions.yaml`.
-- And the continuous integration will build a new fresh Docker image with latest versions of all Debian packages.
 ## Kubernetes
 C2cciutils provide some commands for Kubernetes.

{c2cciutils-1.8.0.dev64 → c2cciutils-1.8.0.dev68}/README.md RENAMED Viewed

@@ -46,7 +46,6 @@ C2cciutils make easier to have those workflows in a project:
 - `auto-review.yaml`: Auto review the Renovate pull requests
 - `backport.yaml`: Trigger the backports (work with labels)
-- `clean.yaml`: Clean the Docker images related on a deleted feature branch
 - `main.yaml`: Main workflow especially with the c2cciutils-checks command
 All the provided commands used in the workflow:
@@ -54,8 +53,6 @@ All the provided commands used in the workflow:
 - `c2cciutils`: some generic tools.
 - `c2cciutils-version`: Create a new version of the project.
 - `c2cciutils-env`: Print some environment information.
-- `c2cciutils-publish`: Publish the project.
-- `c2cciutils-clean`: Delete Docker images on Docker Hub after corresponding branch have been deleted.
 ## Utilities
@@ -102,7 +99,6 @@ In the CI we need to have the following secrets::
 ## Use locally, in the projects that use c2cciutils
 Install it: `python3 -m pip install --user --requirement ci/requirements.txt`
-Dry run publish: `GITHUB_REF=... c2cciutils-publish --dry-run ...`
 ## Configuration
@@ -159,205 +155,6 @@ Select a formatter:
 - Configure Default Formatter...
 - Select the formatter
-## Publishing
-### To pypi
-The config is like this:
-```yaml
-versions:
-  # List of kinds of versions you want to publish, that can be:
-  # rebuild (specified with --type),
-  # version_tag, version_branch, feature_branch, feature_tag (for pull request)
-```
-It we have a `setup.py` file, we will be in legacy mode:
-When publishing, the version computed from arguments or `GITHUB_REF` is put in environment variable `VERSION`, thus you should use it in `setup.py`, example:
-```python
-VERSION = os.environ.get("VERSION", "1.0.0")
-```
-Also we consider that we use `poetry` with [poetry-dynamic-versioning](https://pypi.org/project/poetry-dynamic-versioning/) to manage the version, and [poetry-plugin-tweak-dependencies-version](https://pypi.org/project/poetry-plugin-tweak-dependencies-version/) to manage the dependencies versions.
-Example of configuration:
-```toml
-[tool.poetry-dynamic-versioning]
-enable = true
-vcs = "git"
-pattern = "^(?P<base>\\d+(\\.\\d+)*)"
-format-jinja = """
-{%- if env.get("VERSION_TYPE") == "version_branch" -%}
-{{serialize_pep440(bump_version(base, 1 if env.get("IS_MASTER") == "TRUE" else 2), dev=distance)}}
-{%- elif distance == 0 -%}
-{{serialize_pep440(base)}}
-{%- else -%}
-{{serialize_pep440(bump_version(base), dev=distance)}}
-{%- endif -%}
-"""
-```
-Note that we can access to the environment variables `VERSION`,`VERSION_TYPE` and `IS_MASTER`.
-Then by default:
-- Tag with `1.2.3` => release `1.2.3`
-- Commit on feature branch just do a validation
-- Commit on `master` branch after the tag 1.3.0 => release `1.4.0.dev1`
-- Commit on `1.3` branch after the tag 1.3.0 => release `1.3.1.dev1`
-#### Authentication
-If the file `~/.pypirc` exists we consider that we ar already logged in also
-we will do the login with the `pypi` server with OpenID Connect (OIDC).
-The OIDC login is recommended because it didn't needs any additional secrets,
-but it need some configuration on pypi in the package,
-see the [GitHub Documentation](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-pypi#adding-the-identity-provider-to-pypi).
-#### Integration if the package directly in a Docker image
-To make it working in the `Dockerfile` you should have in the `poetry` stage:
-```Dockerfile
-ENV POETRY_DYNAMIC_VERSIONING_BYPASS=dev
-RUN poetry export --extras=checks --extras=publish --output=requirements.txt \
-    && poetry export --with=dev --output=requirements-dev.txt
-```
-And in the `run` stage
-```Dockerfile
-ARG VERSION=dev
-RUN --mount=type=cache,target=/root/.cache \
-    POETRY_DYNAMIC_VERSIONING_BYPASS=${VERSION} python3 -m pip install --disable-pip-version-check --no-deps --editable=.
-```
-And in the `Makefile`:
-```Makefile
-VERSION = $(strip $(shell poetry version --short))
-.PHONY: build
-build: ## Build the Docker images
-    docker build --build-arg=VERSION=$(VERSION) --tag=$(GITHUB_REPOSITORY) .
-```
-### To Docker registry
-The config is like this:
-```yaml
-latest: True
-images:
-  - # The base name of the image we want to publish
-    name:
-repository:
-  <internal_name>:
-    # The fqdn name of the server if not Docker hub
-    server:
-    # List of kinds of versions you want to publish, that can be: rebuild (specified using --type),
-    # version_tag, version_branch, feature_branch, feature_tag (for pull request)
-    version:
-    # List of tags we want to publish interpreted with `format(version=version)`
-    # e.g. if you use `{version}-lite` when you publish the version `1.2.3` the source tag
-    # (that should be built by the application build) is `latest-lite`, and it will be published
-    # with the tag `1.2.3-lite`.
-    tags:
-    # If your images are published by different jobs you can separate them in different groups
-    # and publish them with `c2cciutils-publish --group=<group>`
-    group:
-```
-By default, the last line of the `SECURITY.md` file will be published (`docker`) with the tag
-`latest`. Set `latest` to `False` to disable it.
-With the `c2cciutils-clean` the images on Docker hub for `feature_branch` will be removed on branch removing.
-## Download applications
-In case some executables or applications from GitHub releases or any other URLs are required on the CI host
-and are not handled by any dependency manager, we provide a set of tools to install them and manage upgrades
-through Renovate.
-Create an application file (e.-g. `applications.yaml`) with:
-```yaml
-# yaml-language-server: $schema=https://raw.githubusercontent.com/camptocamp/c2cciutils/master/c2cciutils/schema-applications.json
-# Application from GitHub release
-<organization>/<project>:
-  get-file-name: <file name present in the release>
-  to-file-name: <The file name you want to create in ~/.local/bin>
-  finish-command: # The command you want to run after the file is downloaded
-    - - chmod # To be executable (usually required)
-      - +x
-      - <to-file-name>
-    - - <to-file-name> # Print the version of the application
-      - --version
-# Application from GitHub release in a tar file (or tar.gz)
-<organization>/<project>:
-  get-file-name: <file name present in the release>
-  type: tar
-  tar-file-name: <The file name available in the tar file>
-  to-file-name: <The file name you want to create in ~/.local/bin>
-  finish-command: [...] # The command you want to run after the file is downloaded
-# Application from an URL
-<application reference name>:
-  url-pattern: <The URL used to download the application>
-  to-file-name: <The file name you want to create in ~/.local/bin>
-  finish-command: [...] # The command you want to run after the file is downloaded
-```
-In the attributes `url-pattern`, `get-file-name` you can use the following variables:
-- `{version}`: The version of the application present in the version file.
-- `{version_quote}`: The URL encoded version.
-- `{short_version}`: The version without the `v` prefix.
-The `applications-versions.yaml` file is a map of applications and their versions.
-Add in your Renovate configuration:
-```json5
-  regexManagers: [
-    {
-      fileMatch: ['^applications-versions.yaml$'],
-      matchStrings: [
-        '(?<depName>[^\\s]+): (?<currentValue>[^\\s]+) # (?<datasource>[^\\s]+)',
-      ],
-    },
-  ],
-```
-Now you need to call `c2cciutils-download-applications --applications-file=applications.yaml --versions-file=applications-version.yaml`
-to install required applications on CI host before using them (an already installed application is installed only if needed).
-## Use Renovate to trigger a new build instead of the legacy rebuild
-Run the command `c2cciutils-docker-versions-gen camptocamp/image[:tag]` to generate a file that is a kind of package lock of the Debian packages in the file `ci/dpkg-versions.yaml`.
-Add in your renovate configuration:
-```javascript
-  regexManagers: [
-    {
-      fileMatch: ['^ci/dpkg-versions.yaml$'],
-      matchStrings: [" *(?<depName>[^'\\s]+): '?(?<currentValue>[^'\\s/]*[0-9][^'\\s/]*)'?"],
-      datasourceTemplate: 'repology',
-      versioningTemplate: 'loose',
-    },
-  ],
-```
-When a new version of a Debian package will be available:
-- Renovate will automatically open a pull request to update the file `ci/dpkg-versions.yaml`.
-- And the continuous integration will build a new fresh Docker image with latest versions of all Debian packages.
 ## Kubernetes
 C2cciutils provide some commands for Kubernetes.