diff --git a/.github/workflows/docs-ci.yml b/.github/workflows/docs-ci.yml index 66689c9..a48eab4 100644 --- a/.github/workflows/docs-ci.yml +++ b/.github/workflows/docs-ci.yml @@ -1,35 +1,36 @@ -name: CI Documentation and Code style +name: CI Documentation on: [push, pull_request] +permissions: {} jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: max-parallel: 4 matrix: - python-version: [3.14] + python-version: [3.13] steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} - name: Install Dependencies - run: pip install -e .[docs,testing] + run: ./configure --dev - - name: Check Sphinx Documentation build minimally - working-directory: ./docs - run: sphinx-build -E -W source build + - name: Check documentation and HTML for errors and dead links + run: make docs - - name: Check for documentation style errors - working-directory: ./docs - run: ./scripts/doc8_style_check.sh + - name: Check documentation for style errors + run: make doc8 - - name: Check for Code style errors - run: make check-ci + - name: Check code for style errors + run: make check diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml index 9ee2ce0..d3e8a6a 100644 --- a/.github/workflows/pypi-release.yml +++ b/.github/workflows/pypi-release.yml @@ -18,15 +18,18 @@ on: tags: - "v*.*.*" +permissions: {} jobs: build-pypi-distribs: name: Build and publish library to PyPI runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: 3.14 @@ -40,13 +43,16 @@ jobs: run: python -m twine check dist/* - name: Upload built archives - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f with: name: pypi_archives path: dist/* create-gh-release: + permissions: + contents: write # to create GitHub release (softprops/action-gh-release) + name: Create GH release needs: - build-pypi-distribs @@ -54,13 +60,13 @@ jobs: steps: - name: Download built archives - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: name: pypi_archives path: dist - name: Create GH release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda with: draft: true files: dist/* @@ -77,11 +83,11 @@ jobs: steps: - name: Download built archives - uses: actions/download-artifact@v4 + uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 with: name: pypi_archives path: dist - name: Publish to PyPI if: startsWith(github.ref, 'refs/tags') - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..2848e04 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,29 @@ +name: Run tests on supported Python versions + +on: [push, pull_request, workflow_dispatch] + +jobs: + extensive_tests: + name: Run tests on Python ${{ matrix.python }} + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + strategy: + fail-fast: false + matrix: + python: ["3.10", "3.11", "3.12", "3.13", "3.14"] + os: ["ubuntu-latest"] + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + persist-credentials: false + + - name: Set up Python + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 + with: + python-version: "${{ matrix.python }}" + + - name: Run tests + run: make clean && make dev && make test diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml new file mode 100644 index 0000000..aa8259d --- /dev/null +++ b/.github/workflows/zizmor.yml @@ -0,0 +1,24 @@ +name: GitHub Actions Security Analysis with zizmor 🌈 + +on: + push: + branches: ["main"] + pull_request: + branches: ["**"] + +permissions: {} + +jobs: + zizmor: + name: Run zizmor 🌈 + runs-on: ubuntu-latest + permissions: + security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files. + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run zizmor 🌈 + uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d3dca6f..e9b3d7b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,11 @@ Changelog ========= +v0.2.2 (14 July, 2026) +----------------------------- + +Relax version constraints and update version requirements. + v0.2.1 (29th October, 2025) ----------------------------- diff --git a/Makefile b/Makefile index 5971ec2..d4c6beb 100644 --- a/Makefile +++ b/Makefile @@ -60,7 +60,7 @@ docs: @${ACTIVATE} sphinx-build docs/source docs/_build/ docs-check: - @${ACTIVATE} sphinx-build -E -W -b html docs/source docs/_build/ - @${ACTIVATE} sphinx-build -E -W -b linkcheck docs/source docs/_build/ + sphinx-build -E -W -b html docs/source docs/_build/ + sphinx-build -E -W -b linkcheck docs/source docs/_build/ .PHONY: conf dev check valid clean test docs docs-check diff --git a/etc/scripts/utils_requirements.py b/etc/scripts/utils_requirements.py index b9b2c0e..f377578 100644 --- a/etc/scripts/utils_requirements.py +++ b/etc/scripts/utils_requirements.py @@ -15,7 +15,7 @@ """ Utilities to manage requirements files and call pip. NOTE: this should use ONLY the standard library and not import anything else -because this is used for boostrapping with no requirements installed. +because this is used for bootstrapping with no requirements installed. """ @@ -31,7 +31,7 @@ def load_requirements(requirements_file="requirements.txt", with_unpinned=False) def get_required_name_versions(requirement_lines, with_unpinned=False): """ - Yield required (name, version) tuples given a`requirement_lines` iterable of + Yield required (name, version) tuples given a `requirement_lines` iterable of requirement text lines. Only accept requirements pinned to an exact version. """ @@ -47,7 +47,7 @@ def get_required_name_versions(requirement_lines, with_unpinned=False): def get_required_name_version(requirement, with_unpinned=False): """ - Return a (name, version) tuple given a`requirement` specifier string. + Return a (name, version) tuple given a `requirement` specifier string. Requirement version must be pinned. If ``with_unpinned`` is True, unpinned requirements are accepted and only the name portion is returned. diff --git a/requirements-dev.txt b/requirements-dev.txt index 77f978a..5f3d7f0 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1 +1,2 @@ -scancode-toolkit==32.3.0 \ No newline at end of file +scancode-toolkit==32.3.0 +pytest==9.1.1 \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index b1a4657..fe8f01f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ # from blint v2.3.2 # https://github.com/owasp-dep-scan/blint/blob/1e1250a4bf6c25eccba8970bd877901ee56070c7/poetry.lock -lief==0.17.0 +lief==0.17.2 symbolic==10.2.1 diff --git a/setup.cfg b/setup.cfg index b120597..5c9cf5a 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,7 +1,7 @@ [metadata] name = rust-inspector license = Apache-2.0 AND MIT -version = 0.2.1 +version = 0.2.2 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390 description = rust-inspector is a scancode plugin to extract symbols and dependencies found in Rust binaries. @@ -44,8 +44,8 @@ install_requires = commoncode plugincode typecode - lief==0.17.0 - symbolic==10.2.1 + lief>=0.17.2 + symbolic>=10.2.1 [options.packages.find] where = src @@ -56,7 +56,7 @@ scancode_scan = rust_symbol = rust_inspector.plugin:RustSymbolScannerPlugin [options.extras_require] -testing = +dev = scancode-toolkit pytest >= 6, != 7.0.0 pytest-xdist >= 2 @@ -65,8 +65,6 @@ testing = twine black isort - -docs = Sphinx>=5.0.2 sphinx-rtd-theme>=1.0.0 sphinx-reredirects >= 0.1.2