From 3f844b09994ba32e7b0c5ec7dd8586e6d5b4822c Mon Sep 17 00:00:00 2001 From: Sean Kelly Date: Thu, 26 Oct 2023 09:57:50 -0500 Subject: [PATCH 1/4] Fix issues with transitive dependency conflicts and excise the final vestiges of pds-github-util - Container setup was giving different results from `python setup.py install` and `pip install .`; but the former is obsolete anyway so switch to the latter - The comment about `setup.cfg` requirements was incorrect; those were in fact being used during container setup - Pin the requirements in `setup.cfg` to conform to those in `github-actions-base` as well as `lasso-releasers` and `lasso-requirements` - Use the correct "internal anatomy" of `lasso-releasers`, not `pds-github-util` --- Dockerfile | 2 +- setup.cfg | 18 +++++++++--------- src/pds/roundup/_python.py | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Dockerfile b/Dockerfile index d9c3cb7..adc6e43 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,5 +26,5 @@ ENTRYPOINT ["/usr/local/bin/roundup"] RUN : &&\ pip install 'lasso.releasers~=1.0.0' 'lasso.requirements~=1.0.0' &&\ - python3 setup.py install --optimize=2 &&\ + pip install install /usr/src/roundup &&\ : diff --git a/setup.cfg b/setup.cfg index 27f5da4..db9b1d4 100644 --- a/setup.cfg +++ b/setup.cfg @@ -24,19 +24,19 @@ packages = find_namespace: package_dir = =src -# Note: the ``install_requires`` dependencies below are for development only; -# for operations, the base Docker image has all of these pre-installed to -# save time. +# Note: the ``install_requires`` dependencies below must match certain +# packages "baked into" the nasapds/github-actions-base which is used +# by GitHub Actions to save time on spinning up the Roundup's container. install_requires = - github3.py - pds-github-util + github3.py==1.3.0 requests==2.23.0 packaging==21.0 - sphinx - twine - wheel - lxml + sphinx==3.2.1 + twine==3.4.2 + wheel==0.40.0 + lxml==4.6.3 + sphinx-substitution-extensions==2020.9.30.0 [options.package_data] diff --git a/src/pds/roundup/_python.py b/src/pds/roundup/_python.py index c3746c5..9334632 100644 --- a/src/pds/roundup/_python.py +++ b/src/pds/roundup/_python.py @@ -8,7 +8,7 @@ from .step import ChangeLogStep as BaseChangeLogStep from .step import Step, StepName, NullStep, RequirementsStep, DocPublicationStep from .util import invoke, invokeGIT, TAG_RE, commit, delete_tags, git_config -from pds_github_util.release._python_version import TextFileDetective +from lasso.releasers._python_version import TextFileDetective import logging, os, re, shutil _logger = logging.getLogger(__name__) From c68480d68193bc9ecc9ec69e51ff077908e5ece5 Mon Sep 17 00:00:00 2001 From: Sean Kelly Date: Fri, 27 Oct 2023 10:52:00 -0500 Subject: [PATCH 2/4] Merge this to fix #124 - Splits the "version bumping step" into two: a "version bump" and a "version commit" - Adds a note to the README on how to retry a release --- README.md | 11 ++++++++--- src/pds/roundup/_maven.py | 16 +++++++++++++++- src/pds/roundup/_python.py | 29 +++++++++++++++++++++-------- src/pds/roundup/assembly.py | 2 ++ src/pds/roundup/step.py | 1 + support/run-roundup.sh | 2 +- 6 files changed, 48 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 4723306..f4bd5cd 100644 --- a/README.md +++ b/README.md @@ -121,12 +121,17 @@ There are several different flavors of roundups that you can specify `with` the The Roundup includes built-in support to make official releases of software, publishing artifacts to well-known repositories, and including release archives on GitHub. The [PDS Java Template Repository](https://github.com/NASA-PDS/pds-template-repo-java) (historically called the "generic template") and the [PDS Python Template Repository](https://github.com/NASA-PDS/pds-template-repo-python) (historically called the Python template) have the correct GitHub Actions workflows to support this. If you create a new PDS repository from those templates, you're all set to roundup! Yee-haw! -To make an offical release of software version `VERSION`, create a tag called `release/VERSION` and push it to GitHub. For example, to release version 2.0.17 of your software based on the latest `main`: +To make an offical release of software version `VERSION`, create a tag called `release/VERSION` and push it to GitHub. For example, to release version 2.1.0 of your software based on the latest `main`: ```console $ git checkout main $ git pull -$ git tag --annotate --message "Release of 2.0.17" release/2.0.17 -$ git push origin release/2.0.17 +$ git tag --annotate --message "Release of 2.1.0" release/2.1.0 +$ git push origin release/2.1.0 +``` +If a release fails, you can retry it under some circumstances (depending on where it failed) with an invocation like: +```console +$ git push --delete release/2.1.0 +$ git push origin release/2.1.0 ``` diff --git a/src/pds/roundup/_maven.py b/src/pds/roundup/_maven.py index 0ae4122..1282823 100644 --- a/src/pds/roundup/_maven.py +++ b/src/pds/roundup/_maven.py @@ -36,6 +36,7 @@ def __init__(self, cwd, environ, args): StepName.requirements: RequirementsStep, StepName.unitTest: _UnitTestStep, StepName.versionBump: _VersionBumpingStep, + StepName.versionCommit: _VersionCommittingStep, } super(MavenContext, self).__init__(cwd, environ, args) @@ -307,7 +308,20 @@ def execute(self): with open('pom.xml', 'r') as f: for 𝐋 in f: if 'version' in 𝐋: _logger.debug(f'“{𝐋.strip()}”') - self.commit_poms(f'Bumping version for {major}.{minor}.{micro} release') + + +class _VersionCommittingStep(_MavenStep): + '''Step that commits the new version, as needed.''' + def execute(self): + '''Commit the new version number.''' + if not self.assembly.isStable(): + _logger.debug('Skipping version commit for unstable build') + return + _logger.debug('❗️ Inside the _VersionCommittingStep, here is what the pom.xml looks like as far as ') + with open('pom.xml', 'r') as f: + for 𝐋 in f: + if 'version' in 𝐋: _logger.debug(f'“{𝐋.strip()}”') + self.commit_poms('Committing poms for stable release') class _CleanupStep(_MavenStep): diff --git a/src/pds/roundup/_python.py b/src/pds/roundup/_python.py index 9334632..487c2f3 100644 --- a/src/pds/roundup/_python.py +++ b/src/pds/roundup/_python.py @@ -34,6 +34,7 @@ def __init__(self, cwd, environ, args): StepName.requirements: RequirementsStep, StepName.unitTest: _UnitTestStep, StepName.versionBump: _VersionBumpingStep, + StepName.versionCommit: _VersionCommittingStep, } super(PythonContext, self).__init__(cwd, environ, args) @@ -107,13 +108,7 @@ def execute(self): class _VersionBumpingStep(_PythonStep): - '''''' - # Filter out directory paths with these in them when trying to find VERSION.txt - # - # We could constrain our search to ``src`` but some older PDS repositories—including our own - # ``pds-github-util``—don't use ``src`` 😩 - _prune = re.compile(r'__pycache__|\.egg-info') - + '''Bump the version but do not commit it (yet).''' def execute(self): if not self.assembly.isStable(): _logger.debug('Skipping version bump for unstable build') @@ -150,7 +145,25 @@ def execute(self): with open(version_file, 'w') as inp: inp.write(f'{major}.{minor}.{micro}\n') - commit(version_file, f'Bumping version for {major}.{minor}.{micro} release') + +class _VersionCommittingStep(_PythonStep): + '''Commit the bumped version.''' + def execute(self): + if not self.assembly.isStable(): + _logger.debug('Skipping version commit for unstable build') + return + + _logger.debug("Locating VERSION.txt to commit") + try: + version_file = TextFileDetective.locate_file(self.assembly.context.cwd) + if version_file is None: + raise RoundupError('Unable to locate VERSION.txt in repo. Version commit failed.') + except ValueError: + msg = 'Unable to locate ./src directory. Is your repository properly structured?' + _logger.debug(msg) + raise RoundupError(msg) + + commit(version_file, f'Commiting {version_file} for stable release') class _BuildStep(_PythonStep): diff --git a/src/pds/roundup/assembly.py b/src/pds/roundup/assembly.py index 392212c..6e17a9b 100644 --- a/src/pds/roundup/assembly.py +++ b/src/pds/roundup/assembly.py @@ -74,6 +74,8 @@ class PDSAssembly(Assembly): StepName.changeLog, StepName.githubRelease, StepName.docPublication, + # NASA-PDS/roundup-action#124: split version bumping from version committing + StepName.versionCommit, StepName.cleanup, ] diff --git a/src/pds/roundup/step.py b/src/pds/roundup/step.py index 6e0fc35..99e6cd7 100644 --- a/src/pds/roundup/step.py +++ b/src/pds/roundup/step.py @@ -50,6 +50,7 @@ class StepName(Enum): requirements = 'requirements' unitTest = 'unitTest' versionBump = 'versionBump' + versionCommit = 'versionCommit' # Common Steps diff --git a/support/run-roundup.sh b/support/run-roundup.sh index a679f7d..dd91ab7 100755 --- a/support/run-roundup.sh +++ b/support/run-roundup.sh @@ -48,7 +48,7 @@ # Constantly -defaultSteps="preparation,unitTest,integrationTest,changeLog,requirements,docs,versionBump,build,githubRelease,artifactPublication,docPublication,cleanup" +defaultSteps="preparation,unitTest,integrationTest,changeLog,requirements,docs,versionBump,build,githubRelease,artifactPublication,docPublication,versionCommit,cleanup" # Check args if [ "$#" -lt 2 -o "$#" -gt 3 ]; then From 441f75a58fe8b88478a565c027fca0b4efc6c40b Mon Sep 17 00:00:00 2001 From: Sean Kelly Date: Wed, 22 Nov 2023 12:48:40 -0600 Subject: [PATCH 3/4] software-issues-repo#55 --- .github/workflows/secrets-detection.yaml | 77 ++++++++++ .pre-commit-config.yaml | 20 +++ .secrets.baseline | 174 +++++++++++++++++++++++ 3 files changed, 271 insertions(+) create mode 100644 .github/workflows/secrets-detection.yaml create mode 100644 .pre-commit-config.yaml create mode 100644 .secrets.baseline diff --git a/.github/workflows/secrets-detection.yaml b/.github/workflows/secrets-detection.yaml new file mode 100644 index 0000000..30c4339 --- /dev/null +++ b/.github/workflows/secrets-detection.yaml @@ -0,0 +1,77 @@ +name: Secret Detection Workflow +on: + push: + branches: + - main + pull_request: + branches: + - main + +jobs: + secret-detection: + runs-on: ubuntu-latest + steps: + - + name: Checkout code + uses: actions/checkout@v4 + - + name: Install necessary packages + run: | + pip install git+https://github.com/NASA-AMMOS/slim-detect-secrets.git@exp + pip install jq + + - + name: Create an initial .secrets.baseline if .secrets.baseline does not exist + run: | + if [ ! -f .secrets.baseline ]; then + # This generated baseline file will only be temporarily available on the GitHub side and will not appear in the user's local files. + # Scanning an empty folder to generate an initial .secrets.baseline without secrets in the results. + echo "⚠️ No existing .secrets.baseline file detected. Creating a new blank baseline file." + mkdir empty-dir + detect-secrets scan empty-dir > .secrets.baseline + echo "✅ Blank .secrets.baseline file created successfully." + rm -r empty-dir + else + echo "✅ Existing .secrets.baseline file detected. No new baseline file will be created." + fi + + - + name: Scan repository for secrets + run: | + # scripts to scan repository for new secrets + + # backup the list of known secrets + cp .secrets.baseline .secrets.new + + # find the secrets in the repository + detect-secrets scan --disable-plugin AbsolutePathDetectorExperimental --baseline .secrets.new \ + --exclude-files '\.secrets..*' \ + --exclude-files '\.git.*' \ + --exclude-files '\.pre-commit-config\.yaml' \ + --exclude-files '\.mypy_cache' \ + --exclude-files '\.pytest_cache' \ + --exclude-files '\.tox' \ + --exclude-files '\.venv' \ + --exclude-files 'venv' \ + --exclude-files 'dist' \ + --exclude-files 'build' \ + --exclude-files '.*\.egg-info' + + # if there is any difference between the known and newly detected secrets, break the build + # Function to compare secrets without listing them + compare_secrets() { diff <(jq -r '.results | keys[] as $key | "\($key),\(.[$key] | .[] | .hashed_secret)"' "$1" | sort) <(jq -r '.results | keys[] as $key | "\($key),\(.[$key] | .[] | .hashed_secret)"' "$2" | sort) >/dev/null; } + + # Check if there's any difference between the known and newly detected secrets + if ! compare_secrets .secrets.baseline .secrets.new; then + echo "⚠️ Attention Required! ⚠️" >&2 + echo "New secrets have been detected in your recent commit. Due to security concerns, we cannot display detailed information here and we cannot proceed until this issue is resolved." >&2 + echo "" >&2 + echo "Please follow the steps below on your local machine to reveal and handle the secrets:" >&2 + echo "" >&2 + echo "1️⃣ Run the 'detect-secrets' tool on your local machine. This tool will identify and clean up the secrets. You can find detailed instructions at this link: https://nasa-ammos.github.io/slim/continuous-testing/starter-kits/#detect-secrets" >&2 + echo "" >&2 + echo "2️⃣ After cleaning up the secrets, commit your changes and re-push your update to the repository." >&2 + echo "" >&2 + echo "Your efforts to maintain the security of our codebase are greatly appreciated!" >&2 + exit 1 + fi diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..b176ba2 --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,20 @@ +repos: + - + repo: https://github.com/NASA-AMMOS/slim-detect-secrets + # using commit id for now, will change to tag when official version is released + rev: 91e097ad4559ae6ab785c883dc5ed989202c7fbe + hooks: + - id: detect-secrets + args: + - '--baseline' + - '.secrets.baseline' + - --exclude-files '\.secrets..*' + - --exclude-files '\.git.*' + - --exclude-files '\.mypy_cache' + - --exclude-files '\.pytest_cache' + - --exclude-files '\.tox' + - --exclude-files '\.venv' + - --exclude-files 'venv' + - --exclude-files 'dist' + - --exclude-files 'build' + - --exclude-files '.*\.egg-info' diff --git a/.secrets.baseline b/.secrets.baseline new file mode 100644 index 0000000..2c5457f --- /dev/null +++ b/.secrets.baseline @@ -0,0 +1,174 @@ +{ + "version": "1.4.0", + "plugins_used": [ + { + "name": "ArtifactoryDetector" + }, + { + "name": "AWSKeyDetector" + }, + { + "name": "AWSSensitiveInfoDetectorExperimental" + }, + { + "name": "AzureStorageKeyDetector" + }, + { + "name": "Base64HighEntropyString", + "limit": 4.5 + }, + { + "name": "BasicAuthDetector" + }, + { + "name": "CloudantDetector" + }, + { + "name": "DiscordBotTokenDetector" + }, + { + "name": "EmailAddressDetector" + }, + { + "name": "GitHubTokenDetector" + }, + { + "name": "HexHighEntropyString", + "limit": 3.0 + }, + { + "name": "IbmCloudIamDetector" + }, + { + "name": "IbmCosHmacDetector" + }, + { + "name": "IPPublicDetector" + }, + { + "name": "JwtTokenDetector" + }, + { + "name": "KeywordDetector", + "keyword_exclude": "" + }, + { + "name": "MailchimpDetector" + }, + { + "name": "NpmDetector" + }, + { + "name": "PrivateKeyDetector" + }, + { + "name": "SendGridDetector" + }, + { + "name": "SlackDetector" + }, + { + "name": "SoftlayerDetector" + }, + { + "name": "SquareOAuthDetector" + }, + { + "name": "StripeDetector" + }, + { + "name": "TwilioKeyDetector" + } + ], + "filters_used": [ + { + "path": "detect_secrets.filters.allowlist.is_line_allowlisted" + }, + { + "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", + "min_level": 2 + }, + { + "path": "detect_secrets.filters.heuristic.is_indirect_reference" + }, + { + "path": "detect_secrets.filters.heuristic.is_likely_id_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_lock_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_potential_uuid" + }, + { + "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign" + }, + { + "path": "detect_secrets.filters.heuristic.is_sequential_string" + }, + { + "path": "detect_secrets.filters.heuristic.is_swagger_file" + }, + { + "path": "detect_secrets.filters.heuristic.is_templated_secret" + }, + { + "path": "detect_secrets.filters.regex.should_exclude_file", + "pattern": [ + "\\.secrets..*", + "\\.pre-commit-config\\.yaml", + "\\.git.*", + "\\.mypy_cache", + "\\.pytest_cache", + "\\.tox", + "\\.venv", + "venv", + "dist", + "build", + ".*\\.egg-info" + ] + } + ], + "results": { + "README.md": [ + { + "type": "Email Address", + "filename": "README.md", + "hashed_secret": "0ebdbaa404ab765b45b3af96c0e1874401ac3ef3", + "is_verified": false, + "line_number": 94 + } + ], + "action.yaml": [ + { + "type": "Email Address", + "filename": "action.yaml", + "hashed_secret": "1b21650fca3caf5c234a77fcc47fb5f08cfcbd8a", + "is_verified": false, + "line_number": 11 + } + ], + "src/pds/roundup/step.py": [ + { + "type": "Base64 High Entropy String", + "filename": "src/pds/roundup/step.py", + "hashed_secret": "4e8f0d758c9cb925cd6e21fe0e99d29b90417650", + "is_verified": false, + "line_number": 246 + } + ], + "src/pds/roundup/util.py": [ + { + "type": "Email Address", + "filename": "src/pds/roundup/util.py", + "hashed_secret": "2cdaeb7565d9036f422d87494886f0295a6e6cd3", + "is_verified": false, + "line_number": 101 + } + ] + }, + "generated_at": "2023-11-22T18:45:56Z" +} From 905c252b72106d4e7d869f1a9a30ae03ed4f50e5 Mon Sep 17 00:00:00 2001 From: Sean Kelly Date: Thu, 7 Dec 2023 09:42:38 -0600 Subject: [PATCH 4/4] Add version label to open bugs --- .secrets.baseline | 8 ++++++-- Dockerfile | 1 + src/pds/roundup/_maven.py | 6 ++++-- src/pds/roundup/_python.py | 7 +++++-- src/pds/roundup/assembly.py | 2 +- src/pds/roundup/main.py | 4 ++-- src/pds/roundup/util.py | 12 +++++++++++- 7 files changed, 30 insertions(+), 10 deletions(-) diff --git a/.secrets.baseline b/.secrets.baseline index 2c5457f..cde2ab6 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -84,6 +84,10 @@ { "path": "detect_secrets.filters.allowlist.is_line_allowlisted" }, + { + "path": "detect_secrets.filters.common.is_baseline_file", + "filename": ".secrets.baseline" + }, { "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies", "min_level": 2 @@ -166,9 +170,9 @@ "filename": "src/pds/roundup/util.py", "hashed_secret": "2cdaeb7565d9036f422d87494886f0295a6e6cd3", "is_verified": false, - "line_number": 101 + "line_number": 111 } ] }, - "generated_at": "2023-11-22T18:45:56Z" + "generated_at": "2023-12-07T15:42:21Z" } diff --git a/Dockerfile b/Dockerfile index adc6e43..18e17e3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -26,5 +26,6 @@ ENTRYPOINT ["/usr/local/bin/roundup"] RUN : &&\ pip install 'lasso.releasers~=1.0.0' 'lasso.requirements~=1.0.0' &&\ + pip install 'git+https://github.com/NASA-PDS/lasso-issues.git@main' &&\ pip install install /usr/src/roundup &&\ : diff --git a/src/pds/roundup/_maven.py b/src/pds/roundup/_maven.py index 1282823..5a1f43d 100644 --- a/src/pds/roundup/_maven.py +++ b/src/pds/roundup/_maven.py @@ -6,7 +6,7 @@ from .errors import InvokedProcessError, MissingEnvVarError, RoundupError from .step import ChangeLogStep as BaseChangeLogStep from .step import Step, StepName, NullStep, DocPublicationStep, RequirementsStep -from .util import invoke, invokeGIT, TAG_RE, git_config, delete_tags +from .util import invoke, invokeGIT, TAG_RE, git_config, delete_tags, add_version_label_to_open_bugs from lxml import etree import logging, os, base64, subprocess, re @@ -300,7 +300,9 @@ def execute(self): if not match: raise RoundupError(f'🐎 Stable workflow on tag «{tag}» but not a ``release/`` name!') major, minor, micro = int(match.group(1)), int(match.group(2)), match.group(4) - _logger.debug('🔖 So we got version %d.%d.%s', major, minor, micro) + full_version = f'{major}.{minor}.{micro}' + _logger.debug('🔖 So we got version %s', full_version) + add_version_label_to_open_bugs(full_version) if micro is None: raise RoundupError('Invalid release version supplied in tag name. You must supply Major.Minor.Micro') self.invokeMaven(['-DgenerateBackupPoms=false', f'-DnewVersion={major}.{minor}.{micro}', 'versions:set']) diff --git a/src/pds/roundup/_python.py b/src/pds/roundup/_python.py index 487c2f3..87db3c6 100644 --- a/src/pds/roundup/_python.py +++ b/src/pds/roundup/_python.py @@ -7,7 +7,7 @@ from .errors import MissingEnvVarError from .step import ChangeLogStep as BaseChangeLogStep from .step import Step, StepName, NullStep, RequirementsStep, DocPublicationStep -from .util import invoke, invokeGIT, TAG_RE, commit, delete_tags, git_config +from .util import invoke, invokeGIT, TAG_RE, commit, delete_tags, git_config, add_version_label_to_open_bugs from lasso.releasers._python_version import TextFileDetective import logging, os, re, shutil @@ -127,10 +127,13 @@ def execute(self): raise RoundupError(f'🐎 Stable tag of «{tag}» but not a ``release/`` tag') major, minor, micro = int(match.group(1)), int(match.group(2)), match.group(4) - _logger.debug('🔖 So we got version %d.%d.%s', major, minor, micro) + full_version = f'{major}.{minor}.{micro}' + _logger.debug('🔖 So we got version %s', full_version) + if micro is None: raise RoundupError('Invalid release version supplied in tag name. You must supply Major.Minor.Micro') + add_version_label_to_open_bugs(full_version) _logger.debug("Locating VERSION.txt to update with new release version.") try: version_file = TextFileDetective.locate_file(self.assembly.context.cwd) diff --git a/src/pds/roundup/assembly.py b/src/pds/roundup/assembly.py index 6e17a9b..683b73a 100644 --- a/src/pds/roundup/assembly.py +++ b/src/pds/roundup/assembly.py @@ -59,7 +59,7 @@ def __init__(self, context): class PDSAssembly(Assembly): - '''The PDS-flavored assembly which has 9 different steps''' + '''The PDS-flavored assembly which has 13 different steps''' pdsSteps = [ StepName.preparation, StepName.unitTest, diff --git a/src/pds/roundup/main.py b/src/pds/roundup/main.py index dea9b59..8d80bbd 100644 --- a/src/pds/roundup/main.py +++ b/src/pds/roundup/main.py @@ -112,8 +112,8 @@ def main(): # Sanity check in GitHub Acions logs: show the version of ``pds-github-util`` by calling # ``--version`` on any one of its programs. - pdsGitHubUtilVersion = invoke(['maven-release', '--version']).strip() - _logger.info('🗺 The version of ``pds-github-util`` I shall be using: %s', pdsGitHubUtilVersion) + version = invoke(['pds-issues', '--version']).strip() + _logger.info('🗺 The version of ``lasso-issues`` I shall be using: %s', version) # Here we go daddy _assemblies[args.assembly](context).roundup() diff --git a/src/pds/roundup/util.py b/src/pds/roundup/util.py index c98aec2..25da35f 100644 --- a/src/pds/roundup/util.py +++ b/src/pds/roundup/util.py @@ -3,7 +3,8 @@ '''🤠 PDS Roundup — Utilities''' from .errors import InvokedProcessError -import subprocess, logging, re +import subprocess, logging, re, os + _logger = logging.getLogger(__name__) @@ -42,6 +43,15 @@ def populateEnvVars(env): return copy +def add_version_label_to_open_bugs(version): + _logger.debug('Adding version label to open bugs') + owner, repo = os.getenv('GITHUB_REPOSITORY').split('/') + invoke([ + 'add-version-label-to-open-bugs', '--labelled-version', version, + '--token', os.getenv('ADMIN_GITHUB_TOKEN'), '--github-org', owner, '--github-repo', repo, + ]) + + def invoke(argv): '''Execute a command within the operating system, returning its output. On any error, raise ane exception. The command is the first element of ``argv``, with remaining elements