Commit Graph

75 Commits

Author SHA1 Message Date
dependabot[bot]
0c30f7cc99
Bump the dependencies group with 2 updates (#7925)
Bumps the dependencies group with 2 updates: [docker/build-push-action](https://github.com/docker/build-push-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `docker/build-push-action` from 6.6.1 to 6.7.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](16ebe778df...5cd11c3a4c)

Updates `github/codeql-action` from 3.26.0 to 3.26.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](eb055d739a...883d8588e5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-20 09:38:02 +10:00
dependabot[bot]
3f2e47497c
Bump the dependencies group with 4 updates (#7860)
Bumps the dependencies group with 4 updates: [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer), [docker/build-push-action](https://github.com/docker/build-push-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `sigstore/cosign-installer` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](59acb6260d...4959ce089c)

Updates `docker/build-push-action` from 6.5.0 to 6.6.1
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](5176d81f87...16ebe778df)

Updates `actions/upload-artifact` from 4.3.5 to 4.3.6
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](89ef406dd8...834a144ee9)

Updates `github/codeql-action` from 3.25.15 to 3.26.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](afb54ba388...eb055d739a)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-08-13 09:43:07 +10:00
Matthias Mair
41f6dd69b8
Adjust docker labels to modern OCI schema (#7773)
* adapt namespace

* add new labels

* make baseimage available for labels

* remove unneeded ending

* ensure image name is correct for ghcrio

* ensure the right outputs are used

* fix reference

* fix assigment

* only push docker reg image if authd

* swith back to env

this gets provided by the version ci script

* make repo targets changeable

* make readable

* revert ghcr.io change
2024-08-11 11:03:18 +10:00
dependabot[bot]
3733e8a417
Bump the dependencies group across 1 directory with 5 updates (#7811)
Bumps the dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.5.0` | `3.6.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.4` | `4.3.5` |
| [oasdiff/oasdiff-action](https://github.com/oasdiff/oasdiff-action) | `205ce7e2c5ae1511e720cbd307cae79fd7d4a909` | `a2ff6682b27d175162a74c09ace8771bd3d512f8` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.3` | `2.4.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.13` | `3.25.15` |



Updates `docker/setup-buildx-action` from 3.5.0 to 3.6.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](aa33708b10...988b5a0280)

Updates `actions/upload-artifact` from 4.3.4 to 4.3.5
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](0b2256b8c0...89ef406dd8)

Updates `oasdiff/oasdiff-action` from 205ce7e2c5ae1511e720cbd307cae79fd7d4a909 to a2ff6682b27d175162a74c09ace8771bd3d512f8
- [Release notes](https://github.com/oasdiff/oasdiff-action/releases)
- [Commits](205ce7e2c5...a2ff6682b2)

Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](dc50aa9510...62b2cac7ed)

Updates `github/codeql-action` from 3.25.13 to 3.25.15
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2d790406f5...afb54ba388)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: oasdiff/oasdiff-action
  dependency-type: direct:production
  dependency-group: dependencies
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2024-08-10 08:13:43 +10:00
dependabot[bot]
b10a20d1ef
Bump the dependencies group with 5 updates (#7712)
Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.1.0` | `3.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.4.0` | `3.5.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.2.0` | `3.3.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.4.0` | `6.5.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.12` | `3.25.13` |


Updates `docker/setup-qemu-action` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](5927c834f5...49b3bc8e6b)

Updates `docker/setup-buildx-action` from 3.4.0 to 3.5.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](4fd812986e...aa33708b10)

Updates `docker/login-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](0d4c9c5ea7...9780b0c442)

Updates `docker/build-push-action` from 6.4.0 to 6.5.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](a254f8ca60...5176d81f87)

Updates `github/codeql-action` from 3.25.12 to 3.25.13
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](4fa2a79536...2d790406f5)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-24 14:09:36 +10:00
dependabot[bot]
0d2424a3d9
Bump the dependencies group with 3 updates (#7661)
Bumps the dependencies group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python), [docker/build-push-action](https://github.com/docker/build-push-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/setup-python` from 5.1.0 to 5.1.1
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](82c7e631bb...39cd14951b)

Updates `docker/build-push-action` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](1a162644f9...a254f8ca60)

Updates `github/codeql-action` from 3.25.11 to 3.25.12
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b611370bb5...4fa2a79536)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-16 09:44:07 +10:00
dependabot[bot]
c05cf86c8e
Bump the dependencies group with 5 updates (#7590)
Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.0.0` | `3.1.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.3.0` | `3.4.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.2.0` | `6.3.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.3` | `4.3.4` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.7` | `4.1.8` |


Updates `docker/setup-qemu-action` from 3.0.0 to 3.1.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](68827325e0...5927c834f5)

Updates `docker/setup-buildx-action` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](d70bba72b1...4fd812986e)

Updates `docker/build-push-action` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](15560696de...1a162644f9)

Updates `actions/upload-artifact` from 4.3.3 to 4.3.4
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](65462800fd...0b2256b8c0)

Updates `actions/download-artifact` from 4.1.7 to 4.1.8
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](65a9edc588...fa0a91b85d)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-09 13:35:17 +10:00
dependabot[bot]
13ee755ad3
Bump the dependencies group with 2 updates (#7541)
Bumps the dependencies group with 2 updates: [docker/build-push-action](https://github.com/docker/build-push-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `docker/build-push-action` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](31159d49c0...15560696de)

Updates `github/codeql-action` from 3.25.10 to 3.25.11
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](23acc5c183...b611370bb5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-07 08:07:15 +10:00
dependabot[bot]
c6ad902ccc
Bump docker/build-push-action in the dependencies group (#7502)
Bumps the dependencies group with 1 update: [docker/build-push-action](https://github.com/docker/build-push-action).


Updates `docker/build-push-action` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](c382f710d3...31159d49c0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-25 09:27:07 +10:00
Oliver
432e0c622c
Single table for file attachments (#7420)
* Add basic model for handling generic attachments

* Refactor migration

* Data migration to convert old files across

* Admin updates

* Increase comment field max_length

* Adjust field name

* Remove legacy serializer classes / endpoints

* Expose new model to API

* Admin site list filters

* Remove legacy attachment models

- Add new mixin class to designate which models can have attachments

* Update data migration

- Ensure other apps are at the correct migration state beforehand

* Add migrations to remove legacy attachment tables

* Fix for "rename_attachment" callback

* Refactor model_type field

- ContentType does not allow easy API serialization

* Set allowed options for admin

* Update model verbose names

* Fix logic for file upload

* Add choices for serializer

* Add API filtering

* Fix for API filter

* Fix for attachment tables in PUI

- Still not solved permission issues

* Bump API version

* Record user when uploading attachment via API

* Refactor <AttachmentTable /> for PUI

* Display 'file_size' in PUI attachment table

* Fix company migrations

* Include permission informtion in roles API endpoint

* Read user permissions in PUI

* Simplify permission checks for <AttachmentTable />

* Automatically clean up old content types

* Cleanup PUI

* Fix typo in data migration

* Add reverse data migration

* Update unit tests

* Use InMemoryStorage for media files in test mode

* Data migration unit test

* Fix "model_type" field

- It is a required field after all

* Add permission check for serializer

* Fix permission check for CUI

* Fix PUI import

* Test python lib against specific branch

- Will be reverted once code is merged

* Revert STORAGES setting

- Might be worth looking into again

* Fix part unit test

* Fix unit test for sales order

* Use 'get_global_setting'

* Use 'get_global_setting'

* Update setting getter

* Unit tests

* Tweaks

* Revert change to settings.py

* More updates for get_global_setting

* Relax API query count requirement

* remove illegal chars and add unit tests

* Fix unit tests

* Fix frontend unit tests

* settings management updates

* Prevent db write under more conditions

* Simplify settings code

* Pop values before creating filters

* Prevent settings write under certain conditions

* Add debug msg

* Clear db on record import

* Refactor permissions checks

- Allows extension / customization of permission checks at a later date

* Unit test updates

* Prevent delete of attachment without correct permissions

* Adjust odcker.yaml

* Cleanup data migrations

* Tweak migration tests for build app

* Update data migration

- Handle case with missing data

* Prevent debug shell in TESTING mode

* Update migration dependencies

- Ensure all apps are "up to date" before removing legacy tables

* add file size test

* Update migration tests

* Revert some settings caching changes

* Fix incorrect logic in migration

* Update unit tests

* Prevent create on CURRENCY_CODES

- Seems to play havoc with bootup sequence

* Fix unit test

* Some refactoring

- Use get_global_setting

* Fix typo

* Revert change

* Add "tags" and "metadata"

* Include "tags" field in API serializer

* add "metadata" endpoint for attachments
2024-06-19 14:38:46 +10:00
dependabot[bot]
2c50620acc
Bump the dependencies group with 4 updates (#7462)
Bumps the dependencies group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [docker/build-push-action](https://github.com/docker/build-push-action), [codecov/codecov-action](https://github.com/codecov/codecov-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 4.1.6 to 4.1.7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](a5ac7e51b4...692973e3d9)

Updates `docker/build-push-action` from 5.4.0 to 6.0.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](ca052bb54a...c382f710d3)

Updates `codecov/codecov-action` from 4.4.1 to 4.5.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](125fc84a9a...e28ff129e5)

Updates `github/codeql-action` from 3.25.8 to 3.25.10
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](2e230e8fe0...23acc5c183)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-18 23:42:05 +10:00
dependabot[bot]
1a57973b4d
Bump the dependencies group across 1 directory with 3 updates (#7427)
Bumps the dependencies group with 3 updates in the / directory: [docker/login-action](https://github.com/docker/login-action), [docker/build-push-action](https://github.com/docker/build-push-action) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `docker/login-action` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](e92390c5fb...0d4c9c5ea7)

Updates `docker/build-push-action` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](2cdde995de...ca052bb54a)

Updates `github/codeql-action` from 3.25.6 to 3.25.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](9fdb3e4972...2e230e8fe0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-11 23:30:09 +10:00
Matthias Mair
bdebf878c3
Fixes for installer (#7344)
* - move reqs file to contrib
- detect previously used python version
- safe extra requirements to INSTALLER_EXTRA

* add missing fi

* move site setting
2024-05-27 17:49:05 +10:00
dependabot[bot]
1c6e81eae5
--- (#7276)
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-21 15:10:06 +10:00
Oliver
2265055785
Docker fix (#7228)
* Copy requirements file

* Test more files when building docker image

* Refactor install task

* Raise exception

* Run install task

* Fix typos

- The tests work!
2024-05-15 09:19:35 +10:00
dependabot[bot]
770dbb9c35
Bump the dependencies group with 2 updates (#7169)
Bumps the dependencies group with 2 updates: [actions/checkout](https://github.com/actions/checkout) and [codecov/codecov-action](https://github.com/codecov/codecov-action).


Updates `actions/checkout` from 4.1.4 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](0ad4b8fada...44c2b7a8a4)

Updates `codecov/codecov-action` from 4.3.0 to 4.3.1
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](84508663e9...5ecb98a3c6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-09 07:04:38 +10:00
dependabot[bot]
6837b0e753
Bump the dependencies group across 1 directory with 5 updates (#7134)
Bumps the dependencies group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `3.1.0` | `4.1.4` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.2.0` | `3.3.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.1` | `4.3.3` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.4` | `4.1.7` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.0` | `3.25.3` |



Updates `actions/checkout` from 3.1.0 to 4.1.4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3.1.0...0ad4b8fadaa221de15dcec353f45205ec38ea70b)

Updates `docker/setup-buildx-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](2b51285047...d70bba72b1)

Updates `actions/upload-artifact` from 4.3.1 to 4.3.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](5d5d22a312...65462800fd)

Updates `actions/download-artifact` from 4.1.4 to 4.1.7
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](c850b930e6...65a9edc588)

Updates `github/codeql-action` from 3.25.0 to 3.25.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](df5a14dc28...d39d31e687)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-30 07:47:18 +10:00
Matthias Mair
d2827df3b8
fix ci filters (#7121) 2024-04-27 10:51:42 +10:00
Matthias Mair
938c724395
Pin hashes in requirements (#7081)
* use global pin for requests

* unify on yaml for workflo files

* format workflow files

* pin action versions

* fix pinned version

* use system venv

* switch args

* remove uv for now and add setting for pyyaml

* use requirements file

* also switch on docker flow

* generate hashes

* added hashes to reqs

* add hashes for CI too

* add hash checking

* require hashes everywhere possible

* require hashes where possible in docker
2024-04-23 17:15:52 +10:00
Matthias Mair
ca03562d25
[CI] Small nitpick changes (#7016)
* use global pin for requests

* unify on yaml for workflo files

* format workflow files

* pin action versions

* fix pinned version

* use system venv

* switch args

* remove uv for now and add setting for pyyaml

* fix qc args

* bix doc paths
2024-04-21 22:20:13 +10:00
dependabot[bot]
1c67a92958
Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#7035)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](e1523de757...59acb6260d)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-16 09:56:34 +10:00
Oliver
6730cdbccf
[Docker] Fix broken production image (#6953)
* Check for presense of manage.py

* Fix directory copying
2024-04-04 23:55:55 +11:00
Oliver
d0fccaf14e
Fix docker push action (#6934) 2024-04-03 08:58:17 +00:00
Matthias Mair
0bace3f3af
Code structure refactor (#5582)
* moved docker files to /contrib/container

* changed code owners to make more precise

* updated CI to use new subdirs

* added manual trigger for testing

* moved ci files

* moved assets into subdir

* moved deploy template file to contrib

* moved django files to src/backend

* updated paths in scripts etc

* updated reqs path

* fixed version file path

* fixed flake8 path

* fixed path to node ressources

* fixed task paths

* added dep path for node

* removed unused yarn lockfile

* removed unused ci script

* updated internal backend paths for tasks

* updated translation stats path

* fixed source path for coverage

* fixed main commit repo path

* fit in changes from testing

* gather packager improvements (#149)

* Matmair/issue5578 (#143)

* moved docker files to /contrib/container

* changed code owners to make more precise

* updated CI to use new subdirs

* added manual trigger for testing

* moved ci files

* moved assets into subdir

* moved deploy template file to contrib

* moved django files to src/backend

* updated paths in scripts etc

* updated reqs path

* fixed version file path

* fixed flake8 path

* fixed path to node ressources

* fixed task paths

* added dep path for node

* removed unused yarn lockfile

* removed unused ci script

* updated internal backend paths for tasks

* updated translation stats path

* fixed source path for coverage

* fixed main commit repo path

* fix docker path

* use project dir

* move project dir command

* fixed docker paths

* another fix?

* seperate tasks out

* remove tasks

* some debugging

* ci: add .deepsource.toml

* Update .deepsource.toml

* also ignore migrations

* more debugging

* fix path issues

* remove debug script

* fix style

* change locale path

* Fixed paths for requirements

* Added dummy requirements to fool packager

* fixed exec path

* remove deepsource

---------

Co-authored-by: deepsource-io[bot] <42547082+deepsource-io[bot]@users.noreply.github.com>

* Added docs for file structure

* Fixed style errors

* updated deepsource paths

* fix deepsource paths

* fixed reqs

* merge fixes

* move newly added dirs too

* fix reqs files

* another dep fix

* merge upstream/master

* revert removal of tags

* merge upstream

* enabled detection of old config files

* adapt coverage src

* also detect and support old location for plugins.txt

* style fix

* fix ~/init.sh location

* fix requirements path

* fix config to current master

* move new folders

* fix import order

* fix paths for qc_check

* fix docs build

* fix fix path

* set docker project dir

* just use a cd

* set image path?

* set file correct

* fix copy path

* fix tasks dir

* fix init path

* fix copy path

* set prject dir

* fix paths

* remove old prod files

* fix dev env path

* set docker file

* Fix devcontainer docker compose file

* fix login attempt values

* fix init.sh path

* Fix pathing for Docker

* Docker build fix

- Set INVENTREE_BACKEND_DIR separately

* Update init.sh

* Fix path

* Update requirements.txt

* merge

* fix rq merge

* fix docker compose usage

---------

Co-authored-by: deepsource-io[bot] <42547082+deepsource-io[bot]@users.noreply.github.com>
Co-authored-by: Oliver <oliver.henry.walters@gmail.com>
2024-04-03 12:16:59 +11:00
Matthias Mair
4db61df8cd
Security improvements (#6890)
* Set write permissions at job level

* publish scorecard results

* Update scorecard.yml

* Update scorecard.yml

* Create .sonarcloud.properties

* Delete .deepsource.toml

* replace badge

* pin requests, pyyaml, jc

* pin yarn version

* pin uv

* reduce settings

* set test path
2024-04-02 17:35:01 +11:00
dependabot[bot]
7ed51dfff5
Bump actions/setup-python from 5.0.0 to 5.1.0 (#6864)
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.0.0 to 5.1.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](0a5c615913...82c7e631bb)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-27 07:11:37 +11:00
dependabot[bot]
1fea796b25
Bump docker/setup-buildx-action from 3.0.0 to 3.2.0 (#6850)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](f95db51fdd...2b51285047)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-26 07:49:03 +11:00
dependabot[bot]
7328fc0af5
Bump sigstore/cosign-installer from 3.1.2 to 3.4.0 (#6853)
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.1.2 to 3.4.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](11086d2504...e1523de757)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-26 07:48:49 +11:00
Matthias Mair
7c6eefbcdf
CI-Actions: Security fixes (#6835)
* add security commitment

* fix badge path

* set token permissions
see https://github.com/inventree/InvenTree/security/code-scanning/48

* add more chapters

* break up flow text

* spellchecking

* clean diff

* bump setup-python to node 20 version

* fix docker version too
2024-03-25 09:11:16 +11:00
dependabot[bot]
08ad0f8e28
Bump docker/login-action from 3.0.0 to 3.1.0 (#6800)
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](343f7c4344...e92390c5fb)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-23 18:11:47 +11:00
Matthias Mair
15388d3dc3
Run publish CI actions only on main repo (#6592)
* only run if in an inventree org repo

* only sign into docker hub if username set

* use repo name for ghcr name

* renmae to not cause confusion

* rename vars

* use seperate step

* disable a bunch of stuff for testing

* use echo instead

* Revert "disable a bunch of stuff for testing"

This reverts commit 0ab5ff6d6d.
2024-03-22 09:08:24 +11:00
dependabot[bot]
bb465078d3
Bump docker/build-push-action from 5.0.0 to 5.3.0 (#6776)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5.0.0 to 5.3.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](0565240e2d...2cdde995de)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 10:59:04 +11:00
dependabot[bot]
f2c0c7dcc1
Bump docker/metadata-action from 5.0.0 to 5.5.1 (#6778)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.0.0 to 5.5.1.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](96383f4557...8e5442c4ef)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 10:50:49 +11:00
dependabot[bot]
8e775c8502
Bump dorny/paths-filter from 2.11.1 to 3.0.2 (#6775)
Bumps [dorny/paths-filter](https://github.com/dorny/paths-filter) from 2.11.1 to 3.0.2.
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](4512585405...de90cc6fb3)

---
updated-dependencies:
- dependency-name: dorny/paths-filter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 10:50:28 +11:00
Matthias Mair
b46b200101
Add OSSF Scorecard (#6769)
* Create scorecard.yml

* Add badge

* disable publishing

* Add security improvements (#181)

* Add OSSF Scorecard (#179)

* Create scorecard.yml

* Add badge

* disable publishing

* [StepSecurity] Apply security best practices (#180)

* [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

* Update .pre-commit-config.yaml

* Update dependabot.yml

* Delete .github/workflows/dependency-review.yml

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: Matthias Mair <code@mjmair.com>

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>

* Update to upstream project

* disable shellcheck for now

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: StepSecurity Bot <bot@stepsecurity.io>
2024-03-21 10:11:49 +11:00
Oliver
82654eabdc
Site access tweaks (#6738)
* Adjust docker filter

- Run if settings.py changes

* Revert API version

* Adjust logic in settings.py

- Only exit if in main server thread

* Update qc_checks.yaml

* Add wildcard for CSRF_TRUSTED_ORIGINS in DEBUG mode

* Update wildcard

* Simplify settings.py logic
2024-03-18 15:27:56 +11:00
Oliver
cbc879f618
[Docker] Fix broken image (#6621)
* Install grpcio faster

- Pin version
- Update build packages

* Test dockerfile before push

- SImply test if invoke is present

* Revert commit to docker-compose

* Remove VIRTUAL_ENV from Dockerfile

* Fix pip install

* Run extra checks on docker image

* Ensure mariadb links are installed:

- Closes https://github.com/inventree/InvenTree/issues/6625

* Adjust CI

 build docker image manually

* Should fail

- Test that revert fails CI

* Ok, this should break it

* Fix Dockerfile
2024-03-04 22:50:00 +11:00
Oliver
3b9fae6279
docker: push both multiple image tags (#6614)
* docker: push both multiple image tags

* Remove matrix strategy
2024-03-02 11:29:20 +11:00
Oliver
6962b61fff
Fix docker tags (#6606)
- Revert to previous approach
2024-03-01 07:01:46 +11:00
Matthias Mair
ea63a03fe4
Refactor docker CI for speed increases (#6562)
* push to ghcr (#168)

* Update docker.yaml

* Update docker.yaml

* Update docker.yaml

* use matrix to build for the plattforms (faster amd pub)

* try Buildjet

* switch to pyhton 3.9

* Update docker.yaml

* path python manually?

* bump python to 3.11

* Update Dockerfile

* step down vm

* cleanup workflow

* install docker on mac

* and docker compose too

* switch back to linux

* Docker tests (#175)

* push to ghcr (#168)

* Update docker.yaml

* Update docker.yaml

* Update docker.yaml

* use matrix to build for the plattforms (faster amd pub)

* try Buildjet

* switch to pyhton 3.9

* Update docker.yaml

* path python manually?

* bump python to 3.11

* Update Dockerfile

* step down vm

* cleanup workflow

* install docker on mac

* and docker compose too

* switch back to linux

* switch to uv

* fix uv install

* reintroduce checks

* cleanup diff
2024-02-27 09:50:44 +11:00
Matthias Mair
85225538e6
Create test files in seperate folder & cleanup before image build (#6571)
* move ignore

* create testfiles in seperate folder

* add cleanup step to docker build

* use pathlib for paths
2024-02-26 11:23:49 +11:00
Oliver
e1e63fa644
Fix for tasks.py - docker (#6380)
* Instrument tasks.py

* Enforce no_frontend

* Run docker CI step if tasks.py changes
2024-02-01 12:25:24 +11:00
Oliver
f96055a33f
Refactor docker image for devcontainer (#6029)
* Make base image configurable

* Refactor dockerfile

- Place extra packages into extra shell script
- Add pre-build stage where packages are installed, and then cache removed
- Run same script in dev target, but do not remove

* Run docker workflow whenever package requirements change

* Replace devcontainer dockerfile

* Install base packages in devcontainer

* --no-cache-dir
2023-12-05 07:05:48 +11:00
Oliver
15b2437392
Docker CI Updates (#5909)
* Update docker image - base python version

- Also, build docker image on PR if any docker-related files have changed

* Update setuptools

* Update base level packages for docker image

* Reduce version

* Include docker workflow in filter

* Revert to python 3.10

* Remove call to upgrade setuptools

* Try newer version of setuptools

* Remove reliance on "minimal"

* Fix package URL

* Whoops. Fix typo
2023-11-22 00:25:13 +11:00
Matthias Mair
8308f36923
bump action versions (#5776) 2023-10-25 09:18:53 +11:00
Oliver
2be2ea4f8f
Docker CI test (#5544)
* Docker CI test

* Pin setuptools version

* Don't run docker build on pull-request
2023-09-15 22:44:54 +10:00
Oliver
3b4e20b54a
Unit Test Improvements (#5087)
* Disable migration testing

- Compare how long the unit tests take

* Change file

- To get unit tests to run

* Fix format

* Consolidate tasks.py

- Remove coverage task
- Add --coverage flag to test task

* Fix typo

* Run migration unit tests if migration files are updated

* Fix

* Touch migration file

- Should cause migration unit tests to be run

* Force migration checks for docker build

* Prevent default report creation in unit tests

- Should save some time

* Add simple profiling for plugin loading

- Display time taken to load each plugin

* Fix to invoke test

* Disable get_git_log (for testing)

* Disable get_git_path in CI

- Might remove this entirely?
- For now, bypass for unit testing

* Add debug for unit registry

- Display time taken to load registry

* Don't full-reload unit registry

* Adjust migration test workflow

- env var updates
- change paths-filter output

* Fix for migration_test.yaml

- Actually need to set the output

* env fix

* db name

* Prevent sleep if in test mode

* Reduce sleep time on wait_for_db
2023-06-23 17:25:59 +10:00
Matthias Mair
f3a13fc625
Add SBOM to container (#5017)
* Add sbom to docker

* Enable manual release

* remove dispatch
2023-06-11 23:37:03 +10:00
Matthias Mair
d710efb64b
remove concurrency checks (#5002)
Fixes https://github.com/inventree/InvenTree/issues/4999
2023-06-09 10:30:03 +10:00
dependabot[bot]
2ed7eefa27
Bump cryptography from 40.0.1 to 41.0.0 (#4955)
* Bump cryptography from 40.0.1 to 41.0.0

Bumps [cryptography](https://github.com/pyca/cryptography) from 40.0.1 to 41.0.0.
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/40.0.1...41.0.0)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* bump everything

* do not build for linux/arm/v7
see https://github.com/inventree/InvenTree/pull/4955#issuecomment-1575909025

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Matthias Mair <code@mjmair.com>
2023-06-05 19:27:27 +10:00