This patch integrates an invocation of the `pypi-attestations`
tool[[1]] into the release automation before calling Twine. When
used locally and not within a known Trusted Publishing setup, it will
invoke an OAuth flow, opening a browser window, prompting the caller
to authenticate via GitHub. Once authorized and browser window closed,
it will proceed to signing the distribution packages[[2]] locally
using Sigstore. The resulting signatures are produced in the format
outlined in PEP 740 [[3]].
Twine is then called with `--attestations` which is what will actually
attach the digital signatures to the release on PyPI.
[1]: https://docs.pypi.org/attestations/producing-attestations/#using-pypi-attestations
[2]: https://packaging.python.org/en/latest/glossary/#term-Distribution-Package
[3]: https://peps.python.org/pep-0740/
When detection of the current container network fails, a warning is now issued and execution continues.
This simplifies usage in cases where the current container cannot be inspected, such as when running in GitHub Codespaces.
Fixes the logic when attempting to become the SYSTEM user using the
runas plugin. It was incorrectly assumed that calling LogonUser with the
SYSTEM username would produce a new token with all the privileges but
instead it creates a copy of the existing token. This reverts the logic
back to the original process and adds in new logic to avoid any tokens
that are restricted from creating new processes.
though the previous docs were the 'intended' outcome,
the current behaviour has been active for a long time and should
not be removed due to backward compatibility issues.
One thing we can do going forward is deprecate substitution enabled by default.
* Update resolvelib upperbound to 2.0.0
Minor SemVer releases should not contain breaking changes
* Test the latest minor release and reduce number of resolvelib versions tested for efficiency
* Update the documentation for check_required_by
* Fix return value for check_required_by (now returns empty list on success)
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Improve error handling for create-bulk-issues.py
* Add support for setting assignee
* Add example YAML to feature --help output.
* Add additional help message for token issues.
* Removed deprecated pycompat24 and importlib
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Make CI green
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Ignore basic.py
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Make CI green III
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Make CI green IV
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
---------
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Several tasks within the modification_time.yml and state_link.yml task
lists have explicitly enabled diff_mode because these tests previously
assumed a diff attribute would always be returned from the file module.
While showing the deprecation message, mention the collection name
from which the module is removed.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* fixes for CVE-2024-8775
* propagate truthy `_ansible_no_log` in action result (previously superseded by task-calculated value)
* always mask entire `include_vars` action result if any file loaded had a false `show_content` flag (previously used only the flag value from the last file loaded)
* update no_log tests for CVE-2024-8775
* include validation of _ansible_no_log preservation when set by actions
* replace static values with dynamic for increased robustness to logging/display/callback changes (but still using grep counts :( )
* changelog
* use ternary, coerce to bool explicitly
variable_manager unit tests are unreachable. These tests
are already covered in integration tests.
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
In ``Handler.notify_host`` we ensure that ``Handler.notified_hosts`` can contain
particular host at most once. Therefore for removing a host it should be
faster to use ``list.remove`` which removes the first item in the list,
as opposed to using list comprehension removing all such items.