From 7c021bb983644ef5bd58e006d4dac7a3935796c9 Mon Sep 17 00:00:00 2001 From: Erik Jaegervall Date: Wed, 3 Jul 2024 13:17:40 +0200 Subject: [PATCH 1/6] Update dependencies to fix vulnerabilities Also changed: - After discussion in ETAS dev team proposing to use fixed versions also in *.in files - Fixing backward incompatible changes when updating Paho - Fixing workflow so that we really test with example from current branch --- .project-creation/.skeleton/requirements.in | 8 +- .project-creation/.skeleton/requirements.txt | 20 ++-- NOTICE-3RD-PARTY-CONTENT.md | 90 ++++++++-------- examples/seat-adjuster/requirements.in | 10 +- examples/seat-adjuster/requirements.txt | 20 ++-- examples/seat-adjuster/tests/requirements.in | 1 - examples/seat-adjuster/tests/requirements.txt | 20 ++-- requirements.txt | 101 +++++++++--------- setup.py | 18 ++-- velocitas_sdk/native/locator.py | 2 +- velocitas_sdk/native/middleware.py | 8 +- velocitas_sdk/native/mqtt.py | 10 +- velocitas_sdk/util/log.py | 1 + 13 files changed, 162 insertions(+), 147 deletions(-) diff --git a/.project-creation/.skeleton/requirements.in b/.project-creation/.skeleton/requirements.in index 625e19cd..cf61eeca 100644 --- a/.project-creation/.skeleton/requirements.in +++ b/.project-creation/.skeleton/requirements.in @@ -12,7 +12,7 @@ # # SPDX-License-Identifier: Apache-2.0 -grpcio==1.59.0 -protobuf==4.24.4 -cloudevents==1.10.0 -aiohttp==3.9.3 +grpcio==1.64.1 +protobuf==5.27.2 +cloudevents==1.11.0 +aiohttp==3.9.5 diff --git a/.project-creation/.skeleton/requirements.txt b/.project-creation/.skeleton/requirements.txt index 7495d9b0..b077dad4 100644 --- a/.project-creation/.skeleton/requirements.txt +++ b/.project-creation/.skeleton/requirements.txt @@ -4,33 +4,33 @@ # # pip-compile # -aiohttp==3.9.3 +aiohttp==3.9.5 # via -r requirements.in aiosignal==1.3.1 # via aiohttp async-timeout==4.0.3 # via aiohttp -attrs==23.1.0 +attrs==23.2.0 # via aiohttp -cloudevents==1.10.0 +cloudevents==1.11.0 # via -r requirements.in deprecation==2.1.0 # via cloudevents -frozenlist==1.4.0 +frozenlist==1.4.1 # via # aiohttp # aiosignal -grpcio==1.59.0 +grpcio==1.64.1 # via -r requirements.in -idna==3.4 +idna==3.7 # via yarl -multidict==6.0.4 +multidict==6.0.5 # via # aiohttp # yarl -packaging==23.2 +packaging==24.1 # via deprecation -protobuf==4.24.4 +protobuf==5.27.2 # via -r requirements.in -yarl==1.9.2 +yarl==1.9.4 # via aiohttp diff --git a/NOTICE-3RD-PARTY-CONTENT.md b/NOTICE-3RD-PARTY-CONTENT.md index 9005205b..3a8df769 100644 --- a/NOTICE-3RD-PARTY-CONTENT.md +++ b/NOTICE-3RD-PARTY-CONTENT.md @@ -3,70 +3,72 @@ ## Python | Dependency | Version | License | |:-----------|:-------:|--------:| -|aiohttp|3.9.3|Apache 2.0| +|aiohttp|3.9.5|Apache 2.0| |aiosignal|1.3.1|Apache 2.0| |APScheduler|3.10.4|MIT| |async-timeout|4.0.3|Apache 2.0| -|attrs|23.1.0|MIT| -|build|1.0.3|MIT| -|cachetools|5.3.2|MIT| +|attrs|23.2.0|MIT| +|build|1.2.1|MIT| +|cachetools|5.4.0|MIT| |cfgv|3.4.0|MIT| |chardet|5.2.0|LGPL| |click|8.1.7|New BSD| -|cloudevents|1.10.1|Apache 2.0| +|cloudevents|1.11.0|Apache 2.0| |colorama|0.4.6|BSD| -|coverage|7.4.1|Apache 2.0| +|coverage|7.6.0|Apache 2.0| |Deprecated|1.2.14|MIT| |deprecation|2.1.0|Apache 2.0| |distlib|0.3.8|Python Software Foundation License| -|exceptiongroup|1.2.0|MIT| -|filelock|3.13.1|The Unlicense (Unlicense)| -|frozenlist|1.4.0|Apache 2.0| +|exceptiongroup|1.2.2|MIT| +|filelock|3.15.4|The Unlicense (Unlicense)| +|frozenlist|1.4.1|Apache 2.0| |grpc-stubs|1.53.0.5|MIT| -|grpcio|1.59.0|Apache 2.0| -|grpcio-tools|1.59.0|Apache 2.0| -|identify|2.5.33|MIT| -|idna|3.4|BSD| +|grpcio|1.64.1|Apache 2.0| +|grpcio-tools|1.64.1|Apache 2.0| +|identify|2.6.0|MIT| +|idna|3.7|BSD| +|importlib-metadata|7.1.0|Apache 2.0| |iniconfig|2.0.0|MIT| -|multidict|6.0.4|Apache 2.0| -|mypy|1.8.0|MIT| +|multidict|6.0.5|Apache 2.0| +|mypy|1.11.0|MIT| |mypy-extensions|1.0.0|MIT| -|mypy-protobuf|3.4.0|Apache 2.0| -|nodeenv|1.8.0|BSD| -|opentelemetry-api|1.15.0|Apache 2.0| -|opentelemetry-distro|0.36b0|Apache 2.0| -|opentelemetry-instrumentation|0.36b0|Apache 2.0| -|opentelemetry-instrumentation-logging|0.36b0|Apache 2.0| -|opentelemetry-sdk|1.15.0|Apache 2.0| -|opentelemetry-semantic-conventions|0.36b0|Apache 2.0| -|packaging|23.1|Apache 2.0
BSD| -|paho-mqtt|1.6.1|OSI Approved| +|mypy-protobuf|3.6.0|Apache 2.0| +|nodeenv|1.9.1|BSD| +|opentelemetry-api|1.25.0|Apache 2.0| +|opentelemetry-distro|0.46b0|Apache 2.0| +|opentelemetry-instrumentation|0.46b0|Apache 2.0| +|opentelemetry-instrumentation-logging|0.46b0|Apache 2.0| +|opentelemetry-sdk|1.25.0|Apache 2.0| +|opentelemetry-semantic-conventions|0.46b0|Apache 2.0| +|packaging|24.1|Apache 2.0
BSD| +|paho-mqtt|2.1.0|OSI Approved| |pip|23.0.1|MIT| -|pip-tools|7.3.0|BSD| -|platformdirs|4.2.0|MIT| -|pluggy|1.4.0|MIT| -|pre-commit|3.6.0|MIT| -|protobuf|4.21.12|Google License| -|pyproject-api|1.6.1|MIT| -|pyproject-hooks|1.0.0|MIT| -|pytest|7.4.4|MIT| -|pytest-asyncio|0.23.4|Apache 2.0| -|pytest-cov|4.1.0|MIT| +|pip-tools|7.4.1|BSD| +|platformdirs|4.2.2|MIT| +|pluggy|1.5.0|MIT| +|pre-commit|3.8.0|MIT| +|protobuf|5.27.2|Google License| +|pyproject-api|1.7.1|MIT| +|pyproject-hooks|1.1.0|MIT| +|pytest|8.3.2|MIT| +|pytest-asyncio|0.23.8|Apache 2.0| +|pytest-cov|5.0.0|MIT| |pytz|2024.1|MIT| |PyYAML|6.0.1|MIT| |setuptools|65.5.1|MIT| |six|1.16.0|MIT| |tomli|2.0.1|MIT| -|tox|4.11.4|MIT| -|types-Deprecated|1.2.9.20240106|Apache 2.0| -|types-mock|5.1.0.20240106|Apache 2.0| -|types-protobuf|4.24.0.20240129|Apache 2.0| -|typing-extensions|4.7.1|Python Software Foundation License| +|tox|4.16.0|MIT| +|types-Deprecated|1.2.9.20240311|Apache 2.0| +|types-mock|5.1.0.20240425|Apache 2.0| +|types-protobuf|5.27.0.20240626|Apache 2.0| +|typing-extensions|4.12.2|Python Software Foundation License| |tzlocal|5.2|MIT| -|virtualenv|20.25.0|MIT| -|wheel|0.42.0|MIT| -|wrapt|1.15.0|BSD| -|yarl|1.9.2|Apache 2.0| +|virtualenv|20.26.3|MIT| +|wheel|0.43.0|MIT| +|wrapt|1.16.0|BSD| +|yarl|1.9.4|Apache 2.0| +|zipp|3.19.2|MIT| ## Workflows | Dependency | Version | License | |:-----------|:-------:|--------:| diff --git a/examples/seat-adjuster/requirements.in b/examples/seat-adjuster/requirements.in index bb691a8d..ebdd7fbd 100644 --- a/examples/seat-adjuster/requirements.in +++ b/examples/seat-adjuster/requirements.in @@ -12,8 +12,8 @@ # # SPDX-License-Identifier: Apache-2.0 -grpcio==1.59.0 -protobuf==4.24.4 -cloudevents==1.10.0 -aiohttp==3.9.3 -packaging==23.0 +grpcio==1.64.1 +protobuf==5.27.2 +cloudevents==1.11.0 +aiohttp==3.9.5 +packaging==24.1 diff --git a/examples/seat-adjuster/requirements.txt b/examples/seat-adjuster/requirements.txt index e1c10490..96a58240 100644 --- a/examples/seat-adjuster/requirements.txt +++ b/examples/seat-adjuster/requirements.txt @@ -4,35 +4,35 @@ # # pip-compile # -aiohttp==3.9.3 +aiohttp==3.9.5 # via -r requirements.in aiosignal==1.3.1 # via aiohttp async-timeout==4.0.3 # via aiohttp -attrs==23.1.0 +attrs==23.2.0 # via aiohttp -cloudevents==1.10.0 +cloudevents==1.11.0 # via -r requirements.in deprecation==2.1.0 # via cloudevents -frozenlist==1.4.0 +frozenlist==1.4.1 # via # aiohttp # aiosignal -grpcio==1.59.0 +grpcio==1.64.1 # via -r requirements.in -idna==3.4 +idna==3.7 # via yarl -multidict==6.0.4 +multidict==6.0.5 # via # aiohttp # yarl -packaging==23.0 +packaging==24.1 # via # -r requirements.in # deprecation -protobuf==4.24.4 +protobuf==5.27.2 # via -r requirements.in -yarl==1.9.2 +yarl==1.9.4 # via aiohttp diff --git a/examples/seat-adjuster/tests/requirements.in b/examples/seat-adjuster/tests/requirements.in index 8f32e070..fe53cb33 100644 --- a/examples/seat-adjuster/tests/requirements.in +++ b/examples/seat-adjuster/tests/requirements.in @@ -17,4 +17,3 @@ pytest-ordering pytest-asyncio pytest-cov types-mock -packaging==23.0 diff --git a/examples/seat-adjuster/tests/requirements.txt b/examples/seat-adjuster/tests/requirements.txt index b9e39e8b..7371cfe1 100644 --- a/examples/seat-adjuster/tests/requirements.txt +++ b/examples/seat-adjuster/tests/requirements.txt @@ -4,29 +4,27 @@ # # pip-compile # -coverage[toml]==7.4.1 +coverage[toml]==7.6.0 # via # coverage # pytest-cov -exceptiongroup==1.2.0 +exceptiongroup==1.2.2 # via pytest iniconfig==2.0.0 # via pytest -packaging==23.0 - # via - # -r requirements.in - # pytest -pluggy==1.4.0 +packaging==24.1 + # via pytest +pluggy==1.5.0 # via pytest -pytest==7.4.4 +pytest==8.3.2 # via # -r requirements.in # pytest-asyncio # pytest-cov # pytest-ordering -pytest-asyncio==0.23.4 +pytest-asyncio==0.23.8 # via -r requirements.in -pytest-cov==4.1.0 +pytest-cov==5.0.0 # via -r requirements.in pytest-ordering==0.6 # via -r requirements.in @@ -34,5 +32,5 @@ tomli==2.0.1 # via # coverage # pytest -types-mock==5.1.0.20240106 +types-mock==5.1.0.20240425 # via -r requirements.in diff --git a/requirements.txt b/requirements.txt index 67a0530e..4b4c08ae 100755 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,7 @@ # # pip-compile --extra=dev # -aiohttp==3.9.3 +aiohttp==3.9.5 # via velocitas_sdk (setup.py) aiosignal==1.3.1 # via aiohttp @@ -12,11 +12,11 @@ apscheduler==3.10.4 # via velocitas_sdk (setup.py) async-timeout==4.0.3 # via aiohttp -attrs==23.1.0 +attrs==23.2.0 # via aiohttp -build==1.0.3 +build==1.2.1 # via pip-tools -cachetools==5.3.2 +cachetools==5.4.0 # via tox cfgv==3.4.0 # via pre-commit @@ -24,11 +24,11 @@ chardet==5.2.0 # via tox click==8.1.7 # via pip-tools -cloudevents==1.10.1 +cloudevents==1.11.0 # via velocitas_sdk (setup.py) colorama==0.4.6 # via tox -coverage[toml]==7.4.1 +coverage[toml]==7.6.0 # via # coverage # pytest-cov @@ -40,110 +40,114 @@ deprecation==2.1.0 # via cloudevents distlib==0.3.8 # via virtualenv -exceptiongroup==1.2.0 +exceptiongroup==1.2.2 # via pytest -filelock==3.13.1 +filelock==3.15.4 # via # tox # virtualenv -frozenlist==1.4.0 +frozenlist==1.4.1 # via # aiohttp # aiosignal grpc-stubs==1.53.0.5 # via velocitas_sdk (setup.py) -grpcio==1.59.0 +grpcio==1.64.1 # via # grpc-stubs # grpcio-tools # velocitas_sdk (setup.py) -grpcio-tools==1.59.0 +grpcio-tools==1.64.1 # via velocitas_sdk (setup.py) -identify==2.5.33 +identify==2.6.0 # via pre-commit -idna==3.4 +idna==3.7 # via yarl +importlib-metadata==7.1.0 + # via opentelemetry-api iniconfig==2.0.0 # via pytest -multidict==6.0.4 +multidict==6.0.5 # via # aiohttp # yarl -mypy==1.8.0 +mypy==1.11.0 # via velocitas_sdk (setup.py) mypy-extensions==1.0.0 # via mypy -mypy-protobuf==3.4.0 +mypy-protobuf==3.6.0 # via velocitas_sdk (setup.py) -nodeenv==1.8.0 +nodeenv==1.9.1 # via pre-commit -opentelemetry-api==1.15.0 +opentelemetry-api==1.25.0 # via # opentelemetry-distro # opentelemetry-instrumentation # opentelemetry-instrumentation-logging # opentelemetry-sdk + # opentelemetry-semantic-conventions # velocitas_sdk (setup.py) -opentelemetry-distro==0.36b0 +opentelemetry-distro==0.46b0 # via velocitas_sdk (setup.py) -opentelemetry-instrumentation==0.36b0 +opentelemetry-instrumentation==0.46b0 # via # opentelemetry-distro # opentelemetry-instrumentation-logging -opentelemetry-instrumentation-logging==0.36b0 +opentelemetry-instrumentation-logging==0.46b0 # via velocitas_sdk (setup.py) -opentelemetry-sdk==1.15.0 +opentelemetry-sdk==1.25.0 # via # opentelemetry-distro # velocitas_sdk (setup.py) -opentelemetry-semantic-conventions==0.36b0 +opentelemetry-semantic-conventions==0.46b0 # via opentelemetry-sdk -packaging==23.1 +packaging==24.1 # via # build # deprecation # pyproject-api # pytest # tox -paho-mqtt==1.6.1 +paho-mqtt==2.1.0 # via velocitas_sdk (setup.py) -pip-tools==7.3.0 +pip-tools==7.4.1 # via velocitas_sdk (setup.py) -platformdirs==4.2.0 +platformdirs==4.2.2 # via # tox # virtualenv -pluggy==1.4.0 +pluggy==1.5.0 # via # pytest # tox -pre-commit==3.6.0 +pre-commit==3.8.0 # via velocitas_sdk (setup.py) -protobuf==4.21.12 +protobuf==5.27.2 # via # grpcio-tools # mypy-protobuf # velocitas_sdk (setup.py) -pyproject-api==1.6.1 +pyproject-api==1.7.1 # via tox -pyproject-hooks==1.0.0 - # via build -pytest==7.4.4 +pyproject-hooks==1.1.0 + # via + # build + # pip-tools +pytest==8.3.2 # via # pytest-asyncio # pytest-cov # velocitas_sdk (setup.py) -pytest-asyncio==0.23.4 +pytest-asyncio==0.23.8 # via velocitas_sdk (setup.py) -pytest-cov==4.1.0 +pytest-cov==5.0.0 # via velocitas_sdk (setup.py) pytz==2024.1 # via apscheduler pyyaml==6.0.1 # via pre-commit six==1.16.0 - # via - # apscheduler + # via apscheduler tomli==2.0.1 # via # build @@ -151,35 +155,36 @@ tomli==2.0.1 # mypy # pip-tools # pyproject-api - # pyproject-hooks # pytest # tox -tox==4.11.4 +tox==4.16.0 # via velocitas_sdk (setup.py) -types-deprecated==1.2.9.20240106 +types-deprecated==1.2.9.20240311 # via velocitas_sdk (setup.py) -types-mock==5.1.0.20240106 +types-mock==5.1.0.20240425 # via velocitas_sdk (setup.py) -types-protobuf==4.24.0.20240129 +types-protobuf==5.27.0.20240626 # via mypy-protobuf -typing-extensions==4.7.1 +typing-extensions==4.12.2 # via # mypy # opentelemetry-sdk tzlocal==5.2 # via apscheduler -virtualenv==20.25.0 +virtualenv==20.26.3 # via # pre-commit # tox -wheel==0.42.0 +wheel==0.43.0 # via pip-tools -wrapt==1.15.0 +wrapt==1.16.0 # via # deprecated # opentelemetry-instrumentation -yarl==1.9.2 +yarl==1.9.4 # via aiohttp +zipp==3.19.2 + # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: # pip diff --git a/setup.py b/setup.py index d8543a92..0650db30 100644 --- a/setup.py +++ b/setup.py @@ -15,15 +15,15 @@ from setuptools import setup requirements = [ - "grpcio>=1.59.0", - "protobuf>=3.19.4", - "cloudevents>=1.10.0", - "aiohttp==3.9.3", - "paho-mqtt>=1.6.1,<2", - "opentelemetry-distro<=0.36b0", - "opentelemetry-instrumentation-logging<=0.36b0", - "opentelemetry-sdk<=1.15.0", - "opentelemetry-api<=1.15.0", + "grpcio==1.64.1", + "protobuf==5.27.2", + "cloudevents==1.11.0", + "aiohttp==3.9.5", + "paho-mqtt==2.1.0", + "opentelemetry-distro==0.46b0", + "opentelemetry-instrumentation-logging==0.46b0", + "opentelemetry-sdk==1.25.0", + "opentelemetry-api==1.25.0", ] extra_requirements = { diff --git a/velocitas_sdk/native/locator.py b/velocitas_sdk/native/locator.py index 9b3aa6df..caa7eb6a 100644 --- a/velocitas_sdk/native/locator.py +++ b/velocitas_sdk/native/locator.py @@ -38,7 +38,7 @@ def get_service_location(self, service_name: str) -> str: except KeyError: logger.warning( """Can't find the service location for %s, make sure to set the - necessary env variables for all depemdencies""", + necessary env variables for all dependencies""", service_name, ) diff --git a/velocitas_sdk/native/middleware.py b/velocitas_sdk/native/middleware.py index 835c0d20..15332b0b 100644 --- a/velocitas_sdk/native/middleware.py +++ b/velocitas_sdk/native/middleware.py @@ -12,6 +12,7 @@ # # SPDX-License-Identifier: Apache-2.0 +import sys from urllib.parse import urlparse from velocitas_sdk.base import Middleware, MiddlewareType @@ -31,7 +32,12 @@ def __init__(self) -> None: _address = self.service_locator.get_service_location("mqtt") _port = urlparse(_address).port _hostname = urlparse(_address).hostname - self.pubsub_client = MqttClient(_port, _hostname) + + if _hostname is None: + print("No hostname") + sys.exit(-1) + + self.pubsub_client = MqttClient(hostname=_hostname, port=_port) async def start(self): pass diff --git a/velocitas_sdk/native/mqtt.py b/velocitas_sdk/native/mqtt.py index 33026a4b..c7eb7e6d 100644 --- a/velocitas_sdk/native/mqtt.py +++ b/velocitas_sdk/native/mqtt.py @@ -34,7 +34,7 @@ def __init__(self, topic, callback): class MqttClient(PubSubClient): """This class is a wrapper for the on_message callback of the MQTT broker.""" - def __init__(self, port: Optional[int] = None, hostname: Optional[str] = None): + def __init__(self, hostname: str, port: Optional[int] = None): self._port = port self._hostname = hostname self._topics_to_subscribe: list[MqttTopicSubscription] = [] @@ -44,8 +44,12 @@ def __init__(self, port: Optional[int] = None, hostname: Optional[str] = None): self._sub_client.on_connect = self.on_connect self._sub_client.on_disconnect = self.on_disconnect - self._sub_client.connect(self._hostname, self._port) - self._pub_client.connect(self._hostname, self._port) + if self._port is None: + self._sub_client.connect(self._hostname) + self._pub_client.connect(self._hostname) + else: + self._sub_client.connect(self._hostname, self._port) + self._pub_client.connect(self._hostname, self._port) def on_connect(self, client, userdata, flags, rc): if rc == 0: diff --git a/velocitas_sdk/util/log.py b/velocitas_sdk/util/log.py index 5f7d7099..298e91bf 100644 --- a/velocitas_sdk/util/log.py +++ b/velocitas_sdk/util/log.py @@ -71,6 +71,7 @@ def record_factory(*args, **kwargs): record.otelSpanID = "0" record.otelTraceID = "0" + record.otelTraceSampled = True ctx = span.get_span_context() if ctx != INVALID_SPAN_CONTEXT: record.otelSpanID = format(ctx.span_id, "016x") From 5e51c95d56645156f8bb658521ef5389d34a7cfb Mon Sep 17 00:00:00 2001 From: Erik Jaegervall Date: Wed, 7 Aug 2024 16:22:43 +0200 Subject: [PATCH 2/6] preparing to release v0.15 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 0650db30..8b49d8ed 100644 --- a/setup.py +++ b/setup.py @@ -61,7 +61,7 @@ setup( name="velocitas_sdk", - version="0.14.1", + version="0.15.0", description="A Python SDK for Vehicle app", long_description=long_description, long_description_content_type="text/markdown", From 8bfb550481e35eb5c8969cbf2069949daf846e9a Mon Sep 17 00:00:00 2001 From: Erik Jaegervall Date: Thu, 8 Aug 2024 08:42:11 +0200 Subject: [PATCH 3/6] Update release workflow with pypi push Also updating version to v0.15.2 as v0.15.0/v0.15.1 has been used for testing. --- .github/workflows/release.yaml | 120 +++++++++++++++++++++------------ NOTICE-3RD-PARTY-CONTENT.md | 17 +++-- requirements.txt | 12 ++-- setup.py | 2 +- 4 files changed, 95 insertions(+), 56 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index ccb51c6d..db5d847e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2024 Contributors to the Eclipse Foundation +# Copyright (c) 2024 Contributors to the Eclipse Foundation # # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at @@ -12,56 +12,92 @@ # # SPDX-License-Identifier: Apache-2.0 -name: Release workflow +name: Github Release and PyPi Publish on: - release: - types: [published, edited] + workflow_dispatch: + push: + tags: + - "v*.*.*" jobs: - release-package: - name: Generate package binaries - runs-on: ubuntu-latest + build: + name: Build distribution 📦 + runs-on: ubuntu-22.04 steps: - - name: Checkout repository - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.10" + - name: Install pypa/build + run: pip install build --user + - name: Build a binary wheel and a source tarball + run: python3 -m build + - name: Store the distribution packages + uses: actions/upload-artifact@v4 + with: + name: python-package-distributions + path: | + dist/ + LICENSE + NOTICE.md - - name: Initialize python - uses: actions/setup-python@v5 - with: - python-version: "3.10" + publish-to-pypi: + name: Publish 🐍 to PyPI + needs: + - build + runs-on: ubuntu-22.04 + environment: + name: pypi + url: https://pypi.org/p/velocitas-sdk - - name: Install Dependencies - run: | - python3 -m pip install --upgrade pip - python3 -m pip install -r requirements.txt + permissions: + id-token: write - - name: Set tags output - id: vars - run: echo "tag=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT - - - name: Check output - env: - RELEASE_VERSION: ${{ steps.vars.outputs.tag }} - run: | - echo $RELEASE_VERSION - echo ${{ steps.vars.outputs.tag }} + steps: + - name: Download dists folder + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: python-package/ + - name: Publish distribution 📦 to PyPI + uses: pypa/gh-action-pypi-publish@release/v1 + with: + packages-dir: python-package/dist - - name: Test setup.cfg execution - run: | - sed -i -e 's/@tag/${{ steps.vars.outputs.tag }}/g' ./setup.py - python3 setup.py sdist + github-release: + name: >- + Create GitHub Release + needs: + - build + runs-on: ubuntu-22.04 - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: release - path: ./dist + permissions: + contents: write + id-token: write - - name: Upload assets - uses: softprops/action-gh-release@v1 - if: startsWith(github.ref, 'refs/tags/') - with: - files: | - ./dist/* + steps: + - name: Download dists folder + uses: actions/download-artifact@v4 + with: + name: python-package-distributions + path: python-package/ + - name: Sign the dists with Sigstore + # If running on your own fork/organization + # you must assure that sigstore has been added as authroized OAuth app in Github + # Can be triggered by a manual run on CLI like "sigstore sign " + uses: sigstore/gh-action-sigstore-python@v3.0.0 + with: + inputs: >- + ./python-package/dist/*.tar.gz + ./python-package/dist/*.whl + - name: Create release + id: create_release + uses: softprops/action-gh-release@v2 + with: + files: | + python-package/dist/** + python-package/LICENSE + python-package/NOTICE.md diff --git a/NOTICE-3RD-PARTY-CONTENT.md b/NOTICE-3RD-PARTY-CONTENT.md index 3a8df769..5322b013 100644 --- a/NOTICE-3RD-PARTY-CONTENT.md +++ b/NOTICE-3RD-PARTY-CONTENT.md @@ -7,7 +7,7 @@ |aiosignal|1.3.1|Apache 2.0| |APScheduler|3.10.4|MIT| |async-timeout|4.0.3|Apache 2.0| -|attrs|23.2.0|MIT| +|attrs|24.2.0|MIT| |build|1.2.1|MIT| |cachetools|5.4.0|MIT| |cfgv|3.4.0|MIT| @@ -15,7 +15,7 @@ |click|8.1.7|New BSD| |cloudevents|1.11.0|Apache 2.0| |colorama|0.4.6|BSD| -|coverage|7.6.0|Apache 2.0| +|coverage|7.6.1|Apache 2.0| |Deprecated|1.2.14|MIT| |deprecation|2.1.0|Apache 2.0| |distlib|0.3.8|Python Software Foundation License| @@ -30,7 +30,7 @@ |importlib-metadata|7.1.0|Apache 2.0| |iniconfig|2.0.0|MIT| |multidict|6.0.5|Apache 2.0| -|mypy|1.11.0|MIT| +|mypy|1.11.1|MIT| |mypy-extensions|1.0.0|MIT| |mypy-protobuf|3.6.0|Apache 2.0| |nodeenv|1.9.1|BSD| @@ -54,18 +54,18 @@ |pytest-asyncio|0.23.8|Apache 2.0| |pytest-cov|5.0.0|MIT| |pytz|2024.1|MIT| -|PyYAML|6.0.1|MIT| +|PyYAML|6.0.2|MIT| |setuptools|65.5.1|MIT| |six|1.16.0|MIT| |tomli|2.0.1|MIT| -|tox|4.16.0|MIT| +|tox|4.17.1|MIT| |types-Deprecated|1.2.9.20240311|Apache 2.0| |types-mock|5.1.0.20240425|Apache 2.0| |types-protobuf|5.27.0.20240626|Apache 2.0| |typing-extensions|4.12.2|Python Software Foundation License| |tzlocal|5.2|MIT| |virtualenv|20.26.3|MIT| -|wheel|0.43.0|MIT| +|wheel|0.44.0|MIT| |wrapt|1.16.0|BSD| |yarl|1.9.4|Apache 2.0| |zipp|3.19.2|MIT| @@ -73,6 +73,7 @@ | Dependency | Version | License | |:-----------|:-------:|--------:| |actions/checkout|v4|MIT License| +|actions/download-artifact|v4|MIT License| |actions/setup-java|v4|MIT License| |actions/setup-node|v4|MIT License| |actions/setup-python|v5|MIT License| @@ -82,4 +83,6 @@ |github/codeql-action|v3|MIT License| |mikepenz/action-junit-report|v4|Apache License 2.0| |pre-commit/action|v3.0.1|MIT License| -|softprops/action-gh-release|v1|MIT License| +|pypa/gh-action-pypi-publish|release/v1|BSD 3-Clause "New" or "Revised" License| +|sigstore/gh-action-sigstore-python|v3.0.0|Apache License 2.0| +|softprops/action-gh-release|v2|MIT License| diff --git a/requirements.txt b/requirements.txt index 4b4c08ae..4f6a57a6 100755 --- a/requirements.txt +++ b/requirements.txt @@ -12,7 +12,7 @@ apscheduler==3.10.4 # via velocitas_sdk (setup.py) async-timeout==4.0.3 # via aiohttp -attrs==23.2.0 +attrs==24.2.0 # via aiohttp build==1.2.1 # via pip-tools @@ -28,7 +28,7 @@ cloudevents==1.11.0 # via velocitas_sdk (setup.py) colorama==0.4.6 # via tox -coverage[toml]==7.6.0 +coverage[toml]==7.6.1 # via # coverage # pytest-cov @@ -71,7 +71,7 @@ multidict==6.0.5 # via # aiohttp # yarl -mypy==1.11.0 +mypy==1.11.1 # via velocitas_sdk (setup.py) mypy-extensions==1.0.0 # via mypy @@ -144,7 +144,7 @@ pytest-cov==5.0.0 # via velocitas_sdk (setup.py) pytz==2024.1 # via apscheduler -pyyaml==6.0.1 +pyyaml==6.0.2 # via pre-commit six==1.16.0 # via apscheduler @@ -157,7 +157,7 @@ tomli==2.0.1 # pyproject-api # pytest # tox -tox==4.16.0 +tox==4.17.1 # via velocitas_sdk (setup.py) types-deprecated==1.2.9.20240311 # via velocitas_sdk (setup.py) @@ -175,7 +175,7 @@ virtualenv==20.26.3 # via # pre-commit # tox -wheel==0.43.0 +wheel==0.44.0 # via pip-tools wrapt==1.16.0 # via diff --git a/setup.py b/setup.py index 8b49d8ed..e54fbe28 100644 --- a/setup.py +++ b/setup.py @@ -61,7 +61,7 @@ setup( name="velocitas_sdk", - version="0.15.0", + version="0.15.2", description="A Python SDK for Vehicle app", long_description=long_description, long_description_content_type="text/markdown", From 830b02ef226cbba586364defcbe38ed03213975a Mon Sep 17 00:00:00 2001 From: Markus Petke Date: Tue, 13 Aug 2024 08:43:42 +0200 Subject: [PATCH 4/6] connect only on init (#146) * connect only on init * add await --- ...nt_test.py => native_pubsub_client_test.py} | 0 velocitas_sdk/native/middleware.py | 2 +- velocitas_sdk/native/mqtt.py | 18 ++++++++---------- 3 files changed, 9 insertions(+), 11 deletions(-) rename tests/unit/{native_pusbub_client_test.py => native_pubsub_client_test.py} (100%) diff --git a/tests/unit/native_pusbub_client_test.py b/tests/unit/native_pubsub_client_test.py similarity index 100% rename from tests/unit/native_pusbub_client_test.py rename to tests/unit/native_pubsub_client_test.py diff --git a/velocitas_sdk/native/middleware.py b/velocitas_sdk/native/middleware.py index 15332b0b..f50d3cb4 100644 --- a/velocitas_sdk/native/middleware.py +++ b/velocitas_sdk/native/middleware.py @@ -40,7 +40,7 @@ def __init__(self) -> None: self.pubsub_client = MqttClient(hostname=_hostname, port=_port) async def start(self): - pass + await self.pubsub_client.init() async def wait_until_ready(self): pass diff --git a/velocitas_sdk/native/mqtt.py b/velocitas_sdk/native/mqtt.py index c7eb7e6d..836e13e9 100644 --- a/velocitas_sdk/native/mqtt.py +++ b/velocitas_sdk/native/mqtt.py @@ -44,13 +44,6 @@ def __init__(self, hostname: str, port: Optional[int] = None): self._sub_client.on_connect = self.on_connect self._sub_client.on_disconnect = self.on_disconnect - if self._port is None: - self._sub_client.connect(self._hostname) - self._pub_client.connect(self._hostname) - else: - self._sub_client.connect(self._hostname, self._port) - self._pub_client.connect(self._hostname, self._port) - def on_connect(self, client, userdata, flags, rc): if rc == 0: logger.debug("Mqtt native connection OK!") @@ -64,13 +57,18 @@ def on_connect(self, client, userdata, flags, rc): def on_disconnect(self, client, userdata, rc): logger.debug("Mqtt native is disconnected with reason: %d", rc) + async def init(self): + if self._port is None: + self._sub_client.connect(self._hostname) + self._pub_client.connect(self._hostname) + else: + self._sub_client.connect(self._hostname, self._port) + self._pub_client.connect(self._hostname, self._port) + async def run(self): self._sub_client.loop_start() self._pub_client.loop_start() - async def init(self): - """Do nothing""" - async def subscribe_topic(self, topic, coro): self._topics_to_subscribe.append(MqttTopicSubscription(topic, coro)) if self._sub_client.is_connected(): From 1bd171e423199457c26ef235c55ac596070b2316 Mon Sep 17 00:00:00 2001 From: Markus Petke Date: Wed, 14 Aug 2024 06:26:27 +0200 Subject: [PATCH 5/6] dynamic version from git (#147) --- setup.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setup.py b/setup.py index e54fbe28..f7e89b10 100644 --- a/setup.py +++ b/setup.py @@ -61,7 +61,6 @@ setup( name="velocitas_sdk", - version="0.15.2", description="A Python SDK for Vehicle app", long_description=long_description, long_description_content_type="text/markdown", @@ -87,4 +86,8 @@ "License :: OSI Approved :: Apache Software License", "Operating System :: OS Independent", ], + setuptools_git_versioning={ + "enabled": True, + }, + setup_requires=["setuptools-git-versioning>=2.0,<3"], ) From bb166e5c71060a993b0b34f581d9461e9806b035 Mon Sep 17 00:00:00 2001 From: Erik Jaegervall Date: Tue, 3 Sep 2024 10:45:21 +0200 Subject: [PATCH 6/6] Fixing aiohttp vulnerability --- .project-creation/.skeleton/requirements.in | 2 +- .project-creation/.skeleton/requirements.txt | 10 +++++---- NOTICE-3RD-PARTY-CONTENT.md | 17 ++++++++------- examples/seat-adjuster/requirements.in | 2 +- examples/seat-adjuster/requirements.txt | 10 +++++---- requirements.txt | 22 ++++++++++---------- setup.py | 2 +- 7 files changed, 35 insertions(+), 30 deletions(-) diff --git a/.project-creation/.skeleton/requirements.in b/.project-creation/.skeleton/requirements.in index cf61eeca..3fe25684 100644 --- a/.project-creation/.skeleton/requirements.in +++ b/.project-creation/.skeleton/requirements.in @@ -15,4 +15,4 @@ grpcio==1.64.1 protobuf==5.27.2 cloudevents==1.11.0 -aiohttp==3.9.5 +aiohttp==3.10.5 diff --git a/.project-creation/.skeleton/requirements.txt b/.project-creation/.skeleton/requirements.txt index b077dad4..1ac04dd8 100644 --- a/.project-creation/.skeleton/requirements.txt +++ b/.project-creation/.skeleton/requirements.txt @@ -4,13 +4,15 @@ # # pip-compile # -aiohttp==3.9.5 +aiohappyeyeballs==2.4.0 + # via aiohttp +aiohttp==3.10.5 # via -r requirements.in aiosignal==1.3.1 # via aiohttp async-timeout==4.0.3 # via aiohttp -attrs==23.2.0 +attrs==24.2.0 # via aiohttp cloudevents==1.11.0 # via -r requirements.in @@ -22,7 +24,7 @@ frozenlist==1.4.1 # aiosignal grpcio==1.64.1 # via -r requirements.in -idna==3.7 +idna==3.8 # via yarl multidict==6.0.5 # via @@ -32,5 +34,5 @@ packaging==24.1 # via deprecation protobuf==5.27.2 # via -r requirements.in -yarl==1.9.4 +yarl==1.9.7 # via aiohttp diff --git a/NOTICE-3RD-PARTY-CONTENT.md b/NOTICE-3RD-PARTY-CONTENT.md index 5322b013..ae284afe 100644 --- a/NOTICE-3RD-PARTY-CONTENT.md +++ b/NOTICE-3RD-PARTY-CONTENT.md @@ -3,13 +3,14 @@ ## Python | Dependency | Version | License | |:-----------|:-------:|--------:| -|aiohttp|3.9.5|Apache 2.0| +|aiohappyeyeballs|2.4.0|Other/Proprietary License
Python Software Foundation License| +|aiohttp|3.10.5|Apache 2.0| |aiosignal|1.3.1|Apache 2.0| |APScheduler|3.10.4|MIT| |async-timeout|4.0.3|Apache 2.0| |attrs|24.2.0|MIT| |build|1.2.1|MIT| -|cachetools|5.4.0|MIT| +|cachetools|5.5.0|MIT| |cfgv|3.4.0|MIT| |chardet|5.2.0|LGPL| |click|8.1.7|New BSD| @@ -26,11 +27,11 @@ |grpcio|1.64.1|Apache 2.0| |grpcio-tools|1.64.1|Apache 2.0| |identify|2.6.0|MIT| -|idna|3.7|BSD| +|idna|3.8|BSD| |importlib-metadata|7.1.0|Apache 2.0| |iniconfig|2.0.0|MIT| |multidict|6.0.5|Apache 2.0| -|mypy|1.11.1|MIT| +|mypy|1.11.2|MIT| |mypy-extensions|1.0.0|MIT| |mypy-protobuf|3.6.0|Apache 2.0| |nodeenv|1.9.1|BSD| @@ -51,14 +52,14 @@ |pyproject-api|1.7.1|MIT| |pyproject-hooks|1.1.0|MIT| |pytest|8.3.2|MIT| -|pytest-asyncio|0.23.8|Apache 2.0| +|pytest-asyncio|0.24.0|Apache 2.0| |pytest-cov|5.0.0|MIT| |pytz|2024.1|MIT| |PyYAML|6.0.2|MIT| |setuptools|65.5.1|MIT| |six|1.16.0|MIT| |tomli|2.0.1|MIT| -|tox|4.17.1|MIT| +|tox|4.18.0|MIT| |types-Deprecated|1.2.9.20240311|Apache 2.0| |types-mock|5.1.0.20240425|Apache 2.0| |types-protobuf|5.27.0.20240626|Apache 2.0| @@ -67,8 +68,8 @@ |virtualenv|20.26.3|MIT| |wheel|0.44.0|MIT| |wrapt|1.16.0|BSD| -|yarl|1.9.4|Apache 2.0| -|zipp|3.19.2|MIT| +|yarl|1.9.7|Apache 2.0| +|zipp|3.20.1|MIT| ## Workflows | Dependency | Version | License | |:-----------|:-------:|--------:| diff --git a/examples/seat-adjuster/requirements.in b/examples/seat-adjuster/requirements.in index ebdd7fbd..76c99468 100644 --- a/examples/seat-adjuster/requirements.in +++ b/examples/seat-adjuster/requirements.in @@ -15,5 +15,5 @@ grpcio==1.64.1 protobuf==5.27.2 cloudevents==1.11.0 -aiohttp==3.9.5 +aiohttp==3.10.5 packaging==24.1 diff --git a/examples/seat-adjuster/requirements.txt b/examples/seat-adjuster/requirements.txt index 96a58240..6f5422a4 100644 --- a/examples/seat-adjuster/requirements.txt +++ b/examples/seat-adjuster/requirements.txt @@ -4,13 +4,15 @@ # # pip-compile # -aiohttp==3.9.5 +aiohappyeyeballs==2.4.0 + # via aiohttp +aiohttp==3.10.5 # via -r requirements.in aiosignal==1.3.1 # via aiohttp async-timeout==4.0.3 # via aiohttp -attrs==23.2.0 +attrs==24.2.0 # via aiohttp cloudevents==1.11.0 # via -r requirements.in @@ -22,7 +24,7 @@ frozenlist==1.4.1 # aiosignal grpcio==1.64.1 # via -r requirements.in -idna==3.7 +idna==3.8 # via yarl multidict==6.0.5 # via @@ -34,5 +36,5 @@ packaging==24.1 # deprecation protobuf==5.27.2 # via -r requirements.in -yarl==1.9.4 +yarl==1.9.7 # via aiohttp diff --git a/requirements.txt b/requirements.txt index 4f6a57a6..0a599439 100755 --- a/requirements.txt +++ b/requirements.txt @@ -4,7 +4,9 @@ # # pip-compile --extra=dev # -aiohttp==3.9.5 +aiohappyeyeballs==2.4.0 + # via aiohttp +aiohttp==3.10.5 # via velocitas_sdk (setup.py) aiosignal==1.3.1 # via aiohttp @@ -16,7 +18,7 @@ attrs==24.2.0 # via aiohttp build==1.2.1 # via pip-tools -cachetools==5.4.0 +cachetools==5.5.0 # via tox cfgv==3.4.0 # via pre-commit @@ -29,9 +31,7 @@ cloudevents==1.11.0 colorama==0.4.6 # via tox coverage[toml]==7.6.1 - # via - # coverage - # pytest-cov + # via pytest-cov deprecated==1.2.14 # via # opentelemetry-api @@ -61,7 +61,7 @@ grpcio-tools==1.64.1 # via velocitas_sdk (setup.py) identify==2.6.0 # via pre-commit -idna==3.7 +idna==3.8 # via yarl importlib-metadata==7.1.0 # via opentelemetry-api @@ -71,7 +71,7 @@ multidict==6.0.5 # via # aiohttp # yarl -mypy==1.11.1 +mypy==1.11.2 # via velocitas_sdk (setup.py) mypy-extensions==1.0.0 # via mypy @@ -138,7 +138,7 @@ pytest==8.3.2 # pytest-asyncio # pytest-cov # velocitas_sdk (setup.py) -pytest-asyncio==0.23.8 +pytest-asyncio==0.24.0 # via velocitas_sdk (setup.py) pytest-cov==5.0.0 # via velocitas_sdk (setup.py) @@ -157,7 +157,7 @@ tomli==2.0.1 # pyproject-api # pytest # tox -tox==4.17.1 +tox==4.18.0 # via velocitas_sdk (setup.py) types-deprecated==1.2.9.20240311 # via velocitas_sdk (setup.py) @@ -181,9 +181,9 @@ wrapt==1.16.0 # via # deprecated # opentelemetry-instrumentation -yarl==1.9.4 +yarl==1.9.7 # via aiohttp -zipp==3.19.2 +zipp==3.20.1 # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: diff --git a/setup.py b/setup.py index f7e89b10..70afb78f 100644 --- a/setup.py +++ b/setup.py @@ -18,7 +18,7 @@ "grpcio==1.64.1", "protobuf==5.27.2", "cloudevents==1.11.0", - "aiohttp==3.9.5", + "aiohttp==3.10.5", "paho-mqtt==2.1.0", "opentelemetry-distro==0.46b0", "opentelemetry-instrumentation-logging==0.46b0",