Merge branch 'main' into dependabot/pip/main/cyclonedx-python-lib-5.0.1

spoorcc · web-flow · commit da71c86efe44 · 2025-09-19T23:01:35.000+02:00
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -4,7 +4,7 @@ FROM mcr.microsoft.com/devcontainers/python:1-3.12-bullseye
 # pv is required for asciicasts
 RUN apt-get update && apt-get install --no-install-recommends -y \
     pv=1.6.6-1+b1 \
-    subversion=1.14.1-3+deb11u1 && \
+    subversion=1.14.1-3+deb11u2 && \
     rm -rf /var/lib/apt/lists/*
 
 WORKDIR /workspaces/dfetch
@@ -20,7 +20,7 @@ ENV PYTHONUSERBASE="/home/dev/.local"
 
 COPY --chown=dev:dev . .
 
-RUN pip install --no-cache-dir --root-user-action=ignore --upgrade pip==25.0.1 \
+RUN pip install --no-cache-dir --root-user-action=ignore --upgrade pip==25.1.1 \
     && pip install --no-cache-dir --root-user-action=ignore -e .[development,docs,test,casts] \
     && pre-commit install --install-hooks
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -36,7 +36,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/devcontainer.yml b/.github/workflows/devcontainer.yml
@@ -0,0 +1,44 @@
+name: DevContainer
+
+on:
+  push:
+    branches: [main, dev]
+  pull_request:
+    branches: [main, dev]
+
+jobs:
+  devcontainer:
+    name: DevContainer Build & Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Cache Docker layers
+        uses: actions/cache@v4
+        with:
+          path: /tmp/.buildx-cache
+          key: devcontainer-${{ runner.os }}-${{ github.sha }}
+          restore-keys: |
+            devcontainer-${{ runner.os }}-
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Build DevContainer image
+        uses: devcontainers/ci@v0.3
+        with:
+          runCmd: |
+            echo "Installing test dependencies..."
+            pip install -e .[development,docs,casts]
+
+            echo "Running pre-commit checks..."
+            pre-commit run --all-files
+
+            echo "Running unit tests..."
+            python -m pytest tests
+
+            echo "Building documentation..."
+            make -C doc html
+            make -C doc/landing-page html
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -6,10 +6,10 @@ jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
 
     - name: Install Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version: '3.x'
 
diff --git a/.github/workflows/landing-page.yml b/.github/workflows/landing-page.yml
@@ -10,10 +10,10 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: "3.12"
 
diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
@@ -19,9 +19,9 @@ jobs:
       id-token: write
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version: '3.x'
     - name: Install dependencies
diff --git a/.github/workflows/run.yml b/.github/workflows/run.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: windows-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: cygwin/cygwin-install-action@master
 
@@ -30,11 +30,10 @@ jobs:
       - run: dfetch check
       - run: dfetch update
       - run: dfetch update
-      - run: dfetch check --sarif sarif.json
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+      - name: Dfetch SARIF Check
+        uses: ./
         with:
-          sarif_file: sarif.json
+          working-directory: '.'
 
       - name: Run example
         working-directory: ./example
@@ -53,10 +52,10 @@ jobs:
     runs-on: ${{ matrix.platform }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -87,8 +86,7 @@ jobs:
       - run: dfetch check
       - run: dfetch update
       - run: dfetch update
-      - run: dfetch check --sarif sarif.json
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+      - name: Dfetch SARIF Check
+        uses: ./
         with:
-          sarif_file: sarif.json
+          working-directory: '.'
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -11,10 +11,10 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v6
         with:
           python-version: '3.12'
 
@@ -35,7 +35,7 @@ jobs:
       # - run: flake8 dfetch                                           # Checks pep8 conformance
       - run: pylint dfetch                                             # Checks pep8 conformance
       - run: ruff check dfetch                                         # Check using ruff
-      - run: mypy --strict dfetch                                      # Check types
+      - run: mypy dfetch                                               # Check types
       - run: pyright .                                                 # Check types
       - run: doc8 doc                                                  # Checks documentation
       - run: pydocstyle dfetch                                         # Checks doc strings
diff --git a/README.md b/README.md
@@ -37,11 +37,29 @@ See [alternatives](https://dfetch.readthedocs.io/en/latest/alternatives.html) fo
 ## Install
 
 ### Stable
+
 ```bash
 pip install dfetch
 ```
 
 ### latest version
+
 ```bash
 pip install https://github.com/dfetch-org/dfetch/archive/main.zip
 ```
+
+## Github Action
+
+You can use DFetch in your Github Actions workflow to check your dependencies.
+The results will be uploaded to Github. Add the following to your workflow file:
+
+```yaml
+jobs:
+  dfetch-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run Dfetch Check
+        uses: dfetch-org/dfetch@main
+        with:
+          working-directory: '.' # optional, defaults to project root
+```
diff --git a/action.yml b/action.yml
@@ -0,0 +1,38 @@
+name: 'Dfetch Check'
+description: 'Run dfetch check and upload SARIF results.'
+author: 'dfetch-org'
+branding:
+  icon: 'check-circle'
+  color: 'blue'
+
+inputs:
+  working-directory:
+    description: 'Directory to run dfetch in (default: project root)'
+    required: false
+    default: '.'
+
+outputs:
+  sarif-path:
+    description: 'Path to the generated SARIF file.'
+    value: sarif.json
+
+runs:
+  using: 'composite'
+  steps:
+    - name: Checkout repository
+      uses: actions/checkout@v5
+    - name: Setup Python
+      uses: actions/setup-python@v6
+      with:
+        python-version: '3.13'
+    - name: Install dfetch
+      run: pip install .
+      shell: bash
+    - name: Run dfetch check (SARIF)
+      run: dfetch check --sarif sarif.json
+      shell: bash
+      working-directory: ${{ inputs.working-directory }}
+    - name: Upload SARIF file
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: sarif.json
diff --git a/doc/_ext/scenario_directive.py b/doc/_ext/scenario_directive.py
@@ -27,6 +27,7 @@
 
 from docutils import nodes
 from docutils.parsers.rst import Directive
+from docutils.statemachine import ViewList
 
 
 class ScenarioIncludeDirective(Directive):
@@ -87,8 +88,12 @@ def run(self):
         :start-after: Scenario: {scenario_title}
         {end_before}
 """
+            viewlist = ViewList()
+            for i, line in enumerate(directive_rst.splitlines()):
+                viewlist.append(line, source=f"<{self.name} directive>", offset=i)
+
             self.state.nested_parse(
-                self.state_machine.input_lines.__class__(directive_rst.splitlines()),
+                viewlist,
                 self.content_offset,
                 container,
             )
diff --git a/doc/dfetch-action.md b/doc/dfetch-action.md
diff --git a/features/keep-license-in-project.feature b/features/keep-license-in-project.feature
@@ -1,8 +1,8 @@
 Feature: Keep license in project
 
-    A lot of people in the world do a lot of hard work to create software
+    Lots of people in the world do a lot of hard work to create software
     to use freely. They only ask to keep the license with their code.
-    When fetching only a part of a repository with the 'src:' tag, the risk
+    If fetching only a part of a repository with the 'src:' tag, the risk
     is you forget the license file.
 
     Scenario: License is preserved in git repo sparse checkout and cannot be ignored
diff --git a/features/steps/generic_steps.py b/features/steps/generic_steps.py
@@ -1,7 +1,7 @@
 """Steps for features tests."""
 
-# pyright: reportRedeclaration=false, reportAttributeAccessIssue=false
-# pylint: disable=function-redefined, missing-function-docstring
+# pylint: disable=function-redefined, missing-function-docstring, not-callable
+# pyright: reportRedeclaration=false, reportAttributeAccessIssue=false, reportCallIssue=false
 
 import difflib
 import json
@@ -12,6 +12,7 @@
 from typing import Iterable, List, Optional, Pattern, Tuple
 
 from behave import given, then, when  # pylint: disable=no-name-in-module
+from behave.runner import Context
 
 from dfetch.__main__ import DfetchFatalException, run
 from dfetch.util.util import in_directory
@@ -29,8 +30,8 @@ def remote_server_path(context):
     return "/".join(context.remotes_dir_path.split(os.sep))
 
 
-def call_command(context, args: list[str], path: Optional[str] = ".") -> None:
-    context.log_capture.buffer = []
+def call_command(context: Context, args: list[str], path: Optional[str] = ".") -> None:
+    length_at_start = len(context.captured.output)
     with in_directory(path or "."):
         try:
             run(args)
@@ -39,7 +40,7 @@ def call_command(context, args: list[str], path: Optional[str] = ".") -> None:
             context.cmd_returncode = 1
     # Remove the color code + title
     context.cmd_output = dfetch_title.sub(
-        "", ansi_escape.sub("", context.log_capture.getvalue())
+        "", ansi_escape.sub("", context.captured.output[length_at_start:].strip("\n"))
     )
 
 
@@ -268,7 +269,7 @@ def step_impl(context):
         assert os.listdir(project["path"]), f"{project} is just an empty directory!"
 
 
-@then("'{path}' looks like")
+@then("'{path}' looks like:")
 def step_impl(context, path):
     expected_dir = context.text.strip()
     actual_dir = list_dir(path).strip()
diff --git a/features/steps/git_steps.py b/features/steps/git_steps.py
@@ -1,7 +1,7 @@
 """Steps for features tests."""
 
-# pylint: disable=function-redefined, missing-function-docstring, import-error
-# pyright: reportRedeclaration=false, reportAttributeAccessIssue=false
+# pylint: disable=function-redefined, missing-function-docstring, import-error, not-callable
+# pyright: reportRedeclaration=false, reportAttributeAccessIssue=false, reportCallIssue=false
 
 import os
 import pathlib
@@ -62,7 +62,7 @@ def step_impl(context, tagname, name):
         tag(tagname)
 
 
-@given('a git-repository "{name}" with the manifest')
+@given('a git-repository "{name}" with the manifest:')
 @given('a git repository "{name}"')
 def step_impl(context, name):
     remote_path = os.path.join(context.remotes_dir, name)
diff --git a/features/steps/manifest_steps.py b/features/steps/manifest_steps.py
@@ -1,7 +1,7 @@
 """Steps for features tests."""
 
-# pylint: disable=function-redefined, missing-function-docstring, import-error
-# pyright: reportRedeclaration=false, reportAttributeAccessIssue=false
+# pylint: disable=function-redefined, missing-function-docstring, import-error, not-callable
+# pyright: reportRedeclaration=false, reportAttributeAccessIssue=false, reportCallIssue=false
 
 import os
 import pathlib
@@ -40,7 +40,7 @@ def step_impl(context, name):
     check_file(name, context.text)
 
 
-@given("the manifest '{name}' with the projects")
+@given("the manifest '{name}' with the projects:")
 def step_impl(context, name):
     projects = "\n".join(f"      - name: {row['name']}" for row in context.table)
     manifest = f"""manifest:
diff --git a/features/steps/svn_steps.py b/features/steps/svn_steps.py
@@ -1,7 +1,7 @@
 """Steps for features tests."""
 
-# pylint: disable=function-redefined, missing-function-docstring, import-error
-# pyright: reportRedeclaration=false, reportAttributeAccessIssue=false
+# pylint: disable=function-redefined, missing-function-docstring, import-error, not-callable
+# pyright: reportRedeclaration=false, reportAttributeAccessIssue=false, reportCallIssue=false
 
 import os
 import pathlib
diff --git a/pyproject.toml b/pyproject.toml
