Merge pull request #1675 from camptocamp/renovate/master-ubuntu-24.x

Update dependency ubuntu to v24 (master)
camptocamp · Oct 9, 2024 · 52a415b · 52a415b
2 parents 7a20de4 + aea91c7
commit 52a415b
Show file tree

Hide file tree

Showing 10 changed files with 252 additions and 275 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -150,49 +150,3 @@ jobs:
       - name: Clean the database
         run: c2cciutils-k8s-db --cleanup
         if: always()
-
-  audit:
-    name: Audit
-    runs-on: ubuntu-24.04
-    timeout-minutes: 10
-    if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
-
-    steps:
-      - run: docker system prune --all --force
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 1
-
-      - uses: camptocamp/initialise-gopass-summon-action@v2
-        with:
-          ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}}
-          github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}}
-
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.12'
-      - run: python3 -m pip install --requirement=requirements.txt
-      - run: poetry build
-        env:
-          POETRY_DYNAMIC_VERSIONING_BYPASS: 0.0.0
-
-      - run: python3 -m venv ~/.venv
-      - run: ~/.venv/bin/pip install --force-reinstall dist/c2cciutils-0.0.0-py3-none-any.whl[audit]
-      - run: python3 -m pip install dist/c2cciutils-0.0.0-py3-none-any.whl[audit]
-
-      - name: Check .tool-versions file existence
-        id: tool-versions
-        uses: andstor/file-existence-action@v3
-        with:
-          files: .tool-versions
-      - uses: asdf-vm/actions/install@v3
-        if: steps.tool-versions.outputs.files_exists == 'true'
-      - run: cat /tmp/python-build.*.log
-        if: failure()
-      - run: python --version
-
-      - name: Audit
-        run: ~/.venv/bin/c2cciutils-audit --branch=${{ github.ref }}
-        env:
-          TEST: 'TRUE'
-          GITHUB_TOKEN: ${{ github.token }}
diff --git a/.prospector.yaml b/.prospector.yaml
@@ -16,3 +16,9 @@ pylint:
 bandit:
   options:
     config: .bandit.yaml
+
+pycodestyle:
+  disable:
+    # Buggy checks that don't detect strings
+    - W604 # backticks are deprecated, use 'repr()'
+    - E221 # multiple spaces before operator
diff --git a/Dockerfile b/Dockerfile
@@ -1,15 +1,22 @@
-FROM ubuntu:22.04 AS base-all
-LABEL maintainer Camptocamp "info@camptocamp.com"
+FROM ubuntu:24.04 AS base-all
+LABEL maintainer='Camptocamp "info@camptocamp.com"'
+
 SHELL ["/bin/bash", "-o", "pipefail", "-cux"]
 
-RUN --mount=type=cache,target=/var/lib/apt/lists --mount=type=cache,target=/var/cache \
-    sed -i '/-backports /d' /etc/apt/sources.list \
-    && apt-get update \
-    && apt-get install --yes --no-install-recommends python3-pip binutils
+RUN --mount=type=cache,target=/var/lib/apt/lists \
+    --mount=type=cache,target=/var/cache,sharing=locked \
+    apt-get update \
+    && apt-get upgrade --yes \
+    && apt-get install --yes --no-install-recommends apt-utils \
+    && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install --yes tzdata \
+    && apt-get install --yes --no-install-recommends binutils python3-pip python3-venv \
+    && python3 -m venv /venv
+
+ENV PATH=/venv/bin:$PATH
 
 # Used to convert the locked packages by poetry to pip requirements format
 # We don't directly use `poetry install` because it force to use a virtual environment.
-FROM base-all as poetry
+FROM base-all AS poetry
 
 # Install Poetry
 WORKDIR /tmp
@@ -24,7 +31,7 @@ RUN poetry export --extras=checks --extras=publish --extras=audit --extras=versi
     && poetry export --with=dev --output=requirements-dev.txt
 
 # Base, the biggest thing is to install the Python packages
-FROM base-all as base
+FROM base-all AS base
 
 WORKDIR /app
 

diff --git a/c2cciutils/lib/oidc.py b/c2cciutils/lib/oidc.py
@@ -105,14 +105,15 @@ def _get_token(hostname: str) -> str:
 a few minutes and try again.
 
 You can monitor PyPI's status here: https://status.python.org/
-"""
+"""  # noqa: E702
         )
 
     # On failure, the JSON response includes the list of errors that
     # occurred during minting.
     if not mint_token_resp.ok:
         reasons = "\n".join(
-            f'* `{error["code"]}`: {error["description"]}' for error in mint_token_payload["errors"]
+            f'* `{error["code"]}`: {error["description"]}'
+            for error in mint_token_payload["errors"]  # noqa: W604
         )
 
         rendered_claims = _render_claims(oidc_token)
@@ -159,7 +160,7 @@ def pypi_login() -> None:
     pypirc_filename = os.path.expanduser("~/.pypirc")
 
     if os.path.exists(pypirc_filename):
-        print(f"::info::{pypirc_filename} already exists; consider as already logged in.")
+        print(f"::info::{pypirc_filename} already exists; consider as already logged in.")  # noqa: E702
         return
 
     if "ACTIONS_ID_TOKEN_REQUEST_TOKEN" not in os.environ:

diff --git a/c2cciutils/scripts/k8s/wait.py b/c2cciutils/scripts/k8s/wait.py
@@ -54,7 +54,7 @@ def _check_container_status(pod: Any, status: Any, is_init: bool = False) -> boo
         status_message = status_message.strip()
         if status_message == "Completed":
             return True
-        print(f'::group::Container not ready in {pod["metadata"]["name"]}: {status_message}')
+        print(f'::group::Container not ready in {pod["metadata"]["name"]}: {status_message}')  # noqa: E713
         if status_message_long != status_message:
             print(status_message_long)
         print(json.dumps(status, indent=4))
@@ -68,7 +68,7 @@ def _check_pod_status(pods: Any) -> bool:
         for condition in pod["status"].get("conditions", []):
             if not condition["status"]:
                 print(
-                    f'::group::Pod not ready in {pod["metadata"]["name"]}: {condition.get("message", condition["type"])}'
+                    f'::group::Pod not ready in {pod["metadata"]["name"]}: {condition.get("message", condition["type"])}'  # noqa: E713
                 )
                 print(json.dumps(condition, indent=4))
                 print("::endgroup::")

diff --git a/c2cciutils/scripts/publish.py b/c2cciutils/scripts/publish.py
@@ -403,7 +403,7 @@ def main() -> None:
                 for dpkg_package, package_version in versions_image.items():
                     if dpkg_package not in current_versions_in_images[image]:
                         current_versions_in_images[image][dpkg_package] = str(package_version)
-                for dpkg_package in current_versions_in_images[image].keys():
+                for dpkg_package in list(current_versions_in_images[image].keys()):
                     if dpkg_package not in versions_image:
                         del current_versions_in_images[image][dpkg_package]
             if dpkg_config_found: