Merge branch 'master' into tryvi_scanner

MaxymVlasov · web-flow · commit 4924a170a156 · 2025-09-10T14:54:01.000+03:00
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -189,7 +189,8 @@ jobs:
         python -m
         pip install
         --user
-        setuptools-scm~=8.2
+        setuptools-scm
+        --constraint=dependencies/lock-files/dist-build-constraints.txt
       shell: bash
     - name: Set the current dist version from Git
       id: scm-version
@@ -505,6 +506,13 @@ jobs:
     secrets:
       codecov-token: ${{ secrets.CODECOV_TOKEN }}
 
+  lint-github-actions:
+    name: Lint GitHub Actions
+    permissions:
+      security-events: write
+    # yamllint disable-line rule:line-length
+    uses: zizmorcore/workflow/.github/workflows/reusable-zizmor.yml@3bb5e95068d0f44b6d2f3f7e91379bed1d2f96a8
+
   check:  # This job does nothing and is only used for the branch protection
 
     # Separate 'pull_request' check from other checks to avoid confusion in
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -47,7 +47,7 @@ jobs:
       run: >-
         curl -L "$(
         curl -s https://api.github.com/repos/hadolint/hadolint/releases/latest
-        | grep -o -E -m 1 "https://.+?/hadolint-Linux-x86_64"
+        | grep -o -E -i -m 1 "https://.+?/hadolint-linux-x86_64"
         )"
         > hadolint
         && chmod +x hadolint && sudo mv hadolint /usr/bin/
diff --git a/.github/workflows/scheduled-runs.yml b/.github/workflows/scheduled-runs.yml
@@ -10,6 +10,7 @@ on:
 
 permissions:
   contents: read
+  security-events: write
 
 run-name: >-
   🌃
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.12-alpine@sha256:9b8808206f4a956130546a32cbdd8633bc973b19db2923b7298e6f90cc26db08 AS python_base
+FROM python:3.12-alpine@sha256:02a73ead8397e904cea6d17e18516f1df3590e05dc8823bd5b1c7f849227d272 AS python_base
 
 FROM python_base AS builder
 ARG TARGETOS
diff --git a/dependencies/lock-files/dist-build-constraints.txt b/dependencies/lock-files/dist-build-constraints.txt
@@ -0,0 +1,16 @@
+#
+# This file is autogenerated by pip-compile with Python 3.12
+# by the following command:
+#
+#    tox r -e pip-compile-build-lock --
+#
+packaging==24.1
+    # via setuptools-scm
+setuptools-scm==8.1.0
+    # via awx-plugins-core (pyproject.toml::build-system.requires)
+
+# The following packages are considered to be unsafe in a requirements file:
+setuptools==73.0.0
+    # via
+    #   awx-plugins-core (pyproject.toml::build-system.requires)
+    #   setuptools-scm
diff --git a/tox.ini b/tox.ini
@@ -153,6 +153,8 @@ commands =
       {posargs:}
 commands_post =
 package = skip
+set_env =
+  PIP_CONSTRAINT = {toxinidir}{/}dependencies{/}lock-files{/}dist-build-constraints.txt
 
 
 [testenv:metadata-validation]

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM python:3.12-alpine@sha256:9b8808206f4a956130546a32cbdd8633bc973b19db2923b7298e6f90cc26db08 AS python_base`
	`1`	`+FROM python:3.12-alpine@sha256:02a73ead8397e904cea6d17e18516f1df3590e05dc8823bd5b1c7f849227d272 AS python_base`
`2`	`2`
`3`	`3`	`FROM python_base AS builder`
`4`	`4`	`ARG TARGETOS`