From 7868dc110c048d3e1acf082faf36b75c3770e3f3 Mon Sep 17 00:00:00 2001 From: Kenneth Rosario Date: Wed, 1 Feb 2023 14:14:16 -0800 Subject: [PATCH 01/19] feat: configure security score card action (#216) --- .github/workflows/scorecard.yml | 47 +++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/workflows/scorecard.yml diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 00000000..75522f35 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,47 @@ +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '0 */12 * * *' + push: + branches: [ "master" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6 + with: + results_file: results.sarif + results_format: sarif + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + publish_results: true + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27 + with: + sarif_file: results.sarif From 433f32298fc912e00b6abe7f8a97d3f944c3e6cc Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Thu, 23 Feb 2023 08:55:37 -0800 Subject: [PATCH 02/19] chore: [StepSecurity] Harden GitHub Actions (#218) --- .github/workflows/conformance.yml | 25 +++++++++++++++---------- .github/workflows/lint.yml | 12 ++++++++++-- .github/workflows/release.yml | 14 +++++++++++--- .github/workflows/scorecard.yml | 5 +++++ .github/workflows/unit.yml | 12 ++++++++++-- 5 files changed, 51 insertions(+), 17 deletions(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 03f27450..174ee4b7 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -7,11 +7,16 @@ jobs: matrix: python-version: ['3.8', '3.9', '3.10', '3.11'] steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0 - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 with: python-version: ${{ matrix.python-version }} @@ -19,12 +24,12 @@ jobs: run: python -m pip install -e . - name: Setup Go - uses: actions/setup-go@v2 + uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0 with: go-version: '1.16' - name: Run HTTP conformance tests - uses: GoogleCloudPlatform/functions-framework-conformance/action@v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 with: version: 'v1.6.0' functionType: 'http' @@ -33,7 +38,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_http --signature-type http'" - name: Run event conformance tests - uses: GoogleCloudPlatform/functions-framework-conformance/action@v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 with: version: 'v1.6.0' functionType: 'legacyevent' @@ -42,7 +47,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_legacy_event --signature-type event'" - name: Run CloudEvents conformance tests - uses: GoogleCloudPlatform/functions-framework-conformance/action@v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 with: version: 'v1.6.0' functionType: 'cloudevent' @@ -51,7 +56,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_cloud_event --signature-type cloudevent'" - name: Run HTTP conformance tests declarative - uses: GoogleCloudPlatform/functions-framework-conformance/action@v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 with: version: 'v1.6.0' functionType: 'http' @@ -60,7 +65,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_http_declarative'" - name: Run CloudEvents conformance tests declarative - uses: GoogleCloudPlatform/functions-framework-conformance/action@v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 with: version: 'v1.6.0' functionType: 'cloudevent' @@ -69,7 +74,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_cloud_event_declarative'" - name: Run HTTP concurrency tests declarative - uses: GoogleCloudPlatform/functions-framework-conformance/action@v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 with: version: 'v1.6.0' functionType: 'http' @@ -78,7 +83,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_http_declarative_concurrent'" - name: Run Typed tests declarative - uses: GoogleCloudPlatform/functions-framework-conformance/action@v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 with: version: 'v1.6.0' functionType: 'http' diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7bb0972e..f1822d85 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,12 +1,20 @@ name: Python Lint CI on: [push, pull_request] +permissions: + contents: read + jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0 - name: Setup Python - uses: actions/setup-python@v2 + uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 - name: Install tox run: python -m pip install tox - name: Lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 31d80732..305faa22 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -4,23 +4,31 @@ on: release: types: [published] +permissions: + contents: read + jobs: build-and-pubish: name: Build and Publish runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0 with: ref: ${{ github.event.release.tag_name }} - name: Install Python - uses: actions/setup-python@v2 + uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 - name: Install build dependencies run: python -m pip install -U setuptools build wheel - name: Build distributions run: python -m build - name: Publish - uses: pypa/gh-action-pypi-publish@master + uses: pypa/gh-action-pypi-publish@9b8e7336db3f96a2939a3e9fa827c62f466ca60d # master with: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 75522f35..49d3d2ba 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -24,6 +24,11 @@ jobs: id-token: write steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: "Checkout code" uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 with: diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 39bd1be1..d86078a8 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -1,5 +1,8 @@ name: Python Unit CI on: [push, pull_request] +permissions: + contents: read + jobs: test: strategy: @@ -8,10 +11,15 @@ jobs: platform: [ubuntu-latest, macos-latest, windows-latest] runs-on: ${{ matrix.platform }} steps: + - name: Harden Runner + uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0 - name: Use Python ${{ matrix.python }} - uses: actions/setup-python@v2 + uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 with: python-version: ${{ matrix.python }} - name: Install tox From 1a0eaa8998c07d029d5297e6bdf987a77bee48ad Mon Sep 17 00:00:00 2001 From: Chi Zhang Date: Thu, 30 Mar 2023 10:23:46 -0700 Subject: [PATCH 03/19] ci: Update the name of python matrix to be consistent with other repos (#224) --- .github/workflows/conformance.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 174ee4b7..ab9159ca 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -5,7 +5,7 @@ jobs: runs-on: ubuntu-18.04 strategy: matrix: - python-version: ['3.8', '3.9', '3.10', '3.11'] + python: ['3.8', '3.9', '3.10', '3.11'] steps: - name: Harden Runner uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 @@ -18,7 +18,7 @@ jobs: - name: Setup Python uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 with: - python-version: ${{ matrix.python-version }} + python-version: ${{ matrix.python }} - name: Install the framework run: python -m pip install -e . From 306104b8e1dae299d8fc098f6f3f742660fdfba1 Mon Sep 17 00:00:00 2001 From: Chi Zhang Date: Mon, 3 Apr 2023 18:04:20 -0700 Subject: [PATCH 04/19] ci: Update python matrix (#225) Signed-off-by: GitHub Co-authored-by: chizhg --- .github/workflows/conformance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index ab9159ca..f5535637 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -5,7 +5,7 @@ jobs: runs-on: ubuntu-18.04 strategy: matrix: - python: ['3.8', '3.9', '3.10', '3.11'] + python: ['3.7', '3.8', '3.9', '3.10', '3.11'] steps: - name: Harden Runner uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 From b8d38cddfb09173200a6c9fa4f719fc5051e9880 Mon Sep 17 00:00:00 2001 From: Kenneth Rosario Date: Thu, 6 Apr 2023 11:59:51 -0700 Subject: [PATCH 05/19] chore: address some scorecard findings and update ubuntu version (#226) --- .github/workflows/buildpack-integration-test.yml | 4 ++++ .github/workflows/conformance.yml | 6 +++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/buildpack-integration-test.yml b/.github/workflows/buildpack-integration-test.yml index ba4aecb7..78c56996 100644 --- a/.github/workflows/buildpack-integration-test.yml +++ b/.github/workflows/buildpack-integration-test.yml @@ -5,6 +5,10 @@ on: branches: - master workflow_dispatch: + +# Declare default permissions as read only. +permissions: read-all + jobs: python37: uses: GoogleCloudPlatform/functions-framework-conformance/.github/workflows/buildpack-integration-test.yml@v1.8.0 diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index f5535637..ec75d5b4 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -1,8 +1,12 @@ name: Python Conformance CI on: [push, pull_request] + +# Declare default permissions as read only. +permissions: read-all + jobs: build: - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest strategy: matrix: python: ['3.7', '3.8', '3.9', '3.10', '3.11'] From a8f73a51c7ab758620c07d48d13ed8247bd3af31 Mon Sep 17 00:00:00 2001 From: Kenneth Rosario Date: Mon, 10 Apr 2023 09:27:21 -0700 Subject: [PATCH 06/19] chore: set up renovate bot config (#227) --- .github/renovate.json | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/renovate.json diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 00000000..32ac90d6 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["group:allNonMajor", "schedule:monthly"], + "packageRules": [ + { + "description": "Create a PR whenever there is a new major version", + "matchUpdateTypes": [ + "major" + ] + } + ], + "ignorePaths": [ + "examples/**" + ] +} From 2b5963d252894ac7c6f5326ba001c089965bb496 Mon Sep 17 00:00:00 2001 From: Kenneth Rosario Date: Thu, 13 Apr 2023 11:07:46 -0700 Subject: [PATCH 07/19] chore: Configure blunderbuss.yml (#228) --- .github/blunderbuss.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 .github/blunderbuss.yml diff --git a/.github/blunderbuss.yml b/.github/blunderbuss.yml new file mode 100644 index 00000000..61347444 --- /dev/null +++ b/.github/blunderbuss.yml @@ -0,0 +1,5 @@ +assign_prs: + - GoogleCloudPlatform/functions-framework-google + +assign_issues: + - GoogleCloudPlatform/functions-framework-google From 91a7c6b148823132b30949c9367c8838be1b3bfd Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Wed, 19 Apr 2023 11:08:59 -0700 Subject: [PATCH 08/19] chore: [StepSecurity] Apply security best practices (#230) --- .github/workflows/codeql.yml | 78 ++++++++++++++++++++++ .github/workflows/dependency-review.yml | 27 ++++++++ examples/cloud_run_cloud_events/Dockerfile | 2 +- examples/cloud_run_decorator/Dockerfile | 2 +- examples/cloud_run_event/Dockerfile | 2 +- examples/cloud_run_http/Dockerfile | 2 +- 6 files changed, 109 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dependency-review.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..a35afc69 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,78 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: ["master"] + pull_request: + # The branches below must be a subset of the branches above + branches: ["master"] + schedule: + - cron: "0 0 * * 1" + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["python"] + # CodeQL supports [ $supported-codeql-languages ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Harden Runner + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: Checkout repository + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000..b4adf6d4 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,27 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, +# surfacing known-vulnerable versions of the packages declared or updated in the PR. +# Once installed, if the workflow run is marked as required, +# PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0 + with: + egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs + + - name: 'Checkout Repository' + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 + - name: 'Dependency Review' + uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1 diff --git a/examples/cloud_run_cloud_events/Dockerfile b/examples/cloud_run_cloud_events/Dockerfile index bc9df896..1bae67aa 100644 --- a/examples/cloud_run_cloud_events/Dockerfile +++ b/examples/cloud_run_cloud_events/Dockerfile @@ -1,6 +1,6 @@ # Use the official Python image. # https://hub.docker.com/_/python -FROM python:3.7-slim +FROM python:3.7-slim@sha256:adbcdfcd0511bab2d6db252e55b983da1b431598ed755c1620b291fbeb5f6f72 # Copy local code to the container image. ENV APP_HOME /app diff --git a/examples/cloud_run_decorator/Dockerfile b/examples/cloud_run_decorator/Dockerfile index 717e5a91..cc3f44c8 100644 --- a/examples/cloud_run_decorator/Dockerfile +++ b/examples/cloud_run_decorator/Dockerfile @@ -1,6 +1,6 @@ # Use the official Python image. # https://hub.docker.com/_/python -FROM python:3.7-slim +FROM python:3.7-slim@sha256:adbcdfcd0511bab2d6db252e55b983da1b431598ed755c1620b291fbeb5f6f72 # Copy local code to the container image. ENV APP_HOME /app diff --git a/examples/cloud_run_event/Dockerfile b/examples/cloud_run_event/Dockerfile index 7fa0df13..d3b4c571 100644 --- a/examples/cloud_run_event/Dockerfile +++ b/examples/cloud_run_event/Dockerfile @@ -1,6 +1,6 @@ # Use the official Python image. # https://hub.docker.com/_/python -FROM python:3.7-slim +FROM python:3.7-slim@sha256:adbcdfcd0511bab2d6db252e55b983da1b431598ed755c1620b291fbeb5f6f72 # Copy local code to the container image. ENV APP_HOME /app diff --git a/examples/cloud_run_http/Dockerfile b/examples/cloud_run_http/Dockerfile index b7d6f502..14f2b2e4 100644 --- a/examples/cloud_run_http/Dockerfile +++ b/examples/cloud_run_http/Dockerfile @@ -1,6 +1,6 @@ # Use the official Python image. # https://hub.docker.com/_/python -FROM python:3.7-slim +FROM python:3.7-slim@sha256:adbcdfcd0511bab2d6db252e55b983da1b431598ed755c1620b291fbeb5f6f72 # Copy local code to the container image. ENV APP_HOME /app From b826b2a643497eb8fd7ae29f61551c33a9034728 Mon Sep 17 00:00:00 2001 From: Kenneth Rosario Date: Fri, 21 Apr 2023 15:11:33 -0700 Subject: [PATCH 09/19] chore: Update blunderbuss.yml according to preference (#229) Co-authored-by: Joseph Lewis III --- .github/blunderbuss.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/blunderbuss.yml b/.github/blunderbuss.yml index 61347444..33581568 100644 --- a/.github/blunderbuss.yml +++ b/.github/blunderbuss.yml @@ -1,5 +1,9 @@ assign_prs: - - GoogleCloudPlatform/functions-framework-google + - KaylaNguyen + - HKWinterhalter + - janell-chen assign_issues: - - GoogleCloudPlatform/functions-framework-google + - KaylaNguyen + - HKWinterhalter + - janell-chen From b4e9fc5d5d477bba0b6de5064825a2ac3e525877 Mon Sep 17 00:00:00 2001 From: Kayla Nguyen Date: Wed, 3 May 2023 17:45:13 -0700 Subject: [PATCH 10/19] chore: update unit tests with headers (#239) --- tests/test_cloud_event_functions.py | 3 ++- tests/test_functions.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/test_cloud_event_functions.py b/tests/test_cloud_event_functions.py index a673c6e4..691fe388 100644 --- a/tests/test_cloud_event_functions.py +++ b/tests/test_cloud_event_functions.py @@ -187,7 +187,8 @@ def test_invalid_fields_binary(client, create_headers_binary, data_payload): def test_unparsable_cloud_event(client): - resp = client.post("/", headers={}, data="") + headers = {"Content-Type": "application/cloudevents+json"} + resp = client.post("/", headers=headers, data="") assert resp.status_code == 400 assert "Bad Request" in resp.data.decode() diff --git a/tests/test_functions.py b/tests/test_functions.py index c26cb625..501ea488 100644 --- a/tests/test_functions.py +++ b/tests/test_functions.py @@ -251,7 +251,8 @@ def test_pubsub_payload(background_event_client, background_json): def test_background_function_no_data(background_event_client, background_json): - resp = background_event_client.post("/") + headers = {"Content-Type": "application/json"} + resp = background_event_client.post("/", headers=headers) assert resp.status_code == 400 From 1fc20cc9bedb998c009243b6a75385a85cad88bd Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Thu, 4 May 2023 04:23:56 +0200 Subject: [PATCH 11/19] chore(deps): update actions/checkout action to v3 (#234) --- .github/workflows/conformance.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/unit.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index ec75d5b4..f4e5fc27 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -17,7 +17,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout code - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Python uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index f1822d85..c0341557 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0 + - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Python uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 - name: Install tox diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 305faa22..aa9bd8f8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -18,7 +18,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: ref: ${{ github.event.release.tag_name }} - name: Install Python diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index d86078a8..7060b69a 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -17,7 +17,7 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Checkout - uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6 # v2.6.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Use Python ${{ matrix.python }} uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 with: From ae590b8e6154634003ea63aaf685fa6ee0f164ee Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Thu, 4 May 2023 04:32:59 +0200 Subject: [PATCH 12/19] chore(deps): update pypa/gh-action-pypi-publish digest to a56da0b (#232) Co-authored-by: Kayla Nguyen --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index aa9bd8f8..f29303d3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: - name: Build distributions run: python -m build - name: Publish - uses: pypa/gh-action-pypi-publish@9b8e7336db3f96a2939a3e9fa827c62f466ca60d # master + uses: pypa/gh-action-pypi-publish@a56da0b891b3dc519c7ee3284aff1fad93cc8598 # master with: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} From 586cc4e0833e2e9c82e685c8118be8c3187bd990 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Thu, 4 May 2023 05:09:32 +0200 Subject: [PATCH 13/19] chore(deps): update all non-major dependencies (#233) Co-authored-by: Kayla Nguyen --- .github/workflows/codeql.yml | 8 ++++---- .github/workflows/conformance.yml | 16 ++++++++-------- .github/workflows/dependency-review.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/scorecard.yml | 8 ++++---- .github/workflows/unit.yml | 2 +- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a35afc69..02405c9a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -50,7 +50,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + uses: github/codeql-action/init@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -60,7 +60,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + uses: github/codeql-action/autobuild@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -73,6 +73,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db # v2.2.12 + uses: github/codeql-action/analyze@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index f4e5fc27..e852913b 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -12,7 +12,7 @@ jobs: python: ['3.7', '3.8', '3.9', '3.10', '3.11'] steps: - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs @@ -33,7 +33,7 @@ jobs: go-version: '1.16' - name: Run HTTP conformance tests - uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@1975792fb34ebbfa058d690666186d669d3a5977 # v1.8.0 with: version: 'v1.6.0' functionType: 'http' @@ -42,7 +42,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_http --signature-type http'" - name: Run event conformance tests - uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@1975792fb34ebbfa058d690666186d669d3a5977 # v1.8.0 with: version: 'v1.6.0' functionType: 'legacyevent' @@ -51,7 +51,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_legacy_event --signature-type event'" - name: Run CloudEvents conformance tests - uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@1975792fb34ebbfa058d690666186d669d3a5977 # v1.8.0 with: version: 'v1.6.0' functionType: 'cloudevent' @@ -60,7 +60,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_cloud_event --signature-type cloudevent'" - name: Run HTTP conformance tests declarative - uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@1975792fb34ebbfa058d690666186d669d3a5977 # v1.8.0 with: version: 'v1.6.0' functionType: 'http' @@ -69,7 +69,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_http_declarative'" - name: Run CloudEvents conformance tests declarative - uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@1975792fb34ebbfa058d690666186d669d3a5977 # v1.8.0 with: version: 'v1.6.0' functionType: 'cloudevent' @@ -78,7 +78,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_cloud_event_declarative'" - name: Run HTTP concurrency tests declarative - uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@1975792fb34ebbfa058d690666186d669d3a5977 # v1.8.0 with: version: 'v1.6.0' functionType: 'http' @@ -87,7 +87,7 @@ jobs: cmd: "'functions-framework --source tests/conformance/main.py --target write_http_declarative_concurrent'" - name: Run Typed tests declarative - uses: GoogleCloudPlatform/functions-framework-conformance/action@c52662e612b2685a027b1c3e02224306517722fc # v1.6.0 + uses: GoogleCloudPlatform/functions-framework-conformance/action@1975792fb34ebbfa058d690666186d669d3a5977 # v1.8.0 with: version: 'v1.6.0' functionType: 'http' diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b4adf6d4..46aaa11b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@03bee3930647ebbf994244c21ddbc0d4933aab4f # v2.3.0 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c0341557..cc896b6d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -8,7 +8,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f29303d3..d52aa01d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 49d3d2ba..60b0f355 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,17 +25,17 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: "Checkout code" - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0 + uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6 + uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3 with: results_file: results.sarif results_format: sarif @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27 + uses: github/codeql-action/upload-sarif@f3feb00acb00f31a6f60280e6ace9ca31d91c76a # v2.3.2 with: sarif_file: results.sarif diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 7060b69a..669e0d6a 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -12,7 +12,7 @@ jobs: runs-on: ${{ matrix.platform }} steps: - name: Harden Runner - uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518 # v2.1.0 + uses: step-security/harden-runner@6b3083af2869dc3314a0257a42f4af696cc79ba3 # v2.3.1 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs From c8d0e4a5c7403edcf5de80022a2766e51d9df8f1 Mon Sep 17 00:00:00 2001 From: Kenneth Rosario Date: Mon, 22 May 2023 18:36:20 -0700 Subject: [PATCH 14/19] chore: fix failing unit tests (#244) --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index fb76a0e8..0fe3dba6 100644 --- a/tox.ini +++ b/tox.ini @@ -4,7 +4,7 @@ envlist = py{35,36,37,38,39,310}-{ubuntu-latest,macos-latest,windows-latest},lin [testenv] usedevelop = true deps = - docker<5 # https://github.com/docker/docker-py/issues/2807 + docker pytest-cov pytest-integration pretend From 82081c49d4b72a852f15e463bdcf9ead6b445c63 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Wed, 24 May 2023 02:14:35 +0200 Subject: [PATCH 15/19] chore(deps): update actions/dependency-review-action action to v3 (#235) --- .github/workflows/dependency-review.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 46aaa11b..369f9f99 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -24,4 +24,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: 'Dependency Review' - uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1 + uses: actions/dependency-review-action@f46c48ed6d4f1227fb2d9ea62bf6bcbed315589e # v3.0.4 From 21d9db1cbe63ca693ac2ddc7cfc5c4701eba6ca7 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Wed, 24 May 2023 17:17:35 +0200 Subject: [PATCH 16/19] chore(deps): update actions/setup-go action to v4 (#236) --- .github/workflows/conformance.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index e852913b..74bd0c5a 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -28,7 +28,7 @@ jobs: run: python -m pip install -e . - name: Setup Go - uses: actions/setup-go@bfdd3570ce990073878bf10f6b2d79082de49492 # v2.2.0 + uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 with: go-version: '1.16' From c492b04e87a55194b7709e471b0ec3e2c630f288 Mon Sep 17 00:00:00 2001 From: Gareth Date: Wed, 24 May 2023 12:24:48 -0700 Subject: [PATCH 17/19] fix: streaming requests cannot access request data (#245) --- src/functions_framework/__init__.py | 7 +++- tests/test_functions.py | 14 ++++++- tests/test_functions/http_streaming/main.py | 44 +++++++++++++++++++++ 3 files changed, 62 insertions(+), 3 deletions(-) create mode 100644 tests/test_functions/http_streaming/main.py diff --git a/src/functions_framework/__init__.py b/src/functions_framework/__init__.py index c2a52d74..d4575b57 100644 --- a/src/functions_framework/__init__.py +++ b/src/functions_framework/__init__.py @@ -294,10 +294,13 @@ def _configure_app(app, function, signature_type): def read_request(response): """ Force the framework to read the entire request before responding, to avoid - connection errors when returning prematurely. + connection errors when returning prematurely. Skipped on streaming responses + as these may continue to operate on the request after they are returned. """ - flask.request.get_data() + if not response.is_streamed: + flask.request.get_data() + return response diff --git a/tests/test_functions.py b/tests/test_functions.py index 501ea488..81860cae 100644 --- a/tests/test_functions.py +++ b/tests/test_functions.py @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. - +import io import json import pathlib import re @@ -490,6 +490,18 @@ def test_function_returns_none(): assert resp.status_code == 500 +def test_function_returns_stream(): + source = TEST_FUNCTIONS_DIR / "http_streaming" / "main.py" + target = "function" + + client = create_app(target, source).test_client() + resp = client.post("/", data="1\n2\n3\n4\n") + + assert resp.status_code == 200 + assert resp.is_streamed + assert resp.data.decode("utf-8") == "1.0\n3.0\n6.0\n10.0\n" + + def test_legacy_function_check_env(monkeypatch): source = TEST_FUNCTIONS_DIR / "http_check_env" / "main.py" target = "function" diff --git a/tests/test_functions/http_streaming/main.py b/tests/test_functions/http_streaming/main.py new file mode 100644 index 00000000..4b249697 --- /dev/null +++ b/tests/test_functions/http_streaming/main.py @@ -0,0 +1,44 @@ +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Function used in Worker tests of handling HTTP functions.""" + +import flask + +from flask import Response, stream_with_context + + +def function(request): + """Test HTTP function that reads a stream of integers and returns a stream + providing the sum of values read so far. + + Args: + request: The HTTP request which triggered this function. Must contain a + stream of new line separated integers. + + Returns: + Value and status code defined for the given mode. + + Raises: + Exception: Thrown when requested in the incoming mode specification. + """ + print("INVOKED THE STREAM FUNCTION!!!") + + def generate(): + sum_so_far = 0 + for line in request.stream: + sum_so_far += float(line) + yield (str(sum_so_far) + "\n").encode("utf-8") + + return Response(stream_with_context(generate())) From dded5ae9d06c0098ae9e0e018131f45c68060ec1 Mon Sep 17 00:00:00 2001 From: Mend Renovate Date: Wed, 24 May 2023 23:19:45 +0200 Subject: [PATCH 18/19] chore(deps): update actions/setup-python action to v4 (#237) --- .github/workflows/conformance.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/unit.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 74bd0c5a..7c9661c6 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -20,7 +20,7 @@ jobs: uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Python - uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: ${{ matrix.python }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index cc896b6d..c8df3207 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Setup Python - uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 - name: Install tox run: python -m pip install tox - name: Lint diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d52aa01d..6c151db3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: with: ref: ${{ github.event.release.tag_name }} - name: Install Python - uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 - name: Install build dependencies run: python -m pip install -U setuptools build wheel - name: Build distributions diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml index 669e0d6a..68c19e6d 100644 --- a/.github/workflows/unit.yml +++ b/.github/workflows/unit.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2 - name: Use Python ${{ matrix.python }} - uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3 + uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 with: python-version: ${{ matrix.python }} - name: Install tox From 6420b67c3b71c9b45dfc7b701ac16412c1430dc8 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 14:17:11 -0700 Subject: [PATCH 19/19] chore(master): release 3.4.0 (#217) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> Co-authored-by: Gareth --- CHANGELOG.md | 12 ++++++++++++ setup.py | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26e83453..9016fc49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [3.4.0](https://github.com/GoogleCloudPlatform/functions-framework-python/compare/v3.3.0...v3.4.0) (2023-05-24) + + +### Features + +* configure security score card action ([#216](https://github.com/GoogleCloudPlatform/functions-framework-python/issues/216)) ([7868dc1](https://github.com/GoogleCloudPlatform/functions-framework-python/commit/7868dc110c048d3e1acf082faf36b75c3770e3f3)) + + +### Bug Fixes + +* streaming requests cannot access request data ([#245](https://github.com/GoogleCloudPlatform/functions-framework-python/issues/245)) ([c492b04](https://github.com/GoogleCloudPlatform/functions-framework-python/commit/c492b04e87a55194b7709e471b0ec3e2c630f288)) + ## [3.3.0](https://github.com/GoogleCloudPlatform/functions-framework-python/compare/v3.2.1...v3.3.0) (2022-12-16) diff --git a/setup.py b/setup.py index 46b4bdfe..9e8aedab 100644 --- a/setup.py +++ b/setup.py @@ -25,7 +25,7 @@ setup( name="functions-framework", - version="3.3.0", + version="3.4.0", description="An open source FaaS (Function as a service) framework for writing portable Python functions -- brought to you by the Google Cloud Functions team.", long_description=long_description, long_description_content_type="text/markdown",