From c905ec0466faee6c1517966f49c280e8d90c577f Mon Sep 17 00:00:00 2001 From: Joey den Broeder Date: Wed, 12 Nov 2025 15:55:04 +0000 Subject: [PATCH 1/6] fix: resolve GitHub release permissions and modernize workflow actions Fixes the 403 "Resource not accessible by integration" error when creating releases and updates deprecated GitHub Actions syntax and dependencies. Changes: - Add contents:write permission to deploy job to enable release creation - Fix release conditional to check PR base branch correctly - Update deprecated ::set-output commands to $GITHUB_OUTPUT - Replace deprecated apt-key with modern GPG keyring approach - Pin veracode/veracode-uploadandscan-action from @master to @0.2.10 - Update fkirc/skip-duplicate-actions from @v5 to @v5.3.1 --- .github/workflows/build.yml | 2 +- .github/workflows/deploy.yml | 6 ++++-- .github/workflows/test.yml | 9 +++++---- .github/workflows/veracodescan.yml | 2 +- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ff2771955..72a9928af 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -30,7 +30,7 @@ jobs: id: get-current-version run: | CURRENT_VERSION_TAG=$(git tag --list --merged HEAD --sort=-version:refname "v*" | head -n 1) - echo "::set-output name=current_version_tag::${CURRENT_VERSION_TAG}" + echo "current_version_tag=${CURRENT_VERSION_TAG}" >> $GITHUB_OUTPUT - name: Auto-generate future version id: autogenerate-version uses: paulhatch/semantic-version@v5.4.0 diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 853985c5a..a6f5c12e5 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -16,7 +16,7 @@ jobs: steps: - name: Check if workflow should be skipped id: skip-check - uses: fkirc/skip-duplicate-actions@v5 + uses: fkirc/skip-duplicate-actions@v5.3.1 with: github_token: ${{ github.token }} paths_ignore: '["**.md", "dev/**"]' @@ -31,6 +31,8 @@ jobs: name: Deploy runs-on: ubuntu-latest needs: build + permissions: + contents: write steps: - uses: actions/download-artifact@v4 with: @@ -39,7 +41,7 @@ jobs: - name: Create Github release id: create-release uses: softprops/action-gh-release@v2 - if: startsWith(github.ref, 'refs/heads/master') + if: github.event.pull_request.base.ref == 'master' with: name: "${{ needs.build.outputs.version_tag }}: ${{ github.event.pull_request.title }}" tag_name: ${{ needs.build.outputs.version_tag }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b8c5cbb9b..2aea1977b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Check if workflow should be skipped id: skip-check - uses: fkirc/skip-duplicate-actions@v5 + uses: fkirc/skip-duplicate-actions@v5.3.1 with: github_token: ${{ github.token }} paths_ignore: '["**.md", "dev/**", "LICENSE"]' @@ -46,7 +46,7 @@ jobs: run: | FILES=$(cd tests/integration && ls -m test*.py | tr -d \ \\n) TEST=$(jq -n -c --arg inarr "$FILES" '{ test: $inarr | split(",") }') - echo "::set-output name=matrix::${TEST}" + echo "matrix=${TEST}" >> $GITHUB_OUTPUT integration-test: needs: [build, setup-integration-tests] name: Run integration tests @@ -74,8 +74,9 @@ jobs: - name: Install Cloud Foundry development tools run: | wget --no-check-certificate -v -O gpg.key https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key - sudo apt-key add gpg.key - echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list + sudo mkdir -p /etc/apt/keyrings + cat gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/cloudfoundry-cli.gpg + echo "deb [signed-by=/etc/apt/keyrings/cloudfoundry-cli.gpg] https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list sudo apt-get update && sudo apt-get install -y cf-cli sudo curl -s https://download.mendix.com/Mendix-CA-G2.crt -o /usr/local/share/ca-certificates/ca.crt && sudo update-ca-certificates cf install-plugin https://cdn.mendix.com/mx-buildpack/cflocal/cflocal-0.20.0-rc1-linux -f diff --git a/.github/workflows/veracodescan.yml b/.github/workflows/veracodescan.yml index 83e253ed3..66c6c1ef0 100644 --- a/.github/workflows/veracodescan.yml +++ b/.github/workflows/veracodescan.yml @@ -22,7 +22,7 @@ jobs: name: dist path: dist - name: Upload and scan - uses: veracode/veracode-uploadandscan-action@master + uses: veracode/veracode-uploadandscan-action@0.2.10 continue-on-error: true with: filepath: dist/cf-mendix-buildpack.zip From 3eb75d18819b591a2eb7d7462bf61da1f184ddd6 Mon Sep 17 00:00:00 2001 From: Joey den Broeder Date: Wed, 12 Nov 2025 23:05:09 +0000 Subject: [PATCH 2/6] chore(deps): bump python to 3.10.19 --- .github/workflows/build.yml | 2 +- .github/workflows/test.yml | 2 +- bin/install-python | 2 +- dependencies-stage.yml | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 72a9928af..497055daf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,7 +48,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: 3.10.14 + python-version: 3.10.19 cache: pip - name: Install Python requirements run: make install_requirements diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 2aea1977b..e48968097 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -67,7 +67,7 @@ jobs: - name: Set up Python uses: actions/setup-python@v5 with: - python-version: 3.10.14 + python-version: 3.10.19 cache: pip - name: Install Python requirements run: make install_requirements diff --git a/bin/install-python b/bin/install-python index cf638cf9c..9418a067b 100755 --- a/bin/install-python +++ b/bin/install-python @@ -39,7 +39,7 @@ function setup_online(){ install_dir="$2" buildpack_dir="$3" - curl -Ls "https://cdn.mendix.com/mx-buildpack/python/python_3.10.14_linux_x64_cflinuxfs4_dda5228c.tgz" | tar -xzf - -C "$install_dir" + curl -Ls "https://cdn.mendix.com/mx-buildpack/python/python_3.10.19_linux_x64_cflinuxfs4_f7aee30e.tgz" | tar -xzf - -C "$install_dir" } function get_python_from_manifest() { diff --git a/dependencies-stage.yml b/dependencies-stage.yml index 87ac5424d..649d13caf 100644 --- a/dependencies-stage.yml +++ b/dependencies-stage.yml @@ -1,9 +1,9 @@ --- # https://github.com/cloudfoundry/python-buildpack/blob/master/manifest.yml - name: python - version: 3.10.14 - uri: https://cdn.mendix.com/mx-buildpack/python/python_3.10.14_linux_x64_cflinuxfs4_dda5228c.tgz - sha256: dda5228c36196f8a7346767ad9c9ac774ec270aa55065beb8d3d052d652b9120 + version: 3.10.19 + uri: https://cdn.mendix.com/mx-buildpack/python/python_3.10.19_linux_x64_cflinuxfs4_f7aee30e.tgz + sha256: f7aee30e56f7909efc650fd9cd118a8e97155800826e388c407f05eff80b528d cf_stacks: - cflinuxfs4 - source_sha256: cefea32d3be89c02436711c95a45c7f8e880105514b78680c14fe76f5709a0f6 + source_sha256: a078fb2d7a216071ebbe2e34b5f5355dd6b6e9b0cd1bacc4a41c63990c5a0eec From 2a5423c7f3d8ab6a1d7661a76ce51820f988a7b5 Mon Sep 17 00:00:00 2001 From: Joey den Broeder Date: Wed, 12 Nov 2025 23:05:20 +0000 Subject: [PATCH 3/6] chore(deps): bump pip / pip-tools to latest version --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index cdd39bbf0..eeeb7438a 100644 --- a/Makefile +++ b/Makefile @@ -5,8 +5,8 @@ TEST_FILES ?= tests/integration/test_*.py VERSION ?= $(shell git tag --list --sort=-version:refname "v*" | head -n 1) COMMIT ?= $(shell git rev-parse --short HEAD) -PIP_TOOLS_VERSION ?= 7.4.1 -PIP_VERSION ?= 24.1.2 +PIP_TOOLS_VERSION ?= 7.5.2 +PIP_VERSION ?= 25.3 PYTHON_PLATFORM ?= manylinux2014_x86_64 PYTHON_VERSION ?= 310 From 8f9511acdec31946575a0a1a52919806efde83b0 Mon Sep 17 00:00:00 2001 From: Joey den Broeder Date: Wed, 12 Nov 2025 23:20:26 +0000 Subject: [PATCH 4/6] chore(deps): bump dependencies to latest versions --- lib/m2ee/config.py | 2 +- requirements-dev.in | 12 ++++++------ requirements.in | 16 ++++++++-------- requirements.txt | 22 ++++++++++++---------- 4 files changed, 27 insertions(+), 25 deletions(-) diff --git a/lib/m2ee/config.py b/lib/m2ee/config.py index 46e44347f..8503ac1b2 100644 --- a/lib/m2ee/config.py +++ b/lib/m2ee/config.py @@ -465,7 +465,7 @@ def get_default_dotm2ee_directory(self): logger.debug(traceback.format_exc()) logger.critical( - "Directory %s does not exist, and cannot be " "created!" + "Directory %s does not exist, and cannot be created!", dotm2ee ) logger.critical( "If you do not want to use .m2ee in your home " diff --git a/requirements-dev.in b/requirements-dev.in index 5b3a8da82..abf138165 100644 --- a/requirements-dev.in +++ b/requirements-dev.in @@ -1,10 +1,10 @@ -click==8.1.7 -idna==3.10 -pytest==8.3.3 +click==8.3.0 +idna==3.11 +pytest==9.0.1 pytest-timer==1.0.0 -pytest-timeout==2.3.1 -pylint==3.3.1 +pytest-timeout==2.4.0 +pylint==4.0.2 randomname==0.2.1 requests-mock==1.12.1 -ruff==0.7.4 +ruff==0.14.4 parameterized==0.9.0 diff --git a/requirements.in b/requirements.in index 737cf86b6..3c79ddbb6 100644 --- a/requirements.in +++ b/requirements.in @@ -1,11 +1,11 @@ backoff==2.2.1 -certifi==2024.8.30 -cryptography==43.0.3 +certifi==2025.11.12 +cryptography==46.0.3 distro==1.9.0 -httplib2==0.22.0 -jinja2==3.1.4 +httplib2==0.31.0 +jinja2==3.1.6 omegaconf==2.3.0 -psycopg2-binary==2.9.10 -pyyaml==6.0.2 -requests==2.32.3 -urllib3==2.2.3 +psycopg2-binary==2.9.11 +pyyaml==6.0.3 +requests==2.32.5 +urllib3==2.5.0 diff --git a/requirements.txt b/requirements.txt index 5ea2a61cf..2e4bc05f8 100644 --- a/requirements.txt +++ b/requirements.txt @@ -8,41 +8,43 @@ antlr4-python3-runtime==4.9.3 # via omegaconf backoff==2.2.1 # via -r requirements.in -certifi==2024.8.30 +certifi==2025.11.12 # via # -r requirements.in # requests -cffi==1.14.4 +cffi==2.0.0 # via cryptography charset-normalizer==2.0.3 # via requests -cryptography==43.0.3 +cryptography==46.0.3 # via -r requirements.in distro==1.9.0 # via -r requirements.in -httplib2==0.22.0 +httplib2==0.31.0 # via -r requirements.in idna==3.10 # via requests -jinja2==3.1.4 +jinja2==3.1.6 # via -r requirements.in markupsafe==2.0.1 # via jinja2 omegaconf==2.3.0 # via -r requirements.in -psycopg2-binary==2.9.10 +psycopg2-binary==2.9.11 # via -r requirements.in pycparser==2.20 # via cffi -pyparsing==2.4.7 +pyparsing==3.2.5 # via httplib2 -pyyaml==6.0.2 +pyyaml==6.0.3 # via # -r requirements.in # omegaconf -requests==2.32.3 +requests==2.32.5 # via -r requirements.in -urllib3==2.2.3 +typing-extensions==4.15.0 + # via cryptography +urllib3==2.5.0 # via # -r requirements.in # requests From 78f539009ae4c0c164d5c97703886826f96acb0a Mon Sep 17 00:00:00 2001 From: Joey den Broeder Date: Wed, 12 Nov 2025 23:33:17 +0000 Subject: [PATCH 5/6] chore(ci): bump pre-commit hooks --- .pre-commit-config.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 40dab12d7..766e213c7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,12 +2,12 @@ fail_fast: false repos: - repo: https://github.com/adrienverge/yamllint.git - rev: v1.35.1 + rev: v1.37.1 hooks: - id: yamllint args: ["--format", "parsable", "--strict"] - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer @@ -21,6 +21,6 @@ repos: hooks: - id: markdownlint_docker - repo: https://github.com/charliermarsh/ruff-pre-commit - rev: 'v0.7.3' + rev: v0.14.4 hooks: - - id: ruff + - id: ruff-check From 24698e21a28cbf41ffbefc9a20c016837687e5d3 Mon Sep 17 00:00:00 2001 From: ekremsekerci Date: Wed, 5 Nov 2025 15:41:22 +0100 Subject: [PATCH 6/6] Update postman-echo url to use https --- tests/integration/test_metrics.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/integration/test_metrics.py b/tests/integration/test_metrics.py index f13e3c60f..f790e1b8f 100644 --- a/tests/integration/test_metrics.py +++ b/tests/integration/test_metrics.py @@ -85,7 +85,7 @@ def test_posting_metrics_works(self): env_vars={ "METRICS_INTERVAL": "10", "BYPASS_LOGGREGATOR": "True", - "TRENDS_STORAGE_URL": "http://postman-echo.com/post", + "TRENDS_STORAGE_URL": "https://postman-echo.com/post", }, ) self.start_container()