Skip to content

v0.19.0
Compare
Choose a tag to compare
@actions-helper actions-helper released this 05 Jan 00:26
· 144 commits to main since this release
v0.19.0
f70429f

v0.19.0 (2024-01-05)

Chore

  • chore: Improve terminal output (#335)

Implementing the following changes:

  1. Add debug log level (colored cyan)
  2. Make error messages print to stderr instead of stdout
  3. include "[seCureLI] [<log level>] " prefix to messages
  4. Update default log level from ERROR to WARN
  5. Move log level enum to separate class and use more consistently (a986da5)
  • chore: Issue 320 - remove six from exclude list (#323)

closes #320

Co-authored-by: Caleb Tonn <[email protected]> (57aea2d)

Feature

  • feat: Periodically check for hook updates on scan (#336)

Description

This PR adds the feature to check for updates to hooks when running a
scan. Since the update check doesn't need to be done on every scan, we
only check at most once per week. This will prevent the added latency of
calling out to GitHub (or wherever hooks are hosted) on every scan.

pre-commit does not expose the functionality
of checking for hook updates without actually performing the update, so
for now this PR imports functions directly from the pre-commit tool
(since it is also written in python).
This is not a best practice, but is probably the cleanest option we have
for now. We can look into implementing this functionality in
pre-commit itself in the future.

Note that there is currently no way to specify whether to include the
--bleeding-edge flag (implemented internally with a tags_only
boolean). The implication is that if someone updates their version of a
hook repository beyond the latest release, we will detect it as being
out-of-date, instead of ahead. In practice, this feels like a day-2 kind
of feature that won't be important to many users.

This PR closes #176 .

Feature Work

  • Updates internal .pre-commit-config.yaml file to add hooks. Not sure
    why this repo did not have defined hooks previously?
  • Updates internal secureli config file to set the log level to DEBUG
    (we should see all output while developing secureli)
  • Instead of deserializing the .pre-commit-config.yaml file to a
    dictionary, this adds a proper pydantic model

Cleanup work

Unrelated to the ticket, I also performed some fixes/cleanup:

  • Fixed bug in existing unit test causing .pre-commit-config.yaml to
    get overwritten
  • Cleaned up errors in type hints across numerous files
  • Cleaned up some comments & output for clarity/correctness
  • Minor cleanup refactoring
  • Fixed an error from pytest warning of use of the deprecated package
    pkg_resources (by using the recommended alternative)
  • Rename test function with duplicate name
  • Remove duplicate test fixture (9839881)
Assets 4
Loading