Release v0.1.8

This commit is contained in:
2026-07-11 17:00:37 +02:00
parent a00ef54821
commit 9a0c467d55
102 changed files with 2150 additions and 9272 deletions

View File

@@ -6,23 +6,24 @@ metadata and can fail for newly disclosed advisories without a source change.
## Local Workflow
Install the development audit dependency once:
Install the whole-product development dependencies once from the meta
repository:
```bash
cd /mnt/DATA/git/govoplan-core
cd /mnt/DATA/git/govoplan
./.venv/bin/python -m pip install -r requirements-dev.txt
```
Run both backend and WebUI production audits:
```bash
cd /mnt/DATA/git/govoplan-core
bash scripts/check-dependency-audits.sh
cd /mnt/DATA/git/govoplan
bash tools/checks/check-dependency-audits.sh
```
The script runs:
- `scripts/check-dependency-hygiene.sh` for pip resolver consistency, stale
- `tools/checks/check-dependency-hygiene.sh` for pip resolver consistency, stale
legacy editable package metadata, deprecated framework constants, and the
Starlette `TestClient` deprecation smoke when test dependencies are present
- `python -m pip_audit --progress-spinner off`
@@ -31,11 +32,12 @@ The script runs:
For fast local checks without vulnerability metadata lookups, run:
```bash
cd /mnt/DATA/git/govoplan-core
CHECK_TESTCLIENT_DEPRECATIONS=1 bash scripts/check-dependency-hygiene.sh
cd /mnt/DATA/git/govoplan
CHECK_TESTCLIENT_DEPRECATIONS=1 \
bash tools/checks/check-dependency-hygiene.sh
```
This is also part of `scripts/check-focused.sh`, so resolver drift and
This is also part of `govoplan/tools/checks/check-focused.sh`, so resolver drift and
deprecation regressions fail close to the code change that introduced them.
Override tool paths when testing from a disposable environment:
@@ -43,12 +45,13 @@ Override tool paths when testing from a disposable environment:
```bash
PYTHON=/tmp/govoplan-audit/bin/python \
NPM=/home/zemion/.nvm/versions/node/v22.22.3/bin/npm \
bash scripts/check-dependency-audits.sh
GOVOPLAN_CORE_ROOT=/mnt/DATA/git/govoplan-core \
bash /mnt/DATA/git/govoplan/tools/checks/check-dependency-audits.sh
```
## CI Workflow
`.gitea/workflows/dependency-audit.yml` installs release dependencies from
`govoplan/.gitea/workflows/dependency-audit.yml` installs release dependencies from
tagged package refs, installs `pip-audit`, and runs the same script on pushes,
pull requests, and a weekly schedule.