Merge pull request #547 from openlawlibrary/release/0.31.1

chore: release 0.31.1

CHANGELOG.md

@@ -13,6 +13,20 @@ and this project adheres to [Semantic Versioning][semver].
 
 ### Fixed
 
+## [0.31.1] - 10/03/2024
+
+### Added
+
+### Changed
+
+### Fixed
+
+- Fix `load_repositories` following a rework needed to support parallelization ([547])
+- Fix `clone_from_disk` ([547])
+- Fix pre-push hook ([547])
+
+[547]: https://github.com/openlawlibrary/taf/pull/547
+
 
 ## [0.31.0] - 09/28/2024
 
@@ -1264,7 +1278,8 @@ and this project adheres to [Semantic Versioning][semver].
 
 [keepachangelog]: https://keepachangelog.com/en/1.0.0/
 [semver]: https://semver.org/spec/v2.0.0.html
-[unreleased]: https://github.com/openlawlibrary/taf/compare/v0.31.0...HEAD
+[unreleased]: https://github.com/openlawlibrary/taf/compare/v0.31.1...HEAD
+[0.31.1]: https://github.com/openlawlibrary/taf/compare/v0.31.0...v0.31.1
 [0.31.0]: https://github.com/openlawlibrary/taf/compare/v0.30.2...0.31.0
 [0.30.2]: https://github.com/openlawlibrary/taf/compare/v0.30.1...v0.30.2
 [0.30.1]: https://github.com/openlawlibrary/taf/compare/v0.30.0...v0.30.1

setup.py

@@ -1,9 +1,8 @@
 from setuptools import find_packages, setup
-from importlib.util import find_spec
 import sys
 
 PACKAGE_NAME = "taf"
-VERSION = "0.31.0"
+VERSION = "0.31.1"
 AUTHOR = "Open Law Library"
 AUTHOR_EMAIL = "[email protected]"
 DESCRIPTION = "Implementation of archival authentication"
@@ -101,14 +100,4 @@
     ],
 }
 
-
-try:
-    tests_exist = find_spec("taf.tests")
-except ModuleNotFoundError:
-    tests_exist = False  # type: ignore
-if tests_exist:
-    kwargs["entry_points"]["pytest11"] = (
-        ["taf_yubikey_utils = taf.tests.yubikey_utils"],
-    )
-
 setup(**kwargs)

taf/git.py

@@ -715,6 +715,7 @@ def clone_from_disk(
         remote_url: Optional[str] = None,
         is_bare: bool = False,
         keep_remote=False,
+        branches=None,
     ) -> None:
         self.path.mkdir(parents=True, exist_ok=True)
         pygit2.clone_repository(local_path, self.path, bare=is_bare)
@@ -727,9 +728,13 @@ def clone_from_disk(
             if remote_url is not None:
                 self.add_remote("origin", remote_url)
                 self.fetch()
-                if repo is not None:
-                    for branch in repo.branches.local:
-                        self.set_upstream(str(branch))
+                if repo is not None and branches:
+                    local_branch_names = [
+                        branch.split("/")[-1] for branch in repo.branches.local
+                    ]
+                    for branch in branches:
+                        if branch in local_branch_names:
+                            self.set_upstream(str(branch))
 
     def clone_or_pull(
         self,
@@ -1680,7 +1685,7 @@ def _find_url(path, url):
                     self._validate_url(url)
             else:
                 # resolve paths and deduplicate
-                urls = list({_find_url(self.path, url) for url in urls})
+                urls = sorted((_find_url(self.path, url) for url in urls), reverse=True)
         return urls
 
 

taf/repositoriesdb.py

@@ -226,8 +226,15 @@ def load_repositories(
         roles=roles,
         excluded_target_globs=excluded_target_globs,
     )
+    if commits is None or len(commits) == 0:
+        commit = auth_repo.head_commit_sha()
+        if commit is None:
+            return
+        commits = [commit]
     if auth_repo.path in _repositories_dict:
-        _repositories_dict[auth_repo.path].update(new_reps)
+        for commit in commits:
+            if commit not in _repositories_dict[auth_repo.path]:
+                _repositories_dict[auth_repo.path][commit] = new_reps[commit]
     else:
         _repositories_dict[auth_repo.path] = new_reps
 

taf/resources/pre-push

@@ -4,11 +4,25 @@
 TAF_CLI="taf"
 
 # Get the last validated commit using the new CLI command
-LAST_VALIDATED_COMMIT=$($TAF_CLI repo latest-commit)
+output=$($TAF_CLI repo latest-commit-and-branch)
+
+# Get the last validated commit using the new CLI command
 if [ $? -ne 0 ]; then
-  echo "Failed to retrieve the last validated commit."
-  # Change here to continue instead of exiting
-  LAST_VALIDATED_COMMIT=""
+    echo "Failed to retrieve the last validated commit."
+    DEFAULT_BRANCH=""
+    LAST_VALIDATED_COMMIT=""
+else
+    # If the command succeeded, parse the output
+    DEFAULT_BRANCH=$(echo "$output" | cut -d ',' -f 1)
+    LAST_VALIDATED_COMMIT=$(echo "$output" | cut -d ',' -f 2)
+fi
+
+
+CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
+
+if [ "$CURRENT_BRANCH" != "$DEFAULT_BRANCH" ]; then
+    echo "Skipping validation, not pushing to the default branch"
+    exit 0
 fi
 
 # Log the commit information before running the validation
@@ -18,6 +32,7 @@ else
   echo "Starting validation from the last validated commit: $LAST_VALIDATED_COMMIT"
 fi
 
+
 # Run the TAF validation command with --from-latest
 $TAF_CLI repo validate --from-latest
 VALIDATION_STATUS=$?

taf/tests/test_repository_tool/conftest.py

@@ -5,7 +5,7 @@
     import_rsa_publickey_from_file,
 )
 from taf.repository_tool import Repository
-from taf.tests.yubikey_utils import (
+from taf.tools.yubikey.yubikey_utils import (
     Root1YubiKey,
     Root2YubiKey,
     Root3YubiKey,

taf/tests/test_repository_tool/test_repository_tool.py

@@ -9,7 +9,7 @@
 import taf.yubikey as yk
 from taf.constants import DEFAULT_RSA_SIGNATURE_SCHEME
 from taf.tests import TEST_WITH_REAL_YK
-from taf.tests.yubikey_utils import VALID_PIN
+from taf.tools.yubikey.yubikey_utils import VALID_PIN
 from taf.utils import to_tuf_datetime_format
 
 

taf/tests/test_yubikey/conftest.py

@@ -3,7 +3,7 @@
 from taf.tests.conftest import KEYSTORE_PATH
 
 from pytest import fixture
-from taf.tests.yubikey_utils import TargetYubiKey, _yk_piv_ctrl_mock
+from taf.tools.yubikey.yubikey_utils import TargetYubiKey, _yk_piv_ctrl_mock
 
 
 def pytest_configure(config):

taf/tools/repo/__init__.py

@@ -286,18 +286,16 @@ def validate(path, library_dir, from_commit, from_latest, exclude_target, strict
     return validate
 
 
-def latest_commit_command():
-    @click.command(help="Fetch and print the last validated commit hash.")
+def latest_commit_and_branch_command():
+    @click.command(help="Fetch and print the last validated commit hash and the default branch.")
     @click.option("--path", default=".", help="Authentication repository's location. If not specified, set to the current directory")
-    def latest_commit(path):
+    def latest_commit_and_branch(path):
         path = find_valid_repository(path)
         auth_repo = AuthenticationRepository(path=path)
-        last_validated_commit = auth_repo.last_validated_commit
-        if last_validated_commit:
-            print(last_validated_commit)
-        else:
-            print('')
-    return latest_commit
+        last_validated_commit = auth_repo.last_validated_commit or ""
+        default_branch = auth_repo.default_branch
+        print(f"{default_branch},{last_validated_commit}")
+    return latest_commit_and_branch
 
 
 def status_command():
@@ -320,5 +318,5 @@ def attach_to_group(group):
     group.add_command(clone_repo_command(), name='clone')
     group.add_command(update_repo_command(), name='update')
     group.add_command(validate_repo_command(), name='validate')
-    group.add_command(latest_commit_command(), name='latest-commit')
+    group.add_command(latest_commit_and_branch_command(), name='latest-commit-and-branch')
     group.add_command(status_command(), name='status')

taf/tests/yubikey_utils.py → taf/tools/yubikey/yubikey_utils.py

@@ -1,5 +1,5 @@
 import datetime
-import random
+import secrets
 from contextlib import contextmanager
 
 from cryptography import x509
@@ -19,7 +19,7 @@ def __init__(self, priv_key_path, pub_key_path, scheme, serial=None, pin=VALID_P
         self.priv_key_pem = priv_key_path.read_bytes()
         self.pub_key_pem = pub_key_path.read_bytes()
 
-        self._serial = serial if serial else random.randint(100000, 999999)
+        self._serial = serial if serial else secrets.randbelow(900000) + 100000
         self._pin = pin
 
         self.scheme = scheme

taf/updater/updater_pipeline.py

@@ -1508,6 +1508,12 @@ def update_users_target_repositories(self):
             return self.state.update_status
         try:
             for repository_name in self.state.repos_not_on_disk:
+                branches = [
+                    branch
+                    for branch in self.state.validated_commits_per_target_repos_branches[
+                        repository_name
+                    ]
+                ]
                 users_target_repo = self.state.users_target_repositories[
                     repository_name
                 ]
@@ -1516,12 +1522,15 @@ def update_users_target_repositories(self):
                     temp_target_repo.path,
                     temp_target_repo.get_remote_url(),
                     is_bare=self.bare,
+                    branches=branches,
                 )
-            for repo_name in self.state.repos_on_disk:
-                users_target_repo = self.state.users_target_repositories[repo_name]
-                temp_target_repo = self.state.temp_target_repositories[repo_name]
+            for repository_name in self.state.repos_on_disk:
+                users_target_repo = self.state.users_target_repositories[
+                    repository_name
+                ]
+                temp_target_repo = self.state.temp_target_repositories[repository_name]
                 branches = self.state.validated_commits_per_target_repos_branches[
-                    repo_name
+                    repository_name
                 ]
                 for branch in branches:
                     temp_target_repo.update_local_branch(branch=branch)
@@ -1641,18 +1650,22 @@ def _merge_commit(self, repository, branch, commit_to_merge, force_revert=True):
         checkout_branch = True
         local_branch_exists = repository.branch_exists(branch, include_remotes=False)
         if not self.force:
-            if repository.is_detached_head:
-                self.state.warnings.append(
-                    f"Repository {repository.name} in a detached HEAD state. Checkout the newest branch manually or run the updater with --force"
-                )
-                checkout_branch = False
-            else:
-                current_branch = repository.get_current_branch()
-                if local_branch_exists and current_branch != branch:
+            try:
+                if repository.is_detached_head:
                     self.state.warnings.append(
-                        f"Repository {repository.name} on branch {current_branch}. Checkout the newest branch manually or run the updater with --force"
+                        f"Repository {repository.name} in a detached HEAD state. Checkout the newest branch manually or run the updater with --force"
                     )
                     checkout_branch = False
+                else:
+                    current_branch = repository.get_current_branch()
+                    if local_branch_exists and current_branch != branch:
+                        self.state.warnings.append(
+                            f"Repository {repository.name} on branch {current_branch}. Checkout the newest branch manually or run the updater with --force"
+                        )
+                        checkout_branch = False
+            except KeyError:
+                # an error will be raised if the repo is empty
+                pass
 
         if checkout_branch:
             try: