Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions 49 .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -279,3 +279,52 @@ jobs:
echo "This PR changes workflow, composite-action, or dependabot config files."
echo "Require explicit human review before merge."
} >> "$GITHUB_STEP_SUMMARY"

# Aggregator gate -- the single check intended to become the required status
# check on main. The Socket Firewall smoke jobs are conditional (deps-changed
# gates them, and exactly one of free/enterprise runs per PR), so neither can
# be required directly: a required check whose job is `if:`-skipped is never
# created and sits at "Expected -- Waiting for status to be reported"
# forever, permanently blocking merge (this hits every Dependabot/fork PR and
# every PR that doesn't touch deps).
#
# This job runs unconditionally (`if: always()`), depends on all the
# conditional jobs, and fails ONLY when one of them actually failed or was
# cancelled. A `skipped` dependency passes -- so the gate is green when no
# deps changed, and otherwise satisfied by whichever smoke path ran (free for
# Dependabot/forks, enterprise for trusted maintainers). A real Socket
# Firewall block surfaces as a smoke-job failure and thus a gate failure.
#
# NOT YET wired into branch protection -- added during a soak period so the
# check is visible before it becomes blocking. Requiring it before it lands
# on main would strand every other open PR on the trap above.
sfw-gate:
name: Socket Firewall Gate
needs: [inspect, python-sfw-smoke-free, python-sfw-smoke-enterprise, workflow-notice]
if: always()
runs-on: ubuntu-latest
timeout-minutes: 2
steps:
- name: Evaluate dependency-review results
env:
NEEDS_JSON: ${{ toJSON(needs) }}
run: |
echo "$NEEDS_JSON"
# Fail if and only if a needed job reported failure or cancelled;
# success and skipped both pass. jq returns the count of offending
# results.
bad="$(printf '%s' "$NEEDS_JSON" \
| jq '[to_entries[] | select(.value.result == "failure" or .value.result == "cancelled")] | length')"

{
echo "## Socket Firewall Gate"
printf '%s\n' "$NEEDS_JSON" | jq -r 'to_entries[] | "- \(.key): \(.value.result)"'
} >> "$GITHUB_STEP_SUMMARY"

if [ "$bad" -ne 0 ]; then
echo "Gate failed: $bad upstream job(s) failed or were cancelled." >> "$GITHUB_STEP_SUMMARY"
echo "::error::Socket Firewall Gate failed -- $bad upstream job(s) failed or were cancelled."
exit 1
fi

echo "Gate passed." >> "$GITHUB_STEP_SUMMARY"
2 changes: 1 addition & 1 deletion 2 pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ build-backend = "hatchling.build"

[project]
name = "socketdev"
version = "3.2.0"
version = "3.2.1"
requires-python = ">= 3.9"
dependencies = [
'requests',
Expand Down
2 changes: 1 addition & 1 deletion 2 socketdev/version.py
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = "3.2.0"
__version__ = "3.2.1"
2 changes: 1 addition & 1 deletion 2 uv.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Morty Proxy This is a proxified and sanitized view of the page, visit original site.