Merge branch 'main' into libsolv

Author: rhythmrx9

.github/actions/spelling/allow.txt

@@ -118,6 +118,7 @@ getenv
 gettext
 Giridhar
 github
+gitlint
 glibc
 gnomeshell
 gnupg
@@ -172,6 +173,7 @@ libbpg
 libc
 libcurl
 libdb
+libebml
 libexpat
 libgcrypt
 libical
@@ -180,6 +182,8 @@ liblas
 libnss
 libpng
 libraryname
+librsvg
+libseccomp
 libsndfile
 libsolv
 libsoup
@@ -358,6 +362,7 @@ Vorbis
 VPkg
 webkitgtk
 website
+whl
 wiki
 wikipedia
 willmcgugan

.github/workflows/cve_scan.yml

@@ -0,0 +1,36 @@
+name: CVE scan
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  cve_scan:
+    name: CVE scan on dependencies
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          cache: 'pip'
+          cache-dependency-path: '**/requirements.txt'
+      - name: Get date
+        id: get-date
+        run: |
+          echo "::set-output name=date::$(/bin/date -u "+%Y%m%d")"
+      - name: Get cached database
+        uses: actions/cache@v2
+        with:
+          path: ~/.cache/cve-bin-tool
+          key: ${{ runner.os }}-cve-bin-tool-${{ steps.get-date.outputs.date }}
+      - name: Install dependencies and cve-bin-tool
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install --upgrade setuptools
+          python -m pip install --upgrade wheel
+          pip install . -r doc/requirements.txt
+      - name: Test to check for CVEs for Python requirements and HTML report dependencies
+        run: |
+          pytest test/test_requirements.py

.github/workflows/linting.yml

@@ -0,0 +1,42 @@
+name: Linting
+
+on:
+  push:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  linting:
+    name: Linting
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        tool: ['isort', 'black', 'pyupgrade', 'flake8', 'format_checkers', 'bandit', 'gitlint']
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: actions/setup-python@v2
+        with:
+          cache: 'pip'
+      - name: Install pre-commit
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install --upgrade setuptools
+          python -m pip install --upgrade pre-commit
+          pre-commit install
+      - name: Install cve-bin-tool if needed
+        if: ${{ matrix.tool == 'format_checkers' }}
+        run: |
+          python -m pip install --upgrade wheel
+          python -m pip install .
+      - name: Run ${{ matrix.tool }} using pre-commit
+        if: ${{ matrix.tool != 'gitlint' }}
+        run: |
+          pre-commit run ${{ matrix.tool }} --all-files
+      - name: Run gitlint
+        if: ${{ github.event_name == 'pull_request' && matrix.tool == 'gitlint' }}
+        run: |
+          python -m pip install --upgrade gitlint
+          gitlint --commits ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }}