Nigel Jones
Nigel Jones
Changed approach to build requirements txt to ``` pip install pip-tools pip-compile requirements.txt --generate-hashes -o requirements_new.txt ``` This is done in a clean venv, and has been tested on macos...
This is now ready for review: * Scorecard results are clean with all reported warnings clean * results are only reported in sarif file attached to action Follow-on activity (after...
To answer the remaining comments: * It's not possible to guarantee 100% that there will be no work from this change for the following reasons - If *we* want to...
So in summary my plan (if reviewers agree) is to: - [x] Add setup-python into each build script (using 3.12) - [x] remove/rename the additional requirements file - [x] Add...
We use python dependencies in several areas during a pr & merge build. Specifically in both the unix (macos/linux) and windows builds: 1. copy_from_upstream - this script uses python to...
Added - [x] open issue on ci image Perhaps we could build within our repos? Or maybe use a standard image? (I don't know enough about it to comment)
Added explicit python setup using 'setup-python' github action where used in workflow. In testing this fix, I hit the doxygen deprecation issue which has been addressed in https://github.com/open-quantum-safe/liboqs/pull/1775/files Will redo...
Experimented (I've used it before on other projects) with this in a fork - the results aren't valid as such, but I'll create a PR See docs at https://github.com/ossf/scorecard Adding...
Thanks for the comments in PR #27 - I've rebased, to refresh the results. Currently these are only found in the sarif file attached to the action. The scan is...
I've updated the PR, and also included the changes for pinning versions within the PR (so that I can build together) 1. github actions I used https://github.com/mheap/pin-github-action to update the...