Skip to content

ci: remove python3 ldap package #10172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 18, 2024
Merged

ci: remove python3 ldap package #10172

merged 2 commits into from
Nov 18, 2024

Conversation

moabu
Copy link
Member

@moabu moabu commented Nov 18, 2024

Prepare

Description

Target issue

closes #10171

Implementation Details

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

  • I confirm that there is no impact on the docs due to the code changes in this PR.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 18, 2024
edited
Loading

DryRun Security Summary

This pull request primarily focuses on updating the package dependencies and build/release processes for the Jans project, an open-source identity and access management (IAM) solution, including the removal of the python3-ldap3 dependency, dependency management updates, and improvements to the build and release process, along with a minor documentation update.

Expand for full summary

Summary:

The code changes in this pull request primarily focus on updating the package dependencies and build/release processes for the Jans project, which is an open-source identity and access management (IAM) solution. The key changes include:

  1. Removal of python3-ldap3 Dependency: The python3-ldap3 dependency has been removed from the Debian, SUSE, and CentOS/RHEL 8 package specifications. This suggests that the Jans application may no longer require direct LDAP integration, potentially reducing the attack surface and complexity of the application.

  2. Dependency Management: The changes also involve updating the version requirements for other Python dependencies, such as python3-requests, python3-PyMySQL, python3-cryptography, and python3-psycopg2. Proper dependency management is crucial to ensure the application's security and functionality.

  3. Build and Release Process Improvements: The changes to the GitHub Actions workflow demonstrate a security-focused approach to building and publishing the Jans project's binary and Python packages. This includes hardening the GitHub Actions runner, signing the packages, generating checksums, and following secure release practices.

  4. Documentation Update: A minor documentation update was made to the ldap2mysql script's README.md file, correcting a typo. While this change is not security-related, it's important to maintain accurate and up-to-date documentation to ensure the correct usage and deployment of the application.

Files Changed:

  1. automation/packaging/deb/focal/debian/control, automation/packaging/deb/jammy/debian/control, automation/packaging/rpm/el8/jans.spec, automation/packaging/rpm/suse15/jans.spec: These files contain the package dependency updates, including the removal of the python3-ldap3 dependency.

  2. .github/workflows/build-packages.yml: This file contains the changes to the GitHub Actions workflow for building and publishing the Jans project's binary and Python packages.

  3. jans-linux-setup/tools/ldap2mysql/README.md: This file contains a minor documentation update to the ldap2mysql script.

Overall, the changes in this pull request appear to be focused on improving the security, maintainability, and reliability of the Jans project's build and release processes, as well as potentially simplifying the application's dependencies and functionality.

Code Analysis

We ran 9 analyzers against 6 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mo-auto mo-auto added area-CI Issue or changes required in automatic builds or CI infrastructure area-documentation Documentation needs to change as part of issue or PR comp-jans-linux-setup Component affected by issue or PR labels Nov 18, 2024
@moabu moabu merged commit c19d320 into main Nov 18, 2024
11 checks passed
@moabu moabu deleted the ci-rm-python3-ldap branch November 18, 2024 12:39
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iromli iromli iromli approved these changes

@devrimyatar devrimyatar Awaiting requested review from devrimyatar devrimyatar is a code owner

@yuriyz yuriyz Awaiting requested review from yuriyz yuriyz is a code owner

@yurem yurem Awaiting requested review from yurem yurem is a code owner

@yuriyzz yuriyzz Awaiting requested review from yuriyzz yuriyzz is a code owner

Assignees
No one assigned
Labels
area-CI Issue or changes required in automatic builds or CI infrastructure area-documentation Documentation needs to change as part of issue or PR comp-jans-linux-setup Component affected by issue or PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ci: remove python3-ldap from packages
3 participants
@moabu @iromli @mo-auto