This is an automated email from the ASF dual-hosted git repository.
sbp pushed a change to branch sbp
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
from ca978b9 Change how RAT checks are applied
add ede2e6e Add some directories to the Docker ignore file
add 7821d84 Add test workflow for API testing
add 76fab4c Remove environment type param
add f77be4e Lookup Github NIDs in LDAP
add 53be97c Add task which can trigger a specified github action,
provided ATR has a valid token for that repository.
add 82855d9 Add a POSIX shell script to simplify signing files with GnuPG
add 96e89c2 Update dependencies
add c48aaab Document the script to simplify file signing
add 3220d76 Exclude generated files from lightweight checks in addition
to RAT checks
add 67de1b9 Update pyright and fix types to conform to its stricter
checking
add 49b7cdd Restore validation of the announce download path and update
tests
add 9ae7d6e Update and fix voting tests
add afb9117 Make compose tests less susceptible to issues from fragile
polling
add 8229b79 Add an API endpoint to get the release policy of a project
add 621a8ce Ensure that both sorts of license checks are used in report
tests
add 1f9b760 Fix an intermittent problem with Playwright tests
add c4c9b19 Change the Docker ports to 8080 to match the local
development defaults
add 2bbfd63 Fix an intermittent error when running Playwright tests to
add a file
add 3059c05 Add license check exclusion properties to release policies
add d3978f3 Group unit tests and use a clearer name for the Playwright
test script
add 336962e Add permissions for issues in PR labeler workflow
add d72e3b0 Duplicate derived project release policies instead of cloning
by reference
add 4194fed Update the analysis workflow and allow it to be run manually
add d89e601 Remove localhost from the certificate generator and clarify
the reasoning
add 0aee1cf Remove the Ubuntu OCI container
add 2f3c2aa Document how to run the development server using OCI
containers
add 7f0911a Add simple unit tests for release policy license check
exclusion fields
add 47b774a Delete .github/workflows/pr-labeler.yml
add 5ac0564 Add comment to unused labeler configuration
add 1bbddbf Add license check exclude fields to the UI and related tests
add 12bb109 Doc tweaks
add a14383b New year
add 22a63e6 Add URL
add 7dab9ad Fix the NOTICE file check
add 5f97f4d Make the NOTICE file checker match a wider range of files
add 99013e9 Use exclusions from release policies in lightweight license
checks
add 702b4b3 Use exclusions from release policies in RAT checks
add 7465d9f Clarify platform compatibility
add 9ed7ff0 Improve the instructions for new external contributors
add a5dc289 Add a documentation section about schema changes and
migrations
add c21981f Make e2e tests use their own context
add eb1934e Add a list of specific files to use in the Alpine container
add bc549f4 Use structured data in the RAT check task
add d123633 Split apart some RAT check functions
add 36f60e6 Make deleting releases more efficient for faster testing
add ca73bf9 Simplify errors in the RAT checks
add 76b0328 Fix interface order in the RAT checks
add 039bb47 Add the command used to the RAT check data
add 218c67d Document the reason for disallowing inline comments
add 4682d79 Rename GHA task to be more specific, and work in extra
required parameters. UI work to trigger distributions and endpoint to register
an SSH key. Include workflow status recording.
add a04b963 Init logging before database
add d358918 Allow check caching to be configured using an environment
variable
add e835138 Document how to safely downgrade from a migration in a PR
add 0c3dc31 Shorten known absolute paths in RAT commands
add 4911170 Parenthesize subexpressions and fix a pluralisation bug
add 4647956 Fix the display of check data
add facb7d0 Fix RAT exclusion file selection and add regression unit tests
add 4c8695f Rename the RAT exclusion policy file and make associated
tests more robust
add 0adc3b4 Update dependencies due to CVE-2026-22701
add 99a1a49 Ensure that interpolated LDAP variables are always escaped
add 6e3c06b Improve the instructions to submit a pull request
add 025a0cd Allow phase and UID to be passed out to workflows
add a2c6f8d Update git reference (was working before anyway)
add cee9968 Fix refresh button and remove CSP change. Try to convert ID
to int.
add fc9529a Accept string from github
add 41e3948 Attempt to render completed tasks using workflowstatus entries
add c567a42 Attempt to render completed tasks using workflowstatus entries
add 1b15169 Support the new distribution record function
add 406074a Add a new page about components to the user guide
add fc22823 Fix new record argument validation
add 267562c Add a documentation paragraph explaining more about components
add c3a453e Better messages for distributions
add caebc46 Fix a missing condition
add cd44f0e Add a separate revision counter table
add 77cf366 Change workflow unique ID to be sightly more meaningful
add 3716e77 Use the revision counter when creating new revisions
add 7f94cad Fix the style of nested lists
add 8d0602b Document the parts of the filesystem used by the storage
interface
add 71d78ad Add support for Maven staging (repository.a.o) - using 4443
Nexus 3 new version
add 10795fc Allow the state directory to be configured during setup
add 26d2fa4 Check that the e2e container is running before starting the
tests
add ea5b945 Add a migration to use an audit state subdirectory
add 2fb4d70 Add a migration to use a cache state subdirectory
add 8c15c3c Add a migration to use a database state subdirectory
add 5e26ee1 Do not apply state subdirectory migrations when hot reloading
add 34ae0a1 Add the ability to schedule future jobs. Worker claim updated
to not claim future tasks. Metadata and workflow status tasks can schedule
themselves.
add a9f6090 Add scheduled column for tasks, allow asf_uid to be passed in
task arguments
add 2e99ba3 Move asf_uid to args model and tweak logic to clear scheduled
tasks
add da55914 Change workflow to be a specific staging workflow and remove
from passed args
add 87a6aae Update dependencies
add 5838a03 Add psutil as a dependency
add 501235f Migrate state files with extensive checks
add 85bc177 Remove the dependency on PyNaCl due to CVE-2025-69277
add 64e5620 Increase the entropy of the jti field in JWTs
add e5a2769 Remove unused code in a comment
add 912d6d1 Remove the ability to configure CSRF protection
add ecfb15f Manage the server secret key using ASFQuart
add d5f1e31 Update dependencies due to CVE-2026-23490
add 8a2852d Add issuer and audience to JWTs
add a1b8aa2 Remove hardcoded tooling committee
add 7e1f79d Add a migration to use a logs state directory
add 9f8468e Document how to debug e2e test failures
add bfde376 Add the runtime state directory to the list of directories to
create
add 8630507 Fix some problems with looking up secret configuration values
add 8775ade Render pending and failed distribution tasks for non-finish
releases
add fc70aff Do not attempt to manage Hypercorn logs from the ATR server
add 8a52f67 Fix an error in the e2e tests documentation
add f38dac1 Add a migration to use a curated secrets state subdirectory
add 3096084 Write all Hypercorn state to a shared directory
add 691b986 Suppress a false positive from CodeQL
add 4388deb Do not allow the server.py module to be run directly
add 877c30a Create local certificates automatically if they do not exist
add 6694064 Add a migration to use a generated secrets state subdirectory
add 7958742 Add a migration to use a subversion state subdirectory
add bfa5051 Add a migration to use a temporary state subdirectory
add 5ceec42 Make Maven check use the CDN URLs instead of the search.maven
api
add 72c31ca Split failed and in-progress task results, format error
message better
add 3287b50 Bump biomejs/setup-biome from 2.6.0 to 2.7.0
add 6e564c9 Bump astral-sh/setup-uv from 7.1.6 to 7.2.0
add 0d5928f Require subject template hashes only from forms and not from
the API
add 142707f Copy SBOM models to remove interdependencies
add af926e3 Add a lint to check imports in the models
add 9a67a6d Add a warning about the risks of using mkcert (from @sebbASF)
add 4890e73 Ensure that the permissions of secret files are correct
add 552e2d3 Add a function to change file permissions recursively
add 6cd3688 Disallow writing to release files after staging
add 9b04ca4 Prevent enumeration
add 8835898 Thread count
add 175660d Fix SSH host key permissions if necessary after creation
add 7ad9ca8 Update docs #557 (#565)
add b7c856a Create pull request template for contributions
add 587307b Remove PMC table and submission instructions
add 5b98a81 Synch with start-atr.sh (#567)
add cecb5d6 Add HSTS response header (#566)
add 44cdc6b #556 - narrow exception handling and fail on specific errors
add 98d745c Make the use of configuration more efficient in the server
module
add ee0b0d7 Removing tables, linted
add 25f82ca Fix Markdown issues detected by linting
add f479e9f Downgrade Biome to allow lints to run in CI
add cc43d8d Run pre-commit hooks on pushes to the primary development
branches
add ec84c82 Fix unparenthesized subexpressions
add 9ff6af3 Use sentence case in headings
add 3af4e0e Remove emoji
add bd4462e Add the --frozen flag to all relevant uv commands in the
documentation
add ed078b5 Add too large a payload handler (#572)
add 24e53a1 #549 and #471 - implement structured logging when running not
in debug mode
add 7d0c7c5 Notify users on authentication credentials change
add fe0d7e2 Add some e2e token tests
add 8818629 Send email through the storage interface and add audit logging
add c7fac9f Switch to better condition for dev logs
add f2c69e8 No traceback on error html page (#578)
add 1f62359 Configure session cookie security attributes (#574)
add c7a5d9d Start logging listener immediately so that startup errors are
displayed properly
add 69dc859 Restore the ASFQuart default setting for SameSite
add 98d99a5 Show tracebacks in development environments
add 1569812 #475 - add tagging field to release policy
add e04d942 #475 - Add endpoint to get tagging spec for a release
add d0004d5 #476 - allow rsync to specify a tag as part of the URL
add 6a93e32 #475 - Remove endpoint as not needed for distribution any more
add 6b3b17d Switch to strictyaml and add path traversal protection on save
add 939eba2 Fix validation of tag in read and remove tags from write
altogether
add 395419d Put glob into a thread
add 3299763 Handle path traversal issue in globs before rsyncing
add 5edec37 Remove the outdated implementation plan
add ad885d6 Document how to contribute documentation
add 61a012c Fixes #486
add 77bb20b Update storage interface error messages
add b63b2e6 Support logging additional structured data, and add temporary
log for headers
add 2469e10 #535 - Add global and API rate limits and proxyfix middleware.
add ff22769 Log useragents
add 158cc68 #535 - Only proxyfix in non-local
add d995df0 #535 - Add specific rate limits to security-focused
endpoints. Make sure user ID is logged in more cases (including 429s)
add 04e99ce Don't set up rate limits in testing
add a48bedb #535 - Add rate limiting on PAT and JWT endpoints
add 52f70c8 docs: document generated source file detection and exclusions
(Fixes #477)
add 809056b Add an LDAP search that discovers admin users
add 23ce1aa Only change perms if necessary
add eff9bf6 Fixes #555
add d389573 Fix a couple of small documentation issues
add 5e2550b Add a cache module with admin functions, and tests
add 7089b4c Cache admins from LDAP using a server task
add d885221 Use the LDAP admins cache when checking whether the user is
an admin
add c778fd5 Move request logging for #549 into file. Reduce
docker-compose healthchecks after startup. Log level configurable.
add 0da52ba Add a property to get the admin status of committer sessions
add 44ee502 Fix some problems with file tag YAML validation
add fb14bd9 Document how to resolve a known problem with pip-audit
add 759f0c6 Move most logging paraphernalia to a new loggers module
add 48a9e0d Fix audit logging when the storage interface is used in tasks
add 314bb8e Prevent events from being double encoded in the audit logs
add 54c643b Cleaning up notes; fixes #533
add b2df9f8 Catch all relevant errors when accessing the admin cache in
workers
add bc4db0a Fix issue with SBOM OSV scan models, and allow scan of jar
files.
add 9254c10 #550 - re-enable worker RLIMITs and set RAT Java args and
CycloneDX .NET environment to git within them
add 06d9427 Document ADMIN_USERS_ADDITIONAL
add 23bd8b0 #508 - block announcing through any channel until tagged
distributions have been recorded
add 3c2434e #594 - Validate that OIDC is being used for endpoints where
asf_uid is specifiable.
add 56621dd Try the admin cache file in synchronous contexts too
add a90a40a Fix some problems with the admin script to import keys
add 5001b6b Validate release phase on manual resolution
add ba6aceb Clear a session before setting an impersonated session
add 264a870 Filter out SSL shutdown timeout errors from asyncio in
Hypercorn
add 280fa5a Exclude Litestream tables from Alembic
add df2ee0f Report on scheduled tasks as well as recent
add 4421595 Remove stale workflow file
add 1699697 #598 - Check for account existence before issuing JWT
add 1b098ff Use project release policy for tags
add 75ea4fc Use project release policy for tags
add 8b47d0f #508 - only consider non-staging distributions for blocking
announce
add 63d8ea6 feat(security): centralize secure HTTP sessions and enforce
TLS 1.2+ (#548)
add 1d2e7ab #596 - finite session lifetime by config - 72 hour default.
add 6909e9e Bump actions/cache from 5.0.1 to 5.0.2
add f972754 Bump actions/checkout from 6.0.1 to 6.0.2
add c99fcd0 #596 - security documentation updated
add a59a47d Fix problems with the code and tests for creating secure
sessions
add c766e02 Archive member count limit #604
add 91224b4 Add unit tests for the archive member limit code
add 9b0d1db #598 - Check for account ban before issuing JWT
add 6560287 Ensure archive members limit can be disabled, and catch more
widely
add 8c52b4c Note that ZIP extraction is not supported in the tarzip module
add ee6ef4e Use the Tooling project as a committee proxy in ASFQuart
session data
add 360bdf2 Add hyperscan and update dependencies
add 66e7823 Use Hyperscan for ignore patterns to avoid backtracking
attacks
add d7d8967 #216 - Add pending distribution status and background task to
check it. Refactor some of the distribution logic out to shared module and some
of shared module to precent circular references.
add 8ed69eb #216 - Scheduled task for pending distributions, add
created_by to dist table.
new a00a0af Remove the commit target from the Makefile
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.dockerignore | 48 +-
.github/PULL_REQUEST_TEMPLATE.md | 67 ++
.github/labeler.yml | 3 +-
.github/workflows/analyze.yml | 13 +-
.github/workflows/build.yml | 10 +-
.github/workflows/codeql.yaml | 2 +-
.github/workflows/pr-labeler.yml | 18 -
.pre-commit-config.yaml | 16 +-
Alpha-signup.md | 6 -
BUILD.md | 253 +++++++
CONTRIBUTING.md | 208 ++++++
DEVELOPMENT.md | 224 ++++++
Dockerfile.alpine | 4 +-
Dockerfile.ubuntu | 137 ----
GOVERNANCE.md | 46 ++
Makefile | 54 +-
NOTICE | 4 +-
README.md | 62 +-
SECURITY.md | 44 ++
SUPPORT.md | 55 ++
alembic.ini | 2 +-
atr/admin/__init__.py | 68 +-
atr/api/__init__.py | 184 ++++-
atr/archives.py | 71 +-
atr/blueprints/__init__.py | 2 +-
atr/blueprints/admin.py | 2 +-
atr/blueprints/api.py | 10 +-
atr/cache.py | 136 ++++
atr/config.py | 90 ++-
atr/constants.py | 10 +
atr/datasources/apache.py | 13 +-
atr/db/__init__.py | 57 ++
atr/db/interaction.py | 59 +-
atr/docs/code-conventions.md | 11 +-
atr/docs/components.md | 50 ++
atr/docs/database.md | 17 +
atr/docs/developer-guide.md | 14 +
atr/docs/how-to-contribute.md | 123 ++--
atr/docs/index.md | 6 +
atr/docs/input-validation.md | 304 ++++++++
atr/docs/license-checks.md | 86 +++
atr/docs/running-and-creating-tests.md | 182 ++++-
atr/docs/running-the-server.md | 110 +--
atr/docs/security-authentication.md | 164 +++++
atr/docs/security-authorization.md | 201 +++++
atr/docs/signing-artifacts.md | 71 ++
atr/docs/storage-interface.md | 81 ++
atr/docs/user-guide.md | 6 +
atr/form.py | 4 +
atr/get/announce.py | 97 ++-
atr/get/checks.py | 2 +-
atr/get/compose.py | 2 +-
atr/get/distribution.py | 193 ++++-
atr/get/download.py | 2 -
atr/get/finish.py | 198 ++++-
atr/get/keys.py | 3 +-
atr/get/projects.py | 11 +-
atr/get/sbom.py | 19 +-
atr/get/vote.py | 2 +-
atr/jwtoken.py | 42 +-
atr/ldap.py | 111 ++-
atr/log.py | 88 ++-
atr/loggers.py | 118 +++
atr/models/__init__.py | 4 +-
atr/models/api.py | 109 ++-
atr/models/attestable.py | 2 +-
atr/models/checkdata.py | 43 ++
atr/models/results.py | 63 +-
atr/models/sql.py | 159 +++-
atr/models/validation.py | 77 ++
atr/post/announce.py | 44 +-
atr/post/distribution.py | 114 ++-
atr/post/draft.py | 9 +-
atr/post/keys.py | 2 +-
atr/post/tokens.py | 3 +
atr/principal.py | 10 +-
atr/sbom/cyclonedx.py | 7 +
atr/sbom/models/osv.py | 1 +
atr/sbom/osv.py | 13 +-
atr/sbom/utilities.py | 5 +-
atr/server.py | 656 ++++++++++++++---
atr/shared/__init__.py | 215 +-----
atr/shared/distribution.py | 260 ++++++-
atr/shared/ignores.py | 22 +
atr/shared/projects.py | 16 +
atr/shared/{__init__.py => web.py} | 70 +-
atr/ssh.py | 116 ++-
atr/static/css/atr.css | 4 +
atr/static/js/src/announce-confirm.js | 50 +-
atr/static/sh/gpgsign.sh | 167 +++++
atr/storage/__init__.py | 33 +-
atr/storage/readers/checks.py | 25 +-
atr/storage/readers/releases.py | 2 +-
atr/storage/readers/tokens.py | 4 +-
atr/storage/writers/__init__.py | 4 +
atr/storage/writers/announce.py | 27 +-
atr/storage/writers/cache.py | 6 +-
atr/storage/writers/checks.py | 28 +-
atr/storage/writers/distributions.py | 300 +++-----
atr/storage/writers/keys.py | 10 +-
atr/storage/writers/{cache.py => mail.py} | 65 +-
atr/storage/writers/policy.py | 37 +-
atr/storage/writers/project.py | 14 +-
atr/storage/writers/release.py | 63 +-
atr/storage/writers/revision.py | 13 +-
atr/storage/writers/sbom.py | 6 +-
atr/storage/writers/ssh.py | 6 +-
atr/storage/writers/tokens.py | 43 +-
atr/storage/writers/vote.py | 14 +-
atr/storage/writers/{ssh.py => workflowstatus.py} | 96 +--
atr/tabulate.py | 12 +-
atr/tarzip.py | 77 +-
atr/tasks/__init__.py | 100 ++-
atr/tasks/checks/__init__.py | 4 +
atr/tasks/checks/license.py | 337 +++++----
atr/tasks/checks/paths.py | 2 +-
atr/tasks/checks/rat.py | 812 ++++++++++-----------
atr/tasks/checks/targz.py | 10 +-
atr/tasks/checks/zipformat.py | 30 +-
atr/tasks/distribution.py | 91 +++
atr/tasks/gha.py | 305 ++++++++
atr/tasks/message.py | 9 +-
atr/tasks/metadata.py | 14 +
atr/tasks/sbom.py | 13 +-
atr/tasks/vote.py | 12 +-
atr/templates/check-selected.html | 12 +-
atr/templates/draft-tools.html | 6 +-
atr/templates/includes/footer.html | 4 +-
atr/templates/report-selected-path.html | 6 +-
atr/user.py | 34 +-
atr/util.py | 89 ++-
atr/web.py | 11 +-
atr/worker.py | 180 +++--
docker-compose.yml | 6 +-
migrations/env.py | 15 +
migrations/versions/0035_2026.01.08_2bbfd636.py | 29 +
migrations/versions/0036_2026.01.12_3831f215.py | 26 +
migrations/versions/0037_2026.01.13_0cefcaea.py | 46 ++
migrations/versions/0038_2026.01.14_267562c1.py | 39 +
migrations/versions/0039_2026.01.14_cd44f0ea.py | 31 +
migrations/versions/0040_2026.01.15_31d91cc5.py | 31 +
....05_211a31e3.py => 0041_2026.01.22_d1e357f5.py} | 16 +-
migrations/versions/0042_2026.01.28_3e434625.py | 31 +
migrations/versions/0043_2026.01.29_d7d89670.py | 33 +
notes/api-security.md | 38 -
notes/development.md | 26 -
notes/outcome-design-patterns.md | 38 -
notes/plan.md | 197 -----
notes/test-user-flows.md | 71 --
notes/trivial-changes.md | 9 -
playwright/test.py | 15 +-
pyproject.toml | 11 +-
scripts/README.md | 4 +-
scripts/build | 5 +-
scripts/check-certs | 15 +
scripts/check-perms | 15 +
scripts/check_models_imports.py | 83 +++
scripts/generate-certificates | 15 +-
scripts/keys_import.py | 2 +-
start-atr.sh | 13 +-
start-dev.sh | 13 +-
tests/Dockerfile.e2e | 2 +-
tests/docker-compose.yml | 14 +-
tests/e2e/announce/test_get.py | 41 --
tests/e2e/compose/test_get.py | 15 +-
tests/e2e/helpers.py | 9 +-
tests/{datasources => e2e/policy}/__init__.py | 0
tests/e2e/{root => policy}/conftest.py | 25 +-
tests/e2e/{announce => policy}/helpers.py | 20 +-
tests/e2e/policy/test_get.py | 49 ++
tests/e2e/policy/test_post.py | 72 ++
tests/e2e/report/conftest.py | 14 +-
tests/e2e/sbom/conftest.py | 25 +-
.../icons.py => tests/e2e/sbom/helpers.py | 10 +-
tests/e2e/sbom/test_post.py | 19 +-
{atr => tests/e2e/tokens}/__init__.py | 0
tests/e2e/{root => tokens}/conftest.py | 17 +-
atr/tasks/task.py => tests/e2e/tokens/helpers.py | 24 +-
tests/e2e/tokens/test_get.py | 47 ++
tests/e2e/tokens/test_post.py | 98 +++
tests/e2e/voting/test_get.py | 62 +-
tests/run-e2e.sh | 16 +-
tests/{run-tests.sh => run-playwright.sh} | 0
tests/run-unit.sh | 7 +
{atr => tests/unit}/__init__.py | 0
{atr => tests/unit/datasources}/__init__.py | 0
tests/{ => unit}/datasources/test_apache.py | 54 +-
.../datasources/testdata/committees.json | 0
tests/{ => unit}/datasources/testdata/groups.json | 0
.../datasources/testdata/ldap_projects.json | 0
.../{ => unit}/datasources/testdata/podlings.json | 0
.../{ => unit}/datasources/testdata/projects.json | 0
.../datasources/testdata/retired_committees.json | 0
tests/unit/test_archive_member_limit.py | 268 +++++++
tests/unit/test_cache.py | 233 ++++++
tests/unit/test_checks_license.py | 61 ++
tests/unit/test_checks_rat.py | 133 ++++
tests/unit/test_ignore_patterns.py | 62 ++
tests/unit/test_ldap.py | 114 +++
tests/unit/test_policy_excludes_model.py | 66 ++
tests/unit/test_user.py | 107 +++
tests/unit/test_util.py | 91 +++
tests/unit/test_util_security.py | 145 ++++
uv.lock | 485 ++++++------
204 files changed, 9687 insertions(+), 3094 deletions(-)
create mode 100644 .github/PULL_REQUEST_TEMPLATE.md
delete mode 100644 .github/workflows/pr-labeler.yml
create mode 100644 BUILD.md
create mode 100644 CONTRIBUTING.md
create mode 100644 DEVELOPMENT.md
delete mode 100644 Dockerfile.ubuntu
create mode 100644 GOVERNANCE.md
create mode 100644 SECURITY.md
create mode 100644 SUPPORT.md
create mode 100644 atr/cache.py
create mode 100644 atr/docs/components.md
create mode 100644 atr/docs/input-validation.md
create mode 100644 atr/docs/license-checks.md
create mode 100644 atr/docs/security-authentication.md
create mode 100644 atr/docs/security-authorization.md
create mode 100644 atr/docs/signing-artifacts.md
create mode 100644 atr/loggers.py
create mode 100644 atr/models/checkdata.py
create mode 100644 atr/models/validation.py
copy atr/shared/{__init__.py => web.py} (81%)
create mode 100755 atr/static/sh/gpgsign.sh
copy atr/storage/writers/{cache.py => mail.py} (68%)
copy atr/storage/writers/{ssh.py => workflowstatus.py} (64%)
create mode 100644 atr/tasks/distribution.py
create mode 100644 atr/tasks/gha.py
create mode 100644 migrations/versions/0035_2026.01.08_2bbfd636.py
create mode 100644 migrations/versions/0036_2026.01.12_3831f215.py
create mode 100644 migrations/versions/0037_2026.01.13_0cefcaea.py
create mode 100644 migrations/versions/0038_2026.01.14_267562c1.py
create mode 100644 migrations/versions/0039_2026.01.14_cd44f0ea.py
create mode 100644 migrations/versions/0040_2026.01.15_31d91cc5.py
copy migrations/versions/{0030_2025.12.05_211a31e3.py =>
0041_2026.01.22_d1e357f5.py} (50%)
create mode 100644 migrations/versions/0042_2026.01.28_3e434625.py
create mode 100644 migrations/versions/0043_2026.01.29_d7d89670.py
delete mode 100644 notes/api-security.md
delete mode 100644 notes/development.md
delete mode 100644 notes/outcome-design-patterns.md
delete mode 100644 notes/plan.md
delete mode 100644 notes/test-user-flows.md
delete mode 100644 notes/trivial-changes.md
create mode 100755 scripts/check-certs
create mode 100755 scripts/check-perms
create mode 100755 scripts/check_models_imports.py
rename tests/{datasources => e2e/policy}/__init__.py (100%)
copy tests/e2e/{root => policy}/conftest.py (66%)
copy tests/e2e/{announce => policy}/helpers.py (62%)
create mode 100644 tests/e2e/policy/test_get.py
create mode 100644 tests/e2e/policy/test_post.py
copy atr/blueprints/icons.py => tests/e2e/sbom/helpers.py (79%)
copy {atr => tests/e2e/tokens}/__init__.py (100%)
copy tests/e2e/{root => tokens}/conftest.py (75%)
copy atr/tasks/task.py => tests/e2e/tokens/helpers.py (63%)
create mode 100644 tests/e2e/tokens/test_get.py
create mode 100644 tests/e2e/tokens/test_post.py
rename tests/{run-tests.sh => run-playwright.sh} (100%)
create mode 100755 tests/run-unit.sh
copy {atr => tests/unit}/__init__.py (100%)
copy {atr => tests/unit/datasources}/__init__.py (100%)
rename tests/{ => unit}/datasources/test_apache.py (100%)
rename tests/{ => unit}/datasources/testdata/committees.json (100%)
rename tests/{ => unit}/datasources/testdata/groups.json (100%)
rename tests/{ => unit}/datasources/testdata/ldap_projects.json (100%)
rename tests/{ => unit}/datasources/testdata/podlings.json (100%)
rename tests/{ => unit}/datasources/testdata/projects.json (100%)
rename tests/{ => unit}/datasources/testdata/retired_committees.json (100%)
create mode 100644 tests/unit/test_archive_member_limit.py
create mode 100644 tests/unit/test_cache.py
create mode 100644 tests/unit/test_checks_license.py
create mode 100644 tests/unit/test_checks_rat.py
create mode 100644 tests/unit/test_ignore_patterns.py
create mode 100644 tests/unit/test_ldap.py
create mode 100644 tests/unit/test_policy_excludes_model.py
create mode 100644 tests/unit/test_user.py
create mode 100644 tests/unit/test_util.py
create mode 100644 tests/unit/test_util_security.py
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
