docker run --rm --volume \
/var/run/docker.sock:/var/run/docker.sock \
--name Grype anchore/grype:latest rounduptracker/roundup:2.2.0
should report no vulnerabilities (note match version with current
build)
Also can scan (optionally) using trivy:
docker run -it --rm --volume \
/var/run/docker.sock:/var/run/docker.sock \
--name trivy aquasec/trivy:latest image --exit-code 1 \
--ignore-unfixed rounduptracker/roundup:2.2.0
You may need to explicitly update/refresh the scanners with:
"docker pull anchore/grype:latest" and similarly for
aquasec/trivy if used.
17d. test roundup in demo mode:
docker run -it --rm -p 8917:8080 \
-v $PWD/tracker:/usr/src/app/tracker \
rounduptracker/roundup:2.2.0 demo
17e. push to DockerHub login (login using 'docker login <username>'
first and user must be member of rounduptracker org with ability
to publish). Replace -N with the release number (e.g. -1, -2, -3...)
docker tag rounduptracker/roundup:2.2.0 roundup-tracker/roundup
docker tag rounduptracker/roundup:2.2.0 roundup-tracker/roundup:2.2.0-N
docker push rounduptracker/roundup:2.2.0
docker push rounduptracker/roundup:2.2.0-N
docker push rounduptracker/roundup update roundup:latest
-------------
If you get errors on the upload operation, you may need the following
~/.pypirc file as well
========
[distutils]
index-servers =
test
pypi
[pypi]
repository: https://upload.pypi.org/legacy/
username: <your username on pypi.org here>
password: <your password here>
[test]
repository: https://test.pypi.org/legacy/
username: <your username on test.pypi.org here>
password: <your password here>
========
-------------
==========================
GPG public key operations.
==========================
LIST IN KEYRING
===============
$ gpg --list-keys -a roundup-devellists.sourceforge.net
pub rsa4096 2018-07-11 [SC] [expires: 2028-07-17]
411E354B5D1AF26125D621221F2DD0CB756A76D8
uid [ultimate] Roundup Team (signing key for roundup
releases) <roundup-devellists.sourceforge.net>
sub rsa4096 2018-07-11 [E] [expires: 2028-07-17]
EXTEND EXPIRATION DATE
======================
Needs private key and passphrse for private key
$ gpg --edit-key 411E354B5D1AF26125D621221F2DD0CB756A76D8
> expire
[add some number of months/years to it]
> key 1
[ this chooses the subkey "sub" ]
> expire
[add some number of months/years to the sub key ]
> save
[ saves both keys, will need the private key and passphrase ]
EXPORT NEW PUBLIC KEY
=====================
$ gpg --export -a roundup-devellists.sourceforge.net >> \
tools/roundup.public.pgp.key
then edit roundup.public.pgp.key keeping only the last key that starts
with: -----BEGIN PGP PUBLIC KEY BLOCK-----
and add back the preamble that describes where to find doc for
it. Commmit new key to mercurial.
SAVE TO KEYSERVER
=================
$ gpg --keyserver pgp.mit.edu --send-keys \
411E354B5D1AF26125D621221F2DD0CB756A76D8
update it on the keysserver so users can download it.
Please read ``doc/upgrading.txt`` to see how to bring you Roundup version
up to date with changes listed in this file. This may require schema
and template changes not listed here.
Each entry has the developer who committed the change in brackets.
Many entries without name were done by Richard Jones.
**IMPORTANT** The v1.5.x releases of Roundup were the last to support
Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup
v2.7.2 or later are required to run newer releases of Roundup.
Roundup 2.0 supports Python 3.4 and later. Roundup 2.1.0 supports
python 3.6 or newer (3.4/3.5 might work, but they are not tested).