Roundup

Latest version: v2.4.0

Safety actively analyzes 688178 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 21

17c.

docker run --rm --volume \
/var/run/docker.sock:/var/run/docker.sock \
--name Grype anchore/grype:latest rounduptracker/roundup:2.2.0

should report no vulnerabilities (note match version with current
build)

Also can scan (optionally) using trivy:

docker run -it --rm --volume \
/var/run/docker.sock:/var/run/docker.sock \
--name trivy aquasec/trivy:latest image --exit-code 1 \
--ignore-unfixed rounduptracker/roundup:2.2.0

You may need to explicitly update/refresh the scanners with:
"docker pull anchore/grype:latest" and similarly for
aquasec/trivy if used.
17d. test roundup in demo mode:

docker run -it --rm -p 8917:8080 \
-v $PWD/tracker:/usr/src/app/tracker \
rounduptracker/roundup:2.2.0 demo

17e. push to DockerHub login (login using 'docker login <username>'
first and user must be member of rounduptracker org with ability
to publish). Replace -N with the release number (e.g. -1, -2, -3...)

docker tag rounduptracker/roundup:2.2.0 roundup-tracker/roundup
docker tag rounduptracker/roundup:2.2.0 roundup-tracker/roundup:2.2.0-N
docker push rounduptracker/roundup:2.2.0
docker push rounduptracker/roundup:2.2.0-N
docker push rounduptracker/roundup update roundup:latest

-------------

If you get errors on the upload operation, you may need the following
~/.pypirc file as well

========
[distutils]
index-servers =
test
pypi

[pypi]
repository: https://upload.pypi.org/legacy/
username: <your username on pypi.org here>
password: <your password here>

[test]
repository: https://test.pypi.org/legacy/
username: <your username on test.pypi.org here>
password: <your password here>
========

-------------

==========================
GPG public key operations.
==========================

LIST IN KEYRING
===============

$ gpg --list-keys -a roundup-devellists.sourceforge.net

pub rsa4096 2018-07-11 [SC] [expires: 2028-07-17]
411E354B5D1AF26125D621221F2DD0CB756A76D8
uid [ultimate] Roundup Team (signing key for roundup
releases) <roundup-devellists.sourceforge.net>
sub rsa4096 2018-07-11 [E] [expires: 2028-07-17]

EXTEND EXPIRATION DATE
======================

Needs private key and passphrse for private key

$ gpg --edit-key 411E354B5D1AF26125D621221F2DD0CB756A76D8

> expire
[add some number of months/years to it]
> key 1
[ this chooses the subkey "sub" ]
> expire
[add some number of months/years to the sub key ]
> save
[ saves both keys, will need the private key and passphrase ]

EXPORT NEW PUBLIC KEY
=====================

$ gpg --export -a roundup-devellists.sourceforge.net >> \
tools/roundup.public.pgp.key

then edit roundup.public.pgp.key keeping only the last key that starts
with: -----BEGIN PGP PUBLIC KEY BLOCK-----

and add back the preamble that describes where to find doc for
it. Commmit new key to mercurial.

SAVE TO KEYSERVER
=================

$ gpg --keyserver pgp.mit.edu --send-keys \
411E354B5D1AF26125D621221F2DD0CB756A76D8

update it on the keysserver so users can download it.



Please read ``doc/upgrading.txt`` to see how to bring you Roundup version
up to date with changes listed in this file. This may require schema
and template changes not listed here.

Each entry has the developer who committed the change in brackets.
Many entries without name were done by Richard Jones.

**IMPORTANT** The v1.5.x releases of Roundup were the last to support
Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup
v2.7.2 or later are required to run newer releases of Roundup.
Roundup 2.0 supports Python 3.4 and later. Roundup 2.1.0 supports
python 3.6 or newer (3.4/3.5 might work, but they are not tested).

17b.

security issues. Currently thinking that release tag is
rounduptracker/roundup:2.2.0-1, -2 etc. Then add a tag
rounduptracker/roundup:2.2.0 that moves to always tag
the latest -N release. Also roundup:latest points to the
newest -N for the newest roundup version.)

docker build -t rounduptracker/roundup:2.2.0 \
--build-arg="source=pypi" -f scripts/Docker/Dockerfile .

to create the docker image. *Change 2.2.0 to current version*
Always use the exact release tag.

17a.

16b.

https://en.wikipedia.org/wiki/Roundup_(issue_tracker)

https://en.wikipedia.org/wiki/Comparison_of_issue-tracking_systems

17 Push release docker image to dockerhub

15c.

announcefossies.org
15d. Update entry on https://directory.fsf.org/wiki/Roundup.

16. Change the release version on the GitHub section at
https://wiki.roundup-tracker.org/CiTestingEnvironment

15b.

Page 1 of 21

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.