Adding upstream version 1.1.0.

Signed-off-by: Daniel Baumann <daniel@debian.org>

.github/workflows/code-testing.yml

@@ -122,7 +122,7 @@ jobs:
   test-documentation:
     name: Build offline documentation for testing
     runs-on: ubuntu-20.04
-    needs: [lint-python, type-python, test-python]
+    needs: [test-python]
     steps:
       - uses: actions/checkout@v4
       - name: Setup Python
@@ -133,3 +133,20 @@ jobs:
         run: pip install .[doc]
       - name: "Build mkdocs documentation offline"
         run: mkdocs build
+  benchmarks:
+    name: Benchmark ANTA for Python 3.12
+    runs-on: ubuntu-latest
+    needs: [test-python]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Install dependencies
+        run: pip install .[dev]
+      - name: Run benchmarks
+        uses: CodSpeedHQ/action@v3
+        with:
+          token: ${{ secrets.CODSPEED_TOKEN }}
+          run: pytest --codspeed --no-cov --log-cli-level INFO tests/benchmark

.github/workflows/codspeed.yml

@@ -0,0 +1,22 @@
+---
+name: Run benchmarks manually
+on:
+  workflow_dispatch:
+
+jobs:
+  benchmarks:
+    name: Benchmark ANTA for Python 3.12
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+      - name: Install dependencies
+        run: pip install .[dev]
+      - name: Run benchmarks
+        uses: CodSpeedHQ/action@v3
+        with:
+          token: ${{ secrets.CODSPEED_TOKEN }}
+          run: pytest --codspeed --no-cov --log-cli-level INFO tests/benchmark

.github/workflows/on-demand.yml

@@ -39,7 +39,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile

.github/workflows/pr-triage.yml

@@ -13,7 +13,7 @@ jobs:
     # https://github.com/marketplace/actions/auto-author-assign
     runs-on: ubuntu-latest
     steps:
-      - uses: toshimaru/auto-author-assign@v2.1.0
+      - uses: toshimaru/auto-author-assign@v2.1.1
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"
 
@@ -22,7 +22,7 @@ jobs:
     steps:
       # Please look up the latest version from
       # https://github.com/amannn/action-semantic-pull-request/releases
-      - uses: amannn/action-semantic-pull-request@v5.5.2
+      - uses: amannn/action-semantic-pull-request@v5.5.3
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/release.yml

@@ -100,7 +100,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: Dockerfile

.github/workflows/secret-scanner.yml

@@ -10,21 +10,6 @@ jobs:
   scan_secret:
     name: Scan incoming changes
     runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/aristanetworks/secret-scanner-service:main
-      options: --name sss-scanner
-    steps:
-      - name: Checkout ${{ github.ref }}
-        # Hitting https://github.com/actions/checkout/issues/334 so trying v1
-        uses: actions/checkout@v1
-        with:
-          fetch-depth: 0
+    steps: 
       - name: Run scanner
-        run: |
-          git config --global --add safe.directory $GITHUB_WORKSPACE
-          scanner commit . github ${{ github.repository }} \
-             --markdown-file job_summary.md \
-             ${{ github.event_name == 'pull_request' && format('--since-commit {0}', github.event.pull_request.base.sha) || ''}}
-      - name: Write result to summary
-        run: cat ./job_summary.md >> $GITHUB_STEP_SUMMARY
-        if: ${{ always() }}
+        uses: aristanetworks/secret-scanner-service-public@main

.github/workflows/sonar.yml

@@ -0,0 +1,44 @@
+---
+name: Analysis with Sonarlint and publish to SonarCloud
+on:
+  push:
+    branches:
+      - main
+  # Need to do this to be able to have coverage on PR across forks.
+  pull_request_target:
+
+# TODO this can be made better by running only coverage, it happens that today
+# in tox gh-actions we have configured 3.11 to run the report side in
+# pyproject.toml
+
+jobs:
+  sonarcloud:
+    name: Run Sonarlint analysis and upload to SonarCloud.
+    if: github.repository == 'aristanetworks/anta'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.11
+      - name: Install dependencies
+        run: pip install tox tox-gh-actions
+      - name: "Run pytest via tox for ${{ matrix.python }}"
+        run: tox
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        with:
+          # Using ACTION_STEP_DEBUG to trigger verbose when debugging in Github Action
+          args: >
+            -Dsonar.scm.revision=${{ github.event.pull_request.head.sha }}
+            -Dsonar.pullrequest.key=${{ github.event.number }}
+            -Dsonar.pullrequest.branch=${{ github.event.pull_request.head.ref }}
+            -Dsonar.pullrequest.base=${{ github.event.pull_request.base.ref }}
+            -Dsonar.verbose=${{ secrets.ACTIONS_STEP_DEBUG }}