Skip to content

Release #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
sk-keeper merged 44 commits into from
Nov 1, 2025
Merged

Release #83

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
44 commits
Select commit Hold shift + click to select a range
b302448
record_type_add command added
adeshmukh-ks May 22, 2025
cf7532f
PR review changes, fido upgrade change, login error eddress
adeshmukh-ks May 27, 2025
83c781c
Added logger
adeshmukh-ks May 28, 2025
093cd1c
record_type_edit and record_type_delete functions added
adeshmukh-ks May 29, 2025
d1eaa2b
record_type_info and load_record_types functions added (#12)
adeshmukh-ks Jun 10, 2025
39738e6
download-record-types command added
adeshmukh-ks Jun 10, 2025
e570e17
secrets-manager-app list and get functions and commands
adeshmukh-ks Jun 18, 2025
231a707
Corrected imports
adeshmukh-ks Jun 19, 2025
4db4ccb
secrets-manager-app create and remove commands
adeshmukh-ks Jun 23, 2025
67c0a0d
download-record-types bug fix
adeshmukh-ks Jun 23, 2025
1992530
Yubikey login method bug fix
adeshmukh-ks Jun 25, 2025
672a8f1
Bug fix in delete-attachment command and added rm command
adeshmukh-ks Jun 27, 2025
33a1d5f
Secrets Manager App Share-Unshare, Share Record and Share Folder comm…
adeshmukh-ks Jul 16, 2025
5f4a904
Secrets manager client add and remove commands
adeshmukh-ks Jul 22, 2025
b582d82
Added secrets-manager-share add and remove commands
adeshmukh-ks Jul 25, 2025
7956b87
Added get command and self-destruct feature
adeshmukh-ks Aug 1, 2025
513a02d
Used enumerate_fields
adeshmukh-ks Aug 4, 2025
41a6a08
Added uid flags
adeshmukh-ks Aug 4, 2025
1fb50aa
One-time-share commands
adeshmukh-ks Aug 8, 2025
d97337b
breachwatch scan command
adeshmukh-ks Aug 14, 2025
4c7477d
Python SDK Command examples
sdubey-ks Aug 14, 2025
d0ad7a7
Protobuff file updates
adeshmukh-ks Aug 20, 2025
0c14177
Python SDK command examples
sdubey-ks Aug 22, 2025
e13c656
Bug Fixes
adeshmukh-ks Aug 22, 2025
efa1445
Breachwatch password and search record commands
adeshmukh-ks Aug 29, 2025
2b44c49
Biometric Commands and Authentication Implemented
adeshmukh-ks Sep 4, 2025
628120d
Password-report command and bug fixes
adeshmukh-ks Sep 12, 2025
e211e98
Added examples for enterprise and record attachment commands
adeshmukh-ks Sep 12, 2025
9ef4a94
Trash commands added and bugs fixed
adeshmukh-ks Sep 19, 2025
796a02c
Team handling bug in get command
adeshmukh-ks Sep 19, 2025
1f35210
Clipboard Copy and Record History commands added
adeshmukh-ks Sep 26, 2025
fef509a
Audit log command added
adeshmukh-ks Oct 8, 2025
539d3af
Read me update
adeshmukh-ks Oct 10, 2025
4f1035b
Transform folder command added
adeshmukh-ks Oct 10, 2025
1e17432
Readme update in detail
adeshmukh-ks Oct 16, 2025
4e5be7c
Examples added
adeshmukh-ks Oct 16, 2025
c2b54b5
Create user command added
adeshmukh-ks Oct 20, 2025
ab037d8
Find duplicate command added
adeshmukh-ks Oct 27, 2025
48662cc
Transfer user command added
ukumar-ks Oct 27, 2025
d7917ea
Record permission command added
adeshmukh-ks Oct 28, 2025
f514c47
Added examples of user and record related command
ukumar-ks Oct 30, 2025
41cdce1
Device approve command added
adeshmukh-ks Oct 31, 2025
ded8b3f
Github publish workflow
sk-keeper Nov 1, 2025
30d9551
Release 1.0.0
sk-keeper Nov 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 21 additions & 29 deletions .github/workflows/publish-to-pypi.yml → .github/workflows/publish-cli-to-pypi.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,79 +1,71 @@
name: Publish Commander to PyPi
name: Publish CLI to PyPi

on:
workflow_dispatch:
inputs:
version:
description: Version to release (Tag from Keeper-Security/keeper-sdk-pyton)
description: Version to release (Tag from Keeper-Security/keeper-sdk-python)
required: true

jobs:
build-n-publish:
name: Build and publish Keeper SDK for Python 📦 to PyPI
name: Build and publish Keeper CLI for Python to TestPyPI
runs-on: ubuntu-latest
timeout-minutes: 25 # To keep builds from running too long

permissions:
contents: read

steps:
- name: Checkout source code
uses: actions/checkout@v2

- name: Set up Python 3.10
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: '3.10'
python-version: '3.11'
architecture: 'x64'

- name: Build the package
run: |
python -m pip install -U setuptools pip build wheel twine
python -m build --wheel
python -m build --wheel keepercli-package

- name: Archive the package
uses: actions/upload-artifact@v3
with:
name: KeeperSdkWheel
name: KeeperCLIWheel
retention-days: 1
path: dist/*
path: keepercli-package/dist/*
if-no-files-found: error

- name: Publish Commander to test PyPi
- name: Publish keepercli to test PyPi
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }}
run: |
twine upload -r testpypi dist/*

twine upload -r testpypi keepercli-package/dist/*

publish-pypi:
name: Publish Keeper SDK to PyPi
name: Publish Keeper CLI to PyPi
runs-on: ubuntu-latest
needs: [build-n-publish]
environment: prod

steps:
- uses: actions/download-artifact@v3
with:
name: CommanderWheel
path: dist
name: KeeperCLIWheel
path: keepercli-package/dist

- name: Set up Python 3.10
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: '3.10'
architecture: 'x64'

- name: Retrieve secrets from Keeper
id: ksecrets
uses: Keeper-Security/ksm-action@master
with:
keeper-secret-config: ${{ secrets.KSM_COMMANDER_SECRET_CONFIG }}
secrets: |
gD5LOOhI5QbnSFk8mIg3gg/field/password > PYPI_PASSWORD
python-version: '3.11'

- name: Publish to PyPi
- name: Publish keepercli to PyPi
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ steps.ksecrets.outputs.PYPI_PASSWORD }}
TWINE_PASSWORD: ${{ secrets.PYPI_PUBLISH_TOKEN }}
run: |
python -m pip install -U setuptools pip wheel twine
twine upload dist/*
twine upload -r pypi keepercli-package/dist/*
Comment on lines +49 to +71

Check warning

Code scanning / CodeQL

Workflow does not contain permissions

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}

Copilot Autofix

AI 2 months ago

To fix this issue, we need to add a permissions block to the publish-pypi job in .github/workflows/publish-cli-to-pypi.yml, as was already done for the build-n-publish job. The recommended minimum starting point is to set contents: read, which allows the job to read repository contents but not write to it. This achieves the principle of least privilege and stops jobs from having unnecessary access. To implement this, add the block after the timeout-minutes/runs-on/needs/environment section but before steps: in the publish-pypi job.

Suggested changeset 1
.github/workflows/publish-cli-to-pypi.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/publish-cli-to-pypi.yml b/.github/workflows/publish-cli-to-pypi.yml
--- a/.github/workflows/publish-cli-to-pypi.yml
+++ b/.github/workflows/publish-cli-to-pypi.yml
@@ -50,6 +50,8 @@
     runs-on: ubuntu-latest
     needs: [build-n-publish]
     environment: prod
+    permissions:
+      contents: read
 
     steps:
       - uses: actions/download-artifact@v3
EOF
@@ -50,6 +50,8 @@
runs-on: ubuntu-latest
needs: [build-n-publish]
environment: prod
permissions:
contents: read

steps:
- uses: actions/download-artifact@v3
Copilot is powered by AI and may make mistakes. Always verify output.
94 changes: 59 additions & 35 deletions .github/workflows/publish-sdk.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,72 +1,96 @@
name: Publish Keeper SDK to PyPi

on: [workflow_dispatch]
name: Publish Keeper SDK to PyPI

on:
workflow_dispatch:
inputs:
version:
description: Version to release (tag or branch)
required: true
jobs:
build-wheel:
name: Build and publish Keeper SDK for Python 📦 to PyPI
build-and-test:
name: Build and test Keeper SDK package
runs-on: ubuntu-latest
timeout-minutes: 25 # To keep builds from running too long
timeout-minutes: 25
permissions:
contents: read

steps:
- name: Checkout source code
uses: actions/checkout@v2
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.version }}

- name: Set up Python 3.11
uses: actions/setup-python@v4
- name: Set up Python 3.13
uses: actions/setup-python@v5
with:
python-version: '3.11'
python-version: '3.13'

- name: Install dependencies
run: |
pip install keepersdk-package/

- name: Run unit tests
run: python -m unittest discover -s keepersdk-package/unit_tests/

- name: Build the package
run: |
python3 -m pip install -U setuptools build wheel twine
python3 -m pip install -U build wheel twine
python3 -m build --wheel keepersdk-package

- name: Archive the package
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: KeeperSdkWheel
retention-days: 1
path: keepersdk-package/dist/*
if-no-files-found: error

- name: Publish Commander to test PyPi
publish-test-pypi:
name: Publish to Test PyPI
runs-on: ubuntu-latest
needs: [build-and-test]
environment: test

steps:
- uses: actions/download-artifact@v4
with:
name: KeeperSdkWheel
path: keepersdk-package/dist

- name: Set up Python 3.13
uses: actions/setup-python@v5
with:
python-version: '3.13'

- name: Publish to Test PyPI
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }}
run: |
twine upload -r testpypi dist/*

python -m pip install -U twine
twine upload --repository testpypi keepersdk-package/dist/*

publish-pypi:
name: Publish Keeper SDK to PyPi
name: Publish to Production PyPI
runs-on: ubuntu-latest
needs: [build-wheel]
needs: [publish-test-pypi]
environment: prod

steps:
- uses: actions/download-artifact@v3
with:
name: CommanderWheel
path: dist

- name: Set up Python 3.10
uses: actions/setup-python@v4
- uses: actions/download-artifact@v4
with:
python-version: '3.11'
name: KeeperSdkWheel
path: keepersdk-package/dist

- name: Retrieve secrets from Keeper
id: ksecrets
uses: Keeper-Security/ksm-action@master
- name: Set up Python 3.13
uses: actions/setup-python@v5
with:
keeper-secret-config: ${{ secrets.KSM_COMMANDER_SECRET_CONFIG }}
secrets: |
gD5LOOhI5QbnSFk8mIg3gg/field/password > PYPI_PASSWORD
python-version: '3.13'

- name: Publish to PyPi
- name: Publish to PyPI
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ steps.ksecrets.outputs.PYPI_PASSWORD }}
TWINE_PASSWORD: ${{ secrets.PYPI_PUBLISH_TOKEN }}
run: |
python -m pip install -U setuptools pip wheel twine
twine upload dist/*
python -m pip install -U twine
twine upload keepersdk-package/dist/*
17 changes: 9 additions & 8 deletions .github/workflows/test-with-pytest.yml → .github/workflows/run-unit-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,35 +1,36 @@
name: Test with pytest
name: Test with unittest

on:
pull_request:
branches:
- masterlet'
- master
workflow_dispatch:

env:
PYTHONUNBUFFERED: 1

jobs:
test-with-pytest:
test-with-unittest:
strategy:
matrix:
python-version: ['3.8', '3.14']

runs-on: ubuntu-latest
permissions:
contents: read

steps:
- name: Checkout branch
uses: actions/checkout@v4

- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}

- name: Install package with test dependencies
- name: Install package
run: |
cd keepersdk-package
pip install .[test]
pip install -e keepersdk-package/

- name: Run unit tests
run: pytest keepersdk-package/unit_tests/
run: python -m unittest discover -s keepersdk-package/unit_tests/
Loading