Merge remote-tracking branch 'origin/master' into v2-pull-integration

MarcelGeo · MarcelGeo · commit 7f4497d75e29 · 2026-05-11T11:07:40.000+02:00
diff --git a/.github/workflows/security_check.yml b/.github/workflows/security_check.yml
@@ -0,0 +1,42 @@
+name: Python-api QA (Security & Style)
+
+# Trigger the workflow on every push
+on: [push]
+
+jobs:
+  quality-assurance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+
+      - name: Install dependencies
+        run: |
+          # Upgrade pip and install security/linting tools
+          python -m pip install --upgrade pip
+          pip install bandit detect-secrets
+
+      # - name: Install dependencies
+      #   run: |
+      #     # Upgrade pip and install security/linting tools
+      #     python -m pip install --upgrade pip
+      #     pip install bandit detect-secrets flake8 flake8-json
+
+      - name: Run Bandit (Security Scan)
+        # Scan the mergin folder for vulnerabilities, excluding the test directory
+        run: bandit -r ./mergin/ -ll --exclude ./mergin/test
+
+      - name: Run Detect Secrets
+        # Scan the plugin directory for hardcoded secrets/credentials
+        run: detect-secrets scan ./mergin/ --all-files
+
+      # - name: Run Flake8 (Style Check)
+      #   # Style enforcement using MerginMaps standards
+      #   # Ignoring E501 (line length) and W503 (operator line breaks)
+      #   run: |
+      #     flake8 ./mergin/ --max-line-length=120 --ignore=E501,W503 --exclude=test
diff --git a/mergin/version.py b/mergin/version.py
@@ -1,5 +1,5 @@
 # The version is also stored in ../setup.py
-__version__ = "0.12.3"
+__version__ = "0.12.4"
 
 # There seems to be no single nice way to keep version info just in one place:
 # https://packaging.python.org/guides/single-sourcing-package-version/
diff --git a/setup.py b/setup.py
@@ -5,7 +5,7 @@
 
 setup(
     name="mergin-client",
-    version="0.12.3",
+    version="0.12.4",
     url="https://github.com/MerginMaps/python-api-client",
     license="MIT",
     author="Lutra Consulting Ltd.",
