Added new workflows, changed the old publish actions and updated version

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,69 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '32 11 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/publish-to-pypi.yml → .github/workflows/publish-cli-to-pypi.yml

@@ -1,79 +1,71 @@
-name: Publish Commander to PyPi
+name: Publish CLI to PyPi
 
 on:
   workflow_dispatch:
     inputs:
       version:
-        description: Version to release (Tag from Keeper-Security/keeper-sdk-pyton)
+        description: Version to release (Tag from Keeper-Security/keeper-sdk-python)
         required: true
 
 jobs:
   build-n-publish:
-    name: Build and publish Keeper SDK for Python 📦 to PyPI
+    name: Build and publish Keeper CLI for Python to TestPyPI
     runs-on: ubuntu-latest
     timeout-minutes: 25     # To keep builds from running too long
-
+    permissions:
+      contents: read
+
     steps:
       - name: Checkout source code
         uses: actions/checkout@v2
 
-      - name: Set up Python 3.10
+      - name: Set up Python 3.11
         uses: actions/setup-python@v4
         with:
-          python-version: '3.10'
+          python-version: '3.11'
           architecture: 'x64'
 
       - name: Build the package
         run: |
           python -m pip install -U setuptools pip build wheel twine
-          python -m build --wheel
+          python -m build --wheel keepercli-package
 
       - name: Archive the package
         uses: actions/upload-artifact@v3
         with:
-          name: KeeperSdkWheel
+          name: KeeperCLIWheel
           retention-days: 1
-          path: dist/*
+          path: keepercli-package/dist/*
           if-no-files-found: error
 
-      - name: Publish Commander to test PyPi
+      - name: Publish keepercli to test PyPi
         env:
           TWINE_USERNAME: __token__
           TWINE_PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }}
         run: |
-          twine upload  -r testpypi dist/*
-
+          twine upload  -r testpypi keepercli-package/dist/*
 
   publish-pypi:
-    name: Publish Keeper SDK to PyPi
+    name: Publish Keeper CLI to PyPi
     runs-on: ubuntu-latest
     needs: [build-n-publish]
     environment: prod
 
     steps:
       - uses: actions/download-artifact@v3
         with:
-          name: CommanderWheel
-          path: dist
+          name: KeeperCLIWheel
+          path: keepercli-package/dist
 
-      - name: Set up Python 3.10
+      - name: Set up Python 3.11
         uses: actions/setup-python@v4
         with:
-          python-version: '3.10'
-          architecture: 'x64'
-
-      - name: Retrieve secrets from Keeper
-        id: ksecrets
-        uses: Keeper-Security/ksm-action@master
-        with:
-          keeper-secret-config: ${{ secrets.KSM_COMMANDER_SECRET_CONFIG }}
-          secrets: |
-            gD5LOOhI5QbnSFk8mIg3gg/field/password > PYPI_PASSWORD
+          python-version: '3.11'
 
-      - name: Publish to PyPi
+      - name: Publish keepercli to PyPi
         env:
           TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ steps.ksecrets.outputs.PYPI_PASSWORD }}
+          TWINE_PASSWORD: ${{ secrets.PYPI_PUBLISH_TOKEN }}
         run: |
           python -m pip install -U setuptools pip wheel twine
-          twine upload dist/*
+          twine upload -r pypi keepercli-package/dist/*

.github/workflows/publish-sdk.yml

@@ -1,72 +1,90 @@
-name: Publish Keeper SDK to PyPi
+name: Publish Keeper SDK to PyPI
 
 on: [workflow_dispatch]
 
 jobs:
-  build-wheel:
-    name: Build and publish Keeper SDK for Python 📦 to PyPI
+  build-and-test:
+    name: Build and test Keeper SDK package
     runs-on: ubuntu-latest
-    timeout-minutes: 25     # To keep builds from running too long
+    timeout-minutes: 25
+    permissions:
+      contents: read
 
     steps:
       - name: Checkout source code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
-      - name: Set up Python 3.11
-        uses: actions/setup-python@v4
+      - name: Set up Python 3.13
+        uses: actions/setup-python@v5
         with:
-          python-version: '3.11'
+          python-version: '3.13'
+
+      - name: Install dependencies
+        run: |
+          pip install keepersdk-package/
+
+      - name: Run unit tests
+        run: python -m unittest discover -s keepersdk-package/unit_tests/
 
       - name: Build the package
         run: |
-          python3 -m pip install -U setuptools build wheel twine
+          python3 -m pip install -U build wheel twine
           python3 -m build --wheel keepersdk-package
 
       - name: Archive the package
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: KeeperSdkWheel
           retention-days: 1
           path: keepersdk-package/dist/*
           if-no-files-found: error
 
-      - name: Publish Commander to test PyPi
+  publish-test-pypi:
+    name: Publish to Test PyPI
+    runs-on: ubuntu-latest
+    needs: [build-and-test]
+    environment: test
+
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          name: KeeperSdkWheel
+          path: keepersdk-package/dist
+
+      - name: Set up Python 3.13
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.13'
+
+      - name: Publish to Test PyPI
         env:
           TWINE_USERNAME: __token__
           TWINE_PASSWORD: ${{ secrets.TEST_PYPI_TOKEN }}
         run: |
-          twine upload  -r testpypi dist/*
-
+          python -m pip install -U twine
+          twine upload --repository testpypi keepersdk-package/dist/*
 
   publish-pypi:
-    name: Publish Keeper SDK to PyPi
+    name: Publish to Production PyPI
     runs-on: ubuntu-latest
-    needs: [build-wheel]
+    needs: [publish-test-pypi]
     environment: prod
 
     steps:
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
-          name: CommanderWheel
-          path: dist
-
-      - name: Set up Python 3.10
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.11'
+          name: KeeperSdkWheel
+          path: keepersdk-package/dist
 
-      - name: Retrieve secrets from Keeper
-        id: ksecrets
-        uses: Keeper-Security/ksm-action@master
+      - name: Set up Python 3.13
+        uses: actions/setup-python@v5
         with:
-          keeper-secret-config: ${{ secrets.KSM_COMMANDER_SECRET_CONFIG }}
-          secrets: |
-            gD5LOOhI5QbnSFk8mIg3gg/field/password > PYPI_PASSWORD
+          python-version: '3.13'
 
-      - name: Publish to PyPi
+      - name: Publish to PyPI
         env:
           TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ steps.ksecrets.outputs.PYPI_PASSWORD }}
+          TWINE_PASSWORD: ${{ secrets.PYPI_PUBLISH_TOKEN }}
         run: |
-          python -m pip install -U setuptools pip wheel twine
-          twine upload dist/*
+          python -m pip install -U twine
+          twine upload keepersdk-package/dist/*

.github/workflows/test-with-pytest.yml → .github/workflows/run-unit-tests.yml

@@ -1,35 +1,36 @@
-name: Test with pytest
+name: Test with unittest
 
 on:
   pull_request:
     branches:
-      - masterlet'
+      - master
   workflow_dispatch:
 
 env:
   PYTHONUNBUFFERED: 1
 
 jobs:
-  test-with-pytest:
+  test-with-unittest:
     strategy:
       matrix:
         python-version: ['3.8', '3.14']
 
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
 
     steps:
       - name: Checkout branch
         uses: actions/checkout@v4
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: ${{ matrix.python-version }}
 
-      - name: Install package with test dependencies
+      - name: Install package
         run: |
-          cd keepersdk-package
-          pip install .[test]
+          pip install -e keepersdk-package/
 
       - name: Run unit tests
-        run: pytest keepersdk-package/unit_tests/
+        run: python -m unittest discover -s keepersdk-package/unit_tests/

keepercli-package/requirements.txt

@@ -8,4 +8,4 @@ cbor2; sys_platform == "darwin" and python_version>='3.10'
 pyobjc-framework-LocalAuthentication; sys_platform == "darwin" and python_version>='3.10'
 winrt-runtime; sys_platform == "win32"
 winrt-Windows.Foundation; sys_platform == "win32"
-winrt-Windows.Security.Credentials.UI; sys_platform == "win32"
+winrt-Windows.Security.Credentials.UI; sys_platform == "win32"

keepercli-package/src/keepercli/__init__.py

@@ -9,5 +9,5 @@
 # Contact: commander@keepersecurity.com
 #
 
-__version__ = '17.0.0'
+__version__ = '1.0.0-beta01'
 

keepersdk-package/mypy.ini

@@ -1,7 +1,14 @@
 [mypy]
 warn_no_return = False
 files = src/
-python_version = 3.8
+python_version = 3.9
 
 [mypy-keepersdk.proto.*]
 ignore_errors = True
+
+[mypy-fido2.*]
+follow_imports = skip
+ignore_errors = True
+
+[mypy-keepersdk.authentication.yubikey]
+ignore_errors = True

keepersdk-package/requirements.txt

@@ -1,7 +1,6 @@
 attrs>=23.1.0
-certifi
-requests>=2.31.0
-cryptography>=41.0.7
+requests>=2.32.2
+cryptography>=45.0.1
 protobuf>=5.28.3
-websockets>=12.0
+websockets>=13.1
 fido2>=2.0.0; python_version>='3.10'