From e1584f67f78a64bf99fdaa3445cd9f966b746160 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 2 Oct 2023 14:38:57 -0400
Subject: [PATCH 1/3] Bump actions/checkout from 3 to 4 (#81)

Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/CodeQL.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/CodeQL.yml b/.github/workflows/CodeQL.yml
index b46e471..427d49d 100644
--- a/.github/workflows/CodeQL.yml
+++ b/.github/workflows/CodeQL.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

From f457aedbf385bd93909e59c69ae12576cf15ff56 Mon Sep 17 00:00:00 2001
From: Daniel Perrefort <djperrefort@gmail.com>
Date: Mon, 2 Oct 2023 14:57:38 -0400
Subject: [PATCH 2/3] Updates CI (#82)

---
 .github/dependabot.yml               |  8 ++++++++
 .github/workflows/CodeQL.yml         | 28 +++++++++++++---------------
 .github/workflows/PackagePublish.yml | 12 ++++++------
 .github/workflows/PackageTest.yml    | 12 +++++++-----
 4 files changed, 34 insertions(+), 26 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 4ed6b07..c423fae 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,9 +5,17 @@ updates:
     schedule:
       interval: "monthly"
     open-pull-requests-limit: 100
+    groups:
+      python-dependencies:
+        patterns:
+          - "*"
 
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
       interval: "monthly"
     open-pull-requests-limit: 100
+    groups:
+      actions-dependencies:
+        patterns:
+          - "*"
diff --git a/.github/workflows/CodeQL.yml b/.github/workflows/CodeQL.yml
index 427d49d..b46e0a7 100644
--- a/.github/workflows/CodeQL.yml
+++ b/.github/workflows/CodeQL.yml
@@ -6,7 +6,7 @@ on:
   pull_request:
     branches: [ main ]
   schedule:
-    - cron: 0 0 1 * *
+    - cron: 0 7 1 * *
 
 jobs:
   analyze:
@@ -23,20 +23,18 @@ jobs:
         language: [ python ]
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
-      with:
-        category: /language:${{matrix.language}}
-
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: /language:${{matrix.language}}
 
   # Use this job for branch protection rules
   report-codeql-status:
diff --git a/.github/workflows/PackagePublish.yml b/.github/workflows/PackagePublish.yml
index eed9ba3..7bb6460 100644
--- a/.github/workflows/PackagePublish.yml
+++ b/.github/workflows/PackagePublish.yml
@@ -31,6 +31,9 @@ jobs:
             environment: publish-pypi
 
     steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+
       - name: Set up Python
         uses: actions/setup-python@v4
         with:
@@ -41,15 +44,12 @@ jobs:
         with:
           virtualenvs-create: false
 
-      - name: Checkout source
-        uses: actions/checkout@v4
-
       # Get the new package version from the release tag
-      # Release tags are expected to start with "refs/tags/v", so the first 11 characters are stripped
+      # Git release tags are expected to start with "refs/tags/v"
       - name: Set package version
         run: |
           release_tag=${{github.ref}}
-          poetry version "${release_tag:11}"
+          poetry version "${release_tag#refs/tags/v}"
 
       - name: Build package
         run: poetry build -v
@@ -57,7 +57,7 @@ jobs:
       - name: Publish package
         uses: pypa/gh-action-pypi-publish@release/v1
         with:
-          verbose: true
+          print-hash: true
           repository-url: ${{ matrix.host }}
           user: ${{ secrets.REPO_USER }}
           password: ${{ secrets.REPO_PASSWORD }}
diff --git a/.github/workflows/PackageTest.yml b/.github/workflows/PackageTest.yml
index 99eadc3..973a58b 100644
--- a/.github/workflows/PackageTest.yml
+++ b/.github/workflows/PackageTest.yml
@@ -4,6 +4,8 @@ on:
   workflow_dispatch:
   workflow_call:
   push:
+  schedule:
+    - cron: 0 7 1,15 * *
 
 jobs:
   run-tests:
@@ -23,17 +25,17 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
 
-      - name: Install poetry
-        run: |
-          pip install poetry
-          poetry env use python${{ matrix.python-version }}
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+        with:
+          virtualenvs-create: false
 
       - name: Install dependencies
         run: poetry install --with tests
 
       - name: Run tests with coverage
         run: |
-          poetry run coverage run -m unittest discover tests
+          poetry run coverage run -m unittest discover 
           poetry run coverage report --omit="tests/*"
           poetry run coverage xml --omit="tests/*" -o coverage.xml
 

From 4567201d861c2080485241684de6fbe08673d0c2 Mon Sep 17 00:00:00 2001
From: Daniel Perrefort <djperrefort@gmail.com>
Date: Thu, 5 Oct 2023 12:03:19 -0400
Subject: [PATCH 3/3] Fix termination signal (#84)

---
 shinigami/utils.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/shinigami/utils.py b/shinigami/utils.py
index cce3166..d7a84b6 100755
--- a/shinigami/utils.py
+++ b/shinigami/utils.py
@@ -10,6 +10,8 @@
 import asyncssh
 import pandas as pd
 
+INIT_PROCESS_ID = 1
+
 
 def id_in_whitelist(id_value: int, whitelist: Collection[Union[int, Tuple[int, int]]]) -> bool:
     """Return whether an ID is in a list of ID values
@@ -84,7 +86,7 @@ async def terminate_errant_processes(
         process_df = pd.read_fwf(StringIO(ps_return.stdout), widths=[11, 11, 11, 11, 500])
 
         # Identify orphaned processes and filter them by the UID whitelist
-        orphaned = process_df[process_df.PPID == 1]
+        orphaned = process_df[process_df.PPID == INIT_PROCESS_ID]
         terminate = orphaned[orphaned['UID'].apply(id_in_whitelist, whitelist=uid_whitelist)]
         for _, row in terminate.iterrows():
             logging.debug(f'[{node}] Marking for termination {dict(row)}')
@@ -93,6 +95,6 @@ async def terminate_errant_processes(
             logging.info(f'[{node}] No orphans found')
 
         elif not debug:
-            proc_id_str = ','.join(terminate.PGID.astype(str))
+            proc_id_str = ','.join(terminate.PGID.unique().astype(str))
             logging.info(f"[{node}] Sending termination signal for process groups {proc_id_str}")
-            await conn.run(f"pkill --signal -9 --pgroup {proc_id_str}", check=True)
+            await conn.run(f"pkill --signal 9 --pgroup {proc_id_str}", check=True)