debug 1

avoid brew zbar failure

.github/dependabot.yml

@@ -1,11 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: "pip" # See documentation for possible values
-    directory: "/" # Location of package manifests
-    schedule:
-      interval: "weekly"

.github/workflows/ci.yml

@@ -1,76 +0,0 @@
-name: tests
-
-# https://docs.github.com/de/actions/using-workflows/workflow-syntax-for-github-actions
-# https://docs.github.com/en/actions/using-workflows
-# https://docs.github.com/en/actions/learn-github-actions/contexts
-# https://docs.github.com/en/actions/learn-github-actions/expressions
-
-on:
-  push:
-    paths-ignore:
-      - 'docs/**'
-      - '**.md'
-  # pull_request:
-  schedule:
-    # Run daily on default branch
-    - cron: '37 3 * * *'
-
-jobs:
-  build:
-
-    strategy:
-      matrix:
-        python-version: ["3.x", "3.11", "3.10", "3.9", "3.8"]
-        platform: [ubuntu-latest, macos-latest, windows-latest]
-        # exclude:
-
-    runs-on: ${{ matrix.platform }}
-
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
-        with:
-          python-version: ${{ matrix.python-version }}
-          check-latest: false
-      - name: Install zbar shared lib for QReader (Linux)
-        if: runner.os == 'Linux'
-        run: |
-          sudo apt-get install -y libzbar0
-      - name: Install zbar shared lib for QReader (macOS)
-        if: runner.os == 'macOS'
-        run: |
-          brew install zbar
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install -U -r requirements-dev.txt
-          pip install -U .
-      - name: Lint with flake8
-        run: |
-          # stop the build if there are Python syntax errors or undefined names
-          flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
-          # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
-          flake8 . --count --exit-zero --max-complexity=10 --max-line-length=200 --statistics
-        if: matrix.python-version != '3.7'
-      - name: Type checking with mypy
-        run: |
-          mypy --install-types --non-interactive src/*.py tests/*.py
-          mypy --strict src/*.py tests/*.py
-        if: matrix.python-version == '3.x' && matrix.platform == 'ubuntu-latest'
-      - name: Test with pytest
-        run: pytest
-        if: (matrix.python-version != '3.x' || matrix.platform != 'ubuntu-latest') && (matrix.python-version != '3.10' && matrix.platform != 'macos-latest')
-      - name: Test with pytest (with code coverage)
-        run: pytest --cov=extract_otp_secrets_test --junitxml=pytest.xml --cov-report=term-missing | tee pytest-coverage.txt
-        if: matrix.python-version == '3.x' && matrix.platform == 'ubuntu-latest'
-      # https://github.com/marketplace/actions/pytest-coverage-comment
-      - name: Pytest coverage comment
-        uses: MishaKav/pytest-coverage-comment@main
-        with:
-          pytest-coverage-path: ./pytest-coverage.txt
-          junitxml-path: ./pytest.xml
-        if: |
-          false && matrix.python-version == '3.x' && matrix.platform == 'ubuntu-latest'
-          && !contains(github.ref, 'refs/tags/')
-

.github/workflows/ci_docker.yml

@@ -1,258 +0,0 @@
-name: docker
-
-# https://docs.github.com/de/actions/using-workflows/workflow-syntax-for-github-actions
-# https://docs.github.com/en/actions/using-workflows
-# https://docs.github.com/en/actions/learn-github-actions/contexts
-# https://docs.github.com/en/actions/learn-github-actions/expressions
-
-# How to setup: https://event-driven.io/en/how_to_buid_and_push_docker_image_with_github_actions/
-# How to run: https://aschmelyun.com/blog/using-docker-run-inside-of-github-actions/
-
-on:
-  # run it on push to the default repository branch
-  push:
-    paths-ignore:
-      - 'docs/**'
-      - '**.md'
-    tags-ignore:
-      - '**'
-    # branches is needed if tags-ignore is used
-    branches:
-      - '**'
-  schedule:
-    # Run weekly on default branch
-    - cron: '47 3 * * 6'
-
-jobs:
-  build-and-push-docker-debian-image:
-    name: Build Docker Bullseye image and push to repositories
-    # run only when code is compiling and tests are passing
-    runs-on: ubuntu-latest
-
-    # steps to perform in job
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      # avoid building if there are testing errors
-      - name: Run smoke test
-        run: |
-          sudo apt-get install -y libzbar0
-          python -m pip install --upgrade pip
-          pip install -U -r requirements-dev.txt
-          pip install -U .
-          pytest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      # setup Docker build action
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
-        # TODO remove workaround when fixed
-        with:
-          driver-opts: |
-            image=moby/buildkit:v0.10.6
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        if: github.secret_source == 'Actions'
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to Github Packages
-        uses: docker/login-action@v2
-        if: github.secret_source == 'Actions'
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GHCR_IO_TOKEN }}
-
-      - name: "Build image and push to Docker Hub and GitHub Container Registry"
-        id: docker_build_qr_reader_latest
-        uses: docker/build-push-action@v3
-        with:
-          platforms: linux/amd64,linux/arm64
-          # relative path to the place where source code with Dockerfile is located
-          # TODO file:, move to docker/
-          context: .
-          file: docker/Dockerfile
-          # builder: ${{ steps.buildx.outputs.name }}
-          # Note: tags has to be all lower-case
-          pull: true
-          tags: |
-            scit0/extract_otp_secrets:latest
-            scit0/extract_otp_secrets:bullseye
-            ghcr.io/scito/extract_otp_secrets:latest
-            ghcr.io/scito/extract_otp_secrets:bullseye
-          # build on feature branches, push only on master branch
-          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
-
-      - name: Image digest
-        # TODO upload digests to assets
-        run: |
-          echo "extract_otp_secrets digests: ${{ steps.docker_build_qr_reader_latest.outputs.digest }}"
-          echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt
-      - name: Save docker digests as artifacts
-        if: github.ref == 'refs/heads/master'
-        uses: actions/upload-artifact@v3
-        with:
-          name: debian_digests
-          path: digests.txt
-
-  build-and-push-docker-alpine-image:
-    name: Build Docker Alpine image and push to repositories
-    # run only when code is compiling and tests are passing
-    runs-on: ubuntu-latest
-
-    # steps to perform in job
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      # avoid building if there are testing errors
-      - name: Run smoke test
-        run: |
-          sudo apt-get install -y libzbar0
-          python -m pip install --upgrade pip
-          pip install -U -r requirements-dev.txt
-          pip install -U .
-          pytest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      # setup Docker build action
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        if: github.secret_source == 'Actions'
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to Github Packages
-        uses: docker/login-action@v2
-        if: github.secret_source == 'Actions'
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GHCR_IO_TOKEN }}
-
-      - name: "only_txt: Build image and push to Docker Hub and GitHub Container Registry"
-        id: docker_build_only_txt
-        uses: docker/build-push-action@v3
-        with:
-          # relative path to the place where source code with Dockerfile is located
-          platforms: linux/amd64,linux/arm64
-          context: .
-          file: docker/Dockerfile_only_txt
-          # builder: ${{ steps.buildx.outputs.name }}
-          # Note: tags has to be all lower-case
-          pull: true
-          tags: |
-            scit0/extract_otp_secrets:only-txt
-            scit0/extract_otp_secrets:alpine
-            ghcr.io/scito/extract_otp_secrets:only-txt
-            ghcr.io/scito/extract_otp_secrets:alpine
-          # build on feature branches, push only on master branch
-          push: ${{ github.ref == 'refs/heads/master' && github.secret_source == 'Actions'}}
-          build-args: |
-            RUN_TESTS=true
-
-      - name: Image digest
-        # TODO upload digests to assets
-        run: |
-          echo "extract_otp_secrets:only-txt digests: ${{ steps.docker_build_only_txt.outputs.digest }}"
-          echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt
-
-      - name: Save docker digests as artifacts
-        if: github.ref == 'refs/heads/master'
-        uses: actions/upload-artifact@v3
-        with:
-          name: alpine_digests
-          path: digests.txt
-
-  build-and-push-docker-buster-image:
-    name: Build Docker Buster image (for PyInstsaller) and push to repositories
-    # run only when code is compiling and tests are passing
-    runs-on: ubuntu-latest
-
-    # steps to perform in job
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      # avoid building if there are testing errors
-      - name: Run smoke test
-        run: |
-          sudo apt-get install -y libzbar0
-          python -m pip install --upgrade pip
-          pip install -U -r requirements-dev.txt
-          pip install -U .
-          pytest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      # setup Docker build action
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
-        # TODO remove workaround when fixed
-        with:
-          driver-opts: |
-            image=moby/buildkit:v0.10.6
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        if: github.secret_source == 'Actions'
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to Github Packages
-        uses: docker/login-action@v2
-        if: github.secret_source == 'Actions'
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GHCR_IO_TOKEN }}
-
-      - name: "Build image from Buster and push to GitHub Container Registry"
-        id: docker_build_buster
-        if: github.ref == 'refs/heads/master'
-        uses: docker/build-push-action@v3
-        with:
-          platforms: linux/amd64,linux/arm64
-          # relative path to the place where source code with Dockerfile is located
-          # TODO file:, move to docker/
-          context: .
-          file: docker/Dockerfile
-          # builder: ${{ steps.buildx.outputs.name }}
-          build-args: |
-            BASE_IMAGE=python:3.11-slim-buster
-          # Note: tags has to be all lower-case
-          pull: true
-          tags: |
-            scit0/extract_otp_secrets:buster
-          push: ${{ github.secret_source == 'Actions' }}
-
-      - name: Image digest
-        # TODO upload digests to assets
-        run: |
-          echo "extract_otp_secrets digests: ${{ steps.docker_build_qr_reader_latest.outputs.digest }}"
-          echo "${{ steps.docker_build_qr_reader_latest.outputs.digest }}" > digests.txt
-      - name: Save docker digests as artifacts
-        if: github.ref == 'refs/heads/master'
-        uses: actions/upload-artifact@v3
-        with:
-          name: buster_digests
-          path: digests.txt

.github/workflows/ci_release.yml

@@ -26,7 +26,8 @@ name: release
 
 # Build matrix:
 # - Linux x86_64 glibc 2.35: ubuntu-latest
-# - Linux x86_64 glibc 2.34: extract_otp_secrets:buster
+# - Linux x86_64 glibc 2.31: extract_otp_secrets:bullseye
+# - Linux x86_64 glibc 2.36: extract_otp_secrets:bookworm
 # - Windows x86_64: windows-latest
 # - MacOS x86_64: macos-11
 # - Linux x86_64 glibc 2.28: extract_otp_secrets:buster
@@ -87,7 +88,7 @@ jobs:
             https://api.github.com/repos/scito/extract_otp_secrets/releases \
             --silent \
             --show-error \
-            -d '{"tag_name":"${{ github.ref }}","target_commitish":"master","name":"${{ steps.meta.outputs.version }} - ${{ steps.meta.outputs.date }}","body":"${{ steps.meta.outputs.tag_message }}\n\n## Executables\n\nDownload the executable for your platform and execute it, see [README.md](https://github.com/scito/extract_otp_secrets#readme)\n\n | Executable | Description |\n | --- | --- |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_x86_64 | Linux x86_64/amd64 (glibc >= 2.28) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_arm64 | Linux arm64 (glibc >= 2.28) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_x86_64.exe | Windows x86_64/amd64/x64 |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_arm64.exe | N/A |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.dmg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.pkg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64 | MacOS x86_64/amd64 (bare executable, see [README.md](https://github.com/scito/extract_otp_secrets#readme); optional libzbar must be installed manually, see [README.md](https://github.com/scito/extract_otp_secrets#readme)) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_arm64 | N/A |\n","draft":true,"prerelease":false,"generate_release_notes":true}')
+            -d '{"tag_name":"${{ github.ref }}","target_commitish":"master","name":"${{ steps.meta.outputs.version }} - ${{ steps.meta.outputs.date }}","body":"${{ steps.meta.outputs.tag_message }}\n\n## Executables\n\nDownload the executable for your platform and execute it, see [README.md](https://github.com/scito/extract_otp_secrets#readme)\n\n | Executable | Description |\n | --- | --- |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_x86_64 | Linux x86_64/amd64 (glibc >= 2.31) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_linux_arm64 | Linux arm64 (glibc >= 2.31) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_x86_64.exe | Windows x86_64/amd64/x64 |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_win_arm64.exe | N/A |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.dmg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64.pkg | N/A, see [README.md](https://github.com/scito/extract_otp_secrets#readme) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_x86_64 | MacOS x86_64/amd64 (bare executable, see [README.md](https://github.com/scito/extract_otp_secrets#readme); optional libzbar must be installed manually, see [README.md](https://github.com/scito/extract_otp_secrets#readme)) |\n | extract_otp_secrets${{ steps.meta.outputs.inline_version }}_macos_arm64 | MacOS Apple Silicon (>= M1) |\n","draft":true,"prerelease":false,"generate_release_notes":true}')
           echo upload_url=$(jq '.upload_url' <<< "$response") >> $GITHUB_OUTPUT
           echo $(jq -r '.upload_url' <<< "$response") > release_url.txt
           echo $(jq -r '.id' <<< "$response") > release_id.txt
@@ -104,118 +105,119 @@ jobs:
           name: release_id
           path: release_id.txt
 
-  build-linux-executable-in-docker:
-    name: Build ${{ matrix.PLATFORM }} release in docker container
-    # run only when code is compiling and tests are passing
-    runs-on: ubuntu-latest
-    needs: create-release
-    strategy:
-      matrix:
-        include:
-          - PLATFORM: linux/amd64
-            EXE: extract_otp_secrets_linux_x86_64
-            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_x86_64
-          - PLATFORM: linux/arm64
-            EXE: extract_otp_secrets_linux_arm64
-            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_arm64
+  # build-linux-executable-in-docker:
+  #   name: Build ${{ matrix.PLATFORM }} release in docker container
+  #   # run only when code is compiling and tests are passing
+  #   runs-on: ubuntu-latest
+  #   needs: create-release
+  #   strategy:
+  #     matrix:
+  #       include:
+  #         - PLATFORM: linux/amd64
+  #           EXE: extract_otp_secrets_linux_x86_64
+  #           ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_x86_64
+  #         - PLATFORM: linux/arm64
+  #           EXE: extract_otp_secrets_linux_arm64
+  #           ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_arm64
 
-    # steps to perform in job
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
+  #   # steps to perform in job
+  #   steps:
+  #     - name: Checkout code
+  #       uses: actions/checkout@v3
 
-      # avoid building if there are testing errors
-      - name: Run smoke test
-        run: |
-          sudo apt-get install -y libzbar0
-          python -m pip install --upgrade pip
-          pip install -U -r requirements-dev.txt
-          pip install -U .
-          pytest
+  #     # avoid building if there are testing errors
+  #     - name: Run smoke test
+  #       run: |
+  #         sudo apt-get install -y libzbar0
+  #         python -m pip install --upgrade pip
+  #         pip install -U -r requirements-dev.txt
+  #         pip install -U .
+  #         pytest
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+  #     - name: Set up QEMU
+  #       uses: docker/setup-qemu-action@v2
 
-      # setup Docker build action
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-        # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
-        # TODO remove workaround when fixed
-        with:
-          driver-opts: |
-            image=moby/buildkit:v0.10.6
+  #     # setup Docker build action
+  #     - name: Set up Docker Buildx
+  #       id: buildx
+  #       uses: docker/setup-buildx-action@v2
+  #       # Workaround for failing builds: https://github.com/docker/build-push-action/issues/761#issuecomment-1383822381
+  #       # TODO remove workaround when fixed
+  #       with:
+  #         driver-opts: |
+  #           image=moby/buildkit:v0.10.6
 
-      - name: Login to DockerHub
-        uses: docker/login-action@v2
-        if: github.secret_source == 'Actions'
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+  #     - name: Login to DockerHub
+  #       uses: docker/login-action@v2
+  #       if: github.secret_source == 'Actions'
+  #       with:
+  #         username: ${{ secrets.DOCKERHUB_USERNAME }}
+  #         password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: Login to Github Packages
-        uses: docker/login-action@v2
-        if: github.secret_source == 'Actions'
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GHCR_IO_TOKEN }}
+  #     - name: Login to Github Packages
+  #       uses: docker/login-action@v2
+  #       if: github.secret_source == 'Actions'
+  #       with:
+  #         registry: ghcr.io
+  #         username: ${{ github.actor }}
+  #         password: ${{ secrets.GHCR_IO_TOKEN }}
 
-      - name: Image digest
-        # TODO upload digests to assets
-        run: |
-          echo "extract_otp_secrets: ${{ steps.docker_build_buster.outputs.digest }}"
+  #     - name: Image digest
+  #       # TODO upload digests to assets
+  #       run: |
+  #         echo "extract_otp_secrets: ${{ steps.docker_build_bullseye.outputs.digest }}"
 
-        # TODO use local docker image https://stackoverflow.com/a/61155718/1663871
-        # https://github.com/multiarch/qemu-user-static
-        # https://hub.docker.com/r/multiarch/qemu-user-static/
-      - name: Run Pyinstaller in container for ${{ matrix.EXE }}
-        run: |
-          docker run --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes
-          docker run --platform ${{ matrix.PLATFORM }} --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files scit0/extract_otp_secrets:buster -c 'apt-get update && apt-get -y install binutils && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name ${{ matrix.EXE }} --distpath /files/dist/ /files/src/extract_otp_secrets.py'
+  #       # TODO use local docker image https://stackoverflow.com/a/61155718/1663871
+  #       # https://github.com/multiarch/qemu-user-static
+  #       # https://hub.docker.com/r/multiarch/qemu-user-static/
+  #     - name: Run Pyinstaller in container for ${{ matrix.EXE }}
+  #       run: |
+  #         docker run --pull always --rm --privileged multiarch/qemu-user-static --reset -p yes
+  #         docker run --platform ${{ matrix.PLATFORM }} --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files scit0/extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name ${{ matrix.EXE }} --distpath /files/dist/ /files/src/extract_otp_secrets.py'
 
-      - name: Smoke tests ${{ matrix.PLATFORM }}
-        if: matrix.PLATFORM == 'linux/amd64'
-        run: |
-          dist/${{ matrix.EXE }} -V
-          dist/${{ matrix.EXE }} -h
-          dist/${{ matrix.EXE }} example_export.png
-          dist/${{ matrix.EXE }} - < example_export.txt
-          dist/${{ matrix.EXE }} --qr ZBAR example_export.png
-          dist/${{ matrix.EXE }} --qr QREADER example_export.png
-          dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png
-          dist/${{ matrix.EXE }} --qr CV2 example_export.png
-          dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png
-      - name: Smoke tests ${{ matrix.PLATFORM }}
-        if: matrix.PLATFORM == 'linux/arm64'
-        run: |
-          docker run --platform ${{ matrix.PLATFORM }} --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files scit0/extract_otp_secrets -c 'dist/${{ matrix.EXE }} -V && dist/${{ matrix.EXE }} -h && dist/${{ matrix.EXE }} example_export.png && dist/${{ matrix.EXE }} - < example_export.txt && dist/${{ matrix.EXE }} --qr ZBAR example_export.png && dist/${{ matrix.EXE }} --qr QREADER example_export.png && dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png && dist/${{ matrix.EXE }} --qr CV2 example_export.png && dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png'
-      - name: Load Release URL File from release job
-        if: startsWith(github.ref, 'refs/tags/v')
-        uses: actions/download-artifact@v3
-        with:
-          name: release_url
-      - name: Display structure of files
-        run: ls -R
-      - name: Upload EXE to artifacts
-        uses: actions/upload-artifact@v3
-        with:
-          name: ${{ matrix.EXE }}
-          path: dist/${{ matrix.EXE }}
-      - name: Upload Release Asset
-        id: upload-release-asset
-        if: startsWith(github.ref, 'refs/tags/v')
-        run: |
-          response=$(curl \
-            -X POST \
-            -H "Accept: application/vnd.github+json" \
-            -H "Content-Type: application/x-executable" \
-            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"\
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            --silent \
-            --show-error \
-            --data-binary @dist/${{ matrix.EXE }} \
-            $(cat release_url.txt)=${{ matrix.ASSET_NAME }})
+  #     - name: Smoke tests linux/amd64
+  #       if: matrix.PLATFORM == 'linux/amd64'
+  #       run: |
+  #         dist/${{ matrix.EXE }} -V
+  #         dist/${{ matrix.EXE }} -h
+  #         dist/${{ matrix.EXE }} --debug
+  #         dist/${{ matrix.EXE }} example_export.png
+  #         dist/${{ matrix.EXE }} - < example_export.txt
+  #         dist/${{ matrix.EXE }} --qr ZBAR example_export.png
+  #         dist/${{ matrix.EXE }} --qr QREADER example_export.png
+  #         dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png
+  #         dist/${{ matrix.EXE }} --qr CV2 example_export.png
+  #         dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png
+  #     - name: Smoke tests linux/arm64
+  #       if: matrix.PLATFORM == 'linux/arm64'
+  #       run: |
+  #         docker run --platform ${{ matrix.PLATFORM }} --pull always --entrypoint /bin/bash --rm -v "$(pwd)":/files -w /files scit0/extract_otp_secrets -c 'dist/${{ matrix.EXE }} -V && dist/${{ matrix.EXE }} -h && dist/${{ matrix.EXE }} example_export.png && dist/${{ matrix.EXE }} - < example_export.txt && dist/${{ matrix.EXE }} --qr ZBAR example_export.png && dist/${{ matrix.EXE }} --qr QREADER example_export.png && dist/${{ matrix.EXE }} --qr QREADER_DEEP example_export.png && dist/${{ matrix.EXE }} --qr CV2 example_export.png && dist/${{ matrix.EXE }} --qr CV2_WECHAT example_export.png'
+  #     - name: Load Release URL File from release job
+  #       if: startsWith(github.ref, 'refs/tags/v')
+  #       uses: actions/download-artifact@v3
+  #       with:
+  #         name: release_url
+  #     - name: Display structure of files
+  #       run: ls -R
+  #     - name: Upload EXE to artifacts
+  #       uses: actions/upload-artifact@v3
+  #       with:
+  #         name: ${{ matrix.EXE }}
+  #         path: dist/${{ matrix.EXE }}
+  #     - name: Upload Release Asset
+  #       id: upload-release-asset
+  #       if: startsWith(github.ref, 'refs/tags/v')
+  #       run: |
+  #         response=$(curl \
+  #           -X POST \
+  #           -H "Accept: application/vnd.github+json" \
+  #           -H "Content-Type: application/x-executable" \
+  #           -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"\
+  #           -H "X-GitHub-Api-Version: 2022-11-28" \
+  #           --silent \
+  #           --show-error \
+  #           --data-binary @dist/${{ matrix.EXE }} \
+  #           $(cat release_url.txt)=${{ matrix.ASSET_NAME }})
 
   build-native-executables:
     name: Build native packages
@@ -225,19 +227,19 @@ jobs:
       matrix:
         # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#choosing-github-hosted-runners
         include:
-          - os: windows-latest
-            TARGET: windows
-            # TODO add --icon
-            # TODO add --manifest
-            # TODO find more elegant solution for pyzbar\libiconv.dll and pyzbar\libzbar-64.dll
-            # Files of Visual C++ 2013 Redistributable Package: https://support.microsoft.com/en-us/topic/update-for-visual-c-2013-redistributable-package-d8ccd6a5-4e26-c290-517b-8da6cfdf4f10
-            EXE: extract_otp_secrets.exe
-            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_win_x86_64.exe
-            ASSET_MIME: application/vnd.microsoft.portable-executable
-            UPLOAD: true
-            CMD_BUILD: |
-              pyinstaller -y --add-data "$($Env:pythonLocation)\__yolo_v3_qr_detector;__yolo_v3_qr_detector" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libiconv.dll;pyzbar" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libzbar-64.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\msvcr120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\msvcp120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\vcamp120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\vcomp120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\vccorlib120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120u.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120chs.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120cht.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120deu.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120enu.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120esn.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120fra.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120ita.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120jpn.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120kor.dll;pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120rus.dll;pyzbar" --onefile --version-file build\win_file_version_info.txt --name extract_otp_secrets.exe src\extract_otp_secrets.py
-          - os: macos-11
+          # - os: windows-latest
+          #   TARGET: windows
+          #   # TODO add --icon
+          #   # TODO add --manifest
+          #   # TODO find more elegant solution for pyzbar\libiconv.dll and pyzbar\libzbar-64.dll
+          #   # Files of Visual C++ 2013 Redistributable Package: https://support.microsoft.com/en-us/topic/update-for-visual-c-2013-redistributable-package-d8ccd6a5-4e26-c290-517b-8da6cfdf4f10
+          #   EXE: extract_otp_secrets.exe
+          #   ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_win_x86_64.exe
+          #   ASSET_MIME: application/vnd.microsoft.portable-executable
+          #   UPLOAD: true
+          #   CMD_BUILD: |
+          #     pyinstaller -y --add-data "$($Env:pythonLocation)\__yolo_v3_qr_detector:__yolo_v3_qr_detector" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libiconv.dll:pyzbar" --add-binary "$($Env:pythonLocation)\Lib\site-packages\pyzbar\libzbar-64.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\msvcr120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\msvcp120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\vcamp120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\vcomp120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\vccorlib120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120u.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120chs.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120cht.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120deu.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120enu.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120esn.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120fra.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120ita.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120jpn.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120kor.dll:pyzbar" --add-binary "$($Env:WinDir)\system32\mfc120rus.dll:pyzbar" --onefile --version-file build\win_file_version_info.txt --name extract_otp_secrets.exe src\extract_otp_secrets.py
+          - os: macos-12
             TARGET: macos
             # https://pyinstaller.org/en/stable/spec-files.html#spec-file-options-for-a-macos-bundle
             EXE: extract_otp_secrets
@@ -247,17 +249,30 @@ jobs:
             ASSET_MIME: application/octet-stream
             UPLOAD: true
             CMD_BUILD: |
-              VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-2023' envsubst < installer/extract_otp_secrets_macos_template.spec > extract_otp_secrets_macos.spec
+              VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-2024' envsubst < installer/extract_otp_secrets_macos_template.spec > extract_otp_secrets_macos.spec
               pyinstaller -y extract_otp_secrets_macos.spec
               installer/build_dmg.sh
-          - os: ubuntu-latest
-            TARGET: linux
-            EXE: extract_otp_secrets_ubuntu
-            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_x86_64_ubuntu_latest
-            ASSET_MIME: application/x-executable
-            UPLOAD: false
+          - os: macos-14
+            TARGET: macos
+            # https://pyinstaller.org/en/stable/spec-files.html#spec-file-options-for-a-macos-bundle
+            EXE: extract_otp_secrets
+            ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_macos_arm64
+            DMG: extract_otp_secrets.dmg
+            ASSET_NAME_DMG: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_macos_arm64.dmg
+            ASSET_MIME: application/octet-stream
+            UPLOAD: true
             CMD_BUILD: |
-                pyinstaller -y --add-data $pythonLocation/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_ubuntu src/extract_otp_secrets.py
+              VERSION_STR=$(setuptools-git-versioning) COPYRIGHT_YEARS='2020-2024' envsubst < installer/extract_otp_secrets_macos_template.spec > extract_otp_secrets_macos.spec
+              pyinstaller -y extract_otp_secrets_macos.spec
+              installer/build_dmg.sh
+          # - os: ubuntu-latest
+          #   TARGET: linux
+          #   EXE: extract_otp_secrets_ubuntu
+          #   ASSET_NAME: extract_otp_secrets${{ needs.create-release.outputs.inline_version }}_linux_x86_64_ubuntu_latest
+          #   ASSET_MIME: application/x-executable
+          #   UPLOAD: false
+          #   CMD_BUILD: |
+          #       pyinstaller -y --add-data $pythonLocation/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_ubuntu src/extract_otp_secrets.py
     steps:
       - name: Output path
         if: runner.os == 'Windows'
@@ -266,13 +281,10 @@ jobs:
         if: runner.os == 'Windows'
         run: ls "$($Env:WinDir)\system32"
       - uses: actions/checkout@v3
-      - name: Set macos macos_python_path
-        # TODO use variable for Python version
-        run: echo "macos_python_path=/Library/Frameworks/Python.framework/Versions/3.11" >> $GITHUB_ENV
-      - name: Set up Python 3.11
+      - name: Set up Python 3.12
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11
+          python-version: 3.12
           check-latest: true
       - name: Install zbar shared lib for QReader (Linux)
         if: runner.os == 'Linux'
@@ -281,7 +293,28 @@ jobs:
       - name: Install zbar shared lib for QReader (macOS)
         if: runner.os == 'macOS'
         run: |
+          # https://earthly.dev/blog/homebrew-on-m1/
+          eval "$(/opt/homebrew/bin/brew shellenv)"
           brew install zbar create-dmg
+      - name: List MacOS dirs
+        if: runner.os == 'macOS'
+        run: |
+          echo "ls /opt/homebrew/Cellar/zbar"
+          ls -al "/opt/homebrew/Cellar/zbar"
+          echo "ls /opt/homebrew/Cellar/zbar/0.23.93"
+          ls -al "/opt/homebrew/Cellar/zbar/0.23.93"
+          echo /opt/homebrew/lib
+          ls -al /opt/homebrew/lib
+          echo PATH
+          echo $PATH
+          echo HOMEBREW_CELLAR
+          echo $HOMEBREW_CELLAR
+          echo brew deps --tree --installed
+          brew deps --tree --installed
+      - name: List env
+        if: runner.os == 'macOS'
+        run: |
+          set
       - name: Install dependencies
         # TODO fix --use-pep517
         run: |
@@ -302,6 +335,7 @@ jobs:
         run: |
           dist/${{ matrix.EXE }} -V
           dist/${{ matrix.EXE }} -h
+          dist/${{ matrix.EXE }} --debug
           dist/${{ matrix.EXE }} example_export.png
           dist/${{ matrix.EXE }} --qr ZBAR example_export.png
           dist/${{ matrix.EXE }} --qr QREADER example_export.png
@@ -353,55 +387,55 @@ jobs:
         run: |
           curl -X POST -H "Accept: application/vnd.github+json" -H "Content-Type: ${{ matrix.ASSET_MIME }}" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --show-error --data-binary @dist/${{ matrix.DMG }} ${{ steps.meta.outputs.upload_url }}=${{ matrix.ASSET_NAME_DMG }}
 
-  upload-hashes:
-    name: Upload hashes
-    if: startsWith(github.ref, 'refs/tags/v')
-    needs:
-      - build-linux-executable-in-docker
-      - build-native-executables
-    runs-on: ubuntu-latest
-    steps:
-      - name: Load Release Id File from release job
-        uses: actions/download-artifact@v3
-        with:
-          name: release_id
-      - name: Set meta data
-        id: meta
-        run: |
-          echo "release_id=$(cat release_id.txt)" >> $GITHUB_OUTPUT
-          echo "upload_url=https://uploads.github.com/repos/scito/extract_otp_secrets/releases/$(cat release_id.txt)/assets?name=" >> $GITHUB_OUTPUT
-      - name: Calculate and upload hashes from assets
-        run: |
-          GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
-          for asset_url in $(curl \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer $GITHUB_TOKEN"\
-            -H "X-GitHub-Api-Version: 2022-11-28" \
-            --silent \
-            --show-error \
-            https://api.github.com/repos/scito/extract_otp_secrets/releases/${{ steps.meta.outputs.release_id }}/assets |
-          jq -r '.[].url'); do
-              echo "Download $asset_url"
-              name=$(curl \
-                  -H "Accept: application/vnd.github+json" \
-                  -H "Authorization: Bearer $GITHUB_TOKEN"\
-                  -H "X-GitHub-Api-Version: 2022-11-28" \
-                  --output-dir assets \
-                  -L \
-                  $asset_url |
-                  jq -r '.name')
-              curl \
-                  -H "Accept: application/octet-stream" \
-                  -H "Authorization: Bearer $GITHUB_TOKEN"\
-                  -H "X-GitHub-Api-Version: 2022-11-28" \
-                  --create-dirs \
-                  --output-dir assets \
-                  -L \
-                  -o $name \
-                  $asset_url
-          done
-          (cd assets/ && sha256sum * > ../sha256_hashes.txt)
-          curl -X POST -H "Accept: application/vnd.github+json" -H "Content-Type: text/plain" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --show-error --data-binary @sha256_hashes.txt ${{ steps.meta.outputs.upload_url }}=sha256_hashes.txt
+  # upload-hashes:
+  #   name: Upload hashes
+  #   if: startsWith(github.ref, 'refs/tags/v')
+  #   needs:
+  #     - build-linux-executable-in-docker
+  #     - build-native-executables
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Load Release Id File from release job
+  #       uses: actions/download-artifact@v3
+  #       with:
+  #         name: release_id
+  #     - name: Set meta data
+  #       id: meta
+  #       run: |
+  #         echo "release_id=$(cat release_id.txt)" >> $GITHUB_OUTPUT
+  #         echo "upload_url=https://uploads.github.com/repos/scito/extract_otp_secrets/releases/$(cat release_id.txt)/assets?name=" >> $GITHUB_OUTPUT
+  #     - name: Calculate and upload hashes from assets
+  #       run: |
+  #         GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
+  #         for asset_url in $(curl \
+  #           -H "Accept: application/vnd.github+json" \
+  #           -H "Authorization: Bearer $GITHUB_TOKEN"\
+  #           -H "X-GitHub-Api-Version: 2022-11-28" \
+  #           --silent \
+  #           --show-error \
+  #           https://api.github.com/repos/scito/extract_otp_secrets/releases/${{ steps.meta.outputs.release_id }}/assets |
+  #         jq -r '.[].url'); do
+  #             echo "Download $asset_url"
+  #             name=$(curl \
+  #                 -H "Accept: application/vnd.github+json" \
+  #                 -H "Authorization: Bearer $GITHUB_TOKEN"\
+  #                 -H "X-GitHub-Api-Version: 2022-11-28" \
+  #                 --output-dir assets \
+  #                 -L \
+  #                 $asset_url |
+  #                 jq -r '.name')
+  #             curl \
+  #                 -H "Accept: application/octet-stream" \
+  #                 -H "Authorization: Bearer $GITHUB_TOKEN"\
+  #                 -H "X-GitHub-Api-Version: 2022-11-28" \
+  #                 --create-dirs \
+  #                 --output-dir assets \
+  #                 -L \
+  #                 -o $name \
+  #                 $asset_url
+  #         done
+  #         (cd assets/ && sha256sum * > ../sha256_hashes.txt)
+  #         curl -X POST -H "Accept: application/vnd.github+json" -H "Content-Type: text/plain" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --show-error --data-binary @sha256_hashes.txt ${{ steps.meta.outputs.upload_url }}=sha256_hashes.txt
 
-          (cd assets/ && sha512sum * > ../sha512_hashes.txt)
-          curl -X POST -H "Accept: application/vnd.github+json" -H "Content-Type: text/plain" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --show-error --data-binary @sha512_hashes.txt ${{ steps.meta.outputs.upload_url }}=sha512_hashes.txt
+  #         (cd assets/ && sha512sum * > ../sha512_hashes.txt)
+  #         curl -X POST -H "Accept: application/vnd.github+json" -H "Content-Type: text/plain" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" -H "X-GitHub-Api-Version: 2022-11-28" --show-error --data-binary @sha512_hashes.txt ${{ steps.meta.outputs.upload_url }}=sha512_hashes.txt

.github/workflows/codeql-analysis.yml

@@ -1,74 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ "master" ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "master" ]
-  schedule:
-    - cron: '25 19 * * 0'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'python' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        
-        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-        
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #   echo "Run, Build Application using script"
-    #   ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
-      with:
-        category: "/language:${{matrix.language}}"

README.md

@@ -5,7 +5,7 @@
 ![coverage](https://img.shields.io/badge/coverage-94%25-brightgreen)
 [![License](https://img.shields.io/github/license/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/LICENSE)
 [![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/scito/extract_otp_secrets?sort=semver)](https://github.com/scito/extract_otp_secrets/releases/latest)  
-![python versions](https://img.shields.io/badge/python-3.8%20%7C%203.9%20%7C%203.10%20%7C%203.11-blue)
+![python versions](https://img.shields.io/badge/python-3.8%20%7C%203.9%20%7C%203.10%20%7C%203.11%20%7C%203.12-blue)
 [![Docker image](https://img.shields.io/badge/docker-image-blue)](https://hub.docker.com/repository/docker/scit0/extract_otp_secrets/general)
 [![Linux](https://img.shields.io/badge/os-linux-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
 [![Windows](https://img.shields.io/badge/os-windows-yellow)](https://github.com/scito/extract_otp_secrets/releases/latest)
@@ -14,7 +14,7 @@
 [![Stand With Ukraine](https://raw.githubusercontent.com/vshymanskyy/StandWithUkraine/main/badges/StandWithUkraine.svg)](https://stand-with-ukraine.pp.ua)
 <!-- ![PyPI - Python Version](https://img.shields.io/pypi/pyversions/protobuf)
 [![GitHub Pipenv locked Python version](https://img.shields.io/github/pipenv/locked/python-version/scito/extract_otp_secrets)](https://github.com/scito/extract_otp_secrets/blob/master/Pipfile.lock)
-![protobuf version](https://img.shields.io/badge/protobuf-4.22.3-informational)-->
+![protobuf version](https://img.shields.io/badge/protobuf-4.25.2-informational)-->
 
 <!-- [![Github all releases](https://img.shields.io/github/downloads/scito/extract_otp_secrets/total.svg)](https://GitHub.com/scito/extract_otp_secrets/releases/) -->
 
@@ -119,8 +119,9 @@ However, the bare executable can be executed from the command line:
 1. Download executable for macOS platform from [latest release](https://github.com/scito/extract_otp_secrets/releases/latest), see assets
 2. Open `Terminal` application
 3. Change to Downloads folder in Terminal: `cd $HOME/Downloads`
-4. Set executable bit for the downloaded file: `chmod +x extract_otp_secrets_X.Y.Z_macos_x86_64`
-5. Start executable from command line: `./extract_otp_secrets_X.Y.Z_macos_x86_64`
+4. Remove quarantine bit for the downloaded file: `xattr -r -d com.apple.quarantine extract_otp_secrets_X.Y.Z_macos_x86_64`
+5. Set executable bit for the downloaded file: `chmod +x extract_otp_secrets_X.Y.Z_macos_x86_64`
+6. Start executable from command line: `./extract_otp_secrets_X.Y.Z_macos_x86_64`
 
 :information_source: Replace `X.Y.Z` in above commands with the version number of your downloaded file, e.g. `extract_otp_secrets_2.4.0_macos_x86_64`
 
@@ -347,12 +348,15 @@ python extract_otp_secrets.py = < example_export.png</pre>
 * Prints errors and warnings to stderr (🆕 since v2.0)
 * Prints colored output (🆕 since v2.0)
 * Startable as executable (script, Python, and all dependencies packed in one executable) (🆕 since v2.1)
-    * extract_otp_secrets_linux_x86_64 (requires glibc >= 2.28)
-    * extract_otp_secrets_linux_arm64 (requires glibc >= 2.28)
+    * extract_otp_secrets_linux_x86_64 (requires glibc >= 2.31)
+    * extract_otp_secrets_linux_arm64 (requires glibc >= 2.31)
     * extract_otp_secrets_win_x86_64.exe
     * extract_otp_secrets_macos_x86_64 (optional [libzbar](#installation-of-optional-shared-system-libraries-recommended) needs to be installed manually if needed)
         * extract_otp_secrets_macos_x86_64.dmg N/A, see [why](#macos)
         * extract_otp_secrets_macos_x86_64.pkg N/A, see [why](#macos)
+    * extract_otp_secrets_macos_arm64 (optional [libzbar](#installation-of-optional-shared-system-libraries-recommended) needs to be installed manually if needed) (🆕 since v2.7)
+        * extract_otp_secrets_macos_arm64.dmg N/A, see [why](#macos)
+        * extract_otp_secrets_macos_arm64.pkg N/A, see [why](#macos)
 * Prebuilt Docker images provided for amd64 and arm64 (🆕 since v2.0)
 * Many ways to run the script:
     * Native Python
@@ -708,7 +712,7 @@ Command for regeneration of Python code from proto3 message definition file (onl
 
     protoc --plugin=protoc-gen-mypy=path/to/protoc-gen-mypy --python_out=src/protobuf_generated_python --mypy_out=src/protobuf_generated_python src/google_auth.proto
 
-The generated protobuf Python code was generated by protoc 22.3 (https://github.com/protocolbuffers/protobuf/releases/tag/v22.3).
+The generated protobuf Python code was generated by protoc 25.2 (https://github.com/protocolbuffers/protobuf/releases/tag/v25.2).
 
 For Python type hint generation the [mypy-protobuf](https://github.com/nipunn1313/mypy-protobuf) package is used.
 

build.sh

@@ -127,6 +127,7 @@ while test $# -gt 0; do
             ;;
         -L)
             build_local=false
+            build_base=false
             shift
             ;;
         -a)
@@ -405,6 +406,10 @@ if $build_local; then
         cmd="dist/extract_otp_secrets -h"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
+
+        cmd="dist/extract_otp_secrets --qr ZBAR example_export.png"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
     fi
 
     # Build compiled executable
@@ -430,6 +435,10 @@ if $build_local; then
         cmd="dist/extract_otp_secrets_compiled -h"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
+
+        cmd="dist/extract_otp_secrets_compiled --qr ZBAR example_export.png"
+        if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+        eval "$cmd"
     fi
 
     # Generate README.md TOC
@@ -498,24 +507,24 @@ if $build_docker; then
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        # Build extract_otp_secrets (Debian Buster)
-        cmd="docker build . -t extract_otp_secrets:buster -t extract_otp_secrets:buster-x86_64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.11-slim-buster"
+        # Build extract_otp_secrets (Debian Bullseye)
+        cmd="docker build . -t extract_otp_secrets:bullseye -t extract_otp_secrets:bullseye-x86_64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.12-slim-bullseye"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:buster example_export.txt"
+        cmd="docker run --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye example_export.txt"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="cat example_export.txt | docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:buster - -c - > example_output.csv"
+        cmd="cat example_export.txt | docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye - -c - > example_output.csv"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:buster = < example_export.png"
+        cmd="docker run --rm -i -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye = < example_export.png"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:buster"
+        cmd="docker run --entrypoint /extract/run_pytest.sh --rm -v \"$(pwd)\":/files:ro extract_otp_secrets:bullseye"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
@@ -531,8 +540,8 @@ if $build_docker; then
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
 
-        # Build extract_otp_secrets (Debian Buster)
-        cmd="docker buildx build --platform=linux/arm64 . -t extract_otp_secrets:buster-arm64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.11-slim-buster"
+        # Build extract_otp_secrets (Debian Bullseye)
+        cmd="docker buildx build --platform=linux/arm64 . -t extract_otp_secrets:bullseye-arm64 --pull -f docker/Dockerfile --build-arg RUN_TESTS=false --build-arg BASE_IMAGE=python:3.12-slim-bullseye"
         if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
         eval "$cmd"
     fi
@@ -547,26 +556,34 @@ if $build_docker; then
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
-            # Build executable from Docker buster
-            BUSTER_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets:buster -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
-            echo "Bookworm glibc: $BUSTER_GLIBC_VERSION"
+            cmd="dist/extract_otp_secrets_linux_x86_64_bookworm --qr ZBAR example_export.png || echo 'Could not run exe; see error message above'"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
 
-            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
+            # Build executable from Docker bullseye
+            BULLSEYE_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
+            echo "Bullseye glibc: $BULLSEYE_GLIBC_VERSION"
+
+            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller -y --specpath installer --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_x86_64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
             cmd="dist/extract_otp_secrets_linux_x86_64 -h"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
+
+            cmd="dist/extract_otp_secrets_linux_x86_64 --qr ZBAR example_export.png"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
         fi
 
         if $build_arm; then
             # build linux/arm64
-            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster-arm64 -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller --specpath installer -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_arm64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
+            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils && pip install -U pip && pip install -U -r /files/requirements.txt && pip install pyinstaller && PYTHONHASHSEED=31 && pyinstaller --specpath installer -y --add-data /usr/local/__yolo_v3_qr_detector/:__yolo_v3_qr_detector/ --onefile --name extract_otp_secrets_linux_arm64 --distpath /files/dist/ /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
-            cmd="PLATFORM='linux/arm64' && EXE='dist/extract_otp_secrets_linux_arm64' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
+            cmd="PLATFORM='linux/arm64' && EXE='dist/extract_otp_secrets_linux_arm64' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
         fi
@@ -582,34 +599,42 @@ if $build_docker; then
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
+            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bookworm_compiled --qr ZBAR example_export.png"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
             cmd="cp build/docker/nuitka/extract_otp_secrets_linux_x86_64_bookworm_compiled dist/"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
-            # Build executable from Docker buster
-            BUSTER_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets:buster -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
-            echo "Bookworm glibc: $BUSTER_GLIBC_VERSION"
+            # Build executable from Docker bullseye
+            BULLSEYE_GLIBC_VERSION=$(docker run --entrypoint /bin/bash --rm extract_otp_secrets:bullseye -c 'ldd --version | sed "1!d" | sed -E "s/.* ([[:digit:]]+\.[[:digit:]]+)$/\1/"')
+            echo "Bookworm glibc: $BULLSEYE_GLIBC_VERSION"
 
-            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_buster_compiled /files/src/extract_otp_secrets.py'"
+            cmd="docker run --platform linux/amd64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye -c 'apt-get update && apt-get -y install binutils build-essential patchelf && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_x86_64_bullseye_compiled /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
-            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_buster_compiled -h"
+            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bullseye_compiled -h"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
-            cmd="cp build/docker/nuitka/extract_otp_secrets_linux_x86_64_buster_compiled dist/"
+            cmd="build/docker/nuitka/extract_otp_secrets_linux_x86_64_bullseye_compiled --qr ZBAR example_export.png"
+            if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+            eval "$cmd"
+
+            cmd="cp build/docker/nuitka/extract_otp_secrets_linux_x86_64_bullseye_compiled dist/"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
         fi
 
         if $build_arm; then
             # build linux/arm64
-            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster-arm64 -c 'apt-get update && apt-get -y install binutils build-essential patchelf qt5-default && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_arm64_compiled /files/src/extract_otp_secrets.py'"
+            cmd="docker run --platform linux/arm64 --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c 'apt-get update && apt-get -y install binutils build-essential patchelf qt5-default && pip install -U pip && pip install -U -r /files/requirements.txt && pip install nuitka pyqt5 && PYTHONHASHSEED=31 && python -m nuitka --enable-plugin=tk-inter --enable-plugin=pyqt5 --include-data-dir=/usr/local/__yolo_v3_qr_detector/=__yolo_v3_qr_detector/ --onefile --output-dir=/files/build/docker/nuitka --output-filename=extract_otp_secrets_linux_arm64_compiled /files/src/extract_otp_secrets.py'"
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
-            cmd="PLATFORM='linux/arm64' && EXE='build/docker/nuitka/extract_otp_secrets_linux_arm64_compiled' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:buster-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
+            cmd="PLATFORM='linux/arm64' && EXE='build/docker/nuitka/extract_otp_secrets_linux_arm64_compiled' && docker run --platform \"\$PLATFORM\" --entrypoint /bin/bash --rm -v \"$(pwd)\":/files -w /files extract_otp_secrets:bullseye-arm64 -c \"\$EXE -V && \$EXE -h && \$EXE example_export.png && \$EXE - < example_export.txt && \$EXE --qr ZBAR example_export.png && \$EXE --qr QREADER example_export.png && \$EXE --qr QREADER_DEEP example_export.png && \$EXE --qr CV2 example_export.png && \$EXE --qr CV2_WECHAT example_export.png\""
             if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
             eval "$cmd"
 
@@ -633,12 +658,14 @@ if $run_gui; then
     eval "$cmd"
 fi
 
-line=$(printf '#%.0s' $(eval echo {1..$(( ($COLUMNS - 10) / 2))}))
-echo -e "\n${blueBold}$line RESULTS $line${reset}"
+if $build_base; then
+    line=$(printf '#%.0s' $(eval echo {1..$(( ($COLUMNS - 10) / 2))}))
+    echo -e "\n${blueBold}$line RESULTS $line${reset}"
 
-cmd="cat $TYPE_CHECK_OUT_FILE $LINT_OUT_FILE $COVERAGE_OUT_FILE"
-if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
-eval "$cmd"
+    cmd="cat $TYPE_CHECK_OUT_FILE $LINT_OUT_FILE $COVERAGE_OUT_FILE"
+    if $interactive ; then askContinueYn "$cmd"; else echo -e "${cyan}$cmd${reset}";fi
+    eval "$cmd"
+fi
 
 line=$(printf '#%.0s' $(eval echo {1..$(( ($COLUMNS - 10) / 2))}))
 echo -e "\n${greenBold}$line SUCCESS $line${reset}"

docker/Dockerfile

@@ -1,5 +1,5 @@
 # --build-arg BASE_IMAGE=python:3.11-slim-buster
-ARG BASE_IMAGE=python:3.11-slim-bookworm
+ARG BASE_IMAGE=python:3.12-slim-bookworm
 FROM $BASE_IMAGE
 
 # https://docs.docker.com/engine/reference/builder/

docker/Dockerfile_only_txt

@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=python:3.11-alpine
+ARG BASE_IMAGE=python:3.12-alpine
 FROM $BASE_IMAGE
 
 # https://docs.docker.com/engine/reference/builder/

mypy.ini

@@ -1,4 +1 @@
 [mypy]
-
-[mypy-protobuf_generated_python.*]
-ignore_errors = True

src/extract_otp_secrets.py

@@ -59,7 +59,8 @@ headless: bool = False
 
 try:
     import cv2
-    import numpy as np  # TODO use numpy types if available
+    import numpy as np
+    import cv2.typing
 
     try:
         import tkinter
@@ -310,7 +311,7 @@ b) image file containing a QR code or = for stdin for an image containing a QR c
     quiet = True if args.quiet else False
     if verbose: print(f"QReader installed: {cv2_available}")
     if cv2_available:
-        if verbose >= LogLevel.VERBOSE: print(f"CV2 version: {cv2.__version__}")  # type: ignore # cv2.__version__ is not available
+        if verbose >= LogLevel.VERBOSE: print(f"CV2 version: {cv2.__version__}")
         if verbose: print(f"QR reading mode: {args.qr}\n")
 
     return args
@@ -363,7 +364,7 @@ def extract_otps_from_camera(args: Args) -> Otps:
                 if QRMode.CV2:
                     otp_url, raw_pts, _ = cv2_qr.detectAndDecode(img)
                 else:
-                    otp_url, raw_pts = cv2_qr_wechat.detectAndDecode(img)
+                    otp_url, raw_pts = cv2_qr_wechat.detectAndDecode(img)  # type: ignore  # use proper cv2 types
                 if raw_pts is not None:
                     if otp_url:
                         new_otps_count = extract_otps_from_otp_url(otp_url, otp_urls, otps, args)
@@ -404,16 +405,15 @@ def get_color(new_otps_count: int, otp_url: str) -> ColorBGR:
             return NORMAL_COLOR
 
 
-# TODO use cv2 types if available
-def cv2_draw_box(img: Any, raw_pts: Any, color: ColorBGR) -> Any:
+# TODO use proper cv2 types if available
+def cv2_draw_box(img: cv2.typing.MatLike, raw_pts: cv2.typing.MatLike | list[tuple[Any, Any]], color: ColorBGR) -> np.ndarray[Any, np.dtype[np.int32]]:
     pts = np.array([raw_pts], np.int32)
     pts = pts.reshape((-1, 1, 2))
     cv2.polylines(img, [pts], True, color, BOX_THICKNESS)
     return pts
 
 
-# TODO use cv2 types if available
-def cv2_print_text(img: Any, text: str, line_number: int, position: TextPosition, color: ColorBGR, opposite_len: Optional[int] = None) -> None:
+def cv2_print_text(img: cv2.typing.MatLike, text: str, line_number: int, position: TextPosition, color: ColorBGR, opposite_len: Optional[int] = None) -> None:
     window_dim = cv2.getWindowImageRect(WINDOW_NAME)
     out_text = text
     if opposite_len:

src/protobuf_generated_python/google_auth_pb2.py

@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: google_auth.proto
+# Protobuf Python Version: 4.25.2
 """Generated protocol buffer code."""
 from google.protobuf import descriptor as _descriptor
 from google.protobuf import descriptor_pool as _descriptor_pool
@@ -19,7 +20,6 @@ _globals = globals()
 _builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
 _builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'google_auth_pb2', _globals)
 if _descriptor._USE_C_DESCRIPTORS == False:
-
   DESCRIPTOR._options = None
   _globals['_MIGRATIONPAYLOAD']._serialized_start=22
   _globals['_MIGRATIONPAYLOAD']._serialized_end=461

src/protobuf_generated_python/google_auth_pb2.pyi

@@ -28,7 +28,7 @@ class MigrationPayload(google.protobuf.message.Message):
         ValueType = typing.NewType("ValueType", builtins.int)
         V: typing_extensions.TypeAlias = ValueType
 
-    class _AlgorithmEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._Algorithm.ValueType], builtins.type):  # noqa: F821
+    class _AlgorithmEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._Algorithm.ValueType], builtins.type):
         DESCRIPTOR: google.protobuf.descriptor.EnumDescriptor
         ALGO_INVALID: MigrationPayload._Algorithm.ValueType  # 0
         ALGO_SHA1: MigrationPayload._Algorithm.ValueType  # 1
@@ -41,7 +41,7 @@ class MigrationPayload(google.protobuf.message.Message):
         ValueType = typing.NewType("ValueType", builtins.int)
         V: typing_extensions.TypeAlias = ValueType
 
-    class _OtpTypeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._OtpType.ValueType], builtins.type):  # noqa: F821
+    class _OtpTypeEnumTypeWrapper(google.protobuf.internal.enum_type_wrapper._EnumTypeWrapper[MigrationPayload._OtpType.ValueType], builtins.type):
         DESCRIPTOR: google.protobuf.descriptor.EnumDescriptor
         OTP_INVALID: MigrationPayload._OtpType.ValueType  # 0
         OTP_HOTP: MigrationPayload._OtpType.ValueType  # 1