From a6c6454825f4a76778a70e7a7ba601385c71aa7d Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Fri, 19 Jul 2024 12:54:07 -0400
Subject: [PATCH 1/8] workflow adjustments
---
.../.github/workflows/bump-version.yml | 11 +++---
.../.github/workflows/cache-cleaner.yml | 4 +--
.../.github/workflows/dependency-review.yml | 5 +--
.../.github/workflows/first-pull-request.yml | 7 +++-
.../.github/workflows/label.yml | 4 +--
.../.github/workflows/main.yml | 35 +++++++++++--------
.../.github/workflows/publish-pypi.yml | 8 ++---
.../.github/workflows/scorecard.yml | 2 +-
.../.github/workflows/tag-testpypi.yml | 12 +++----
.../.github/workflows/workflow-warning.yml | 28 +++++++++------
.../.pre-commit-config.yaml | 22 ++++++------
{{cookiecutter.project_slug}}/.yamllint.yaml | 33 ++++++++++++++++-
.../CONTRIBUTING.rst | 18 ++++++++--
13 files changed, 124 insertions(+), 65 deletions(-)
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/bump-version.yml b/{{cookiecutter.project_slug}}/.github/workflows/bump-version.yml
index 9efc25da2..68f935d7f 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/bump-version.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/bump-version.yml
@@ -51,7 +51,7 @@ jobs:
contents: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
@@ -65,21 +65,20 @@ jobs:
persist-credentials: false
fetch-depth: 0
- name: Set up Python3
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+ uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: "3.x"
- name: Config Commit Bot
run: |
git config --local user.email "bumpversion[bot]@ouranos.ca"
git config --local user.name "bumpversion[bot]"
- - name: Install bump-my-version
- run: |
- python -m pip install "bump-my-version>=0.18.3"
- name: Current Version
run: |
- bump-my-version show current_version
CURRENT_VERSION="$(grep -E '__version__' src/{{ cookiecutter.project_slug }}/__init__.py | cut -d ' ' -f3)"
echo "CURRENT_VERSION=${CURRENT_VERSION}" >> $GITHUB_ENV
+ - name: Install CI libraries
+ run: |
+ python -m pip install --require-hashes -r CI/requirements_ci.txt
- name: Conditional Bump Version
run: |
if [[ __ENV_CURRENT_VERSION__ =~ -dev(\.\d+)? ]]; then
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/cache-cleaner.yml b/{{cookiecutter.project_slug}}/.github/workflows/cache-cleaner.yml
index 12c9d88b5..b784e3acf 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/cache-cleaner.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/cache-cleaner.yml
@@ -16,7 +16,7 @@ jobs:
actions: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
@@ -26,7 +26,7 @@ jobs:
objects.githubusercontent.com:443
- name: Checkout Repository
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Cleanup
run: |
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/dependency-review.yml b/{{cookiecutter.project_slug}}/.github/workflows/dependency-review.yml
index 0a53eccdf..23f22ae7b 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/dependency-review.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/dependency-review.yml
@@ -1,6 +1,7 @@
# Dependency Review Action
#
-# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR. Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
+# This Action will scan dependency manifest files that change as part of a Pull Request, surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required, PRs introducing known-vulnerable packages will be blocked from merging.
#
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
@@ -16,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/first-pull-request.yml b/{{cookiecutter.project_slug}}/.github/workflows/first-pull-request.yml
index a747849ca..7f897102b 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/first-pull-request.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/first-pull-request.yml
@@ -5,13 +5,18 @@ on:
types:
- opened
+permissions:
+ contents: read
+
jobs:
welcome:
name: Welcome
runs-on: ubuntu-latest
+ permissions:
+ pull-requests: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/label.yml b/{{cookiecutter.project_slug}}/.github/workflows/label.yml
index 92ade3909..f700a4b1b 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/label.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/label.yml
@@ -20,12 +20,10 @@ jobs:
name: Label
runs-on: ubuntu-latest
permissions:
- checks: write
- contents: read
pull-requests: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/main.yml b/{{cookiecutter.project_slug}}/.github/workflows/main.yml
index bb28e6d32..4ea52c589 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/main.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/main.yml
@@ -33,18 +33,18 @@ jobs:
- "3.x"
steps:
- name: Harden Runner
- uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
- name: Checkout Repository
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python__PYTHON_VERSION__
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+ uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: __PYTHON_VERSION__
- - name: Install tox
+ - name: Install CI libraries
run: |
- python -m pip install tox
+ python -m pip install --require-hashes -r CI/requirements_ci.txt
- name: Run linting suite
run: |
python -m tox -e lint
@@ -68,18 +68,18 @@ jobs:
python-version: "3.12"
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python__PYTHON_VERSION__
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+ uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: __PYTHON_VERSION__
- - name: Install tox
+ - name: Install CI libraries
run: |
- python -m pip install tox
+ python -m pip install --require-hashes -r CI/requirements_ci.txt
- name: Test with tox
run: |
python -m tox -e __TOX_ENV__
@@ -96,19 +96,19 @@ jobs:
runs-on: ubuntu-latest
strategy:
matrix:
- python-version: ["3.9", "3.10", "3.11", "3.12"]
+ python-version: [ "3.9", "3.10", "3.11", "3.12" ]
defaults:
run:
shell: bash -l {0}
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Conda (Micromamba) with Python__PYTHON_VERSION__
- uses: mamba-org/setup-micromamba@422500192359a097648154e8db4e39bdb6c6eed7 # v1.8.1
+ uses: mamba-org/setup-micromamba@f8b8a1e23a26f60a44c853292711bacfd3eac822 # v1.9.0
with:
cache-downloads: true
environment-file: environment-dev.yml
@@ -146,9 +146,16 @@ jobs:
runs-on: ubuntu-latest
container: python:3-slim
steps:
- - name: Coveralls Finished
+ - name: Checkout Repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ with:
+ sparse-checkout: |
+ CI/requirements_ci.txt
+ - name: Install CI libraries
+ run: |
+ python -m pip install --require-hashes -r CI/requirements_ci.txt
+ - name: Coveralls finished
run: |
- python -m pip install --upgrade coveralls
python -m coveralls --finish
env:
GITHUB_TOKEN: __GITHUB_TOKEN__
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/publish-pypi.yml b/{{cookiecutter.project_slug}}/.github/workflows/publish-pypi.yml
index 66e681689..26244a8a5 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/publish-pypi.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/publish-pypi.yml
@@ -18,7 +18,7 @@ jobs:
id-token: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
@@ -30,12 +30,12 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python3
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+ uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: "3.x"
- - name: Install packaging libraries
+ - name: Install CI libraries
run: |
- python -m pip install flit
+ python -m pip install --require-hashes -r CI/requirements_ci.txt
- name: Build a binary wheel and a source tarball
run: |
python -m flit build
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/scorecard.yml b/{{cookiecutter.project_slug}}/.github/workflows/scorecard.yml
index e24780c67..d112fa993 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/scorecard.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/scorecard.yml
@@ -29,7 +29,7 @@ jobs:
id-token: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/tag-testpypi.yml b/{{cookiecutter.project_slug}}/.github/workflows/tag-testpypi.yml
index 27e7edcdf..d03253e2d 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/tag-testpypi.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/tag-testpypi.yml
@@ -17,13 +17,13 @@ jobs:
contents: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Create Release
- uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # 2.0.5
+ uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # 2.0.8
env:
# This token is provided by Actions, you do not need to create your own token
GITHUB_TOKEN: __GITHUB_TOKEN__
@@ -42,7 +42,7 @@ jobs:
id-token: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
@@ -54,12 +54,12 @@ jobs:
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python3
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+ uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: "3.x"
- - name: Install packaging libraries
+ - name: Install CI libraries
run: |
- python -m pip install flit
+ python -m pip install --require-hashes -r CI/requirements_ci.txt
- name: Build a binary wheel and a source tarball
run: |
python -m flit build
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/workflow-warning.yml b/{{cookiecutter.project_slug}}/.github/workflows/workflow-warning.yml
index 275f28316..1f64f291a 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/workflow-warning.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/workflow-warning.yml
@@ -23,48 +23,54 @@ jobs:
if: |
(github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)
permissions:
- contents: read
pull-requests: write
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
disable-sudo: true
egress-policy: block
allowed-endpoints: >
api.github.com:443
- - name: Find Comment
+ - name: Find Warning Comment
uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
- id: fc
+ id: fc_warning
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: |
This Pull Request modifies GitHub workflows and is coming from a fork.
- - name: Create Comment
+ - name: Create Warning Comment
if: |
- (steps.fc.outputs.comment-id == '') &&
+ (steps.fc_warning.outputs.comment-id == '') &&
(!contains(github.event.pull_request.labels.*.name, 'approved')) &&
(github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name)
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
- comment-id: ${{ steps.fc.outputs.comment-id }}
+ comment-id: ${{ steps.fc_warning.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
- > **Warning**
+ > [!WARNING]
> This Pull Request modifies GitHub Workflows and is coming from a fork.
**It is very important for the reviewer to ensure that the workflow changes are appropriate.**
edit-mode: replace
+ - name: Find Note Comment
+ uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
+ id: fc_note
+ with:
+ issue-number: ${{ github.event.pull_request.number }}
+ comment-author: 'github-actions[bot]'
+ body-includes: Workflow changes in this Pull Request have been approved!
- name: Update Comment
if: |
contains(github.event.pull_request.labels.*.name, 'approved')
uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
with:
- comment-id: ${{ steps.fc.outputs.comment-id }}
+ comment-id: ${{ steps.fc_note.outputs.comment-id }}
issue-number: ${{ github.event.pull_request.number }}
body: |
- > **Note**
- > Changes have been approved by a maintainer.
+ > [!NOTE]
+ > Workflow changes in this Pull Request have been approved!
reactions: |
hooray
edit-mode: append
diff --git a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
index 008e074cb..1829c0761 100644
--- a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
+++ b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
@@ -1,11 +1,11 @@
default_language_version:
- python: python3
+ python: python3
repos:
- repo: https://github.com/asottile/pyupgrade
rev: v3.16.0
hooks:
- - id: pyupgrade
+ - id: pyupgrade
args: [ '--py38-plus' ]
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.6.0
@@ -80,13 +80,13 @@ repos:
- id: check-useless-excludes
ci:
- autofix_commit_msg: |
- [pre-commit.ci] auto fixes from pre-commit.com hooks
+ autofix_commit_msg: |
+ [pre-commit.ci] auto fixes from pre-commit.com hooks
- for more information, see https://pre-commit.ci
- autofix_prs: true
- autoupdate_branch: ''
- autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
- autoupdate_schedule: monthly
- skip: []
- submodules: false
+ for more information, see https://pre-commit.ci
+ autofix_prs: true
+ autoupdate_branch: ''
+ autoupdate_commit_msg: '[pre-commit.ci] pre-commit autoupdate'
+ autoupdate_schedule: monthly
+ skip: [ ]
+ submodules: false
diff --git a/{{cookiecutter.project_slug}}/.yamllint.yaml b/{{cookiecutter.project_slug}}/.yamllint.yaml
index 2f3b4a3d2..ce25c395a 100644
--- a/{{cookiecutter.project_slug}}/.yamllint.yaml
+++ b/{{cookiecutter.project_slug}}/.yamllint.yaml
@@ -1,8 +1,39 @@
---
rules:
+
+ brackets:
+ forbid: false
+ min-spaces-inside: 1
+ max-spaces-inside: 1
+
+ commas:
+ min-spaces-after: 1
+
document-start: disable
+
+ float-values:
+ require-numeral-before-decimal: true
+
+ hyphens:
+ max-spaces-after: 1
+
+ indentation:
+ indent-sequences: whatever
+ spaces: consistent
+
+ key-duplicates:
+ forbid-duplicated-merge-keys: true
+
line-length:
- max: 120
+ allow-non-breakable-words: true
+ allow-non-breakable-inline-mappings: true
+ max: 180
level: warning
+
+ new-lines:
+ type: unix
+
+ trailing-spaces: {}
+
truthy: disable
diff --git a/{{cookiecutter.project_slug}}/CONTRIBUTING.rst b/{{cookiecutter.project_slug}}/CONTRIBUTING.rst
index c1cccde2e..5104f9557 100644
--- a/{{cookiecutter.project_slug}}/CONTRIBUTING.rst
+++ b/{{cookiecutter.project_slug}}/CONTRIBUTING.rst
@@ -51,7 +51,7 @@ Get Started!
.. note::
- If you are new to using GitHub and `git`, please read `this guide `_ first.
+ If you are new to using `GitHub `_ and ``git``, please read `this guide `_ first.
{%- if cookiecutter.use_conda == 'y' %}
@@ -185,15 +185,16 @@ Ready to contribute? Here's how to set up ``{{ cookiecutter.project_name }}`` fo
git checkout name-of-your-bugfix-or-feature
git fetch
git pull origin main
+
See the previous step for more information on resolving conflicts.
#. Once your Pull Request has been accepted and merged to the `main` branch, several automated workflows will be triggered:
- The ``bump-version.yml`` workflow will automatically bump the patch version when pull requests are pushed to the `main` branch on GitHub. **It is not recommended to manually bump the version in your branch when merging (non-release) pull requests (this will cause the version to be bumped twice).**
- `ReadTheDocs` will automatically build the documentation and publish it to the `latest` branch of `{{ cookiecutter.project_slug }}` documentation website.
- - If your branch is not a fork (ie: you are a maintainer), your branch will be automatically deleted.
+ - If your branch is not a fork (i.e. you are a maintainer), your branch will be automatically deleted.
- You will have contributed to ``{{ cookiecutter.project_slug }}``!
+You will have contributed to ``{{ cookiecutter.project_slug }}``!
Pull Request Guidelines
-----------------------
@@ -249,6 +250,17 @@ To run specific code style checks:
To get ``black``, ``isort``, ``blackdoc``, ``ruff``, and ``flake8`` (with the ``flake8-rst-docstrings`` plugin) simply install them with ``pip`` {% if cookiecutter.use_conda == 'y' %}(or ``conda``) {% endif %}into your environment.
+Translations
+------------
+
+If you would like to contribute to the French translation of the documentation, you can do so by running the following command:
+
+ .. code-block:: console
+
+ make initialize-translations
+
+This will create or update the French translation files in the `docs/locales/fr/LC_MESSAGES` directory. You can then edit the `.po` files in this directory to provide translations for the documentation.
+
Code of Conduct
---------------
From 3f71e76f53c8c5bb7eb86a276212714d4ef0f570 Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Fri, 19 Jul 2024 14:24:18 -0400
Subject: [PATCH 2/8] synchronize deps, add numpydoc validation
---
.../.pre-commit-config.yaml | 9 +++-
{{cookiecutter.project_slug}}/Makefile | 3 +-
.../environment-dev.yml | 17 ++++----
{{cookiecutter.project_slug}}/pyproject.toml | 41 ++++++++++++++-----
{{cookiecutter.project_slug}}/tox.ini | 10 ++---
5 files changed, 54 insertions(+), 26 deletions(-)
diff --git a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
index 1829c0761..91dcb0215 100644
--- a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
+++ b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
@@ -38,12 +38,12 @@ repos:
rev: 24.4.2
hooks:
- id: black
- exclude: ^docs/
+ {% if cookiecutter.make_docs %}exclude: ^docs/{% endif %}
- repo: https://github.com/PyCQA/isort
rev: 5.13.2
hooks:
- id: isort
- exclude: ^docs/
+ {% if cookiecutter.make_docs %}exclude: ^docs/{% endif %}
{%- endif %}
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.5.0
@@ -69,6 +69,11 @@ repos:
hooks:
- id: yamllint
args: [ '--config-file=.yamllint.yaml' ]
+ - repo: https://github.com/numpy/numpydoc
+ rev: v1.7.0
+ hooks:
+ - id: numpydoc-validation
+ exclude: {% if cookiecutter.make_docs %}^docs/|{% endif %}^tests/
- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.28.6
hooks:
diff --git a/{{cookiecutter.project_slug}}/Makefile b/{{cookiecutter.project_slug}}/Makefile
index f5b488544..773581dc1 100644
--- a/{{cookiecutter.project_slug}}/Makefile
+++ b/{{cookiecutter.project_slug}}/Makefile
@@ -66,6 +66,7 @@ clean-test: ## remove test and coverage artifacts
lint/flake8: ## check style with flake8
python -m ruff check src/{{ cookiecutter.project_slug }} tests
python -m flake8 --config=.flake8 src/{{ cookiecutter.project_slug }} tests
+ python -m numpydoc --validate src/{{ cookiecutter.project_slug }}
{% if cookiecutter.use_black == 'y' -%}
lint/black: ## check style with black
@@ -84,7 +85,7 @@ test: ## run tests quickly with the default Python
{%- endif %}
test-all: ## run tests on every Python version with tox
- tox
+ python -m tox
coverage: ## check code coverage quickly with the default Python
{%- if cookiecutter.use_pytest == 'y' %}
diff --git a/{{cookiecutter.project_slug}}/environment-dev.yml b/{{cookiecutter.project_slug}}/environment-dev.yml
index 5e4438cfc..ed1e5d9ed 100644
--- a/{{cookiecutter.project_slug}}/environment-dev.yml
+++ b/{{cookiecutter.project_slug}}/environment-dev.yml
@@ -5,12 +5,12 @@ dependencies:
- python >=3.9,<3.13
# Dev tools and testing
- pip >=24.0
- - bump-my-version >=0.23.0
+ - bump-my-version >=0.24.3
- watchdog >=3.0.0
- - flake8 >=7.0.0
+ - flake8 >=7.1.0
- flake8-rst-docstrings >=0.3.0
- - flit >=3.9.0
- - tox >=4.15.1
+ - flit >=3.9.0,<4.0
+ - tox >=4.16.0
- coverage >=7.5.0
- coveralls >=4.0.0
{%- if cookiecutter.command_line_interface|lower == 'click' %}
@@ -19,13 +19,14 @@ dependencies:
- typer >=0.12.3
{%- endif %}
{%- if cookiecutter.use_pytest == 'y' %}
- - pytest >=7.3.1
- - pytest-cov >=4.0.0
+ - pytest >=8.2.2
+ - pytest-cov >=5.0.0
{%- endif %}
{%- if cookiecutter.use_black == 'y' %}
- black ==24.4.2
- blackdoc ==0.3.9
- isort ==5.13.2
{%- endif %}
- - pre-commit >=3.3.2
- - ruff >=0.4.0
+ - numpydoc >=1.7.0
+ - pre-commit >=3.5.0
+ - ruff >=0.5.0
diff --git a/{{cookiecutter.project_slug}}/pyproject.toml b/{{cookiecutter.project_slug}}/pyproject.toml
index a455d0e53..527c86fef 100644
--- a/{{cookiecutter.project_slug}}/pyproject.toml
+++ b/{{cookiecutter.project_slug}}/pyproject.toml
@@ -53,26 +53,27 @@ dependencies = [
dev = [
# Dev tools and testing
"pip >=24.0",
- "bump-my-version >=0.23.0",
+ "bump-my-version >=0.24.3",
"watchdog >=3.0.0",
- "flake8 >=7.0.0",
+ "flake8 >=7.1.0",
"flake8-rst-docstrings >=0.3.0",
- "flit >=3.9.0",
- "tox >=4.15.1",
+ "flit >=3.9.0,<4.0",
+ "tox >=4.16.0",
"coverage >=7.5.0",
- "coveralls >=3.3.1",
+ "coveralls >=4.0.0",
"mypy",
+ "numpydoc >=1.7.0",
{%- if cookiecutter.use_pytest == 'y' %}
- "pytest >=7.3.1",
- "pytest-cov >=4.0.0",
+ "pytest >=8.2.2",
+ "pytest-cov >=5.0.0",
{%- endif %}
{%- if cookiecutter.use_black == 'y' %}
"black ==24.4.2",
"blackdoc ==0.3.9",
"isort ==5.13.2",
{%- endif %}
- "ruff >=0.4.0",
- "pre-commit >=3.3.2"
+ "ruff >=0.5.0",
+ "pre-commit >=3.5.0"
]
{%- if cookiecutter.make_docs == 'y' %}
docs = [
@@ -281,6 +282,26 @@ disable_error_code = "attr-defined"
ignore_missing_imports = true
{%- if cookiecutter.use_pytest == 'y' %}
+[tool.numpydoc_validation]
+checks = [
+ "all", # report on all checks, except the below
+ "EX01",
+ "SA01",
+ "ES01"
+]
+# remember to use single quotes for regex in TOML
+exclude = [
+ # don't report on objects that match any of these regex
+ '\.undocumented_method$',
+ '\.__repr__$'
+]
+override_SS05 = [
+ # override SS05 to allow docstrings starting with these words
+ '^Process ',
+ '^Assess ',
+ '^Access '
+]
+
[tool.pytest.ini_options]
addopts = [
"--verbose",
@@ -355,7 +376,7 @@ max-complexity = 15
[tool.ruff.lint.per-file-ignores]
"docs/**" = ["E402"]
"src/{{ cookiecutter.project_slug }}/**/__init__.py" = ["F401", "F403"]
-"tests/**" = ["S101"]
+"tests/**" = ["D100", "D101", "D102", "D103", "S101"]
[tool.ruff.lint.pycodestyle]
max-doc-length = 180
diff --git a/{{cookiecutter.project_slug}}/tox.ini b/{{cookiecutter.project_slug}}/tox.ini
index 9ae901476..e5b3fe899 100644
--- a/{{cookiecutter.project_slug}}/tox.ini
+++ b/{{cookiecutter.project_slug}}/tox.ini
@@ -1,5 +1,5 @@
[tox]
-min_version = 4.15.1
+min_version = 4.16.0
envlist =
lint
py{38,39,310,311,312}
@@ -8,8 +8,7 @@ envlist =
{%- endif %}
coveralls
requires =
- flit >= 3.9.0
- pip >= 24.0
+ flit >= 3.9.0,<4.0.0
opts =
--verbose
@@ -21,9 +20,10 @@ deps =
blackdoc ==0.3.9
isort ==5.13.2
{%- endif %}
- flake8 >=7.0.0
+ flake8 >=7.1.0
flake8-rst-docstrings >=0.3.0
- ruff >=0.4.0
+ ruff >=0.5.0
+ numpydoc >=1.7.0
commands =
make lint
allowlist_externals =
From 600437c8a5652528168101c0ba8b4a7c45919220 Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Fri, 19 Jul 2024 14:24:36 -0400
Subject: [PATCH 3/8] use hashed packages
---
.../CI/requirements_ci.in | 4 +
.../CI/requirements_ci.txt | 365 ++++++++++++++++++
2 files changed, 369 insertions(+)
create mode 100644 {{cookiecutter.project_slug}}/CI/requirements_ci.in
create mode 100644 {{cookiecutter.project_slug}}/CI/requirements_ci.txt
diff --git a/{{cookiecutter.project_slug}}/CI/requirements_ci.in b/{{cookiecutter.project_slug}}/CI/requirements_ci.in
new file mode 100644
index 000000000..5c222d6af
--- /dev/null
+++ b/{{cookiecutter.project_slug}}/CI/requirements_ci.in
@@ -0,0 +1,4 @@
+bump-my-version==0.24.3
+pip==24.1.2
+flit==3.9.0
+tox==4.16.0
diff --git a/{{cookiecutter.project_slug}}/CI/requirements_ci.txt b/{{cookiecutter.project_slug}}/CI/requirements_ci.txt
new file mode 100644
index 000000000..0cd48c8c0
--- /dev/null
+++ b/{{cookiecutter.project_slug}}/CI/requirements_ci.txt
@@ -0,0 +1,365 @@
+#
+# This file is autogenerated by pip-compile with Python 3.8
+# by the following command:
+#
+# pip-compile --generate-hashes --output-file=CI/requirements_ci.txt CI/requirements_ci.in
+#
+annotated-types==0.7.0 \
+ --hash=sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53 \
+ --hash=sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89
+ # via pydantic
+bracex==2.4 \
+ --hash=sha256:a27eaf1df42cf561fed58b7a8f3fdf129d1ea16a81e1fadd1d17989bc6384beb \
+ --hash=sha256:efdc71eff95eaff5e0f8cfebe7d01adf2c8637c8c92edaf63ef348c241a82418
+ # via wcmatch
+bump-my-version==0.24.3 \
+ --hash=sha256:9b8ac82458a703a968a9a438b460175494cc0e0c6bd5f316019945a6b66eb81f \
+ --hash=sha256:cdd86e158430dd5e5e25fc61703c140a1107579fdd8d74f8f3a5f991daa07168
+ # via -r CI/requirements_ci.in
+cachetools==5.4.0 \
+ --hash=sha256:3ae3b49a3d5e28a77a0be2b37dbcb89005058959cb2323858c2657c4a8cab474 \
+ --hash=sha256:b8adc2e7c07f105ced7bc56dbb6dfbe7c4a00acce20e2227b3f355be89bc6827
+ # via tox
+certifi==2024.7.4 \
+ --hash=sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b \
+ --hash=sha256:c198e21b1289c2ab85ee4e67bb4b4ef3ead0892059901a8d5b622f24a1101e90
+ # via requests
+chardet==5.2.0 \
+ --hash=sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7 \
+ --hash=sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970
+ # via tox
+charset-normalizer==3.3.2 \
+ --hash=sha256:06435b539f889b1f6f4ac1758871aae42dc3a8c0e24ac9e60c2384973ad73027 \
+ --hash=sha256:06a81e93cd441c56a9b65d8e1d043daeb97a3d0856d177d5c90ba85acb3db087 \
+ --hash=sha256:0a55554a2fa0d408816b3b5cedf0045f4b8e1a6065aec45849de2d6f3f8e9786 \
+ --hash=sha256:0b2b64d2bb6d3fb9112bafa732def486049e63de9618b5843bcdd081d8144cd8 \
+ --hash=sha256:10955842570876604d404661fbccbc9c7e684caf432c09c715ec38fbae45ae09 \
+ --hash=sha256:122c7fa62b130ed55f8f285bfd56d5f4b4a5b503609d181f9ad85e55c89f4185 \
+ --hash=sha256:1ceae2f17a9c33cb48e3263960dc5fc8005351ee19db217e9b1bb15d28c02574 \
+ --hash=sha256:1d3193f4a680c64b4b6a9115943538edb896edc190f0b222e73761716519268e \
+ --hash=sha256:1f79682fbe303db92bc2b1136016a38a42e835d932bab5b3b1bfcfbf0640e519 \
+ --hash=sha256:2127566c664442652f024c837091890cb1942c30937add288223dc895793f898 \
+ --hash=sha256:22afcb9f253dac0696b5a4be4a1c0f8762f8239e21b99680099abd9b2b1b2269 \
+ --hash=sha256:25baf083bf6f6b341f4121c2f3c548875ee6f5339300e08be3f2b2ba1721cdd3 \
+ --hash=sha256:2e81c7b9c8979ce92ed306c249d46894776a909505d8f5a4ba55b14206e3222f \
+ --hash=sha256:3287761bc4ee9e33561a7e058c72ac0938c4f57fe49a09eae428fd88aafe7bb6 \
+ --hash=sha256:34d1c8da1e78d2e001f363791c98a272bb734000fcef47a491c1e3b0505657a8 \
+ --hash=sha256:37e55c8e51c236f95b033f6fb391d7d7970ba5fe7ff453dad675e88cf303377a \
+ --hash=sha256:3d47fa203a7bd9c5b6cee4736ee84ca03b8ef23193c0d1ca99b5089f72645c73 \
+ --hash=sha256:3e4d1f6587322d2788836a99c69062fbb091331ec940e02d12d179c1d53e25fc \
+ --hash=sha256:42cb296636fcc8b0644486d15c12376cb9fa75443e00fb25de0b8602e64c1714 \
+ --hash=sha256:45485e01ff4d3630ec0d9617310448a8702f70e9c01906b0d0118bdf9d124cf2 \
+ --hash=sha256:4a78b2b446bd7c934f5dcedc588903fb2f5eec172f3d29e52a9096a43722adfc \
+ --hash=sha256:4ab2fe47fae9e0f9dee8c04187ce5d09f48eabe611be8259444906793ab7cbce \
+ --hash=sha256:4d0d1650369165a14e14e1e47b372cfcb31d6ab44e6e33cb2d4e57265290044d \
+ --hash=sha256:549a3a73da901d5bc3ce8d24e0600d1fa85524c10287f6004fbab87672bf3e1e \
+ --hash=sha256:55086ee1064215781fff39a1af09518bc9255b50d6333f2e4c74ca09fac6a8f6 \
+ --hash=sha256:572c3763a264ba47b3cf708a44ce965d98555f618ca42c926a9c1616d8f34269 \
+ --hash=sha256:573f6eac48f4769d667c4442081b1794f52919e7edada77495aaed9236d13a96 \
+ --hash=sha256:5b4c145409bef602a690e7cfad0a15a55c13320ff7a3ad7ca59c13bb8ba4d45d \
+ --hash=sha256:6463effa3186ea09411d50efc7d85360b38d5f09b870c48e4600f63af490e56a \
+ --hash=sha256:65f6f63034100ead094b8744b3b97965785388f308a64cf8d7c34f2f2e5be0c4 \
+ --hash=sha256:663946639d296df6a2bb2aa51b60a2454ca1cb29835324c640dafb5ff2131a77 \
+ --hash=sha256:6897af51655e3691ff853668779c7bad41579facacf5fd7253b0133308cf000d \
+ --hash=sha256:68d1f8a9e9e37c1223b656399be5d6b448dea850bed7d0f87a8311f1ff3dabb0 \
+ --hash=sha256:6ac7ffc7ad6d040517be39eb591cac5ff87416c2537df6ba3cba3bae290c0fed \
+ --hash=sha256:6b3251890fff30ee142c44144871185dbe13b11bab478a88887a639655be1068 \
+ --hash=sha256:6c4caeef8fa63d06bd437cd4bdcf3ffefe6738fb1b25951440d80dc7df8c03ac \
+ --hash=sha256:6ef1d82a3af9d3eecdba2321dc1b3c238245d890843e040e41e470ffa64c3e25 \
+ --hash=sha256:753f10e867343b4511128c6ed8c82f7bec3bd026875576dfd88483c5c73b2fd8 \
+ --hash=sha256:7cd13a2e3ddeed6913a65e66e94b51d80a041145a026c27e6bb76c31a853c6ab \
+ --hash=sha256:7ed9e526742851e8d5cc9e6cf41427dfc6068d4f5a3bb03659444b4cabf6bc26 \
+ --hash=sha256:7f04c839ed0b6b98b1a7501a002144b76c18fb1c1850c8b98d458ac269e26ed2 \
+ --hash=sha256:802fe99cca7457642125a8a88a084cef28ff0cf9407060f7b93dca5aa25480db \
+ --hash=sha256:80402cd6ee291dcb72644d6eac93785fe2c8b9cb30893c1af5b8fdd753b9d40f \
+ --hash=sha256:8465322196c8b4d7ab6d1e049e4c5cb460d0394da4a27d23cc242fbf0034b6b5 \
+ --hash=sha256:86216b5cee4b06df986d214f664305142d9c76df9b6512be2738aa72a2048f99 \
+ --hash=sha256:87d1351268731db79e0f8e745d92493ee2841c974128ef629dc518b937d9194c \
+ --hash=sha256:8bdb58ff7ba23002a4c5808d608e4e6c687175724f54a5dade5fa8c67b604e4d \
+ --hash=sha256:8c622a5fe39a48f78944a87d4fb8a53ee07344641b0562c540d840748571b811 \
+ --hash=sha256:8d756e44e94489e49571086ef83b2bb8ce311e730092d2c34ca8f7d925cb20aa \
+ --hash=sha256:8f4a014bc36d3c57402e2977dada34f9c12300af536839dc38c0beab8878f38a \
+ --hash=sha256:9063e24fdb1e498ab71cb7419e24622516c4a04476b17a2dab57e8baa30d6e03 \
+ --hash=sha256:90d558489962fd4918143277a773316e56c72da56ec7aa3dc3dbbe20fdfed15b \
+ --hash=sha256:923c0c831b7cfcb071580d3f46c4baf50f174be571576556269530f4bbd79d04 \
+ --hash=sha256:95f2a5796329323b8f0512e09dbb7a1860c46a39da62ecb2324f116fa8fdc85c \
+ --hash=sha256:96b02a3dc4381e5494fad39be677abcb5e6634bf7b4fa83a6dd3112607547001 \
+ --hash=sha256:9f96df6923e21816da7e0ad3fd47dd8f94b2a5ce594e00677c0013018b813458 \
+ --hash=sha256:a10af20b82360ab00827f916a6058451b723b4e65030c5a18577c8b2de5b3389 \
+ --hash=sha256:a50aebfa173e157099939b17f18600f72f84eed3049e743b68ad15bd69b6bf99 \
+ --hash=sha256:a981a536974bbc7a512cf44ed14938cf01030a99e9b3a06dd59578882f06f985 \
+ --hash=sha256:a9a8e9031d613fd2009c182b69c7b2c1ef8239a0efb1df3f7c8da66d5dd3d537 \
+ --hash=sha256:ae5f4161f18c61806f411a13b0310bea87f987c7d2ecdbdaad0e94eb2e404238 \
+ --hash=sha256:aed38f6e4fb3f5d6bf81bfa990a07806be9d83cf7bacef998ab1a9bd660a581f \
+ --hash=sha256:b01b88d45a6fcb69667cd6d2f7a9aeb4bf53760d7fc536bf679ec94fe9f3ff3d \
+ --hash=sha256:b261ccdec7821281dade748d088bb6e9b69e6d15b30652b74cbbac25e280b796 \
+ --hash=sha256:b2b0a0c0517616b6869869f8c581d4eb2dd83a4d79e0ebcb7d373ef9956aeb0a \
+ --hash=sha256:b4a23f61ce87adf89be746c8a8974fe1c823c891d8f86eb218bb957c924bb143 \
+ --hash=sha256:bd8f7df7d12c2db9fab40bdd87a7c09b1530128315d047a086fa3ae3435cb3a8 \
+ --hash=sha256:beb58fe5cdb101e3a055192ac291b7a21e3b7ef4f67fa1d74e331a7f2124341c \
+ --hash=sha256:c002b4ffc0be611f0d9da932eb0f704fe2602a9a949d1f738e4c34c75b0863d5 \
+ --hash=sha256:c083af607d2515612056a31f0a8d9e0fcb5876b7bfc0abad3ecd275bc4ebc2d5 \
+ --hash=sha256:c180f51afb394e165eafe4ac2936a14bee3eb10debc9d9e4db8958fe36afe711 \
+ --hash=sha256:c235ebd9baae02f1b77bcea61bce332cb4331dc3617d254df3323aa01ab47bd4 \
+ --hash=sha256:cd70574b12bb8a4d2aaa0094515df2463cb429d8536cfb6c7ce983246983e5a6 \
+ --hash=sha256:d0eccceffcb53201b5bfebb52600a5fb483a20b61da9dbc885f8b103cbe7598c \
+ --hash=sha256:d965bba47ddeec8cd560687584e88cf699fd28f192ceb452d1d7ee807c5597b7 \
+ --hash=sha256:db364eca23f876da6f9e16c9da0df51aa4f104a972735574842618b8c6d999d4 \
+ --hash=sha256:ddbb2551d7e0102e7252db79ba445cdab71b26640817ab1e3e3648dad515003b \
+ --hash=sha256:deb6be0ac38ece9ba87dea880e438f25ca3eddfac8b002a2ec3d9183a454e8ae \
+ --hash=sha256:e06ed3eb3218bc64786f7db41917d4e686cc4856944f53d5bdf83a6884432e12 \
+ --hash=sha256:e27ad930a842b4c5eb8ac0016b0a54f5aebbe679340c26101df33424142c143c \
+ --hash=sha256:e537484df0d8f426ce2afb2d0f8e1c3d0b114b83f8850e5f2fbea0e797bd82ae \
+ --hash=sha256:eb00ed941194665c332bf8e078baf037d6c35d7c4f3102ea2d4f16ca94a26dc8 \
+ --hash=sha256:eb6904c354526e758fda7167b33005998fb68c46fbc10e013ca97f21ca5c8887 \
+ --hash=sha256:eb8821e09e916165e160797a6c17edda0679379a4be5c716c260e836e122f54b \
+ --hash=sha256:efcb3f6676480691518c177e3b465bcddf57cea040302f9f4e6e191af91174d4 \
+ --hash=sha256:f27273b60488abe721a075bcca6d7f3964f9f6f067c8c4c605743023d7d3944f \
+ --hash=sha256:f30c3cb33b24454a82faecaf01b19c18562b1e89558fb6c56de4d9118a032fd5 \
+ --hash=sha256:fb69256e180cb6c8a894fee62b3afebae785babc1ee98b81cdf68bbca1987f33 \
+ --hash=sha256:fd1abc0d89e30cc4e02e4064dc67fcc51bd941eb395c502aac3ec19fab46b519 \
+ --hash=sha256:ff8fa367d09b717b2a17a052544193ad76cd49979c805768879cb63d9ca50561
+ # via requests
+click==8.1.7 \
+ --hash=sha256:ae74fb96c20a0277a1d615f1e4d73c8414f5a98db8b799a7931d1582f3390c28 \
+ --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de
+ # via
+ # bump-my-version
+ # rich-click
+colorama==0.4.6 \
+ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
+ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
+ # via tox
+distlib==0.3.8 \
+ --hash=sha256:034db59a0b96f8ca18035f36290806a9a6e6bd9d1ff91e45a7f172eb17e51784 \
+ --hash=sha256:1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64
+ # via virtualenv
+docutils==0.20.1 \
+ --hash=sha256:96f387a2c5562db4476f09f13bbab2192e764cac08ebbf3a34a95d9b1e4a59d6 \
+ --hash=sha256:f08a4e276c3a1583a86dce3e34aba3fe04d02bba2dd51ed16106244e8a923e3b
+ # via flit
+filelock==3.15.4 \
+ --hash=sha256:2207938cbc1844345cb01a5a95524dae30f0ce089eba5b00378295a17e3e90cb \
+ --hash=sha256:6ca1fffae96225dab4c6eaf1c4f4f28cd2568d3ec2a44e15a08520504de468e7
+ # via
+ # tox
+ # virtualenv
+flit==3.9.0 \
+ --hash=sha256:076c3aaba5ac24cf0ad3251f910900d95a08218e6bcb26f21fef1036cc4679ca \
+ --hash=sha256:d75edf5eb324da20d53570a6a6f87f51e606eee8384925cd66a90611140844c7
+ # via -r CI/requirements_ci.in
+flit-core==3.9.0 \
+ --hash=sha256:72ad266176c4a3fcfab5f2930d76896059851240570ce9a98733b658cb786eba \
+ --hash=sha256:7aada352fb0c7f5538c4fafeddf314d3a6a92ee8e2b1de70482329e42de70301
+ # via flit
+idna==3.7 \
+ --hash=sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc \
+ --hash=sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0
+ # via requests
+markdown-it-py==3.0.0 \
+ --hash=sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 \
+ --hash=sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb
+ # via rich
+mdurl==0.1.2 \
+ --hash=sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 \
+ --hash=sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba
+ # via markdown-it-py
+packaging==24.1 \
+ --hash=sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002 \
+ --hash=sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124
+ # via
+ # pyproject-api
+ # tox
+platformdirs==4.2.2 \
+ --hash=sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee \
+ --hash=sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3
+ # via
+ # tox
+ # virtualenv
+pluggy==1.5.0 \
+ --hash=sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1 \
+ --hash=sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669
+ # via tox
+prompt-toolkit==3.0.36 \
+ --hash=sha256:3e163f254bef5a03b146397d7c1963bd3e2812f0964bb9a24e6ec761fd28db63 \
+ --hash=sha256:aa64ad242a462c5ff0363a7b9cfe696c20d55d9fc60c11fd8e632d064804d305
+ # via questionary
+pydantic==2.8.2 \
+ --hash=sha256:6f62c13d067b0755ad1c21a34bdd06c0c12625a22b0fc09c6b149816604f7c2a \
+ --hash=sha256:73ee9fddd406dc318b885c7a2eab8a6472b68b8fb5ba8150949fc3db939f23c8
+ # via
+ # bump-my-version
+ # pydantic-settings
+pydantic-core==2.20.1 \
+ --hash=sha256:035ede2e16da7281041f0e626459bcae33ed998cca6a0a007a5ebb73414ac72d \
+ --hash=sha256:04024d270cf63f586ad41fff13fde4311c4fc13ea74676962c876d9577bcc78f \
+ --hash=sha256:0827505a5c87e8aa285dc31e9ec7f4a17c81a813d45f70b1d9164e03a813a686 \
+ --hash=sha256:084659fac3c83fd674596612aeff6041a18402f1e1bc19ca39e417d554468482 \
+ --hash=sha256:10d4204d8ca33146e761c79f83cc861df20e7ae9f6487ca290a97702daf56006 \
+ --hash=sha256:11b71d67b4725e7e2a9f6e9c0ac1239bbc0c48cce3dc59f98635efc57d6dac83 \
+ --hash=sha256:150906b40ff188a3260cbee25380e7494ee85048584998c1e66df0c7a11c17a6 \
+ --hash=sha256:175873691124f3d0da55aeea1d90660a6ea7a3cfea137c38afa0a5ffabe37b88 \
+ --hash=sha256:177f55a886d74f1808763976ac4efd29b7ed15c69f4d838bbd74d9d09cf6fa86 \
+ --hash=sha256:19c0fa39fa154e7e0b7f82f88ef85faa2a4c23cc65aae2f5aea625e3c13c735a \
+ --hash=sha256:1eedfeb6089ed3fad42e81a67755846ad4dcc14d73698c120a82e4ccf0f1f9f6 \
+ --hash=sha256:225b67a1f6d602de0ce7f6c1c3ae89a4aa25d3de9be857999e9124f15dab486a \
+ --hash=sha256:242b8feb3c493ab78be289c034a1f659e8826e2233786e36f2893a950a719bb6 \
+ --hash=sha256:254ec27fdb5b1ee60684f91683be95e5133c994cc54e86a0b0963afa25c8f8a6 \
+ --hash=sha256:25e9185e2d06c16ee438ed39bf62935ec436474a6ac4f9358524220f1b236e43 \
+ --hash=sha256:26ab812fa0c845df815e506be30337e2df27e88399b985d0bb4e3ecfe72df31c \
+ --hash=sha256:26ca695eeee5f9f1aeeb211ffc12f10bcb6f71e2989988fda61dabd65db878d4 \
+ --hash=sha256:26dc97754b57d2fd00ac2b24dfa341abffc380b823211994c4efac7f13b9e90e \
+ --hash=sha256:270755f15174fb983890c49881e93f8f1b80f0b5e3a3cc1394a255706cabd203 \
+ --hash=sha256:2aafc5a503855ea5885559eae883978c9b6d8c8993d67766ee73d82e841300dd \
+ --hash=sha256:2d036c7187b9422ae5b262badb87a20a49eb6c5238b2004e96d4da1231badef1 \
+ --hash=sha256:33499e85e739a4b60c9dac710c20a08dc73cb3240c9a0e22325e671b27b70d24 \
+ --hash=sha256:37eee5b638f0e0dcd18d21f59b679686bbd18917b87db0193ae36f9c23c355fc \
+ --hash=sha256:38cf1c40a921d05c5edc61a785c0ddb4bed67827069f535d794ce6bcded919fc \
+ --hash=sha256:3acae97ffd19bf091c72df4d726d552c473f3576409b2a7ca36b2f535ffff4a3 \
+ --hash=sha256:3c5ebac750d9d5f2706654c638c041635c385596caf68f81342011ddfa1e5598 \
+ --hash=sha256:3d482efec8b7dc6bfaedc0f166b2ce349df0011f5d2f1f25537ced4cfc34fd98 \
+ --hash=sha256:407653af5617f0757261ae249d3fba09504d7a71ab36ac057c938572d1bc9331 \
+ --hash=sha256:40a783fb7ee353c50bd3853e626f15677ea527ae556429453685ae32280c19c2 \
+ --hash=sha256:41e81317dd6a0127cabce83c0c9c3fbecceae981c8391e6f1dec88a77c8a569a \
+ --hash=sha256:41f4c96227a67a013e7de5ff8f20fb496ce573893b7f4f2707d065907bffdbd6 \
+ --hash=sha256:469f29f9093c9d834432034d33f5fe45699e664f12a13bf38c04967ce233d688 \
+ --hash=sha256:4745f4ac52cc6686390c40eaa01d48b18997cb130833154801a442323cc78f91 \
+ --hash=sha256:4868f6bd7c9d98904b748a2653031fc9c2f85b6237009d475b1008bfaeb0a5aa \
+ --hash=sha256:4aa223cd1e36b642092c326d694d8bf59b71ddddc94cdb752bbbb1c5c91d833b \
+ --hash=sha256:4dd484681c15e6b9a977c785a345d3e378d72678fd5f1f3c0509608da24f2ac0 \
+ --hash=sha256:4f2790949cf385d985a31984907fecb3896999329103df4e4983a4a41e13e840 \
+ --hash=sha256:512ecfbefef6dac7bc5eaaf46177b2de58cdf7acac8793fe033b24ece0b9566c \
+ --hash=sha256:516d9227919612425c8ef1c9b869bbbee249bc91912c8aaffb66116c0b447ebd \
+ --hash=sha256:53e431da3fc53360db73eedf6f7124d1076e1b4ee4276b36fb25514544ceb4a3 \
+ --hash=sha256:595ba5be69b35777474fa07f80fc260ea71255656191adb22a8c53aba4479231 \
+ --hash=sha256:5b5ff4911aea936a47d9376fd3ab17e970cc543d1b68921886e7f64bd28308d1 \
+ --hash=sha256:5d41e6daee2813ecceea8eda38062d69e280b39df793f5a942fa515b8ed67953 \
+ --hash=sha256:5e999ba8dd90e93d57410c5e67ebb67ffcaadcea0ad973240fdfd3a135506250 \
+ --hash=sha256:5f239eb799a2081495ea659d8d4a43a8f42cd1fe9ff2e7e436295c38a10c286a \
+ --hash=sha256:635fee4e041ab9c479e31edda27fcf966ea9614fff1317e280d99eb3e5ab6fe2 \
+ --hash=sha256:65db0f2eefcaad1a3950f498aabb4875c8890438bc80b19362cf633b87a8ab20 \
+ --hash=sha256:6b507132dcfc0dea440cce23ee2182c0ce7aba7054576efc65634f080dbe9434 \
+ --hash=sha256:6b9d9bb600328a1ce523ab4f454859e9d439150abb0906c5a1983c146580ebab \
+ --hash=sha256:70c8daf4faca8da5a6d655f9af86faf6ec2e1768f4b8b9d0226c02f3d6209703 \
+ --hash=sha256:77bf3ac639c1ff567ae3b47f8d4cc3dc20f9966a2a6dd2311dcc055d3d04fb8a \
+ --hash=sha256:784c1214cb6dd1e3b15dd8b91b9a53852aed16671cc3fbe4786f4f1db07089e2 \
+ --hash=sha256:7eb6a0587eded33aeefea9f916899d42b1799b7b14b8f8ff2753c0ac1741edac \
+ --hash=sha256:7ed1b0132f24beeec5a78b67d9388656d03e6a7c837394f99257e2d55b461611 \
+ --hash=sha256:8ad4aeb3e9a97286573c03df758fc7627aecdd02f1da04516a86dc159bf70121 \
+ --hash=sha256:964faa8a861d2664f0c7ab0c181af0bea66098b1919439815ca8803ef136fc4e \
+ --hash=sha256:9dc1b507c12eb0481d071f3c1808f0529ad41dc415d0ca11f7ebfc666e66a18b \
+ --hash=sha256:9ebfef07dbe1d93efb94b4700f2d278494e9162565a54f124c404a5656d7ff09 \
+ --hash=sha256:a45f84b09ac9c3d35dfcf6a27fd0634d30d183205230a0ebe8373a0e8cfa0906 \
+ --hash=sha256:a4f55095ad087474999ee28d3398bae183a66be4823f753cd7d67dd0153427c9 \
+ --hash=sha256:a6d511cc297ff0883bc3708b465ff82d7560193169a8b93260f74ecb0a5e08a7 \
+ --hash=sha256:a8ad4c766d3f33ba8fd692f9aa297c9058970530a32c728a2c4bfd2616d3358b \
+ --hash=sha256:aa2f457b4af386254372dfa78a2eda2563680d982422641a85f271c859df1987 \
+ --hash=sha256:b03f7941783b4c4a26051846dea594628b38f6940a2fdc0df00b221aed39314c \
+ --hash=sha256:b0dae11d8f5ded51699c74d9548dcc5938e0804cc8298ec0aa0da95c21fff57b \
+ --hash=sha256:b91ced227c41aa29c672814f50dbb05ec93536abf8f43cd14ec9521ea09afe4e \
+ --hash=sha256:bc633a9fe1eb87e250b5c57d389cf28998e4292336926b0b6cdaee353f89a237 \
+ --hash=sha256:bebb4d6715c814597f85297c332297c6ce81e29436125ca59d1159b07f423eb1 \
+ --hash=sha256:c336a6d235522a62fef872c6295a42ecb0c4e1d0f1a3e500fe949415761b8a19 \
+ --hash=sha256:c6514f963b023aeee506678a1cf821fe31159b925c4b76fe2afa94cc70b3222b \
+ --hash=sha256:c693e916709c2465b02ca0ad7b387c4f8423d1db7b4649c551f27a529181c5ad \
+ --hash=sha256:c81131869240e3e568916ef4c307f8b99583efaa60a8112ef27a366eefba8ef0 \
+ --hash=sha256:d02a72df14dfdbaf228424573a07af10637bd490f0901cee872c4f434a735b94 \
+ --hash=sha256:d2a8fa9d6d6f891f3deec72f5cc668e6f66b188ab14bb1ab52422fe8e644f312 \
+ --hash=sha256:d2b27e6af28f07e2f195552b37d7d66b150adbaa39a6d327766ffd695799780f \
+ --hash=sha256:d2fe69c5434391727efa54b47a1e7986bb0186e72a41b203df8f5b0a19a4f669 \
+ --hash=sha256:d3f3ed29cd9f978c604708511a1f9c2fdcb6c38b9aae36a51905b8811ee5cbf1 \
+ --hash=sha256:d573faf8eb7e6b1cbbcb4f5b247c60ca8be39fe2c674495df0eb4318303137fe \
+ --hash=sha256:e0bbdd76ce9aa5d4209d65f2b27fc6e5ef1312ae6c5333c26db3f5ade53a1e99 \
+ --hash=sha256:e7c4ea22b6739b162c9ecaaa41d718dfad48a244909fe7ef4b54c0b530effc5a \
+ --hash=sha256:e93e1a4b4b33daed65d781a57a522ff153dcf748dee70b40c7258c5861e1768a \
+ --hash=sha256:e97fdf088d4b31ff4ba35db26d9cc472ac7ef4a2ff2badeabf8d727b3377fc52 \
+ --hash=sha256:e9fa4c9bf273ca41f940bceb86922a7667cd5bf90e95dbb157cbb8441008482c \
+ --hash=sha256:eaad4ff2de1c3823fddf82f41121bdf453d922e9a238642b1dedb33c4e4f98ad \
+ --hash=sha256:f1f62b2413c3a0e846c3b838b2ecd6c7a19ec6793b2a522745b0869e37ab5bc1 \
+ --hash=sha256:f6d6cff3538391e8486a431569b77921adfcdef14eb18fbf19b7c0a5294d4e6a \
+ --hash=sha256:f9aa05d09ecf4c75157197f27cdc9cfaeb7c5f15021c6373932bf3e124af029f \
+ --hash=sha256:fa2fddcb7107e0d1808086ca306dcade7df60a13a6c347a7acf1ec139aa6789a \
+ --hash=sha256:faa6b09ee09433b87992fb5a2859efd1c264ddc37280d2dd5db502126d0e7f27
+ # via pydantic
+pydantic-settings==2.3.4 \
+ --hash=sha256:11ad8bacb68a045f00e4f862c7a718c8a9ec766aa8fd4c32e39a0594b207b53a \
+ --hash=sha256:c5802e3d62b78e82522319bbc9b8f8ffb28ad1c988a99311d04f2a6051fca0a7
+ # via bump-my-version
+pygments==2.18.0 \
+ --hash=sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199 \
+ --hash=sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a
+ # via rich
+pyproject-api==1.7.1 \
+ --hash=sha256:2dc1654062c2b27733d8fd4cdda672b22fe8741ef1dde8e3a998a9547b071eeb \
+ --hash=sha256:7ebc6cd10710f89f4cf2a2731710a98abce37ebff19427116ff2174c9236a827
+ # via tox
+python-dotenv==1.0.1 \
+ --hash=sha256:e324ee90a023d808f1959c46bcbc04446a10ced277783dc6ee09987c37ec10ca \
+ --hash=sha256:f7b63ef50f1b690dddf550d03497b66d609393b40b564ed0d674909a68ebf16a
+ # via pydantic-settings
+questionary==2.0.1 \
+ --hash=sha256:8ab9a01d0b91b68444dff7f6652c1e754105533f083cbe27597c8110ecc230a2 \
+ --hash=sha256:bcce898bf3dbb446ff62830c86c5c6fb9a22a54146f0f5597d3da43b10d8fc8b
+ # via bump-my-version
+requests==2.32.3 \
+ --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \
+ --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6
+ # via flit
+rich==13.7.1 \
+ --hash=sha256:4edbae314f59eb482f54e9e30bf00d33350aaa94f4bfcd4e9e3110e64d0d7222 \
+ --hash=sha256:9be308cb1fe2f1f57d67ce99e95af38a1e2bc71ad9813b0e247cf7ffbcc3a432
+ # via
+ # bump-my-version
+ # rich-click
+rich-click==1.8.3 \
+ --hash=sha256:636d9c040d31c5eee242201b5bf4f2d358bfae4db14bb22ec1cafa717cfd02cd \
+ --hash=sha256:6d75bdfa7aa9ed2c467789a0688bc6da23fbe3a143e19aa6ad3f8bac113d2ab3
+ # via bump-my-version
+tomli==2.0.1 \
+ --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
+ --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
+ # via
+ # pyproject-api
+ # tox
+tomli-w==1.0.0 \
+ --hash=sha256:9f2a07e8be30a0729e533ec968016807069991ae2fd921a78d42f429ae5f4463 \
+ --hash=sha256:f463434305e0336248cac9c2dc8076b707d8a12d019dd349f5c1e382dd1ae1b9
+ # via flit
+tomlkit==0.13.0 \
+ --hash=sha256:08ad192699734149f5b97b45f1f18dad7eb1b6d16bc72ad0c2335772650d7b72 \
+ --hash=sha256:7075d3042d03b80f603482d69bf0c8f345c2b30e41699fd8883227f89972b264
+ # via bump-my-version
+tox==4.16.0 \
+ --hash=sha256:43499656f9949edb681c0f907f86fbfee98677af9919d8b11ae5ad77cb800748 \
+ --hash=sha256:61e101061b977b46cf00093d4319438055290ad0009f84497a07bf2d2d7a06d0
+ # via -r CI/requirements_ci.in
+typing-extensions==4.12.2 \
+ --hash=sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d \
+ --hash=sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8
+ # via
+ # annotated-types
+ # pydantic
+ # pydantic-core
+ # rich
+ # rich-click
+urllib3==2.2.2 \
+ --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \
+ --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168
+ # via requests
+virtualenv==20.26.3 \
+ --hash=sha256:4c43a2a236279d9ea36a0d76f98d84bd6ca94ac4e0f4a3b9d46d05e10fea542a \
+ --hash=sha256:8cc4a31139e796e9a7de2cd5cf2489de1217193116a8fd42328f1bd65f434589
+ # via tox
+wcmatch==8.5.2 \
+ --hash=sha256:17d3ad3758f9d0b5b4dedc770b65420d4dac62e680229c287bf24c9db856a478 \
+ --hash=sha256:a70222b86dea82fb382dd87b73278c10756c138bd6f8f714e2183128887b9eb2
+ # via bump-my-version
+wcwidth==0.2.13 \
+ --hash=sha256:3da69048e4540d84af32131829ff948f1e022c1c6bdb8d6102117aac784f6859 \
+ --hash=sha256:72ea0c06399eb286d978fdedb6923a9eb47e1c486ce63e9b4e64fc18303972b5
+ # via prompt-toolkit
+
+# WARNING: The following packages were not pinned, but pip requires them to be
+# pinned when the requirements file includes hashes and the requirement is not
+# satisfied by a package already installed. Consider using the --allow-unsafe flag.
+# pip
From 5159b7aae4e03ffdd00a13c7566d399e953d797d Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Fri, 19 Jul 2024 14:51:09 -0400
Subject: [PATCH 4/8] update top-level workflow, use hashes
---
.github/dependabot.yml | 2 +-
.github/workflows/main.yml | 40 ++++++++++++++----------
requirements.txt | 62 ++++++++++++++++++++++++++++++++++++++
3 files changed, 87 insertions(+), 17 deletions(-)
create mode 100644 requirements.txt
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index ed002211e..5a962d46a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -14,7 +14,7 @@ updates:
- package-ecosystem: github-actions
directory: "/{{cookiecutter.project_slug}}/.github/workflows/"
schedule:
- interval: "weekly"
+ interval: "monthly"
open-pull-requests-limit: 10
- package-ecosystem: pip
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 46ad37f98..7202cf76b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -6,6 +6,11 @@ on:
- main
pull_request:
+concurrency:
+ # For a given workflow, if we push to the same branch, cancel all previous builds on that branch except on main.
+ group: "${{ github.workflow }}-${{ github.ref }}"
+ cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
jobs:
tests:
runs-on: ubuntu-latest
@@ -26,27 +31,30 @@ jobs:
python-version: "pypy3.10"
steps:
- name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
- with:
- egress-policy: audit
- - name: Cancel previous runs
- uses: styfle/cancel-workflow-action@0.12.1
+ uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
with:
- access_token: ${{ github.token }}
- - uses: actions/checkout@v4
- - name: Set up Python ${{ matrix.python-version }}
- uses: actions/setup-python@v5
+ disable-sudo: true
+ egress-policy: block
+ allowed-endpoints: >
+ api.github.com:443
+ files.pythonhosted.org:443
+ github.com:443
+ pypi.org:443
+ - name: Checkout Repository
+ uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+ - name: Set up Python${{ matrix.python-version }}
+ uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: ${{ matrix.python-version }}
- name: Install tox
run: |
- python -m pip install tox
+ python -m pip install --require-hashes -r requirements.txt
- name: Run bake test suite
run:
python -m tox -e ${{ matrix.tox-env }}
- - name: Archive package
- if: ${{ matrix.tox-env == 'py39' }}
- uses: actions/upload-artifact@v4
- with:
- name: cookie-cutter
- path: src/dist
+ # - name: Archive package
+ # if: ${{ matrix.tox-env == 'py39' }}
+ # uses: actions/upload-artifact@v4
+ # with:
+ # name: cookie-cutter
+ # path: src/dist
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 000000000..31539c06d
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,62 @@
+#
+# This file is autogenerated by pip-compile with Python 3.8
+# by the following command:
+#
+# pip-compile --generate-hashes --output-file=requirements.txt requirements.in
+#
+cachetools==5.4.0 \
+ --hash=sha256:3ae3b49a3d5e28a77a0be2b37dbcb89005058959cb2323858c2657c4a8cab474 \
+ --hash=sha256:b8adc2e7c07f105ced7bc56dbb6dfbe7c4a00acce20e2227b3f355be89bc6827
+ # via tox
+chardet==5.2.0 \
+ --hash=sha256:1b3b6ff479a8c414bc3fa2c0852995695c4a026dcd6d0633b2dd092ca39c1cf7 \
+ --hash=sha256:e1cf59446890a00105fe7b7912492ea04b6e6f06d4b742b2c788469e34c82970
+ # via tox
+colorama==0.4.6 \
+ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \
+ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6
+ # via tox
+distlib==0.3.8 \
+ --hash=sha256:034db59a0b96f8ca18035f36290806a9a6e6bd9d1ff91e45a7f172eb17e51784 \
+ --hash=sha256:1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64
+ # via virtualenv
+filelock==3.15.4 \
+ --hash=sha256:2207938cbc1844345cb01a5a95524dae30f0ce089eba5b00378295a17e3e90cb \
+ --hash=sha256:6ca1fffae96225dab4c6eaf1c4f4f28cd2568d3ec2a44e15a08520504de468e7
+ # via
+ # tox
+ # virtualenv
+packaging==24.1 \
+ --hash=sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002 \
+ --hash=sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124
+ # via
+ # pyproject-api
+ # tox
+platformdirs==4.2.2 \
+ --hash=sha256:2d7a1657e36a80ea911db832a8a6ece5ee53d8de21edd5cc5879af6530b1bfee \
+ --hash=sha256:38b7b51f512eed9e84a22788b4bce1de17c0adb134d6becb09836e37d8654cd3
+ # via
+ # tox
+ # virtualenv
+pluggy==1.5.0 \
+ --hash=sha256:2cffa88e94fdc978c4c574f15f9e59b7f4201d439195c3715ca9e2486f1d0cf1 \
+ --hash=sha256:44e1ad92c8ca002de6377e165f3e0f1be63266ab4d554740532335b9d75ea669
+ # via tox
+pyproject-api==1.7.1 \
+ --hash=sha256:2dc1654062c2b27733d8fd4cdda672b22fe8741ef1dde8e3a998a9547b071eeb \
+ --hash=sha256:7ebc6cd10710f89f4cf2a2731710a98abce37ebff19427116ff2174c9236a827
+ # via tox
+tomli==2.0.1 \
+ --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
+ --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
+ # via
+ # pyproject-api
+ # tox
+tox==4.16.0 \
+ --hash=sha256:43499656f9949edb681c0f907f86fbfee98677af9919d8b11ae5ad77cb800748 \
+ --hash=sha256:61e101061b977b46cf00093d4319438055290ad0009f84497a07bf2d2d7a06d0
+ # via -r requirements.in
+virtualenv==20.26.3 \
+ --hash=sha256:4c43a2a236279d9ea36a0d76f98d84bd6ca94ac4e0f4a3b9d46d05e10fea542a \
+ --hash=sha256:8cc4a31139e796e9a7de2cd5cf2489de1217193116a8fd42328f1bd65f434589
+ # via tox
From bd3c60b9b2fd28fe83409fbbd92a27e35bdcac2e Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Fri, 19 Jul 2024 14:53:51 -0400
Subject: [PATCH 5/8] try escaping characters
---
.github/dependabot.yml | 2 +-
tox.ini | 1 -
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 5a962d46a..24a7ce9f4 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -12,7 +12,7 @@ updates:
open-pull-requests-limit: 5
- package-ecosystem: github-actions
- directory: "/{{cookiecutter.project_slug}}/.github/workflows/"
+ directory: "/\{\{cookiecutter.project_slug\}\}/.github/workflows/"
schedule:
interval: "monthly"
open-pull-requests-limit: 10
diff --git a/tox.ini b/tox.ini
index 5eaa84060..949c728b9 100644
--- a/tox.ini
+++ b/tox.ini
@@ -17,7 +17,6 @@ commands =
setenv =
PYTEST_ADDOPTS = "--color=yes"
PYTHONPATH = {toxinidir}
- TOX = 1
deps =
-r{toxinidir}/requirements_dev.txt
download = True
From 058fa375f5aaef7dd3d31c9bc3e21ebb4638ce7c Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Fri, 19 Jul 2024 15:09:38 -0400
Subject: [PATCH 6/8] use single quotes
---
.github/dependabot.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 24a7ce9f4..830c9c010 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -12,7 +12,7 @@ updates:
open-pull-requests-limit: 5
- package-ecosystem: github-actions
- directory: "/\{\{cookiecutter.project_slug\}\}/.github/workflows/"
+ directory: '/{{cookiecutter.project_slug}}/.github/workflows/'
schedule:
interval: "monthly"
open-pull-requests-limit: 10
From c41855f7fa3cbf88477087da35de02350d0cc660 Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Fri, 19 Jul 2024 15:12:22 -0400
Subject: [PATCH 7/8] allow connections to crates.io
---
.github/workflows/main.yml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 7202cf76b..6d976b610 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -35,11 +35,14 @@ jobs:
with:
disable-sudo: true
egress-policy: block
+ # PyPy packages requires access to Rust binaries
allowed-endpoints: >
api.github.com:443
files.pythonhosted.org:443
github.com:443
+ index.crates.io:443
pypi.org:443
+ static.crates.io:443
- name: Checkout Repository
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Set up Python${{ matrix.python-version }}
From affa6ebc45c1037054edc451e6c4bc21a8b20e71 Mon Sep 17 00:00:00 2001
From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com>
Date: Tue, 23 Jul 2024 11:48:08 -0400
Subject: [PATCH 8/8] requirements adjustments
---
requirements.in | 1 +
requirements_dev.txt | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
create mode 100644 requirements.in
diff --git a/requirements.in b/requirements.in
new file mode 100644
index 000000000..c9c9c88cc
--- /dev/null
+++ b/requirements.in
@@ -0,0 +1 @@
+tox==4.16.0
diff --git a/requirements_dev.txt b/requirements_dev.txt
index 35fc4c56e..361279442 100644
--- a/requirements_dev.txt
+++ b/requirements_dev.txt
@@ -6,6 +6,6 @@ flit>=3.9.0
pre-commit>=3.5.0
pytest-cookies>=0.7.0
pytest>=8.2.0
-tox>=4.15.0
+tox>=4.16.0
twine>=5.0.0
watchdog>=4.0.0