diff --git a/.github/workflows/_build.yaml b/.github/workflows/_build.yaml index d897e282..f2d53f6e 100644 --- a/.github/workflows/_build.yaml +++ b/.github/workflows/_build.yaml @@ -55,7 +55,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true @@ -134,7 +134,7 @@ jobs: # Currently reusable workflows do not support setting strategy property from the caller workflow. - name: Upload the package artifact for debugging and release if: matrix.os == env.ARTIFACT_OS && matrix.python == env.ARTIFACT_PYTHON - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: artifact-${{ matrix.os }}-python-${{ matrix.python }} path: dist diff --git a/.github/workflows/_generate-rebase.yaml b/.github/workflows/_generate-rebase.yaml index 53111436..b8a36ed9 100644 --- a/.github/workflows/_generate-rebase.yaml +++ b/.github/workflows/_generate-rebase.yaml @@ -34,7 +34,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs diff --git a/.github/workflows/_wiki-documentation.yaml b/.github/workflows/_wiki-documentation.yaml index 95590a52..52d520a7 100644 --- a/.github/workflows/_wiki-documentation.yaml +++ b/.github/workflows/_wiki-documentation.yaml @@ -41,7 +41,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 822a4ae0..e3c1e464 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -37,7 +37,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true @@ -58,7 +58,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: languages: ${{ matrix.language }} config-file: .github/codeql/codeql-config.yaml @@ -71,4 +71,4 @@ jobs: # queries: ./path/to/local/query, your-org/your-repo/queries@main - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 diff --git a/.github/workflows/pr-conventional-commits.yaml b/.github/workflows/pr-conventional-commits.yaml index 2769d830..ba850cf2 100644 --- a/.github/workflows/pr-conventional-commits.yaml +++ b/.github/workflows/pr-conventional-commits.yaml @@ -36,7 +36,7 @@ jobs: - name: Set up Commitizen run: | pip install --upgrade pip wheel - pip install 'commitizen ==3.31.0' + pip install 'commitizen ==4.1.0' # Run Commitizen to check the title of the PR which triggered this workflow, and check # all commit messages of the PR's branch. If any of the checks fails then this job fails. diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 80486818..3df445ef 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -30,7 +30,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true @@ -49,7 +49,7 @@ jobs: - name: Set up Commitizen run: | pip install --upgrade pip wheel - pip install 'commitizen ==3.31.0' + pip install 'commitizen ==4.1.0' - name: Set up user run: | @@ -98,7 +98,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true @@ -133,7 +133,7 @@ jobs: - name: Set up Commitizen run: | pip install --upgrade pip wheel - pip install 'commitizen ==3.31.0' + pip install 'commitizen ==4.1.0' - name: Create Release Notes run: cz changelog --dry-run "$(cz version --project)" > RELEASE_NOTES.md @@ -199,7 +199,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true diff --git a/.github/workflows/scorecards-analysis.yaml b/.github/workflows/scorecards-analysis.yaml index e14b86f6..821570d4 100644 --- a/.github/workflows/scorecards-analysis.yaml +++ b/.github/workflows/scorecards-analysis.yaml @@ -26,7 +26,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 with: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs disable-sudo: true @@ -52,13 +52,13 @@ jobs: # Upload the results as artifacts (optional). - name: Upload artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: SARIF file path: results.sarif # Upload the results to GitHub's code scanning dashboard. - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b1789120..894157c5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -15,7 +15,7 @@ repos: # Commitizen enforces semantic and conventional commit messages. - repo: https://github.com/commitizen-tools/commitizen - rev: v3.31.0 + rev: v4.1.0 hooks: - id: commitizen name: Check conventional commit message @@ -28,6 +28,7 @@ repos: - id: isort name: Sort import statements args: [--settings-path, pyproject.toml] + stages: [pre-commit] # Add Black code formatters. - repo: https://github.com/ambv/black diff --git a/Makefile b/Makefile index d44b1358..061534ff 100644 --- a/Makefile +++ b/Makefile @@ -150,7 +150,7 @@ audit: python -m pip_audit --skip-editable --desc on --fix --dry-run # Run some or all checks over the package code base. -.PHONY: check check-code check-bandit check-flake8 check-lint check-mypy +.PHONY: check check-code check-bandit check-flake8 check-lint check-mypy check-actionlint check-code: check-bandit check-flake8 check-lint check-mypy check-actionlint check-bandit: pre-commit run bandit --all-files @@ -232,11 +232,13 @@ clean: dist-clean rm -fr docs/_build/ # Remove code caches, or the entire virtual environment. -.PHONY: nuke-caches nuke -nuke-caches: clean +.PHONY: nuke-git-hooks nuke-caches nuke +nuke-git-hooks: + find .git/hooks/ -type f ! -name '*.sample' -exec rm -fr {} + +nuke-caches: find src/ -type d -name __pycache__ -exec rm -fr {} + find tests/ -type d -name __pycache__ -exec rm -fr {} + -nuke: nuke-caches +nuke: clean nuke-git-hooks nuke-caches if [ ! -z "${VIRTUAL_ENV}" ]; then \ echo "Please deactivate the virtual environment first!" && exit 1; \ fi diff --git a/pyproject.toml b/pyproject.toml index 979613de..96d9c603 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ build-backend = "flit_core.buildapi" [project] name = "package" -requires-python = ">=3.10" +requires-python = ">=3.10.0,<3.14.0" authors = [{name = "Author", email = "author@email"}] maintainers = [{name = "Maintainer", email = "maintainer@email"}] dynamic = ["version", "description"] @@ -41,12 +41,12 @@ something = "package.__main__:main" # We keep them listed here to ensure the infrastructure BOM is consistent with what's # installed. Make sure to keep the requirements in sync with the workflows! actions = [ - "commitizen ==3.31.0", - "twine ==5.1.1", + "commitizen ==4.1.0", + "twine ==6.0.1", ] dev = [ "flit >=3.2.0,<4.0.0", - "mypy >=1.0.0,<1.14", + "mypy >=1.0.0,<1.15", "pip-audit >=2.4.4,<3.0.0", "pylint >=3.0.0,<3.4.0", "perflint >=0.8.0,<1.0.0", @@ -61,11 +61,11 @@ hooks = [ ] # Note that the `custom_exit_code` and `env` plugins may currently be unmaintained. test = [ - "hypothesis >=6.21.0,<6.119.4", + "hypothesis >=6.21.0,<6.122.8", "pytest >=7.2.0,<9.0.0", "pytest-custom_exit_code ==0.3.0", "pytest-cov ==6.0.0", - "pytest-doctestplus ==1.2.1", + "pytest-doctestplus ==1.3.0", "pytest-env ==1.1.5", ] @@ -251,7 +251,7 @@ max-line-length = 120 # https://github.com/yashtodi94/pytest-custom_exit_code [tool.pytest.ini_options] minversion = "7.0" -addopts = """-vv -ra --tb native \ +addopts = """-vv -ra --tb native --durations 0 \ --hypothesis-show-statistics --hypothesis-explain --hypothesis-verbosity verbose \ --doctest-modules --doctest-continue-on-failure --doctest-glob '*.rst' --doctest-plus \ --suppress-no-test-exit-code \