From 5a60938c39f98459a71f35b49e01617e504f726f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Brunner?= Date: Tue, 7 Jan 2025 13:12:21 +0100 Subject: [PATCH] CI updates This is done by the automated script named upgrade-ci-2025 --- .github/publish.yaml | 7 ++++ .github/renovate.json5 | 78 ++++++------------------------------- .github/workflows/main.yaml | 14 ++++--- .pre-commit-config.yaml | 42 +++++--------------- .prospector.yaml | 8 ++++ ci/config.yaml | 3 -- ci/requirements.txt | 1 + pyproject.toml | 43 ++++++++++---------- 8 files changed, 67 insertions(+), 129 deletions(-) create mode 100644 .github/publish.yaml delete mode 100644 ci/config.yaml diff --git a/.github/publish.yaml b/.github/publish.yaml new file mode 100644 index 0000000..3f3febc --- /dev/null +++ b/.github/publish.yaml @@ -0,0 +1,7 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/camptocamp/tag-publish/0.13.0/tag_publish/schema.json + +pypi: + packages: + - {} +dispatch: + - {} diff --git a/.github/renovate.json5 b/.github/renovate.json5 index 6fe3760..c1f6c52 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,29 +1,19 @@ { - extends: ['config:base'], - timezone: 'Europe/Zurich', - schedule: 'after 5pm on the first day of the month', - labels: ['dependencies'], - separateMajorMinor: true, - separateMinorPatch: true, - prHourlyLimit: 0, - prConcurrentLimit: 0, - lockFileMaintenance: { - enabled: true, - automerge: true, - schedule: 'after 5pm on the first day of the month', - }, - 'pre-commit': { enabled: true }, + extends: [ + 'config:base', + 'github>camptocamp/gs-renovate-config-preset:base.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:ci.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:pre-commit.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:python.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:json-schema.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:shellcheck.json5#0.3.3', + ], osvVulnerabilityAlerts: true, vulnerabilityAlerts: { schedule: ['at any time'], automerge: true, }, - regexManagers: [ - /** Do updates on pre-commit additional dependencies */ - { - fileMatch: ['^\\.pre\\-commit\\-config\\.yaml$'], - matchStrings: [" +- '?(?[^' @=]+)(@|==)(?[^' @=]+)'? # (?.+)"], - }, + customManagers: [ /** Do update on the schema present in the ci/config.yaml */ { fileMatch: ['^ci/config\\.yaml$'], @@ -31,61 +21,15 @@ '.*https://raw\\.githubusercontent\\.com/(?[^\\s]+)/(?[0-9\\.]+)/.*', ], datasourceTemplate: 'github-tags', - }, - /** Python version in actions/setup-python action */ - { - fileMatch: ['^\\.github/workflows/.*\\.yaml$'], - matchStrings: [' python-version: [\'"](?[0-9\\.]+)[\'"]'], - datasourceTemplate: 'python-version', - depNameTemplate: 'python', + customType: 'regex', }, ], packageRules: [ - /** Auto merge the dev dependency update */ - { - matchDepTypes: ['devDependencies'], - automerge: true, - }, - /** Group and auto merge the patch updates */ - { - matchUpdateTypes: ['patch'], - groupName: 'all patch versions', - automerge: true, - }, - /** Group and auto merge the minor updates */ - { - matchUpdateTypes: ['minor'], - groupName: 'all minor versions', - automerge: true, - }, - /** Group Poetry packages */ - { - matchPackagePrefixes: ['poetry-'], - groupName: 'Poetry', - automerge: true, - matchDepNames: ['poetry', 'pip'], - }, - /** Support the 4 parts of shellcheck-py version with a v prefix */ - { - versioning: 'regex:^v(?\\d+)\\.(?\\d+)\\.(?\\d+)\\.(?\\d+)$', - matchDepNames: ['shellcheck-py/shellcheck-py'], - }, /** Disable upgrading the supported Python version */ { matchFileNames: ['pyproject.toml'], enabled: false, matchDepNames: ['python'], }, - /** Group and auto merge the CI dependencies */ - { - matchFileNames: ['.github/**', '.pre-commit-config.yaml', 'ci/**'], - groupName: 'CI dependencies', - automerge: true, - }, - /** Ungroup Python dependencies */ - { - matchDepNames: ['python'], - groupName: 'Python', - }, ], } diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 8680698..cd68021 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -9,6 +9,10 @@ on: - '*' pull_request: +permissions: + contents: write + id-token: write + env: HAS_SECRETS: ${{ secrets.HAS_SECRETS }} PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring @@ -34,8 +38,8 @@ jobs: path: ~/.cache/pre-commit key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-" - - run: pre-commit run --all-files - - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true + - run: pre-commit run --all-files --color=always + - run: git diff --exit-code --patch > /tmp/pre-commit.patch; git diff --color; git reset --hard || true if: failure() - uses: actions/upload-artifact@v4 @@ -64,12 +68,12 @@ jobs: echo "password = ${{ secrets.PYPI_PASSWORD }}" >> ~/.pypirc if: env.HAS_SECRETS == 'HAS_SECRETS' - name: Publish - run: c2cciutils-publish + run: tag-publish env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} - GITHUB_TOKEN: ${{ secrets.TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} if: env.HAS_SECRETS == 'HAS_SECRETS' - - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true + - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch; git diff --color; git reset --hard || true if: failure() - uses: actions/upload-artifact@v4 with: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 1200974..23d7e44 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,9 +17,6 @@ repos: hooks: - id: copyright - id: workflows-require-timeout - - id: poetry-check - additional_dependencies: - - poetry==1.8.5 # pypi - id: poetry-lock additional_dependencies: - poetry==1.8.5 # pypi @@ -49,9 +46,6 @@ repos: rev: 0.30.0 hooks: - id: check-github-workflows - - id: check-renovate - additional_dependencies: - - pyjson5==1.6.7 # pypi - id: check-github-actions - id: check-jsonschema name: Check GitHub Workflows set timeout-minutes @@ -65,25 +59,6 @@ repos: rev: v0.1.8 hooks: - id: ripsecrets - - repo: https://github.com/psf/black - rev: 24.10.0 - hooks: - - id: black - exclude: README\.md - - repo: https://github.com/PyCQA/isort - rev: 5.13.2 - hooks: - - id: isort - - repo: https://github.com/PyCQA/autoflake - rev: v2.3.1 - hooks: - - id: autoflake - - repo: https://github.com/asottile/pyupgrade - rev: v3.19.1 - hooks: - - id: pyupgrade - args: - - --py39-plus - repo: https://github.com/PyCQA/prospector rev: v1.13.3 hooks: @@ -91,19 +66,20 @@ repos: args: - --tool=ruff - --die-on-tool-error + - --output-format=pylint additional_dependencies: - prospector-profile-duplicated==1.10.0 # pypi - prospector-profile-utils==1.14.1 # pypi - ruff==0.8.4 # pypi - - repo: https://github.com/sbrunner/jsonschema-validator - rev: 1.0.0 - hooks: - - id: jsonschema-validator - files: |- - (?x)^( - ci/config\.yaml - )$ - repo: https://github.com/renovatebot/pre-commit-hooks rev: 39.86.3 hooks: - id: renovate-config-validator + - repo: https://github.com/astral-sh/ruff-pre-commit + rev: v0.8.1 + hooks: + - id: ruff-format + - repo: https://github.com/sbrunner/python-versions-hook + rev: 0.8.0 + hooks: + - id: python-versions diff --git a/.prospector.yaml b/.prospector.yaml index 0bcc692..9fc7cad 100644 --- a/.prospector.yaml +++ b/.prospector.yaml @@ -2,3 +2,11 @@ inherits: - utils:base - utils:no-design-checks - duplicated + - utils:fix + - utils:unsafe +mypy: + options: + python-version: '3.9' +ruff: + options: + target-version: py39 diff --git a/ci/config.yaml b/ci/config.yaml deleted file mode 100644 index 8f52e98..0000000 --- a/ci/config.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/camptocamp/c2cciutils/1.7.1/c2cciutils/schema.json - -{} diff --git a/ci/requirements.txt b/ci/requirements.txt index 64b20ca..6ef03e1 100644 --- a/ci/requirements.txt +++ b/ci/requirements.txt @@ -8,3 +8,4 @@ importlib-metadata<8.5.1 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability certifi>=2024.7.4 # not directly required, pinned by Snyk to avoid a vulnerability zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability +tag-publish==0.13.0 diff --git a/pyproject.toml b/pyproject.toml index 3a397eb..100033a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,15 +1,3 @@ -[tool.black] -line-length = 110 -target-version = ["py39"] - -[tool.mypy] -python_version = "3.9" -ignore_missing_imports = true -warn_redundant_casts = true -warn_unused_ignores = true -warn_return_any = true -strict = true - [tool.poetry] name = "bashcolor" version = "0.0.0" @@ -20,13 +8,17 @@ homepage = "https://hub.docker.com/r/sbrunner/bashcolor/" repository = "https://github.com/sbrunner/bashcolor" license = "BSD-2-Clause" classifiers = [ - "Development Status :: 5 - Production/Stable", - "Intended Audience :: Developers", - "License :: OSI Approved :: BSD License", - "Operating System :: OS Independent", - "Programming Language :: Python", - "Programming Language :: Python :: 3", - "Typing :: Typed", + 'Development Status :: 5 - Production/Stable', + 'Intended Audience :: Developers', + 'License :: OSI Approved :: BSD License', + 'Operating System :: OS Independent', + 'Programming Language :: Python', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.9', + 'Programming Language :: Python :: 3.10', + 'Programming Language :: Python :: 3.11', + 'Programming Language :: Python :: 3.12', + 'Typing :: Typed', ] packages = [{ include = "bashcolor" }, { include = "bashcolor/py.typed" }] @@ -41,6 +33,13 @@ prospector = { version = "1.13.3", extras = ["with_bandit", "with_mypy", "with_p prospector-profile-duplicated = "1.10.0" prospector-profile-utils = "1.14.1" + +[tool.ruff] +target-version = "py39" +line-length = 110 + +[tool.ruff.lint.pydocstyle] +convention = "numpy" [build-system] requires = ["poetry-core>=1.0.0", "poetry-plugin-tweak-dependencies-version", "poetry-dynamic-versioning", "poetry-plugin-drop-python-upper-constraint"] build-backend = "poetry.core.masonry.api" @@ -53,8 +52,10 @@ enable = true vcs = "git" pattern = "^((?P\\d+)!)?(?P\\d+(\\.\\d+)*)" format-jinja = """ -{%- if env.get("VERSION_TYPE") == "version_branch" -%} -{{serialize_pep440(bump_version(base, 1 if env.get("IS_MASTER") == "TRUE" else 2), dev=distance)}} +{%- if env.get("VERSION_TYPE") == "default_branch" -%} +{{serialize_pep440(bump_version(base, 1), dev=distance)}} +{%- elif env.get("VERSION_TYPE") == "stabilization_branch" -%} +{{serialize_pep440(bump_version(base, 2), dev=distance)}} {%- elif distance == 0 -%} {{serialize_pep440(base)}} {%- else -%}