Merge pull request #378 from sbrunner/ci-upgrade

CI updates

.github/publish.yaml

@@ -0,0 +1,7 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/camptocamp/tag-publish/0.13.0/tag_publish/schema.json
+
+pypi:
+  packages:
+    - {}
+dispatch:
+  - {}

.github/renovate.json5

@@ -1,91 +1,35 @@
 {
-  extends: ['config:base'],
-  timezone: 'Europe/Zurich',
-  schedule: 'after 5pm on the first day of the month',
-  labels: ['dependencies'],
-  separateMajorMinor: true,
-  separateMinorPatch: true,
-  prHourlyLimit: 0,
-  prConcurrentLimit: 0,
-  lockFileMaintenance: {
-    enabled: true,
-    automerge: true,
-    schedule: 'after 5pm on the first day of the month',
-  },
-  'pre-commit': { enabled: true },
+  extends: [
+    'config:base',
+    'github>camptocamp/gs-renovate-config-preset:base.json5#0.3.3',
+    'github>camptocamp/gs-renovate-config-preset:ci.json5#0.3.3',
+    'github>camptocamp/gs-renovate-config-preset:pre-commit.json5#0.3.3',
+    'github>camptocamp/gs-renovate-config-preset:python.json5#0.3.3',
+    'github>camptocamp/gs-renovate-config-preset:json-schema.json5#0.3.3',
+    'github>camptocamp/gs-renovate-config-preset:shellcheck.json5#0.3.3',
+  ],
   osvVulnerabilityAlerts: true,
   vulnerabilityAlerts: {
     schedule: ['at any time'],
     automerge: true,
   },
-  regexManagers: [
-    /** Do updates on pre-commit additional dependencies */
-    {
-      fileMatch: ['^\\.pre\\-commit\\-config\\.yaml$'],
-      matchStrings: [" +- '?(?<depName>[^' @=]+)(@|==)(?<currentValue>[^' @=]+)'? # (?<datasource>.+)"],
-    },
+  customManagers: [
     /** Do update on the schema present in the ci/config.yaml */
     {
       fileMatch: ['^ci/config\\.yaml$'],
       matchStrings: [
         '.*https://raw\\.githubusercontent\\.com/(?<depName>[^\\s]+)/(?<currentValue>[0-9\\.]+)/.*',
       ],
       datasourceTemplate: 'github-tags',
-    },
-    /** Python version in actions/setup-python action */
-    {
-      fileMatch: ['^\\.github/workflows/.*\\.yaml$'],
-      matchStrings: [' python-version: [\'"](?<currentValue>[0-9\\.]+)[\'"]'],
-      datasourceTemplate: 'python-version',
-      depNameTemplate: 'python',
+      customType: 'regex',
     },
   ],
   packageRules: [
-    /** Auto merge the dev dependency update */
-    {
-      matchDepTypes: ['devDependencies'],
-      automerge: true,
-    },
-    /** Group and auto merge the patch updates */
-    {
-      matchUpdateTypes: ['patch'],
-      groupName: 'all patch versions',
-      automerge: true,
-    },
-    /** Group and auto merge the minor updates */
-    {
-      matchUpdateTypes: ['minor'],
-      groupName: 'all minor versions',
-      automerge: true,
-    },
-    /** Group Poetry packages */
-    {
-      matchPackagePrefixes: ['poetry-'],
-      groupName: 'Poetry',
-      automerge: true,
-      matchDepNames: ['poetry', 'pip'],
-    },
-    /** Support the 4 parts of shellcheck-py version with a v prefix */
-    {
-      versioning: 'regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)\\.(?<build>\\d+)$',
-      matchDepNames: ['shellcheck-py/shellcheck-py'],
-    },
     /** Disable upgrading the supported Python version */
     {
       matchFileNames: ['pyproject.toml'],
       enabled: false,
       matchDepNames: ['python'],
     },
-    /** Group and auto merge the CI dependencies */
-    {
-      matchFileNames: ['.github/**', '.pre-commit-config.yaml', 'ci/**'],
-      groupName: 'CI dependencies',
-      automerge: true,
-    },
-    /** Ungroup Python dependencies */
-    {
-      matchDepNames: ['python'],
-      groupName: 'Python',
-    },
   ],
 }

.github/workflows/main.yaml

@@ -9,6 +9,10 @@ on:
       - '*'
   pull_request:
 
+permissions:
+  contents: write
+  id-token: write
+
 env:
   HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
   PYTHON_KEYRING_BACKEND: keyring.backends.null.Keyring
@@ -34,8 +38,8 @@ jobs:
           path: ~/.cache/pre-commit
           key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
           restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-"
-      - run: pre-commit run --all-files
-      - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true
+      - run: pre-commit run --all-files --color=always
+      - run: git diff --exit-code --patch > /tmp/pre-commit.patch; git diff --color; git reset --hard || true
         if: failure()
 
       - uses: actions/upload-artifact@v4
@@ -64,12 +68,12 @@ jobs:
           echo "password = ${{ secrets.PYPI_PASSWORD }}" >> ~/.pypirc
         if: env.HAS_SECRETS == 'HAS_SECRETS'
       - name: Publish
-        run: c2cciutils-publish
+        run: tag-publish
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         if: env.HAS_SECRETS == 'HAS_SECRETS'
-      - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch || true
+      - run: git diff --exit-code --patch > /tmp/dpkg-versions.patch; git diff --color; git reset --hard || true
         if: failure()
       - uses: actions/upload-artifact@v4
         with:

.pre-commit-config.yaml

@@ -17,9 +17,6 @@ repos:
     hooks:
       - id: copyright
       - id: workflows-require-timeout
-      - id: poetry-check
-        additional_dependencies:
-          - poetry==1.8.5 # pypi
       - id: poetry-lock
         additional_dependencies:
           - poetry==1.8.5 # pypi
@@ -49,9 +46,6 @@ repos:
     rev: 0.30.0
     hooks:
       - id: check-github-workflows
-      - id: check-renovate
-        additional_dependencies:
-          - pyjson5==1.6.7 # pypi
       - id: check-github-actions
       - id: check-jsonschema
         name: Check GitHub Workflows set timeout-minutes
@@ -65,45 +59,27 @@ repos:
     rev: v0.1.8
     hooks:
       - id: ripsecrets
-  - repo: https://github.com/psf/black
-    rev: 24.10.0
-    hooks:
-      - id: black
-        exclude: README\.md
-  - repo: https://github.com/PyCQA/isort
-    rev: 5.13.2
-    hooks:
-      - id: isort
-  - repo: https://github.com/PyCQA/autoflake
-    rev: v2.3.1
-    hooks:
-      - id: autoflake
-  - repo: https://github.com/asottile/pyupgrade
-    rev: v3.19.1
-    hooks:
-      - id: pyupgrade
-        args:
-          - --py39-plus
   - repo: https://github.com/PyCQA/prospector
     rev: v1.13.3
     hooks:
       - id: prospector
         args:
           - --tool=ruff
           - --die-on-tool-error
+          - --output-format=pylint
         additional_dependencies:
           - prospector-profile-duplicated==1.10.0 # pypi
           - prospector-profile-utils==1.14.1 # pypi
           - ruff==0.8.4 # pypi
-  - repo: https://github.com/sbrunner/jsonschema-validator
-    rev: 1.0.0
-    hooks:
-      - id: jsonschema-validator
-        files: |-
-          (?x)^(
-              ci/config\.yaml
-          )$
   - repo: https://github.com/renovatebot/pre-commit-hooks
     rev: 39.86.3
     hooks:
       - id: renovate-config-validator
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.8.1
+    hooks:
+      - id: ruff-format
+  - repo: https://github.com/sbrunner/python-versions-hook
+    rev: 0.8.0
+    hooks:
+      - id: python-versions

.prospector.yaml

@@ -2,3 +2,11 @@ inherits:
   - utils:base
   - utils:no-design-checks
   - duplicated
+  - utils:fix
+  - utils:unsafe
+mypy:
+  options:
+    python-version: '3.9'
+ruff:
+  options:
+    target-version: py39

bashcolor/__init__.py

@@ -6,7 +6,6 @@
 
 # see also: http://misc.flogisoft.com/bash/tip_colors_and_formatting
 
-
 from typing import Optional
 
 RESET = 0

ci/requirements.txt

@@ -8,3 +8,4 @@ importlib-metadata<8.5.1
 setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability
 certifi>=2024.7.4 # not directly required, pinned by Snyk to avoid a vulnerability
 zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability
+tag-publish==0.13.0

pyproject.toml

@@ -1,15 +1,3 @@
-[tool.black]
-line-length = 110
-target-version = ["py39"]
-
-[tool.mypy]
-python_version = "3.9"
-ignore_missing_imports = true
-warn_redundant_casts = true
-warn_unused_ignores = true
-warn_return_any = true
-strict = true
-
 [tool.poetry]
 name = "bashcolor"
 version = "0.0.0"
@@ -20,13 +8,17 @@ homepage = "https://hub.docker.com/r/sbrunner/bashcolor/"
 repository = "https://github.com/sbrunner/bashcolor"
 license = "BSD-2-Clause"
 classifiers = [
-  "Development Status :: 5 - Production/Stable",
-  "Intended Audience :: Developers",
-  "License :: OSI Approved :: BSD License",
-  "Operating System :: OS Independent",
-  "Programming Language :: Python",
-  "Programming Language :: Python :: 3",
-  "Typing :: Typed",
+    'Development Status :: 5 - Production/Stable',
+    'Intended Audience :: Developers',
+    'License :: OSI Approved :: BSD License',
+    'Operating System :: OS Independent',
+    'Programming Language :: Python',
+    'Programming Language :: Python :: 3',
+    'Programming Language :: Python :: 3.9',
+    'Programming Language :: Python :: 3.10',
+    'Programming Language :: Python :: 3.11',
+    'Programming Language :: Python :: 3.12',
+    'Typing :: Typed',
 ]
 packages = [{ include = "bashcolor" }, { include = "bashcolor/py.typed" }]
 
@@ -41,6 +33,13 @@ prospector = { version = "1.13.3", extras = ["with_bandit", "with_mypy", "with_p
 prospector-profile-duplicated = "1.10.0"
 prospector-profile-utils = "1.14.1"
 
+
+[tool.ruff]
+target-version = "py39"
+line-length = 110
+
+[tool.ruff.lint.pydocstyle]
+convention = "numpy"
 [build-system]
 requires = ["poetry-core>=1.0.0", "poetry-plugin-tweak-dependencies-version", "poetry-dynamic-versioning", "poetry-plugin-drop-python-upper-constraint"]
 build-backend = "poetry.core.masonry.api"
@@ -53,8 +52,10 @@ enable = true
 vcs = "git"
 pattern = "^((?P<epoch>\\d+)!)?(?P<base>\\d+(\\.\\d+)*)"
 format-jinja = """
-{%- if env.get("VERSION_TYPE") == "version_branch" -%}
-{{serialize_pep440(bump_version(base, 1 if env.get("IS_MASTER") == "TRUE" else 2), dev=distance)}}
+{%- if env.get("VERSION_TYPE") == "default_branch" -%}
+{{serialize_pep440(bump_version(base, 1), dev=distance)}}
+{%- elif env.get("VERSION_TYPE") == "stabilization_branch" -%}
+{{serialize_pep440(bump_version(base, 2), dev=distance)}}
 {%- elif distance == 0 -%}
 {{serialize_pep440(base)}}
 {%- else -%}