diff --git a/.bandit.yaml b/.bandit.yaml deleted file mode 100644 index fdeda8f..0000000 --- a/.bandit.yaml +++ /dev/null @@ -1,4 +0,0 @@ -skips: - - B101 # Use of assert detected. - - B603 # subprocess call - check for execution of untrusted input. - - B607 # Starting a process with a partial executable path. diff --git a/.github/renovate.json5 b/.github/renovate.json5 index c100993..9fb0190 100644 --- a/.github/renovate.json5 +++ b/.github/renovate.json5 @@ -1,25 +1,15 @@ { - extends: ['config:base'], - timezone: 'Europe/Zurich', - schedule: 'after 5pm on the first day of the month', - labels: ['dependencies'], - separateMajorMinor: true, - separateMinorPatch: true, - prHourlyLimit: 0, - prConcurrentLimit: 0, - baseBranches: ['master'], - 'pre-commit': { enabled: true }, - lockFileMaintenance: { - enabled: true, - automerge: true, - schedule: 'after 5pm on the first day of the month', - }, - regexManagers: [ - /** Do updates on pre-commit additional dependencies */ - { - fileMatch: ['^\\.pre\\-commit\\-config\\.yaml$'], - matchStrings: [" +- '?(?[^' @=]+)(@|==)(?[^' @=]+)'? # (?.+)"], - }, + extends: [ + 'config:base', + 'github>camptocamp/gs-renovate-config-preset:base.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:ci.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:pre-commit.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:python.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:json-schema.json5#0.3.3', + 'github>camptocamp/gs-renovate-config-preset:shellcheck.json5#0.3.3', + ], + minimumReleaseAge: '7 days', + customManagers: [ /** Do update on the schema present in the ci/config.yaml */ { fileMatch: ['^ci/config\\.yaml$'], @@ -27,76 +17,12 @@ '.*https://raw\\.githubusercontent\\.com/(?[^\\s]+)/(?[0-9\\.]+)/.*', ], datasourceTemplate: 'github-tags', - }, - /** Python version in actions/setup-python action */ - { - fileMatch: ['^\\.github/workflows/.*\\.yaml$'], - matchStrings: [' python-version: [\'"](?[0-9\\.]+)[\'"]'], - datasourceTemplate: 'python-version', - depNameTemplate: 'python', + customType: 'regex', }, { fileMatch: ['^tag_publish/versions.yaml$'], matchStrings: ['(?.*): (?.*) # (?.*)'], - }, - ], - packageRules: [ - /** Automerge the patch, the minor and the dev dependency */ - { - matchBaseBranches: ['master'], - matchUpdateTypes: ['minor', 'patch'], - automerge: true, - }, - /** Auto merge the dev dependency update */ - { - matchDepTypes: ['devDependencies'], - automerge: true, - }, - /** Group and auto merge the patch updates */ - { - matchUpdateTypes: ['patch'], - groupName: 'all patch versions', - automerge: true, - }, - /** Group and auto merge the minor updates */ - { - matchUpdateTypes: ['minor'], - groupName: 'all minor versions', - automerge: true, - }, - /** Group Poetry packages */ - { - matchPackagePrefixes: ['poetry'], - groupName: 'CI/build dependencies', - automerge: true, - }, - /** Group and auto merge the CI dependencies */ - { - matchFileNames: ['.github/**', '.pre-commit-config.yaml', 'ci/**'], - groupName: 'CI/build dependencies', - automerge: true, - }, - /** Accept only the patch on stabilization branches */ - { - matchBaseBranches: ['/^[0-9]+\\.[0-9]+$/'], - matchUpdateTypes: ['major', 'minor', 'pin', 'digest', 'lockFileMaintenance', 'rollback', 'bump'], - enabled: false, - }, - /** Support the 4 parts of shellcheck-py version with a v prefix */ - { - versioning: 'regex:^v(?\\d+)\\.(?\\d+)\\.(?\\d+)\\.(?\\d+)$', - matchDepNames: ['shellcheck-py/shellcheck-py'], - }, - /** Disable upgrading the supported Python version */ - { - matchFileNames: ['pyproject.toml'], - enabled: false, - matchDepNames: ['python'], - }, - /** Packages published very recently are not pushed to stabilization branches for security reasons */ - { - matchBaseBranches: ['/^[0-9]+\\.[0-9]+$/'], - minimumReleaseAge: '7 days', + customType: 'regex', }, ], } diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml deleted file mode 100644 index 0aa5c0d..0000000 --- a/.github/workflows/backport.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: Backport - -on: - pull_request: - types: - - closed - - labeled - -env: - HAS_SECRETS: ${{ secrets.HAS_SECRETS }} - -jobs: - backport: - name: Backport - runs-on: ubuntu-24.04 - timeout-minutes: 5 - - steps: - - uses: camptocamp/backport-action@master - with: - token: ${{ secrets.GOPASS_CI_GITHUB_TOKEN }} - if: env.HAS_SECRETS == 'HAS_SECRETS' diff --git a/.github/workflows/clean.yaml b/.github/workflows/clean.yaml deleted file mode 100644 index 234a11e..0000000 --- a/.github/workflows/clean.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Clean docker hub tags - -on: - delete: - pull_request: - types: - - closed - -jobs: - clean: - name: Clean docker hub tags - runs-on: ubuntu-24.04 - timeout-minutes: 5 - - steps: - - uses: actions/checkout@v4 - - - uses: camptocamp/initialise-gopass-summon-action@v2 - with: - ci-gpg-private-key: ${{secrets.CI_GPG_PRIVATE_KEY}} - github-gopass-ci-token: ${{secrets.GOPASS_CI_GITHUB_TOKEN}} - - - uses: actions/setup-python@v5 - with: - python-version: '3.13' - - run: python3 -m pip install c2cciutils - - - name: Clean Docker hub tags - run: c2cciutils-clean diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 96f3d1c..7d6f0f1 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -42,8 +42,8 @@ jobs: path: ~/.cache/pre-commit key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }} restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-" - - run: pre-commit run --all-files - - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true + - run: pre-commit run --all-files --color=always + - run: git diff --exit-code --patch > /tmp/pre-commit.patch; git diff --color; git reset --hard || true if: failure() - uses: actions/upload-artifact@v4 with: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e7e16f1..5bd6bed 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -33,7 +33,8 @@ repos: - id: jsonschema-validator files: |- (?x)^( - ci/config\.yaml + \.github/ghci\.yaml + |\.github/publish\.yaml )$ - repo: https://github.com/sbrunner/jsonschema2md2 rev: 1.3.0 @@ -101,12 +102,13 @@ repos: hooks: - id: prospector args: - - --tool=pydocstyle + - --tool=ruff - --die-on-tool-error - --output-format=pylint additional_dependencies: - - prospector-profile-duplicated==1.8.1 # pypi - - prospector-profile-utils==1.12.2 # pypi + - prospector-profile-duplicated==1.10.4 # pypi + - prospector-profile-utils==1.15.1 # pypi + - ruff==0.7.3 # pypi - repo: https://github.com/mheap/json-schema-spell-checker rev: main hooks: @@ -121,3 +123,7 @@ repos: - --ignore-numbers - --ignore-acronyms - --en-us + - repo: https://github.com/sbrunner/python-versions-hook + rev: 0.8.0 + hooks: + - id: python-versions diff --git a/.prospector.yaml b/.prospector.yaml index 4c5b7f2..b21e8fd 100644 --- a/.prospector.yaml +++ b/.prospector.yaml @@ -2,17 +2,19 @@ inherits: - utils:base - utils:no-design-checks - utils:fix + - utils:unsafe - duplicated -doc-warnings: true - ignore-paths: - tag_publish/configuration.py -pylint: - disable: - - missing-module-docstring +mypy: + options: + python-version: '3.9' -bandit: +ruff: options: - config: .bandit.yaml + target-version: py39 + disable: + - S607 # Starting a process with a partial executable path [See: https://docs.astral.sh/ruff/rules/start-process-with-partial-path] + - S603 # `subprocess` call: check for execution of untrusted input [See: https://docs.astral.sh/ruff/rules/subprocess-without-shell-equals-true] diff --git a/jsonschema-gentypes.yaml b/jsonschema-gentypes.yaml index 8f744bd..5af449c 100644 --- a/jsonschema-gentypes.yaml +++ b/jsonschema-gentypes.yaml @@ -1,8 +1,12 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/sbrunner/jsonschema-gentypes/2.9.3/jsonschema_gentypes/schema.json + headers: | """ Automatically generated file from a JSON schema. """ +python_version: '3.9' + pre_commit: enabled: true hooks_skip: diff --git a/poetry.lock b/poetry.lock index 74c8364..7091c21 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1759,6 +1759,33 @@ files = [ {file = "ruamel.yaml.clib-0.2.12.tar.gz", hash = "sha256:6c8fbb13ec503f99a91901ab46e0b07ae7941cd527393187039aec586fdfd36f"}, ] +[[package]] +name = "ruff" +version = "0.9.0" +description = "An extremely fast Python linter and code formatter, written in Rust." +optional = false +python-versions = ">=3.7" +files = [ + {file = "ruff-0.9.0-py3-none-linux_armv6l.whl", hash = "sha256:949b3513f931741e006cf267bf89611edff04e1f012013424022add3ce78f319"}, + {file = "ruff-0.9.0-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:99fbcb8c7fe94ae1e462ab2a1ef17cb20b25fb6438b9f198b1bcf5207a0a7916"}, + {file = "ruff-0.9.0-py3-none-macosx_11_0_arm64.whl", hash = "sha256:0b022afd8eb0fcfce1e0adec84322abf4d6ce3cd285b3b99c4f17aae7decf749"}, + {file = "ruff-0.9.0-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:336567ce92c9ca8ec62780d07b5fa11fbc881dc7bb40958f93a7d621e7ab4589"}, + {file = "ruff-0.9.0-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:d338336c44bda602dc8e8766836ac0441e5b0dfeac3af1bd311a97ebaf087a75"}, + {file = "ruff-0.9.0-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d9b3ececf523d733e90b540e7afcc0494189e8999847f8855747acd5a9a8c45f"}, + {file = "ruff-0.9.0-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:a11c0872a31232e473e2e0e2107f3d294dbadd2f83fb281c3eb1c22a24866924"}, + {file = "ruff-0.9.0-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:b5fd06220c17a9cc0dc7fc6552f2ac4db74e8e8bff9c401d160ac59d00566f54"}, + {file = "ruff-0.9.0-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:0457e775c74bf3976243f910805242b7dcd389e1d440deccbd1194ca17a5728c"}, + {file = "ruff-0.9.0-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:05415599bbcb318f730ea1b46a39e4fbf71f6a63fdbfa1dda92efb55f19d7ecf"}, + {file = "ruff-0.9.0-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:fbf9864b009e43cfc1c8bed1a6a4c529156913105780af4141ca4342148517f5"}, + {file = "ruff-0.9.0-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:37b3da222b12e2bb2ce628e02586ab4846b1ed7f31f42a5a0683b213453b2d49"}, + {file = "ruff-0.9.0-py3-none-musllinux_1_2_i686.whl", hash = "sha256:733c0fcf2eb0c90055100b4ed1af9c9d87305b901a8feb6a0451fa53ed88199d"}, + {file = "ruff-0.9.0-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:8221a454bfe5ccdf8017512fd6bb60e6ec30f9ea252b8a80e5b73619f6c3cefd"}, + {file = "ruff-0.9.0-py3-none-win32.whl", hash = "sha256:d345f2178afd192c7991ddee59155c58145e12ad81310b509bd2e25c5b0247b3"}, + {file = "ruff-0.9.0-py3-none-win_amd64.whl", hash = "sha256:0cbc0905d94d21305872f7f8224e30f4bbcd532bc21b2225b2446d8fc7220d19"}, + {file = "ruff-0.9.0-py3-none-win_arm64.whl", hash = "sha256:7b1148771c6ca88f820d761350a053a5794bc58e0867739ea93eb5e41ad978cd"}, + {file = "ruff-0.9.0.tar.gz", hash = "sha256:143f68fa5560ecf10fc49878b73cee3eab98b777fcf43b0e62d43d42f5ef9d8b"}, +] + [[package]] name = "secretstorage" version = "3.3.3" diff --git a/pyproject.toml b/pyproject.toml index 06c8b1c..41ab53b 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -2,33 +2,8 @@ line-length = 110 target-version = "py39" -[tool.ruff.lint] -fixable = ["ALL"] -extend-select = [ - "UP", # pyupgrade - "F", # Pyflakes - "E", "W", # Pycodestyle - "I", # isort - "S", # flake8-bandit - "SIM", # flake8-simplify - "B", # flake8-bugbear - # pydocstyle - "D213", "D214", "D215", "D405", "D406", "D407", "D408", "D409", "D410", "D411", "D413", "D416", "D417", -] -ignore= [ - "S101", # Use of assert detected - "S607", # start-process-with-partial-path - "S603", # subprocess-without-shell-equals-true -] -exclude = ["tag_publish/configuration.py"] - -[tool.mypy] -python_version = "3.9" -ignore_missing_imports = true -warn_redundant_casts = true -warn_unused_ignores = true -warn_return_any = true -strict = true +[tool.ruff.lint.pydocstyle] +convention = "numpy" [tool.poetry] name = "tag-publish" @@ -41,13 +16,19 @@ repository = "https://github.com/camptocamp/tag-publish" license = "FreeBSD" packages = [{ include = "tag_publish" }] classifiers = [ - "Development Status :: 5 - Production/Stable", - "Environment :: Console", - "Operating System :: OS Independent", - "Programming Language :: Python", - "Intended Audience :: Developers", - "License :: OSI Approved :: MIT License", - "Typing :: Typed", + 'Development Status :: 5 - Production/Stable', + 'Environment :: Console', + 'Intended Audience :: Developers', + 'License :: OSI Approved :: MIT License', + 'Operating System :: OS Independent', + 'Programming Language :: Python', + 'Programming Language :: Python :: 3', + 'Programming Language :: Python :: 3.9', + 'Programming Language :: Python :: 3.10', + 'Programming Language :: Python :: 3.11', + 'Programming Language :: Python :: 3.12', + 'Programming Language :: Python :: 3.13', + 'Typing :: Typed', ] include = [ "tag_publish/py.typed", @@ -73,9 +54,9 @@ debian-inspector = "31.1.0" multi-repo-automation = "1.5.0" [tool.poetry.group.dev.dependencies] -prospector = { version = "1.13.3", extras = ["with-bandit", "with-mypy", "with-pyroma"] } -prospector-profile-duplicated = "1.10.0" -prospector-profile-utils = "1.14.1" +prospector = { version = "1.13.3", extras = ["with_bandit", "with_mypy", "with_pyroma", "with_ruff"] } +prospector-profile-duplicated = "1.10.4" +prospector-profile-utils = "1.15.1" types-requests = "2.32.0.20241016" types-pyyaml = "6.0.12.20241230" diff --git a/tag_publish/cli.py b/tag_publish/cli.py index febee1d..68348bf 100644 --- a/tag_publish/cli.py +++ b/tag_publish/cli.py @@ -1,8 +1,6 @@ #!/usr/bin/env python3 -""" -The publish script. -""" +"""The publish script.""" import argparse import os @@ -40,9 +38,7 @@ def match(tpe: str, base_re: str) -> Optional[Match[str]]: def main() -> None: - """ - Run the publish. - """ + """Run the publish.""" parser = argparse.ArgumentParser(description="Publish the project.") parser.add_argument("--group", default="default", help="The publishing group") parser.add_argument("--version", help="The version to publish to") @@ -131,7 +127,6 @@ def main() -> None: ), ) version = tag_publish.get_value(*pull_match) - version = "_".join(ref.split("/")[2:]) else: print( f"WARNING: {ref} is not supported, only ref starting with 'refs/heads/', 'refs/tags/' "