From eeef30d4ca5f21fa033caa4cbecf106ae18be164 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 3 Jul 2025 21:45:48 +0000 Subject: [PATCH 1/3] Update patch dependencies --- .github/workflows/auto-merge-dependabot-workflow.yaml | 2 +- .github/workflows/benchmark.yaml | 2 +- .github/workflows/codeql.yaml | 8 ++++---- .github/workflows/labeler.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/tests.yml | 2 +- .pre-commit-config.yaml | 2 +- 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/auto-merge-dependabot-workflow.yaml b/.github/workflows/auto-merge-dependabot-workflow.yaml index bfdebc9b..1422cb06 100644 --- a/.github/workflows/auto-merge-dependabot-workflow.yaml +++ b/.github/workflows/auto-merge-dependabot-workflow.yaml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/benchmark.yaml b/.github/workflows/benchmark.yaml index bdcb461a..41ec7f99 100644 --- a/.github/workflows/benchmark.yaml +++ b/.github/workflows/benchmark.yaml @@ -20,7 +20,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml index 9523f0f2..40d10a6c 100644 --- a/.github/workflows/codeql.yaml +++ b/.github/workflows/codeql.yaml @@ -40,7 +40,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: block @@ -56,7 +56,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -69,7 +69,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + uses: github/codeql-action/autobuild@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 # ℹ️ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -82,6 +82,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index eefd7ddc..ca149408 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -13,7 +13,7 @@ jobs: issues: read steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7125c34f..d37a26f0 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,7 +13,7 @@ jobs: contents: read steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a8f65814..424a34fe 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -43,7 +43,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: disable-sudo: true egress-policy: block diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 93492139..7924a7a9 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -27,7 +27,7 @@ repos: - repo: https://github.com/astral-sh/ruff-pre-commit # Ruff version. - rev: v0.12.0 + rev: v0.12.2 hooks: # Run the linter. - id: ruff From 7ea2b7b4ed300432e11f1403261e8278b4c4a0b0 Mon Sep 17 00:00:00 2001 From: Tom Willis Date: Thu, 10 Jul 2025 17:07:49 -0500 Subject: [PATCH 2/3] Fix nox file. Prettier runs locally to success --- .../011-TOML-for-configuration.md | 6 ++++-- .../016-use-uv-instead-of-poetry.md | 4 ++-- noxfile.py | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/architectural_decision_records/011-TOML-for-configuration.md b/docs/architectural_decision_records/011-TOML-for-configuration.md index 5d6770ca..9ed7eaf7 100644 --- a/docs/architectural_decision_records/011-TOML-for-configuration.md +++ b/docs/architectural_decision_records/011-TOML-for-configuration.md @@ -8,12 +8,14 @@ Accepted ## Decision -We decided to use TOML (Tom's Obvious, Minimal Language) for configuring our Python applications. Here's why: +We decided to use TOML (Tom's Obvious, Minimal Language) +for configuring our Python applications. Here's why: 1. Easy to understand: - TOML has a straightforward syntax that is easy to read and understand. - - It uses key-value pairs and hierarchies, making it intuitive for developers to define configuration settings. + - It uses key-value pairs and hierarchies, making it intuitive for developers + - to define configuration settings. 2. Clear and concise: diff --git a/docs/architectural_decision_records/016-use-uv-instead-of-poetry.md b/docs/architectural_decision_records/016-use-uv-instead-of-poetry.md index a96025ba..fe81416d 100644 --- a/docs/architectural_decision_records/016-use-uv-instead-of-poetry.md +++ b/docs/architectural_decision_records/016-use-uv-instead-of-poetry.md @@ -47,14 +47,14 @@ We will replace **Poetry** with **uv** for managing dependencies, creating lockf ### Positive Impacts -- **Faster Builds**: uv provides faster dependency resolution and package builds. +- **Faster Builds**: `uv` provides faster dependency resolution and package builds. - **Simplified Workflow**: The tool is more aligned with our goal of a lean, efficient build process. - **Reproducible Builds**: uv generates a `uv.lock` file to ensure consistent environments across installations. ### Negative Impacts - **Learning Curve**: Team members need to become familiar with uv’s CLI. -- **Ecosystem**: uv is a newer tool, so it may have fewer third-party resources and integrations compared to Poetry. +- **Ecosystem**: `uv` is a newer tool, so it may have fewer third-party resources and integrations compared to Poetry. ## Status diff --git a/noxfile.py b/noxfile.py index 68e7e536..c52b9a32 100644 --- a/noxfile.py +++ b/noxfile.py @@ -19,7 +19,7 @@ nox.needs_version = ">= 2024.4.15" nox.options.sessions = ( "pre-commit", - "pip-audit" + "pip-audit", # "mypy", "tests", # "typeguard", From dc0f8b14f7298a96052bd47b3391571ad75c94d9 Mon Sep 17 00:00:00 2001 From: Tom Willis Date: Thu, 10 Jul 2025 17:22:45 -0500 Subject: [PATCH 3/3] Disable prettier in the pre-commit. It is choking the CI for some reason and does nothing for Python. We already have checkers for other formats. --- .pre-commit-config.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7924a7a9..41a434f1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -43,10 +43,11 @@ repos: types: [python] args: [--py37-plus] - - repo: https://github.com/pre-commit/mirrors-prettier - rev: v4.0.0-alpha.8 - hooks: - - id: prettier +# Prettier is failing in CI for Markdown files, so we disable it for now. It does not do much for us anyway. +# - repo: https://github.com/pre-commit/mirrors-prettier +# rev: v4.0.0-alpha.8 +# hooks: +# - id: prettier # Linter for markdown files # This hook uses DavidAnson Node.js markdownlint in a Docker to minimize dev environment at the cost of speed