diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md index ff21558..220d2af 100644 --- a/.github/copilot-instructions.md +++ b/.github/copilot-instructions.md @@ -16,10 +16,8 @@ This is a GitHub Action identifies and reports repositories with no activity for ## Repository Structure - `Makefile`: Contains commands for linting, testing, and other tasks -- `requirements.txt`: Python dependencies for the project -- `requirements-test.txt`: Python dependencies for testing +- `pyproject.toml`: Python dependencies and project configuration - `README.md`: Project documentation and setup instructions -- `setup.py`: Python package setup configuration - `test_*.py`: Python test files matching the naming convention for test discovery ## Key Guidelines diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ff79d00..19bae0d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -59,11 +59,6 @@ jobs: # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@820e3160e279568db735cee8ed8f8e77a6da7818 # v3.32.6 - # â„šī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml index 7fd1e95..0bb7b9e 100644 --- a/.github/workflows/major-version-updater.yml +++ b/.github/workflows/major-version-updater.yml @@ -10,11 +10,13 @@ on: env: TAG_NAME: ${{ github.event.inputs.TAG_NAME || github.ref}} permissions: - contents: write + contents: read jobs: update_tag: name: Update the major tag to include the ${{ github.event.inputs.TAG_NAME || github.ref }} changes runs-on: ubuntu-latest + permissions: + contents: write steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 diff --git a/.github/workflows/mark-ready-when-ready.yml b/.github/workflows/mark-ready-when-ready.yml index fcafe7f..fc34f9f 100644 --- a/.github/workflows/mark-ready-when-ready.yml +++ b/.github/workflows/mark-ready-when-ready.yml @@ -5,10 +5,7 @@ on: types: [opened, edited, labeled, unlabeled, synchronize] permissions: - checks: read - contents: write - pull-requests: write - statuses: read + contents: read concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} @@ -18,6 +15,11 @@ jobs: mark-ready: name: Mark as ready after successful checks runs-on: ubuntu-latest + permissions: + checks: read + contents: write + pull-requests: write + statuses: read if: | contains(github.event.pull_request.labels.*.name, 'Mark Ready When Ready') && github.event.pull_request.draft == true diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9eb0a9c..81b4c4b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -13,13 +13,15 @@ on: push: branches: [main] -permissions: read-all +permissions: + contents: read jobs: analysis: name: Scorecard analysis runs-on: ubuntu-latest permissions: + contents: read security-events: write id-token: write diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 0796be4..17c96be 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -4,12 +4,14 @@ on: - cron: "30 1 * * *" permissions: - issues: write - pull-requests: read + contents: read jobs: stale: runs-on: ubuntu-latest + permissions: + issues: write + pull-requests: read steps: - name: Harden the runner (Audit all outbound calls) uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 diff --git a/Makefile b/Makefile index 8fb2d2a..030b922 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ .PHONY: test test: - uv run pytest -v --cov=. --cov-config=.coveragerc --cov-fail-under=80 --cov-report term-missing + uv run python -m pytest -v --cov=. --cov-config=.coveragerc --cov-fail-under=80 --cov-report term-missing .PHONY: clean clean: @@ -9,10 +9,10 @@ clean: .PHONY: lint lint: # stop the build if there are Python syntax errors or undefined names - uv run flake8 . --config=.github/linters/.flake8 --count --select=E9,F63,F7,F82 --show-source + uv run python -m flake8 . --config=.github/linters/.flake8 --count --select=E9,F63,F7,F82 --show-source # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide - uv run flake8 . --config=.github/linters/.flake8 --count --exit-zero --max-complexity=15 --max-line-length=150 + uv run python -m flake8 . --config=.github/linters/.flake8 --count --exit-zero --max-complexity=15 --max-line-length=150 uv run isort --settings-file=.github/linters/.isort.cfg . uv run pylint --rcfile=.github/linters/.python-lint --fail-under=9.0 *.py - uv run mypy --config-file=.github/linters/.mypy.ini *.py + uv run python -m mypy --config-file=.github/linters/.mypy.ini *.py uv run black . diff --git a/uv.lock b/uv.lock index 6f21765..13938d7 100644 --- a/uv.lock +++ b/uv.lock @@ -657,11 +657,11 @@ wheels = [ [[package]] name = "pyjwt" -version = "2.11.0" +version = "2.12.1" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/5c/5a/b46fa56bf322901eee5b0454a34343cdbdae202cd421775a8ee4e42fd519/pyjwt-2.11.0.tar.gz", hash = "sha256:35f95c1f0fbe5d5ba6e43f00271c275f7a1a4db1dab27bf708073b75318ea623", size = 98019, upload-time = "2026-01-30T19:59:55.694Z" } +sdist = { url = "https://files.pythonhosted.org/packages/c2/27/a3b6e5bf6ff856d2509292e95c8f57f0df7017cf5394921fc4e4ef40308a/pyjwt-2.12.1.tar.gz", hash = "sha256:c74a7a2adf861c04d002db713dd85f84beb242228e671280bf709d765b03672b", size = 102564, upload-time = "2026-03-13T19:27:37.25Z" } wheels = [ - { url = "https://files.pythonhosted.org/packages/6f/01/c26ce75ba460d5cd503da9e13b21a33804d38c2165dec7b716d06b13010c/pyjwt-2.11.0-py3-none-any.whl", hash = "sha256:94a6bde30eb5c8e04fee991062b534071fd1439ef58d2adc9ccb823e7bcd0469", size = 28224, upload-time = "2026-01-30T19:59:54.539Z" }, + { url = "https://files.pythonhosted.org/packages/e5/7a/8dd906bd22e79e47397a61742927f6747fe93242ef86645ee9092e610244/pyjwt-2.12.1-py3-none-any.whl", hash = "sha256:28ca37c070cad8ba8cd9790cd940535d40274d22f80ab87f3ac6a713e6e8454c", size = 29726, upload-time = "2026-03-13T19:27:35.677Z" }, ] [package.optional-dependencies]