Skip to content

HTML/Jinja lint & format, pin pre-commit and GH Actions to commit hashes #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
m-aciek merged 17 commits into from
May 28, 2026
Merged

HTML/Jinja lint & format, pin pre-commit and GH Actions to commit hashes #173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
17063f9
Add new linter
m-aciek Mar 22, 2026
4562abf
reformat
m-aciek Mar 22, 2026
2ecce5d
add meta keywords, move styles to stylesheet, add height and width fo…
m-aciek Mar 22, 2026
2d7e347
bump style cache version
m-aciek Mar 22, 2026
51369e8
update logo dimensions in base.html and clean up CSS
m-aciek Mar 22, 2026
272d43e
endblock name
m-aciek Mar 22, 2026
6b88883
move link color on card to the stylesheet, quotes, centering, blocks
m-aciek Mar 22, 2026
bd4bd65
use spaceless tags inside attribute values
m-aciek Mar 22, 2026
bc5c228
add indentation setting to djlint configuration
m-aciek Mar 22, 2026
6ee38e5
reformat
m-aciek Mar 22, 2026
dbbffd2
Merge branch 'main' into jinja-lint
m-aciek Mar 24, 2026
ed54625
Merge branch 'main' into jinja-lint
Copilot Apr 30, 2026
0c0e318
Merge branch 'main' into jinja-lint (resolve conflicts)
Copilot Apr 30, 2026
721cab1
Add __pycache__ to .gitignore and remove from tracking
Copilot Apr 30, 2026
94fab4c
pre-commit autoupdate --freeze
m-aciek May 28, 2026
d61bc4f
set the dependabot cooldown
m-aciek May 28, 2026
1b25977
uvx gha-update
m-aciek May 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,5 @@ updates:
actions:
patterns:
- "*"
cooldown:
default-days: 7
4 changes: 2 additions & 2 deletions .github/workflows/cleanup-pr-preview.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ jobs:
permissions:
contents: write
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: gh-pages
- run: git config user.name "github-actions[bot]"
- run: git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
- run: git rm -rf ${{ github.event.number }}
- run: git commit -m 'Cleaning up gh-pages after ${{ github.event.number }}'
- uses: ad-m/github-push-action@master
- uses: ad-m/github-push-action@881a6320fdb16eb5318c5054f31c218aec2b324c # v1.3.0
with:
branch: gh-pages
6 changes: 3 additions & 3 deletions .github/workflows/lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,10 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/setup-python@v6
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.x"
- uses: tox-dev/action-pre-commit-uv@v1
- uses: tox-dev/action-pre-commit-uv@41a04ab74d5ec7ca33c8db8a59b6e3291d576033 # v1.0.4
4 changes: 2 additions & 2 deletions .github/workflows/run-tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,10 @@ jobs:
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: actions/setup-python@v6
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.x"
- run: pip install -r requirements.txt
Expand Down
18 changes: 9 additions & 9 deletions .github/workflows/update.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,17 @@ jobs:
contents: write
pull-requests: write
steps:
- uses: actions/setup-python@v6
- uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
with:
python-version: "3.x"
- uses: astral-sh/setup-uv@v7
- uses: actions/checkout@v6
- uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- run: sudo apt-get install -y gettext
- run: pip install -r requirements.txt
- run: uv run generate.py # generates index.html and index.json
- name: Deploy 🚀
if: github.event_name != 'pull_request'
uses: JamesIves/github-pages-deploy-action@v4
uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0
with:
folder: build
clean: false
Expand All @@ -32,7 +32,7 @@ jobs:
- name: Deploy to subdirectory if pull request 🚀
# This does not work for PRs from forks
if: github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork
uses: JamesIves/github-pages-deploy-action@v4
uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0
with:
folder: build
target-folder: ${{ github.ref_name }}
Expand All @@ -42,7 +42,7 @@ jobs:
- name: Update PR description if pull request
# This does not work for PRs from forks
if: github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork
uses: chabroA/action-append-pr-description@v1.2.1
uses: chabroA/action-append-pr-description@9e3784d5a06b65d9294b9dcee4633ab81a362e8f # v1.2.1
with:
auth: ${{ secrets.GITHUB_TOKEN }}
repo: ${{ github.event.repository.name }}
Expand All @@ -59,7 +59,7 @@ jobs:
- run: uv run generate_build_details.py # generates build-details.html
- name: Deploy build details view 🚀
if: github.event_name != 'pull_request'
uses: JamesIves/github-pages-deploy-action@v4
uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0
with:
folder: build
clean: false
Expand All @@ -68,14 +68,14 @@ jobs:
- name: Deploy metadata view to subdirectory if pull request 🚀
# This does not work for PRs from forks
if: github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork
uses: JamesIves/github-pages-deploy-action@v4
uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0
with:
folder: build
target-folder: ${{ github.ref_name }}
clean: false
git-config-name: github-actions[bot]
git-config-email: 41898282+github-actions[bot]@users.noreply.github.com
- uses: actions/upload-artifact@v7
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
if: always()
with:
name: build
Expand Down
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
build
clones
venv
__pycache__
*.pyc
18 changes: 12 additions & 6 deletions .pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
repos:
- repo: https://github.com/astral-sh/ruff-pre-commit
rev: v0.15.9
rev: 0c7b6c989466a93942def1f84baf36ddfcd60c83 # frozen: v0.15.14
hooks:
- id: ruff-check
args: [--fix, --exit-non-zero-on-fix]
- id: ruff-format

- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # frozen: v6.0.0
hooks:
- id: check-added-large-files
- id: check-case-conflict
Expand All @@ -20,12 +20,12 @@ repos:
- id: trailing-whitespace

- repo: https://github.com/python-jsonschema/check-jsonschema
rev: 0.37.1
rev: 943377262562a12b57292fc98fabd7dbf81451fe # frozen: 0.37.2
hooks:
- id: check-github-workflows

- repo: https://github.com/rhysd/actionlint

@StanFromIreland StanFromIreland May 28, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add a Zizmor hook, but that can be a followup.

rev: v1.7.12
rev: 914e7df21a07ef503a81201c76d2b11c789d3fca # frozen: v1.7.12
hooks:
- id: actionlint

Expand All @@ -35,16 +35,22 @@ repos:
- id: check-useless-excludes

- repo: https://github.com/pre-commit/mirrors-mypy
rev: v1.20.0
rev: d2823d321df3af8f878f7ee3414dc94d037145b9 # frozen: v2.1.0
hooks:
- id: mypy
additional_dependencies: [types-docutils, types-polib>=1.2.0.20250114, types-requests]

- repo: https://github.com/francescorubbo/deptry-pre-commit
rev: v0.25.1
rev: 14b9099e8ca0e47a3ee8685e951ee66254a9846f # frozen: v0.25.1
hooks:
- id: deptry
args: [".", "--per-rule-ignores", "DEP002=python-docs-theme", "--package-module-name-map", "gitpython=git,sphinx-lint=sphinxlint"]

- repo: https://github.com/djlint/djLint

@StanFromIreland StanFromIreland Mar 23, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems like a dead project, no releases since 2024, are there no alternatives? It seems to work alright currently.

@m-aciek m-aciek Mar 23, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My quick research implied it is mature and stable, and there's no better alternative. It looks stagnant on PyPI, but the repo still receives commits. The GitHub project had updates as recently as Nov 2025, and the docs were updated in 2026, which indicates some ongoing maintenance.

@hugovk hugovk Mar 23, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fact they have Renovate set up to do updates multiple times a day, and automerge them without human review, is a bit odd:

https://github.com/djlint/djLint/commits/master/

Also no cooldown, so a very good way to be among the very first to be exposed to a new vulnerability...

https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns

We're on a pinned tag not on master, which helps, but tags are immutable and a vuln could rewrite the tags.

@m-aciek m-aciek Mar 27, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've opened an issue with a suggestion to add the cooldown: djlint/djLint#1783.

It's only library like that that offers an autoformatter.

@StanFromIreland StanFromIreland Mar 27, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seeing as the whole litellm thing happened the day after Hugo’s message, I think we should wait with this PR till they make such changes.

@m-aciek m-aciek Apr 30, 2026

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They've added cooldowns recently and pinned dependencies.

rev: 9112cb64851c95a7802358af285d21ad8b7f6437 # frozen: v1.36.4
hooks:
- id: djlint-reformat-jinja
- id: djlint-jinja

ci:
autoupdate_schedule: quarterly
2 changes: 2 additions & 0 deletions djlint.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
ignore="J018"
indent=2
Loading
Loading