Update reqs

Author: pythoninthegrass

.github/workflows/auto_merge.yml

@@ -1,27 +1,58 @@
 # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#approve-a-pull-request
+# https://nicolasiensen.github.io/2022-07-23-automating-dependency-updates-with-dependabot-github-auto-merge-and-github-actions/
 
 name: auto_merge
-on: [pull_request, workflow_dispatch]     # pull_request, push, workflow_dispatch
+
+on: # pull_request, pull_request_target, push, workflow_dispatch
+  pull_request_target:
+  workflow_dispatch:
 
 permissions:
   pull-requests: write
+  contents: write
 
 jobs:
-  dependabot:
+  review-dependabot-pr:
     runs-on: ubuntu-latest
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
     steps:
+      - name: Check rate limit
+        id: rate-limit
+        shell: bash
+        run: |
+          RATE_LIMIT=$(gh api /rate_limit | jq -r '.resources.core.remaining')
+          echo "::set-output name=remaining::$RATE_LIMIT"
+          if [[ "$RATE_LIMIT" -lt 10 ]]; then
+            RESET_TIME=$(gh api /rate_limit | jq -r '.resources.core.reset')
+            echo "::set-output name=reset_time::$RESET_TIME"
+            echo "Rate limit is low ($RATE_LIMIT). Waiting until $RESET_TIME"
+            sleep $((RESET_TIME - $(date +%s)))
+          fi
       - name: Dependabot metadata
-        id: metadata
-        uses: dependabot/fetch-metadata@v1.1.1
-        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
-      - name: Approve a PR
-        run: gh pr review --approve "$PR_URL"
+        id: dependabot-metadata
+        uses: dependabot/fetch-metadata@v1.3.1
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Approve patch and minor updates
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
+        run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
           GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-      - name: Merge a PR
-        run: gh pr merge "$PR_URL" --auto --squash
+      - name: Approve major updates of development dependencies
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}
+        run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**"
         env:
           PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Comment on major updates of non-development dependencies
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}
+        run: |
+          gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**"
+          gh pr edit $PR_URL --add-label "requires-manual-qa"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

.pre-commit-config.yaml

@@ -1,31 +1,30 @@
 fail_fast: true
-verbose: true
 
 repos:
   # checks for secrets via rules (gitleaks.toml)
   - repo: https://github.com/zricethezav/gitleaks
-    rev: v8.9.0
+    rev: v8.15.3
     hooks:
       - id: gitleaks
   - repo: https://github.com/ambv/black
-    rev: 22.6.0
+    rev: 23.1.0
     hooks:
     - id: black
-  - repo: https://gitlab.com/pycqa/flake8
-    rev: 3.9.2
+  - repo: https://github.com/PyCQA/flake8
+    rev: 6.0.0
     hooks:
     - id: flake8
-  # - repo: https://github.com/timothycrosley/isort
-  #   rev: 5.10.1
-  #   hooks:
-  #   - id: isort
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
     - id: check-yaml
     - id: check-added-large-files
       args: ['--maxkb=1024']
     - id: check-docstring-first
+      exclude: |
+          (?x)^(
+              hello.py
+          )$
     - id: check-executables-have-shebangs
     - id: check-merge-conflict
     - id: check-shebang-scripts-are-executable
@@ -41,9 +40,10 @@ repos:
     - id: mixed-line-ending
     - id: name-tests-test
     - id: pretty-format-json
-      # https://pre-commit.com/#regular-expressions
       exclude: |
-        ^settings.json$
+          (?x)^(
+              .vscode/launch.json|
+              .vscode/settings.json
+          )$
       args: ['--autofix', '--indent=2', '--no-sort-keys']
     - id: requirements-txt-fixer
-    # - id: trailing-whitespace

.tool-versions

@@ -1,2 +1,2 @@
-python 3.10.7
-poetry 1.2.0
+python 3.10.9
+poetry 1.3.2

.vscode/launch.json

@@ -0,0 +1,57 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+
+    // pytest: https://stackoverflow.com/questions/70259564/how-to-debug-the-current-python-test-file-with-pytest-in-vs-code
+
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Python: Current File",
+            "type": "python",
+            "request": "launch",
+            "program": "${file}",
+            "console": "integratedTerminal",
+            "cwd": "${fileDirname}",
+            // "args": ["-i", "response.xml", "-o", "response.csv"],
+            // "args": ["-d", "/Volumes/Data"],
+            // "args": ["-f", "menubar.dmg"],
+            // "args": ["-h"],
+            // "env": {
+            //     "CREDS": "",
+            // }
+        },
+        {
+            "name": "Python: Django",
+            "type": "python",
+            "request": "launch",
+            "program": "${workspaceFolder}/app/project/wiki/manage.py",
+            "console": "integratedTerminal",
+            "args": ["runserver"],
+            "django": true,
+            "justMyCode": true
+        },
+        {
+            "name": "Python: Debug Tests",
+            "type": "python",
+            "request": "launch",
+            "module": "pytest",
+            "args": [
+                "${file}"
+            ],
+            "console": "integratedTerminal"
+        },
+        {
+            "name": "Node: Current File",
+            "type": "node",
+            "request": "launch",
+            "program": "${file}",
+            "console": "integratedTerminal",
+            "skipFiles": [
+                "<node_internals>/**"
+            ],
+            // "runtimeExecutable": "${env:HOME}/.n/bin/node"
+        }
+    ]
+}

.vscode/settings.json

@@ -1,25 +1,58 @@
 # See https://just.systems/man/en
 
-dotenv-load := "true"
-host := `uname -a`
+# positional args
+# * NOTE: unable to reuse recipe name (e.g., start/stop); prefix recipes with `@`
+# set positional-arguments := true
 
-default:
-    just --list
+# load .env
+set dotenv-load
 
-build-clean:
-    docker-compose build --pull --no-cache
+# set env var
+# export APP      := `echo ${APP}`
+# export SCRIPT   := "harden"
+# export VERSION  := "latest"
 
-build:
-    docker-compose build --pull
+# x86_64/arm64
+arch := `uname -m`
 
-start:
-    docker-compose up -d
+# hostname
+host := `uname -n`
 
-exec:
-    docker-compose exec app bash
+# docker-compose / docker compose
+# * https://docs.docker.com/compose/install/linux/#install-using-the-repository
+# docker-compose := if `command -v docker-compose; echo $?` == "0" {
+# 	"docker-compose"
+# } else {
+# 	"docker compose"
+# }
 
-stop:
-    docker-compose stop
+# [halp]     list available commands
+default:
+    just --list
 
-down:
-    docker-compose stop && docker-compose down --remove-orphans
+# [deps]     update dependencies
+update-deps:
+    #!/usr/bin/env bash
+    # set -euxo pipefail
+    find . -maxdepth 3 -name "pyproject.toml" -exec \
+        echo "[{}]" \; -exec \
+        echo "Clearring pypi cache..." \; -exec \
+        poetry cache clear --all pypi --no-ansi \; -exec \
+        poetry update --lock --no-ansi \;
+
+# [deps]     export requirements.txt
+export-reqs: update-deps
+    #!/usr/bin/env bash
+    # set -euxo pipefail
+    find . -maxdepth 3 -name "pyproject.toml" -exec \
+        echo "[{}]" \; -exec \
+        echo "Exporting requirements.txt..." \; -exec \
+        poetry export --no-ansi --without-hashes --output requirements.txt \;
+
+# [git]      update git submodules
+sub:
+    git submodule update --init --recursive && git pull --recurse-submodules
+
+# [git]      update pre-commit hooks
+pre-commit:
+    pre-commit autoupdate