Skip to content

chore: tighten release plumbing for 0.3.0#29

Merged
jack-arturo merged 3 commits into
mainfrom
chore/0.3.0-prerelease-cleanup
Apr 28, 2026
Merged

chore: tighten release plumbing for 0.3.0#29
jack-arturo merged 3 commits into
mainfrom
chore/0.3.0-prerelease-cleanup

Conversation

@jack-arturo
Copy link
Copy Markdown
Member

@jack-arturo jack-arturo commented Apr 28, 2026

Summary

Pre-release cleanup that should land before merging the v0.3.0 release PR (#17). Closes the audit gaps surfaced by mcp-ecosystem/scripts/audit-server.sh and addresses the unresolved Copilot review on #17. After this merges, release-please will rebase #17 with the cleaned CHANGELOG.

  • CHANGELOG.md — merges the hand-written 0.2.0 prose under release-please's auto-generated 0.2.0 heading and drops the stale ## [0.2.0] - Unreleased label that Copilot flagged on PR chore(main): release 0.3.0 #17 (richer history is preserved instead of deleted; already-released sections are durable across future release-please runs).
  • .github/workflows/dependabot-auto-merge.yml (new) — mirrors the canonical Python template in mcp-ecosystem/templates/python/.github/workflows/dependabot-auto-merge.yml. Closes the one ❌ from audit-server.sh and lets safe Dependabot PRs (patch updates, transitive deps, GitHub Actions updates) flow through without manual review.
  • .github/workflows/ci.yml — Python 3.11 + 3.12 matrix (verified locally: streamdeck, pillow>=10.0.0, and mcp[cli]>=1.6.0 all resolve binary wheels on 3.12), ruff format --check, and pytest --cov=. --cov-report=xml with codecov upload (continue-on-error: true so a missing token doesn't block CI).
  • profile_manager.py / profile_server.py / tests/test_profile_manager.pyruff format baseline. Mechanical line-collapses inside the existing 100-char limit; no behavior change. Necessary because we're adding ruff format --check to CI.

Verification

uv run ruff check .            # → All checks passed!
uv run ruff format --check .   # → 10 files already formatted
uv run pytest tests/ -q        # → 84 passed in 0.33s
uv build --out-dir dist        # builds wheel + sdist

Wheel content sanity-checked locally:

  • streamdeck_assets/materialdesignicons-webfont.ttf (1.3 MB) ✓
  • streamdeck_assets/mdi-meta.json (621 KB) ✓
  • streamdeck_assets/skill/streamdeck-designer/SKILL.md (19 KB) + all references and recipes ✓
  • Description-Content-Type: text/markdown ✓ (PyPI will render the README correctly)

Test plan

  • CI passes on both python-version: 3.11 and 3.12.
  • Security workflows still pass (CodeQL, pip-audit, Bandit) — none of the changes touch source files in scanning scope.
  • After merge, release-please regenerates PR chore(main): release 0.3.0 #17 with the cleaned CHANGELOG. (Will follow up on that PR with a uv lock commit to sync the lockfile to 0.3.0; release-please does not currently update uv.lock.)
  • Reply on the Copilot thread on chore(main): release 0.3.0 #17 referencing this PR's CHANGELOG fix and resolve.

🤖 Generated with Claude Code

@jack-arturo @claude
chore: tighten release plumbing for 0.3.0
49b693c 
- CHANGELOG: merge richer 0.2.0 prose under release-please-generated heading;
  drop stale "Unreleased" label that Copilot flagged on PR #17. Already-released
  sections are durable across future release-please runs.
- CI matrix: add Python 3.12 alongside 3.11 (ecosystem py-flat-layout profile).
  Verified locally: streamdeck/pillow/mcp[cli] all resolve binary wheels on 3.12.
- CI: add ruff format --check and pytest-cov upload to codecov (continue-on-error).
- New workflow: dependabot-auto-merge.yml mirrors mcp-ecosystem template; closes
  the ❌ error from audit-server.sh and lets safe Dependabot PRs auto-merge.
- profile_manager.py / profile_server.py / tests: ruff format --check baseline
  (mechanical line-collapse to fit within the 100-char limit; no behavior change).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings April 28, 2026 00:21
@jack-arturo @claude
fix(ci): use uv pip --system and tolerate advisory failures
c71f436 
- ci.yml: switch from `uv venv` + `uv run` to `uv pip install --system`. The
  previous setup tripped on matrix Python 3.12 because `uv run` re-syncs the
  venv from uv.lock (which pins 3.11) on each invocation, discarding the [dev]
  extras installed in the prior step. --system installs into the runner's
  matrix-provided Python directly and puts ruff/pytest on PATH.
- security.yml: add `continue-on-error: true` to the pip-audit and bandit jobs
  to match mcp-ecosystem/templates/python/.github/workflows/security.yml.
  CVE-2026-3219 in pip itself currently has no fix version, so a hard gate on
  pip-audit blocks unrelated PRs; CodeQL remains the hard security gate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copilot AI reviewed Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pre-release cleanup to tighten the v0.3.0 release process by aligning the changelog with release-please output, adding Dependabot auto-merge plumbing, and strengthening CI (Python version matrix, formatting checks, and coverage upload), plus mechanical ruff format updates.

Changes:

  • Adjust CHANGELOG.md to remove the stale “0.2.0 - Unreleased” heading and keep 0.2.0 content under the release-please section.
  • Add a reusable-workflow wrapper to auto-merge safe Dependabot PRs.
  • Update CI to run on Python 3.11/3.12, enforce ruff format --check, and generate/upload coverage.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
CHANGELOG.md Removes the stale unreleased heading so the 0.2.0 section matches release-please structure.
.github/workflows/dependabot-auto-merge.yml Adds a Dependabot auto-merge workflow that delegates to an org reusable workflow.
.github/workflows/ci.yml Adds workflow dispatch, Python matrix, formatting check, and coverage generation/upload.
profile_manager.py ruff format-only line collapsing (no functional changes).
profile_server.py ruff format-only line collapsing and string literal formatting.
tests/test_profile_manager.py ruff format-only line collapsing in tests.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/dependabot-auto-merge.yml
@jack-arturo jack-arturo enabled auto-merge (squash) April 28, 2026 00:25
@jack-arturo
Update .github/workflows/dependabot-auto-merge.yml
4800d1b 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@jack-arturo jack-arturo merged commit f3ed8c1 into main Apr 28, 2026
6 checks passed
@jack-arturo jack-arturo deleted the chore/0.3.0-prerelease-cleanup branch April 28, 2026 00:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jack-arturo