Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ updates:
semver-patch-days: 7
semver-minor-days: 14
semver-major-days: 30
default-days: 7
commit-message:
prefix: "chore"
include: "scope"
Expand Down
12 changes: 10 additions & 2 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: "CodeQL Advanced"

permissions:
contents: read

on:
push:
branches: [ "master" ]
Expand All @@ -9,13 +12,16 @@ on:
- cron: '36 16 * * 6'
workflow_dispatch:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
analyze:
name: Analyze (${{ matrix.language }})
runs-on: ubuntu-26.04
permissions:
# required for all workflows
security-events: write
security-events: write # Required for CodeQL to upload results to GitHub Security and Quality tab

strategy:
fail-fast: false
Expand All @@ -29,6 +35,8 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # 7.0.0
with:
persist-credentials: false

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
Expand Down
10 changes: 8 additions & 2 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,10 @@ on:
branches: [ master ]
workflow_dispatch:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
tests:
timeout-minutes: 20
Expand Down Expand Up @@ -54,11 +58,13 @@ jobs:
- name: Clone repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # 7.0.0
with:
persist-credentials: true # Required for Codecov OIDC authentication
persist-credentials: false

- name: Test with pytest
env:
PYTHON_VERSION: ${{ matrix.python-version }}
run: |
uv run --python ${{ matrix.python-version }} --group tests --locked pytest
uv run --python "$PYTHON_VERSION" --group tests --locked pytest

- name: Upload coverage to Codecov
if: matrix.os == 'ubuntu-26.04' && matrix.python-version == '3.14'
Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/zizmor.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Zizmor

permissions:
contents: read

on:
push:
branches: [ master ]
paths: [ '.github/workflows/**' ]
pull_request:
branches: [ master ]
paths: [ '.github/workflows/**' ]
workflow_dispatch:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
zizmor:
timeout-minutes: 10
name: Lint GitHub Actions with zizmor
runs-on: ubuntu-26.04
steps:
- name: Install uv
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # 8.2.0

- name: Clone repository
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # 7.0.0
with:
persist-credentials: false

- name: Run zizmor
run: |
make zizmor-check
7 changes: 7 additions & 0 deletions .pre-commit-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,13 @@ repos:
- id: mypy
args: [--config-file=pyproject.toml]

# zizmor for github actions linting
- repo: https://github.com/zizmorcore/zizmor-pre-commit
rev: v1.26.1 # Keep in sync zizmor version with pyproject.toml
hooks:
- id: zizmor
args: [--no-progress, --fix, --persona=auditor]

# Standard pre-commit hooks
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
Expand Down
9 changes: 7 additions & 2 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
.PHONY: default install format fix ruff-check mypy-check check benchmark-test integration-test property-test unit-test test doc publish clean
.PHONY: default install format fix ruff-check mypy-check zizmor-check check benchmark-test integration-test property-test unit-test test doc publish clean

UV := $(shell command -v uv 2>/dev/null || true)
ifeq ($(UV),)
$(warning uv not found. Install uv (curl -LsSf https://astral.sh/uv/install.sh | sh) to use Makefile targets)
endif

default:
@echo "Usage: make [install|format|fix|ruff-check|mypy-check|check|benchmark-test|integration-test|property-test|unit-test|test|doc|publish|clean]"
@echo "Usage: make [install|format|fix|ruff-check|mypy-check|zizmor-check|check|benchmark-test|integration-test|property-test|unit-test|test|doc|publish|clean]"
@exit 1

install:
Expand All @@ -17,6 +17,7 @@ format:

fix:
uv run --group quality --locked ruff check --fix
uv run --group quality --locked zizmor --collect=all --no-progress --fix --persona=auditor .

ruff-check:
uv run --group quality --locked ruff check
Expand All @@ -25,9 +26,13 @@ ruff-check:
mypy-check:
uv run --group tests --group types --group quality --locked mypy

zizmor-check:
uv run --group quality --locked zizmor --collect=all --no-progress --persona=auditor .

check:
make ruff-check
make mypy-check
make zizmor-check

benchmark-test:
uv run --group tests --locked pytest -m perf
Expand Down
11 changes: 10 additions & 1 deletion make.bat
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ if "%1"=="format" goto format
if "%1"=="fix" goto fix
if "%1"=="ruff-check" goto ruff-check
if "%1"=="mypy-check" goto mypy-check
if "%1"=="zizmor-check" goto zizmor-check
Comment thread
mdevolde marked this conversation as resolved.
if "%1"=="check" goto check
if "%1"=="benchmark-test" goto benchmark-test
if "%1"=="integration-test" goto integration-test
Expand All @@ -22,7 +23,7 @@ if "%1"=="doc" goto doc
if "%1"=="publish" goto publish
if "%1"=="clean" goto clean

echo Usage: make.bat [install^|format^|fix^|ruff-check^|mypy-check^|check^|benchmark-test^|integration-test^|property-test^|unit-test^|test^|doc^|publish^|clean]
echo Usage: make.bat [install^|format^|fix^|ruff-check^|mypy-check^|zizmor-check^|check^|benchmark-test^|integration-test^|property-test^|unit-test^|test^|doc^|publish^|clean]
exit /b 1

:install
Expand All @@ -35,6 +36,8 @@ exit /b %errorlevel%

:fix
uv run --group quality --locked ruff check --fix
if errorlevel 1 exit /b %errorlevel%
uv run --group quality --locked zizmor --collect=all --no-progress --fix --persona=auditor .
exit /b %errorlevel%

:ruff-check
Expand All @@ -48,10 +51,16 @@ exit /b %errorlevel%
uv run --group tests --group types --group quality --locked mypy
exit /b %errorlevel%

:zizmor-check
uv run --group quality --locked zizmor --collect=all --no-progress --persona=auditor .
exit /b %errorlevel%

:check
call :ruff-check
if errorlevel 1 exit /b %errorlevel%
call :mypy-check
if errorlevel 1 exit /b %errorlevel%
call :zizmor-check
exit /b %errorlevel%

:benchmark-test
Expand Down
2 changes: 2 additions & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ quality = [
"mypy==2.1.0",
# Keep in sync ruff version with .pre-commit-config.yaml
"ruff==0.15.16",
# Keep in sync zizmor version with .pre-commit-config.yaml
"zizmor==1.26.1"
]


Expand Down
20 changes: 20 additions & 0 deletions uv.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading