From 1d7bd94e1ef0dc52a3be18acb5b67c8ab746210a Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 6 Feb 2025 17:24:55 -0500 Subject: [PATCH 1/3] update cookiecutter template --- .cruft.json | 5 +- .github/workflows/bump-version.yml | 19 +-- .github/workflows/cache-cleaner.yml | 6 +- .github/workflows/codeql.yml | 99 ++++++++++++ .github/workflows/dependency-review.yml | 4 +- .github/workflows/first-pull-request.yml | 2 +- .github/workflows/label.yml | 2 +- .github/workflows/main.yml | 32 ++-- .github/workflows/publish-pypi.yml | 9 +- .github/workflows/scorecard.yml | 6 +- .github/workflows/tag-testpypi.yml | 15 +- .github/workflows/workflow-warning.yml | 2 +- .pre-commit-config.yaml | 44 ++++-- .readthedocs.yml | 4 +- .zizmor.yml | 6 + CI/requirements_ci.in | 11 +- CI/requirements_ci.txt | 192 +++++++++++++---------- README.rst | 16 +- docs/conf.py | 3 +- environment-dev.yml | 27 ++-- environment-docs.yml | 10 +- pyproject.toml | 54 ++++--- tests/test_xhydro_lstm.py | 35 +++-- tox.ini | 22 ++- 24 files changed, 407 insertions(+), 218 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .zizmor.yml diff --git a/.cruft.json b/.cruft.json index e4fd843..8544e34 100644 --- a/.cruft.json +++ b/.cruft.json @@ -1,6 +1,6 @@ { "template": "https://github.com/Ouranosinc/cookiecutter-pypackage", - "commit": "1d9ee5f08d3e8e4f78a4aabb75e2ce4eff8750bf", + "commit": "2b31b0f76a180ad93e5a49fe5744306fefb48c9c", "checkout": null, "context": { "cookiecutter": { @@ -23,7 +23,8 @@ "open_source_license": "Apache Software License 2.0", "generated_with_cruft": "y", "__gh_slug": "https://github.com/hydrologie/xhydro-lstm", - "_template": "https://github.com/Ouranosinc/cookiecutter-pypackage" + "_template": "https://github.com/Ouranosinc/cookiecutter-pypackage", + "_commit": "2b31b0f76a180ad93e5a49fe5744306fefb48c9c" } }, "directory": null diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 0a20dc0..256ddca 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -44,7 +44,7 @@ jobs: actions: read steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block @@ -64,7 +64,7 @@ jobs: with: token: ${{ steps.token_generator.outputs.token }} - name: Set up Python3 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.x" - name: Import GPG Key @@ -75,28 +75,23 @@ jobs: git_user_signingkey: true git_commit_gpgsign: true trust_level: 5 - - name: Current Version - run: | - CURRENT_VERSION="$(grep -E '__version__' src/xhydro_lstm/__init__.py | cut -d ' ' -f3)" - echo "current_version=${CURRENT_VERSION}" - echo "CURRENT_VERSION=${CURRENT_VERSION}" >> $GITHUB_ENV - name: Install CI libraries run: | python -m pip install --require-hashes -r CI/requirements_ci.txt - name: Conditional Bump run: | - if [[ ${{ env.CURRENT_VERSION }} =~ -dev(\.\d+)? ]]; then + CURRENT_VERSION=$(bump-my-version show current_version) + if [[ ${CURRENT_VERSION} =~ -dev(\.\d+)? ]]; then echo "Development version (ends in 'dev(\.\d+)?'), bumping 'build' version" bump-my-version bump build else echo "Version is stable, bumping 'patch' version" bump-my-version bump patch fi - NEW_VERSION="$(grep -E '__version__' src/xhydro_lstm/__init__.py | cut -d ' ' -f3)" - echo "new_version=${NEW_VERSION}" - echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV + echo "new_version=$(bump-my-version show current_version)" - name: Push Changes uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0 with: - force: false branch: ${{ github.ref }} + force: false + github_token: ${{ steps.token_generator.outputs.token }} diff --git a/.github/workflows/cache-cleaner.yml b/.github/workflows/cache-cleaner.yml index 73cc92a..45e41a8 100644 --- a/.github/workflows/cache-cleaner.yml +++ b/.github/workflows/cache-cleaner.yml @@ -5,7 +5,7 @@ on: types: - closed -permissions: # added using https://github.com/step-security/secure-repo +permissions: contents: read jobs: @@ -16,7 +16,7 @@ jobs: actions: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block @@ -27,6 +27,8 @@ jobs: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Cleanup run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..9630a36 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,99 @@ +# For most projects, this workflow file will not need changing; you simply need to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +name: "CodeQL Advanced" + +on: + push: + branches: + - main + pull_request: + branches: + - main + schedule: + - cron: '36 9 * * 1' + +permissions: + contents: read + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: python + build-mode: none + # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Harden Runner + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 + with: + disable-sudo: true + egress-policy: audit + + - name: Checkout Repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: + # https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + echo 'If you are using a "manual" build mode for one or more of the' \ + 'languages you are analyzing, replace this with the commands to build' \ + 'your code, for example:' + echo ' make bootstrap' + echo ' make release' + exit 1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index b59a398..990104e 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block @@ -28,6 +28,8 @@ jobs: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Dependency Review uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/first-pull-request.yml b/.github/workflows/first-pull-request.yml index 1b39c0f..bcae990 100644 --- a/.github/workflows/first-pull-request.yml +++ b/.github/workflows/first-pull-request.yml @@ -16,7 +16,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml index f7d1d41..2bc4982 100644 --- a/.github/workflows/label.yml +++ b/.github/workflows/label.yml @@ -23,7 +23,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 13f56f3..e0f6165 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -31,19 +31,27 @@ jobs: - "3.x" steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python${{ matrix.python-version }} - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: ${{ matrix.python-version }} cache: "pip" - name: Install CI libraries run: | python -m pip install --require-hashes -r CI/requirements_ci.txt + - name: Environment Caching + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 + with: + path: | + .tox + key: ${{ hashFiles('pyproject.toml', 'tox.ini') }}-lint - name: Run linting suite run: | python -m tox -e lint @@ -63,13 +71,15 @@ jobs: # - "3.13 steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python${{ matrix.python-version }} - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: ${{ matrix.python-version }} cache: "pip" @@ -103,28 +113,26 @@ jobs: shell: bash -l {0} steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }} - uses: mamba-org/setup-micromamba@068f1ab4b37ed9b3d9f73da7db90a0cda0a48d29 # v2.0.3 + uses: mamba-org/setup-micromamba@0dea6379afdaffa5d528b3d1dabc45da37f443fc # v2.0.4 with: cache-downloads: true environment-file: environment-dev.yml create-args: >- python=${{ matrix.python-version }} - micromamba-version: "1.5.10-0" # pinned to avoid the breaking changes with mamba and micromamba (2.0.0). - - name: Conda and Mamba versions - run: | - echo "micromamba $(micromamba --version)" - name: Install xhydro-lstm run: | python -m pip install --no-deps . - name: Check versions run: | - conda list + micromamba list python -m pip check || true - name: Test with pytest run: | @@ -145,7 +153,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: audit diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index fd11072..876a74c 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -18,7 +18,7 @@ jobs: id-token: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block @@ -26,11 +26,14 @@ jobs: files.pythonhosted.org:443 github.com:443 pypi.org:443 + ruf-repo-cdn.sigstore.dev:443 upload.pypi.org:443 - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python3 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.x" - name: Install CI libraries @@ -40,4 +43,4 @@ jobs: run: | python -m flit build - name: Publish distribution đŸ“Ļ to PyPI - uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3a78201..d7bc529 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -16,7 +16,9 @@ on: - main # Declare default permissions as read only. -permissions: read-all +# Read-all permission is not technically needed for this workflow. +permissions: + contents: read jobs: analysis: @@ -29,7 +31,7 @@ jobs: id-token: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block diff --git a/.github/workflows/tag-testpypi.yml b/.github/workflows/tag-testpypi.yml index 927d5f5..75f57d5 100644 --- a/.github/workflows/tag-testpypi.yml +++ b/.github/workflows/tag-testpypi.yml @@ -17,11 +17,13 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: egress-policy: audit - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Create Release uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # 2.2.0 env: @@ -29,7 +31,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ github.ref_name }} - name: Release ${{ github.ref_name }} + name: ${{ github.ref_name }} draft: true prerelease: false @@ -42,7 +44,7 @@ jobs: id-token: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block @@ -50,11 +52,14 @@ jobs: files.pythonhosted.org:443 github.com:443 pypi.org:443 + ruf-repo-cdn.sigstore.dev:443 test.pypi.org:443 - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false - name: Set up Python3 - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.x" - name: Install CI libraries @@ -64,7 +69,7 @@ jobs: run: | python -m flit build - name: Publish distribution đŸ“Ļ to Test PyPI - uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 with: repository-url: https://test.pypi.org/legacy/ skip-existing: true diff --git a/.github/workflows/workflow-warning.yml b/.github/workflows/workflow-warning.yml index fcb2d20..216c7fc 100644 --- a/.github/workflows/workflow-warning.yml +++ b/.github/workflows/workflow-warning.yml @@ -25,7 +25,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4 with: disable-sudo: true egress-policy: block diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index c06b8ed..75453ad 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -6,7 +6,7 @@ repos: rev: v3.19.1 hooks: - id: pyupgrade - args: [ '--py38-plus' ] + args: [ '--py39-plus' ] - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: @@ -23,26 +23,34 @@ repos: rev: v0.24.2 hooks: - id: toml-sort-fix + - repo: https://github.com/adrienverge/yamllint.git + rev: v1.35.1 + hooks: + - id: yamllint + args: [ '--config-file=.yamllint.yaml' ] - repo: https://github.com/pre-commit/pygrep-hooks rev: v1.10.0 hooks: - id: python-check-blanket-noqa + - id: python-check-blanket-type-ignore - id: python-no-eval - id: python-no-log-warn - id: python-use-type-annotations + - id: rst-directive-colons - id: rst-inline-touching-normal + - id: text-unicode-replacement-char - repo: https://github.com/psf/black-pre-commit-mirror - rev: 24.10.0 + rev: 25.1.0 hooks: - id: black exclude: ^docs/ - repo: https://github.com/PyCQA/isort - rev: 5.13.2 + rev: 6.0.0 hooks: - id: isort exclude: ^docs/ - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.8.6 + rev: v0.9.0 hooks: - id: ruff args: [ '--fix' ] @@ -53,17 +61,26 @@ repos: - id: flake8 additional_dependencies: [ 'flake8-rst-docstrings' ] args: [ '--config=.flake8' ] + - repo: https://github.com/jendrikseipp/vulture + rev: v2.13 + hooks: + - id: vulture +# - repo: https://github.com/pre-commit/mirrors-mypy +# rev: v1.14.1 +# hooks: +# - id: mypy - repo: https://github.com/keewis/blackdoc rev: v0.3.9 hooks: - id: blackdoc - additional_dependencies: [ 'black==24.10.0' ] + additional_dependencies: [ 'black==25.1.0' ] - id: blackdoc-autoupdate-black - - repo: https://github.com/adrienverge/yamllint.git - rev: v1.35.1 + - repo: https://github.com/codespell-project/codespell + rev: v2.3.0 hooks: - - id: yamllint - args: [ '--config-file=.yamllint.yaml' ] + - id: codespell + additional_dependencies: [ 'tomli' ] + args: [ '--toml=pyproject.toml' ] - repo: https://github.com/numpy/numpydoc rev: v1.8.0 hooks: @@ -74,6 +91,15 @@ repos: hooks: - id: check-github-workflows - id: check-readthedocs + - repo: https://github.com/woodruffw/zizmor-pre-commit + rev: v0.8.0 + hooks: + - id: zizmor + args: [ '--config=.zizmor.yml' ] + - repo: https://github.com/gitleaks/gitleaks + rev: v8.21.2 + hooks: + - id: gitleaks - repo: meta hooks: - id: check-hooks-apply diff --git a/.readthedocs.yml b/.readthedocs.yml index c1601ea..60faa1b 100644 --- a/.readthedocs.yml +++ b/.readthedocs.yml @@ -11,9 +11,9 @@ sphinx: fail_on_warning: true build: - os: ubuntu-22.04 + os: "ubuntu-24.04" tools: - python: "mambaforge-22.9" + python: "mambaforge-23.11" jobs: pre_build: - sphinx-apidoc -o docs/apidoc --private --module-first src/xhydro_lstm diff --git a/.zizmor.yml b/.zizmor.yml new file mode 100644 index 0000000..6ac3215 --- /dev/null +++ b/.zizmor.yml @@ -0,0 +1,6 @@ +rules: + dangerous-triggers: + ignore: + - label.yml:9 + - first-pull-request.yml:3 + - workflow-warning.yml:3 diff --git a/CI/requirements_ci.in b/CI/requirements_ci.in index 4662e99..3f6dbb4 100644 --- a/CI/requirements_ci.in +++ b/CI/requirements_ci.in @@ -1,6 +1,7 @@ -bump-my-version==0.29.0 -coveralls==4.0.1 -pip==24.3.1 +bump-my-version==0.31.1 +deptry==0.23.0 flit==3.10.1 -tox==4.23.2 -tox-gh==1.4.1 +pip==25.0 +pylint==3.3.4 +tox-gh==1.5.0 +tox==4.24.1 diff --git a/CI/requirements_ci.txt b/CI/requirements_ci.txt index 08ce391..b2ab195 100644 --- a/CI/requirements_ci.txt +++ b/CI/requirements_ci.txt @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.8 +# This file is autogenerated by pip-compile with Python 3.9 # by the following command: # # pip-compile --generate-hashes --output-file=CI/requirements_ci.txt CI/requirements_ci.in @@ -8,13 +8,17 @@ annotated-types==0.7.0 \ --hash=sha256:1f02e8b43a8fbbc3f3e0d4f0f4bfc8131bcb4eebe8849b8e5c773f3a1c582a53 \ --hash=sha256:aff07c09a53a08bc8cfccb9c85b05f1aa9a2a6f23728d790723543408344ce89 # via pydantic +astroid==3.3.8 \ + --hash=sha256:187ccc0c248bfbba564826c26f070494f7bc964fd286b6d9fff4420e55de828c \ + --hash=sha256:a88c7994f914a4ea8572fac479459f4955eeccc877be3f2d959a33273b0cf40b + # via pylint bracex==2.4 \ --hash=sha256:a27eaf1df42cf561fed58b7a8f3fdf129d1ea16a81e1fadd1d17989bc6384beb \ --hash=sha256:efdc71eff95eaff5e0f8cfebe7d01adf2c8637c8c92edaf63ef348c241a82418 # via wcmatch -bump-my-version==0.29.0 \ - --hash=sha256:6566ab25bd3eeeec109f4ac7e4464227a3ac1fd57f847d259a24800423cd9037 \ - --hash=sha256:e4149ed63b4772f5868b3fcabb8fa5e1191b8abae6d35effd0be980d4b0f55e3 +bump-my-version==0.31.1 \ + --hash=sha256:3b9f496eb5554208d91f84fcb781628bdd4549e055fd3282804959453ebd1857 \ + --hash=sha256:83962dbd593b3edb426661a4c2276a0842a7eaa5dee896543b771c358ac78915 # via -r CI/requirements_ci.in cachetools==5.5.0 \ --hash=sha256:02134e8439cdc2ffb62023ce1debca2944c3f289d66bb17ead3ab3dede74b292 \ @@ -125,76 +129,38 @@ click==8.1.7 \ --hash=sha256:ca9853ad459e787e2192211578cc907e7594e294c7ccc834310722b41b9ca6de # via # bump-my-version + # deptry # rich-click colorama==0.4.6 \ --hash=sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44 \ --hash=sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6 # via tox -coverage[toml]==7.6.0 \ - --hash=sha256:0086cd4fc71b7d485ac93ca4239c8f75732c2ae3ba83f6be1c9be59d9e2c6382 \ - --hash=sha256:01c322ef2bbe15057bc4bf132b525b7e3f7206f071799eb8aa6ad1940bcf5fb1 \ - --hash=sha256:03cafe82c1b32b770a29fd6de923625ccac3185a54a5e66606da26d105f37dac \ - --hash=sha256:044a0985a4f25b335882b0966625270a8d9db3d3409ddc49a4eb00b0ef5e8cee \ - --hash=sha256:07ed352205574aad067482e53dd606926afebcb5590653121063fbf4e2175166 \ - --hash=sha256:0d1b923fc4a40c5832be4f35a5dab0e5ff89cddf83bb4174499e02ea089daf57 \ - --hash=sha256:0e7b27d04131c46e6894f23a4ae186a6a2207209a05df5b6ad4caee6d54a222c \ - --hash=sha256:1fad32ee9b27350687035cb5fdf9145bc9cf0a094a9577d43e909948ebcfa27b \ - --hash=sha256:289cc803fa1dc901f84701ac10c9ee873619320f2f9aff38794db4a4a0268d51 \ - --hash=sha256:3c59105f8d58ce500f348c5b56163a4113a440dad6daa2294b5052a10db866da \ - --hash=sha256:46c3d091059ad0b9c59d1034de74a7f36dcfa7f6d3bde782c49deb42438f2450 \ - --hash=sha256:482855914928c8175735a2a59c8dc5806cf7d8f032e4820d52e845d1f731dca2 \ - --hash=sha256:49c76cdfa13015c4560702574bad67f0e15ca5a2872c6a125f6327ead2b731dd \ - --hash=sha256:4b03741e70fb811d1a9a1d75355cf391f274ed85847f4b78e35459899f57af4d \ - --hash=sha256:4bea27c4269234e06f621f3fac3925f56ff34bc14521484b8f66a580aacc2e7d \ - --hash=sha256:4d5fae0a22dc86259dee66f2cc6c1d3e490c4a1214d7daa2a93d07491c5c04b6 \ - --hash=sha256:543ef9179bc55edfd895154a51792b01c017c87af0ebaae092720152e19e42ca \ - --hash=sha256:54dece71673b3187c86226c3ca793c5f891f9fc3d8aa183f2e3653da18566169 \ - --hash=sha256:6379688fb4cfa921ae349c76eb1a9ab26b65f32b03d46bb0eed841fd4cb6afb1 \ - --hash=sha256:65fa405b837060db569a61ec368b74688f429b32fa47a8929a7a2f9b47183713 \ - --hash=sha256:6616d1c9bf1e3faea78711ee42a8b972367d82ceae233ec0ac61cc7fec09fa6b \ - --hash=sha256:6fe885135c8a479d3e37a7aae61cbd3a0fb2deccb4dda3c25f92a49189f766d6 \ - --hash=sha256:7221f9ac9dad9492cecab6f676b3eaf9185141539d5c9689d13fd6b0d7de840c \ - --hash=sha256:76d5f82213aa78098b9b964ea89de4617e70e0d43e97900c2778a50856dac605 \ - --hash=sha256:7792f0ab20df8071d669d929c75c97fecfa6bcab82c10ee4adb91c7a54055463 \ - --hash=sha256:831b476d79408ab6ccfadaaf199906c833f02fdb32c9ab907b1d4aa0713cfa3b \ - --hash=sha256:9146579352d7b5f6412735d0f203bbd8d00113a680b66565e205bc605ef81bc6 \ - --hash=sha256:9cc44bf0315268e253bf563f3560e6c004efe38f76db03a1558274a6e04bf5d5 \ - --hash=sha256:a73d18625f6a8a1cbb11eadc1d03929f9510f4131879288e3f7922097a429f63 \ - --hash=sha256:a8659fd33ee9e6ca03950cfdcdf271d645cf681609153f218826dd9805ab585c \ - --hash=sha256:a94925102c89247530ae1dab7dc02c690942566f22e189cbd53579b0693c0783 \ - --hash=sha256:ad4567d6c334c46046d1c4c20024de2a1c3abc626817ae21ae3da600f5779b44 \ - --hash=sha256:b2e16f4cd2bc4d88ba30ca2d3bbf2f21f00f382cf4e1ce3b1ddc96c634bc48ca \ - --hash=sha256:bbdf9a72403110a3bdae77948b8011f644571311c2fb35ee15f0f10a8fc082e8 \ - --hash=sha256:beb08e8508e53a568811016e59f3234d29c2583f6b6e28572f0954a6b4f7e03d \ - --hash=sha256:c4cbe651f3904e28f3a55d6f371203049034b4ddbce65a54527a3f189ca3b390 \ - --hash=sha256:c7b525ab52ce18c57ae232ba6f7010297a87ced82a2383b1afd238849c1ff933 \ - --hash=sha256:ca5d79cfdae420a1d52bf177de4bc2289c321d6c961ae321503b2ca59c17ae67 \ - --hash=sha256:cdab02a0a941af190df8782aafc591ef3ad08824f97850b015c8c6a8b3877b0b \ - --hash=sha256:d17c6a415d68cfe1091d3296ba5749d3d8696e42c37fca5d4860c5bf7b729f03 \ - --hash=sha256:d39bd10f0ae453554798b125d2f39884290c480f56e8a02ba7a6ed552005243b \ - --hash=sha256:d4b3cd1ca7cd73d229487fa5caca9e4bc1f0bca96526b922d61053ea751fe791 \ - --hash=sha256:d50a252b23b9b4dfeefc1f663c568a221092cbaded20a05a11665d0dbec9b8fb \ - --hash=sha256:da8549d17489cd52f85a9829d0e1d91059359b3c54a26f28bec2c5d369524807 \ - --hash=sha256:dcd070b5b585b50e6617e8972f3fbbee786afca71b1936ac06257f7e178f00f6 \ - --hash=sha256:ddaaa91bfc4477d2871442bbf30a125e8fe6b05da8a0015507bfbf4718228ab2 \ - --hash=sha256:df423f351b162a702c053d5dddc0fc0ef9a9e27ea3f449781ace5f906b664428 \ - --hash=sha256:dff044f661f59dace805eedb4a7404c573b6ff0cdba4a524141bc63d7be5c7fd \ - --hash=sha256:e7e128f85c0b419907d1f38e616c4f1e9f1d1b37a7949f44df9a73d5da5cd53c \ - --hash=sha256:ed8d1d1821ba5fc88d4a4f45387b65de52382fa3ef1f0115a4f7a20cdfab0e94 \ - --hash=sha256:f2501d60d7497fd55e391f423f965bbe9e650e9ffc3c627d5f0ac516026000b8 \ - --hash=sha256:f7db0b6ae1f96ae41afe626095149ecd1b212b424626175a6633c2999eaad45b - # via coveralls -coveralls==4.0.1 \ - --hash=sha256:7a6b1fa9848332c7b2221afb20f3df90272ac0167060f41b5fe90429b30b1809 \ - --hash=sha256:7b2a0a2bcef94f295e3cf28dcc55ca40b71c77d1c2446b538e85f0f7bc21aa69 +deptry==0.23.0 \ + --hash=sha256:04afae204654542406318fd3dd6f4a6697579597f37195437daf84a53ee0ebbf \ + --hash=sha256:1cfa4b3a46ee8a026eaa38e4b9ba43fe6036a07fe16bf0a663cb611b939f6af8 \ + --hash=sha256:1f2a6817a37d76e8f6b667381b7caf6ea3e6d6c18b5be24d36c625f387c79852 \ + --hash=sha256:40706dcbed54141f2d23afa70a272171c8c46531cd6f0f9c8ef482c906b3cee2 \ + --hash=sha256:4915a3590ccf38ad7a9176aee376745aa9de121f50f8da8fb9ccec87fa93e676 \ + --hash=sha256:583154732cfd438a4a090b7d13d8b2016f1ac2732534f34fb689345768d8538b \ + --hash=sha256:5f7e4b1a5232ed6d352fca7173750610a169377d1951d3e9782947191942a765 \ + --hash=sha256:736e7bc557aec6118b2a4d454f0d81f070782faeaa9d8d3c9a15985c9f265372 \ + --hash=sha256:889541844092f18e7b48631852195f36c25c5afd4d7e074b19ba824b430add50 \ + --hash=sha256:9601b64cc0aed42687fdd5c912d5f1e90d7f7333fb589b14e35bfdfebae866f3 \ + --hash=sha256:9a46f78098f145100dc582a59af8548b26cdfa16cf0fbd85d2d44645e724cb6a \ + --hash=sha256:9d03cc99a61c348df92074a50e0a71b28f264f0edbf686084ca90e6fd44e3abe \ + --hash=sha256:aff9156228eb16cd81792f920c1623c00cb59091ae572600ba0eac587da33c0c \ + --hash=sha256:d53e803b280791d89a051b6183d9dc40411200e22a8ab7e6c32c6b169822a664 \ + --hash=sha256:da7678624f4626d839c8c03675452cefc59d6cf57d25c84a9711dae514719279 \ + --hash=sha256:e6172b2205f6e84bcc9df25226693d4deb9576a6f746c2ace828f6d13401d357 # via -r CI/requirements_ci.in +dill==0.3.9 \ + --hash=sha256:468dff3b89520b474c0397703366b7b95eebe6303f108adf9b19da1f702be87a \ + --hash=sha256:81aa267dddf68cbfe8029c42ca9ec6a4ab3b22371d1c450abc54422577b4512c + # via pylint distlib==0.3.8 \ --hash=sha256:034db59a0b96f8ca18035f36290806a9a6e6bd9d1ff91e45a7f172eb17e51784 \ --hash=sha256:1530ea13e350031b6312d8580ddb6b27a104275a31106523b8f123787f494f64 # via virtualenv -docopt==0.6.2 \ - --hash=sha256:49b3a825280bd66b3aa83585ef59c4a8c82f2c8a522dbe754a8bc8d08c85c491 - # via coveralls docutils==0.20.1 \ --hash=sha256:96f387a2c5562db4476f09f13bbab2192e764cac08ebbf3a34a95d9b1e4a59d6 \ --hash=sha256:f08a4e276c3a1583a86dce3e34aba3fe04d02bba2dd51ed16106244e8a923e3b @@ -217,24 +183,35 @@ idna==3.7 \ --hash=sha256:028ff3aadf0609c1fd278d8ea3089299412a7a8b9bd005dd08b9f8285bcb5cfc \ --hash=sha256:82fee1fc78add43492d3a1898bfa6d8a904cc97d8427f683ed8e798d07761aa0 # via requests +isort==6.0.0 \ + --hash=sha256:567954102bb47bb12e0fae62606570faacddd441e45683968c8d1734fb1af892 \ + --hash=sha256:75d9d8a1438a9432a7d7b54f2d3b45cad9a4a0fdba43617d9873379704a8bdf1 + # via pylint markdown-it-py==3.0.0 \ --hash=sha256:355216845c60bd96232cd8d8c40e8f9765cc86f46880e43a8fd22dc1a1a8cab1 \ --hash=sha256:e3f60a94fa066dc52ec76661e37c851cb232d92f9886b15cb560aaada2df8feb # via rich +mccabe==0.7.0 \ + --hash=sha256:348e0240c33b60bbdf4e523192ef919f28cb2c3d7d5c7794f74009290f236325 \ + --hash=sha256:6c2d30ab6be0e4a46919781807b4f0d834ebdd6c6e3dca0bda5a15f863427b6e + # via pylint mdurl==0.1.2 \ --hash=sha256:84008a41e51615a49fc9966191ff91509e3c40b939176e643fd50a5c2196b8f8 \ --hash=sha256:bb413d29f5eea38f31dd4754dd7377d4465116fb207585f97bf925588687c1ba # via markdown-it-py -packaging==24.1 \ - --hash=sha256:026ed72c8ed3fcce5bf8950572258698927fd1dbda10a5e981cdf0ac37f4f002 \ - --hash=sha256:5b8f2217dbdbd2f7f384c41c628544e6d52f2d0f53c6d0c3ea61aa5d1d7ff124 +packaging==24.2 \ + --hash=sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 \ + --hash=sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f # via + # deptry # pyproject-api + # requirements-parser # tox platformdirs==4.3.6 \ --hash=sha256:357fb2acbc885b0419afd3ce3ed34564c13c9b95c89360cd9563f73aa5e2b907 \ --hash=sha256:73e575e1408ab8103900836b97580d5307456908a03e92031bab39e4554cc3fb # via + # pylint # tox # virtualenv pluggy==1.5.0 \ @@ -350,6 +327,10 @@ pygments==2.18.0 \ --hash=sha256:786ff802f32e91311bff3889f6e9a86e81505fe99f2735bb6d60ae0c5004f199 \ --hash=sha256:b8e6aca0523f3ab76fee51799c488e38782ac06eafcf95e7ba832985c8e7b13a # via rich +pylint==3.3.4 \ + --hash=sha256:289e6a1eb27b453b08436478391a48cd53bb0efb824873f949e709350f3de018 \ + --hash=sha256:74ae7a38b177e69a9b525d0794bd8183820bfa7eb68cc1bee6e8ed22a42be4ce + # via -r CI/requirements_ci.in pyproject-api==1.8.0 \ --hash=sha256:3d7d347a047afe796fd5d1885b1e391ba29be7169bd2f102fcd378f04273d228 \ --hash=sha256:77b8049f2feb5d33eefcc21b57f1e279636277a8ac8ad6b5871037b243778496 @@ -365,9 +346,11 @@ questionary==2.0.1 \ requests==2.32.3 \ --hash=sha256:55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760 \ --hash=sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6 - # via - # coveralls - # flit + # via flit +requirements-parser==0.11.0 \ + --hash=sha256:35f36dc969d14830bf459803da84f314dc3d17c802592e9e970f63d0359e5920 \ + --hash=sha256:50379eb50311834386c2568263ae5225d7b9d0867fb55cf4ecc93959de2c2684 + # via deptry rich==13.7.1 \ --hash=sha256:4edbae314f59eb482f54e9e30bf00d33350aaa94f4bfcd4e9e3110e64d0d7222 \ --hash=sha256:9be308cb1fe2f1f57d67ce99e95af38a1e2bc71ad9813b0e247cf7ffbcc3a432 @@ -378,11 +361,42 @@ rich-click==1.8.3 \ --hash=sha256:636d9c040d31c5eee242201b5bf4f2d358bfae4db14bb22ec1cafa717cfd02cd \ --hash=sha256:6d75bdfa7aa9ed2c467789a0688bc6da23fbe3a143e19aa6ad3f8bac113d2ab3 # via bump-my-version -tomli==2.0.1 \ - --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \ - --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f +tomli==2.2.1 \ + --hash=sha256:023aa114dd824ade0100497eb2318602af309e5a55595f76b626d6d9f3b7b0a6 \ + --hash=sha256:02abe224de6ae62c19f090f68da4e27b10af2b93213d36cf44e6e1c5abd19fdd \ + --hash=sha256:286f0ca2ffeeb5b9bd4fcc8d6c330534323ec51b2f52da063b11c502da16f30c \ + --hash=sha256:2d0f2fdd22b02c6d81637a3c95f8cd77f995846af7414c5c4b8d0545afa1bc4b \ + --hash=sha256:33580bccab0338d00994d7f16f4c4ec25b776af3ffaac1ed74e0b3fc95e885a8 \ + --hash=sha256:400e720fe168c0f8521520190686ef8ef033fb19fc493da09779e592861b78c6 \ + --hash=sha256:40741994320b232529c802f8bc86da4e1aa9f413db394617b9a256ae0f9a7f77 \ + --hash=sha256:465af0e0875402f1d226519c9904f37254b3045fc5084697cefb9bdde1ff99ff \ + --hash=sha256:4a8f6e44de52d5e6c657c9fe83b562f5f4256d8ebbfe4ff922c495620a7f6cea \ + --hash=sha256:4e340144ad7ae1533cb897d406382b4b6fede8890a03738ff1683af800d54192 \ + --hash=sha256:678e4fa69e4575eb77d103de3df8a895e1591b48e740211bd1067378c69e8249 \ + --hash=sha256:6972ca9c9cc9f0acaa56a8ca1ff51e7af152a9f87fb64623e31d5c83700080ee \ + --hash=sha256:7fc04e92e1d624a4a63c76474610238576942d6b8950a2d7f908a340494e67e4 \ + --hash=sha256:889f80ef92701b9dbb224e49ec87c645ce5df3fa2cc548664eb8a25e03127a98 \ + --hash=sha256:8d57ca8095a641b8237d5b079147646153d22552f1c637fd3ba7f4b0b29167a8 \ + --hash=sha256:8dd28b3e155b80f4d54beb40a441d366adcfe740969820caf156c019fb5c7ec4 \ + --hash=sha256:9316dc65bed1684c9a98ee68759ceaed29d229e985297003e494aa825ebb0281 \ + --hash=sha256:a198f10c4d1b1375d7687bc25294306e551bf1abfa4eace6650070a5c1ae2744 \ + --hash=sha256:a38aa0308e754b0e3c67e344754dff64999ff9b513e691d0e786265c93583c69 \ + --hash=sha256:a92ef1a44547e894e2a17d24e7557a5e85a9e1d0048b0b5e7541f76c5032cb13 \ + --hash=sha256:ac065718db92ca818f8d6141b5f66369833d4a80a9d74435a268c52bdfa73140 \ + --hash=sha256:b82ebccc8c8a36f2094e969560a1b836758481f3dc360ce9a3277c65f374285e \ + --hash=sha256:c954d2250168d28797dd4e3ac5cf812a406cd5a92674ee4c8f123c889786aa8e \ + --hash=sha256:cb55c73c5f4408779d0cf3eef9f762b9c9f147a77de7b258bef0a5628adc85cc \ + --hash=sha256:cd45e1dc79c835ce60f7404ec8119f2eb06d38b1deba146f07ced3bbc44505ff \ + --hash=sha256:d3f5614314d758649ab2ab3a62d4f2004c825922f9e370b29416484086b264ec \ + --hash=sha256:d920f33822747519673ee656a4b6ac33e382eca9d331c87770faa3eef562aeb2 \ + --hash=sha256:db2b95f9de79181805df90bedc5a5ab4c165e6ec3fe99f970d0e302f384ad222 \ + --hash=sha256:e59e304978767a54663af13c07b3d1af22ddee3bb2fb0618ca1593e4f593a106 \ + --hash=sha256:e85e99945e688e32d5a35c1ff38ed0b3f41f43fad8df0bdf79f72b2ba7bc5272 \ + --hash=sha256:ece47d672db52ac607a3d9599a9d48dcb2f2f735c6c2d1f34130085bb12b112a \ + --hash=sha256:f4039b9cbc3048b2416cc57ab3bda989a6fcf9b36cf8937f01a6e731b64f80d7 # via - # coverage + # deptry + # pylint # pyproject-api # tox tomli-w==1.0.0 \ @@ -392,34 +406,40 @@ tomli-w==1.0.0 \ tomlkit==0.13.0 \ --hash=sha256:08ad192699734149f5b97b45f1f18dad7eb1b6d16bc72ad0c2335772650d7b72 \ --hash=sha256:7075d3042d03b80f603482d69bf0c8f345c2b30e41699fd8883227f89972b264 - # via bump-my-version -tox==4.23.2 \ - --hash=sha256:452bc32bb031f2282881a2118923176445bac783ab97c874b8770ab4c3b76c38 \ - --hash=sha256:86075e00e555df6e82e74cfc333917f91ecb47ffbc868dcafbd2672e332f4a2c + # via + # bump-my-version + # pylint +tox==4.24.1 \ + --hash=sha256:083a720adbc6166fff0b7d1df9d154f9d00bfccb9403b8abf6bc0ee435d6a62e \ + --hash=sha256:57ba7df7d199002c6df8c2db9e6484f3de6ca8f42013c083ea2d4d1e5c6bdc75 # via # -r CI/requirements_ci.in # tox-gh -tox-gh==1.4.1 \ - --hash=sha256:005b33d16eef1bd1dae9f7d8b3cef53374af7d475f9c9c33ef098247741fb694 \ - --hash=sha256:da422beccbdc5ad5994fe8faf6c193f2d794e957628b052ba23e7fcf9e2e340f +tox-gh==1.5.0 \ + --hash=sha256:bd4c56d1ebcde4ca2450fed347610a739614a7225945bdc89a67c8395eac9d63 \ + --hash=sha256:fd7e8c826f4576a02af4737fd4b738817660b63898c161d6ee8f658c885f7fa1 # via -r CI/requirements_ci.in +types-setuptools==75.8.0.20250110 \ + --hash=sha256:96f7ec8bbd6e0a54ea180d66ad68ad7a1d7954e7281a710ea2de75e355545271 \ + --hash=sha256:a9f12980bbf9bcdc23ecd80755789085bad6bfce4060c2275bc2b4ca9f2bc480 + # via requirements-parser typing-extensions==4.12.2 \ --hash=sha256:04e5ca0351e0f3f85c6853954072df659d0d13fac324d0072316b67d7794700d \ --hash=sha256:1a7ead55c7e559dd4dee8856e3a88b41225abfe1ce8df57b7c13915fe121ffb8 # via - # annotated-types + # astroid # pydantic # pydantic-core - # rich + # pylint # rich-click # tox urllib3==2.2.2 \ --hash=sha256:a448b2f64d686155468037e1ace9f2d2199776e17f0a46610480d311f73e3472 \ --hash=sha256:dd505485549a7a552833da5e6063639d0d177c04f23bc3864e41e5dc5f612168 # via requests -virtualenv==20.26.6 \ - --hash=sha256:280aede09a2a5c317e409a00102e7077c6432c5a38f0ef938e643805a7ad2c48 \ - --hash=sha256:7345cc5b25405607a624d8418154577459c3e0277f5466dd79c49d5e492995f2 +virtualenv==20.29.1 \ + --hash=sha256:4e4cb403c0b0da39e13b46b1b2476e505cb0046b25f242bee80f62bf990b2779 \ + --hash=sha256:b8b8970138d32fb606192cb97f6cd4bb644fa486be9308fb9b63f81091b5dc35 # via tox wcmatch==8.5.2 \ --hash=sha256:17d3ad3758f9d0b5b4dedc770b65420d4dac62e680229c287bf24c9db856a478 \ diff --git a/README.rst b/README.rst index 12dd523..e1e41e9 100644 --- a/README.rst +++ b/README.rst @@ -7,9 +7,9 @@ xhydro-lstm +----------------------------+-----------------------------------------------------+ | Documentation and Support | |docs| | +----------------------------+-----------------------------------------------------+ -| Open Source | |license| |ossf| | +| Open Source | |license| |ossf-score| | +----------------------------+-----------------------------------------------------+ -| Coding Standards | |black| |ruff| |pre-commit| | +| Coding Standards | |black| |isort| |ruff| |pre-commit| | +----------------------------+-----------------------------------------------------+ | Development Status | |status| |build| |coveralls| | +----------------------------+-----------------------------------------------------+ @@ -32,7 +32,6 @@ This package was created with Cookiecutter_ and the `Ouranosinc/cookiecutter-pyp .. _Cookiecutter: https://github.com/cookiecutter/cookiecutter .. _`Ouranosinc/cookiecutter-pypackage`: https://github.com/Ouranosinc/cookiecutter-pypackage - .. |black| image:: https://img.shields.io/badge/code%20style-black-000000.svg :target: https://github.com/psf/black :alt: Python Black @@ -49,11 +48,20 @@ This package was created with Cookiecutter_ and the `Ouranosinc/cookiecutter-pyp :target: https://xhydro-lstm.readthedocs.io/en/latest/?version=latest :alt: Documentation Status +.. |isort| image:: https://img.shields.io/badge/%20imports-isort-%231674b1?style=flat&labelColor=ef8336 + :target: https://pycqa.github.io/isort/ + :alt: Isort + .. |license| image:: https://img.shields.io/github/license/hydrologie/xhydro-lstm.svg :target: https://github.com/hydrologie/xhydro-lstm/blob/main/LICENSE :alt: License -.. |ossf| image:: https://api.securityscorecards.dev/projects/github.com/hydrologie/xhydro-lstm/badge +.. + .. |ossf-bp| image:: https://bestpractices.coreinfrastructure.org/projects/9945/badge + :target: https://bestpractices.coreinfrastructure.org/projects/9945 + :alt: Open Source Security Foundation Best Practices + +.. |ossf-score| image:: https://api.securityscorecards.dev/projects/github.com/hydrologie/xhydro-lstm/badge :target: https://securityscorecards.dev/viewer/?uri=github.com/hydrologie/xhydro-lstm :alt: OpenSSF Scorecard diff --git a/docs/conf.py b/docs/conf.py index cf85d71..30eb71c 100755 --- a/docs/conf.py +++ b/docs/conf.py @@ -19,6 +19,7 @@ # import os import sys +from typing import Any sys.path.insert(0, os.path.abspath('..')) @@ -135,7 +136,7 @@ # -- Options for LaTeX output ------------------------------------------ -latex_elements = { +latex_elements: dict[str, Any] = { # The paper size ('letterpaper' or 'a4paper'). # # 'papersize': 'letterpaper', diff --git a/environment-dev.yml b/environment-dev.yml index 0419076..e97e936 100644 --- a/environment-dev.yml +++ b/environment-dev.yml @@ -4,20 +4,21 @@ channels: dependencies: - python >=3.9,<3.13 # Dev tools and testing - - pip >=24.2.0 - - bump-my-version >=0.25.1 - - watchdog >=4.0.0 - - flake8 >=7.1.1 - - flake8-rst-docstrings >=0.3.0 - - flit >=3.9.0,<4.0 - - tox >=4.17.1 + - pip >=24.3.1 + - black ==25.1.0 + - blackdoc ==0.3.9 + - bump-my-version >=0.30.1 - coverage >=7.5.0 - coveralls >=4.0.1 - - pytest >=8.3.2 - - pytest-cov >=5.0.0 - - black ==24.8.0 - - blackdoc ==0.3.9 - - isort ==5.13.2 + - flake8 >=7.1.1 + - flake8-rst-docstrings >=0.3.0 + - flit >=3.10.1,<4.0 + - isort ==6.0.0 + - mypy >=1.14.1 - numpydoc >=1.8.0 - pre-commit >=3.5.0 - - ruff >=0.5.7 + - pytest >=8.3.2 + - pytest-cov >=5.0.0 + - ruff >=0.9.0 + - tox >=4.24.1 + - watchdog >=4.0.0 diff --git a/environment-docs.yml b/environment-docs.yml index 9139d3a..412f41e 100644 --- a/environment-docs.yml +++ b/environment-docs.yml @@ -4,11 +4,9 @@ channels: - defaults dependencies: - python >=3.12,<3.13 - - sphinx >=7.0.0 - - pandoc - - sphinx-rtd-theme >=1.0 - - sphinx-autoapi - - sphinx-codeautolink + # Docs + - sphinx >=7.1.0 + - sphinx-codeautolink >=0.16.2 - sphinx-copybutton - sphinx-intl - - sphinxcontrib-napoleon + - sphinx-rtd-theme >=1.0 \ No newline at end of file diff --git a/pyproject.toml b/pyproject.toml index c5a564b..bac42c9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,5 +1,5 @@ [build-system] -requires = ["flit_core >=3.9,<4"] +requires = ["flit_core >=3.10.1,<4"] build-backend = "flit_core.buildapi" [project] @@ -13,7 +13,7 @@ maintainers = [ {name = "Gabriel Rondeau-Genesse", email = "rondeau-genesse.gabriel@ouranos.ca"} ] readme = {file = "README.rst", content-type = "text/x-rst"} -requires-python = ">=3.8.0" +requires-python = ">=3.9.0" keywords = ["xhydro-lstm"] license = {file = "LICENSE"} classifiers = [ @@ -37,38 +37,36 @@ dependencies = [] [project.optional-dependencies] dev = [ # Dev tools and testing - "pip >=24.2.0", - "bump-my-version >=0.26.0", - "watchdog >=4.0.0", + "black ==25.1.0", + "blackdoc ==0.3.9", + "bump-my-version >=0.30.1", + "coverage >=7.5.0", "flake8 >=7.1.1", - "flake8-alphabetize >=0.0.21", "flake8-rst-docstrings >=0.3.0", - "flit >=3.9.0,<4.0", - "tox >=4.18.0", - "coverage >=7.5.0", - "coveralls >=4.0.1", - "mypy", + "flit >=3.10.1,<4.0", + "isort ==6.0.0", + "mypy >=1.14.1", "numpydoc >=1.8.0", + "pip >=25.0", + "pre-commit >=3.5.0", "pytest >=8.3.2", "pytest-cov >=5.0.0", - "black ==24.8.0", - "blackdoc ==0.3.9", - "isort ==5.13.2", - "ruff >=0.5.7", - "pre-commit >=3.5.0" + "ruff >=0.9.0", + "tox >=4.24.1", + "watchdog >=4.0.0" ] docs = [ # Documentation and examples + "ipykernel", + "ipython", + "jupyter_client", + "nbsphinx >=0.9.5", + "pandoc", "sphinx >=7.0.0", - "sphinx-codeautolink", + "sphinx-codeautolink >=0.16.2", "sphinx-copybutton", "sphinx-intl", "sphinx-rtd-theme >=1.0", - "nbsphinx", - "pandoc", - "ipython", - "ipykernel", - "jupyter_client" ] all = ["xhydro-lstm[dev]", "xhydro-lstm[docs]"] @@ -155,6 +153,9 @@ values = [ "release" ] +[tool.codespell] +ignore-words-list = "astroid,socio-economic" + [tool.coverage.paths] source = ["src/xhydro_lstm/", "*/site-packages/xhydro_lstm/"] @@ -195,6 +196,7 @@ exclude = [ ".pre-commit-config.yaml", ".readthedocs.yml", ".yamllint.yaml", + ".zizmor.yml", "docs/_*", "docs/apidoc/modules.rst", "docs/apidoc/xhydro_lstm*.rst", @@ -319,3 +321,11 @@ max-doc-length = 180 [tool.ruff.lint.pydocstyle] convention = "numpy" + +[tool.vulture] +exclude = [] +ignore_decorators = ["@pytest.fixture"] +ignore_names = [] +min_confidence = 90 +paths = ["src/xhydro_lstm", "tests"] +sort_by_size = true diff --git a/tests/test_xhydro_lstm.py b/tests/test_xhydro_lstm.py index d535449..6198dc3 100644 --- a/tests/test_xhydro_lstm.py +++ b/tests/test_xhydro_lstm.py @@ -4,32 +4,35 @@ import pathlib from importlib.util import find_spec -import pytest - from xhydro_lstm import xhydro_lstm # noqa: F401 +# import pytest -@pytest.fixture -def response(): - """Sample pytest fixture. - - See more at: https://doc.pytest.org/en/latest/explanation/fixtures.html - """ - # import requests - # return requests.get('https://github.com/audreyr/cookiecutter-pypackage') +# @pytest.fixture +# def response(): +# """Sample pytest fixture. +# +# See more at: https://doc.pytest.org/en/latest/explanation/fixtures.html +# """ +# # import requests +# # return requests.get('https://github.com/audreyr/cookiecutter-pypackage') -def test_content(response): - """Sample pytest test function with the pytest fixture as an argument.""" - # from bs4 import BeautifulSoup - # assert 'GitHub' in BeautifulSoup(response.content).title.string +# def test_content(response): +# """Sample pytest test function with the pytest fixture as an argument.""" +# # from bs4 import BeautifulSoup +# # assert 'GitHub' in BeautifulSoup(response.content).title.string def test_package_metadata(): """Test the package metadata.""" - project = find_spec("xhydro_lstm").submodule_search_locations[0] + project = find_spec("xhydro_lstm") + + assert project is not None + assert project.submodule_search_locations is not None + location = project.submodule_search_locations[0] - metadata = pathlib.Path(project).resolve().joinpath("__init__.py") + metadata = pathlib.Path(location).resolve().joinpath("__init__.py") with metadata.open() as f: contents = f.read() diff --git a/tox.ini b/tox.ini index 5430733..d4fab8b 100644 --- a/tox.ini +++ b/tox.ini @@ -1,33 +1,32 @@ [tox] -min_version = 4.18.0 +min_version = 4.24.1 envlist = lint - py{38,39,310,311,312,313} + py{39,310,311,312,313} docs requires = - flit >= 3.9.0,<4.0 - pip >= 24.2.0 + flit >= 3.10.1,<4.0 + pip >= 25.0 opts = --verbose [gh] python = - 3.8 = py38-coveralls 3.9 = py39-coveralls 3.10 = py310-coveralls 3.11 = py311-coveralls 3.12 = py312-coveralls - 3.13 = py313-coveralls + 3.13 = py313 [testenv:lint] skip_install = True deps = - black ==24.8.0 + black ==25.1.0 blackdoc ==0.3.9 - isort ==5.13.2 + isort ==6.0.0 flake8 >=7.1.1 flake8-rst-docstrings >=0.3.0 - ruff >=0.5.7 + ruff >=0.9.0 numpydoc >=1.8.0 commands = make lint @@ -38,6 +37,7 @@ allowlist_externals = extras = docs commands = + make autodoc make --directory=docs clean html allowlist_externals = make @@ -54,9 +54,7 @@ extras = download = True install_command = python -m pip install --no-user {opts} {packages} deps = -; If you want to make tox run the tests with the same versions, create a -; requirements.txt with the pinned versions and uncomment the following line: -; -r{toxinidir}/requirements.txt + coveralls: coveralls>=4.0.1 commands_pre = pip list pip check From 9b9e62ad28d2d21a6abff22f096855a7315c2b3f Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 6 Feb 2025 17:26:53 -0500 Subject: [PATCH 2/3] security fixes --- .github/workflows/bump-version.yml | 1 + environment-docs.yml | 2 +- pyproject.toml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml index 256ddca..715e904 100644 --- a/.github/workflows/bump-version.yml +++ b/.github/workflows/bump-version.yml @@ -62,6 +62,7 @@ jobs: - name: Checkout Repository uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: + persist-credentials: false token: ${{ steps.token_generator.outputs.token }} - name: Set up Python3 uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 diff --git a/environment-docs.yml b/environment-docs.yml index 412f41e..dcb6052 100644 --- a/environment-docs.yml +++ b/environment-docs.yml @@ -9,4 +9,4 @@ dependencies: - sphinx-codeautolink >=0.16.2 - sphinx-copybutton - sphinx-intl - - sphinx-rtd-theme >=1.0 \ No newline at end of file + - sphinx-rtd-theme >=1.0 diff --git a/pyproject.toml b/pyproject.toml index bac42c9..e4630c4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -66,7 +66,7 @@ docs = [ "sphinx-codeautolink >=0.16.2", "sphinx-copybutton", "sphinx-intl", - "sphinx-rtd-theme >=1.0", + "sphinx-rtd-theme >=1.0" ] all = ["xhydro-lstm[dev]", "xhydro-lstm[docs]"] From 05f24380780ac5e3e6f357f89d5ced6005339d4b Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 6 Feb 2025 17:38:05 -0500 Subject: [PATCH 3/3] disable Python3.9 conda build --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e0f6165..e1c07b1 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -107,7 +107,7 @@ jobs: strategy: matrix: os: [ 'ubuntu-latest' ] - python-version: [ "3.9", "3.10", "3.11", "3.12" ] + python-version: [ "3.10", "3.11", "3.12" ] defaults: run: shell: bash -l {0}