From 961b1582b28151838c4ef521d99826d53870e830 Mon Sep 17 00:00:00 2001 From: rlskoeser Date: Thu, 2 Jul 2026 12:07:15 -0400 Subject: [PATCH 1/4] Update github workflows & precommit to use pinned hashes instead of tags --- .github/workflows/check.yml | 6 +++--- .github/workflows/python-publish.yml | 4 ++-- .github/workflows/unit_tests.yml | 6 +++--- .pre-commit-config.yaml | 12 ++++++------ 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 98c7662..04b21e3 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -19,10 +19,10 @@ jobs: working-directory: . steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Install uv - uses: astral-sh/setup-uv@v8.1.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: python-version: "3.12" enable-cache: true @@ -32,7 +32,7 @@ jobs: run: uv sync --group check - name: Run Ruff linter - uses: astral-sh/ruff-action@v3 + uses: astral-sh/ruff-action@0ce1b0bf8b818ef400413f810f8a11cdbda0034b # v4.0.0 with: args: "check --output-format=github" diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index 0e2ed52..0b2390e 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -23,9 +23,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: '3.x' - name: Install dependencies diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 23c1471..9214284 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -34,11 +34,11 @@ jobs: working-directory: . steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # use github python action instead of uv to take advantage of caching - name: Set up Python ${{ matrix.python }} - uses: astral-sh/setup-uv@v8.1.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: python-version: ${{ matrix.python }} cache: 'pip' @@ -58,7 +58,7 @@ jobs: if: ${{ matrix.python == env.COV_PYTHON_VERSION }} - name: Upload coverage to Codecov - uses: codecov/codecov-action@v6 + uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} if: ${{ matrix.python == env.COV_PYTHON_VERSION }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 873c6fd..e00d252 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,13 +2,13 @@ files: \.py repos: # ruff for linting and formatting python - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.15.12 + rev: 0c7b6c989466a93942def1f84baf36ddfcd60c83 # frozen: v0.15.14 hooks: - id: ruff-check args: [ --fix, --show-fixes, --exit-non-zero-on-fix ] - id: ruff-format - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v6.0.0 + rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # frozen: v6.0.0 hooks: - id: check-case-conflict - id: check-merge-conflict @@ -22,18 +22,18 @@ repos: args: [--pytest-test-first] - repo: https://github.com/pre-commit/mirrors-mypy - rev: v2.0.0 + rev: d2823d321df3af8f878f7ee3414dc94d037145b9 # frozen: v2.1.0 hooks: - id: mypy additional_dependencies: [numpy] # yamlfmt for formatting YAML files - repo: https://github.com/google/yamlfmt - rev: v0.21.0 + rev: b5ca1890231d5e1e5181fef75a1be609d1e25029 # frozen: v0.21.0 hooks: - id: yamlfmt # Codespell for spell checking - repo: https://github.com/codespell-project/codespell - rev: v2.4.2 + rev: 2ccb47ff45ad361a21071a7eedda4c37e6ae8c5a # frozen: v2.4.2 hooks: - id: codespell additional_dependencies: @@ -41,6 +41,6 @@ repos: exclude_types: ["css", "html", "javascript", "json"] # Validate GitHub Actions workflow files - repo: https://github.com/mpalmer/action-validator - rev: v0.9.0 + rev: 76a805bbfcba3506d6cdb4bba1810ab504e0d72b # frozen: v0.9.0 hooks: - id: action-validator From e15710e273df25404fdae146c295431aa1f026a9 Mon Sep 17 00:00:00 2001 From: rlskoeser Date: Thu, 2 Jul 2026 12:27:25 -0400 Subject: [PATCH 2/4] Configure to not persist permissions after checkout --- .github/workflows/check.yml | 3 ++- .github/workflows/python-publish.yml | 35 ++++++++++++++-------------- .github/workflows/unit_tests.yml | 12 +++++----- 3 files changed, 26 insertions(+), 24 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 04b21e3..94d0525 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -20,7 +20,8 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - + with: + persist-credentials: false - name: Install uv uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index 0b2390e..7364816 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -19,23 +19,24 @@ permissions: jobs: deploy: - runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - name: Set up Python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 - with: - python-version: '3.x' - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install build - - name: Build package - run: python -m build - - name: Publish package - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b - with: - user: __token__ - password: ${{ secrets.PYPI_API_TOKEN }} + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - name: Set up Python + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + with: + python-version: "3.x" + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install build + - name: Build package + run: python -m build + - name: Publish package + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b + with: + user: __token__ + password: ${{ secrets.PYPI_API_TOKEN }} diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 9214284..ef56dff 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -13,8 +13,8 @@ on: branches: - "**" paths: - - 'undate/**' - - 'tests/**' + - "undate/**" + - "tests/**" pull_request: branches: - "**" @@ -35,14 +35,15 @@ jobs: steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - + with: + persist-credentials: false # use github python action instead of uv to take advantage of caching - name: Set up Python ${{ matrix.python }} uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: python-version: ${{ matrix.python }} - cache: 'pip' - cache-dependency-path: '**/pyproject.toml' + cache: "pip" + cache-dependency-path: "**/pyproject.toml" - name: Install package with check dependencies run: uv sync --group test @@ -62,4 +63,3 @@ jobs: env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} if: ${{ matrix.python == env.COV_PYTHON_VERSION }} - From 29ea5b22ad5c7fde6d810473498c694051b6288d Mon Sep 17 00:00:00 2001 From: rlskoeser Date: Thu, 2 Jul 2026 12:35:55 -0400 Subject: [PATCH 3/4] Update pre-commit hooks and copyright year in docs --- .pre-commit-config.yaml | 15 ++++++++------- docs/conf.py | 13 ++++++++----- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e00d252..f0529d7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,13 +2,13 @@ files: \.py repos: # ruff for linting and formatting python - repo: https://github.com/astral-sh/ruff-pre-commit - rev: 0c7b6c989466a93942def1f84baf36ddfcd60c83 # frozen: v0.15.14 + rev: c59bba8fb259db0fec2bbb77ad8ba51ea7341b56 # frozen: v0.15.20 hooks: - id: ruff-check - args: [ --fix, --show-fixes, --exit-non-zero-on-fix ] + args: [--fix, --show-fixes, --exit-non-zero-on-fix] - id: ruff-format - repo: https://github.com/pre-commit/pre-commit-hooks - rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # frozen: v6.0.0 + rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # frozen: v6.0.0 hooks: - id: check-case-conflict - id: check-merge-conflict @@ -22,18 +22,19 @@ repos: args: [--pytest-test-first] - repo: https://github.com/pre-commit/mirrors-mypy - rev: d2823d321df3af8f878f7ee3414dc94d037145b9 # frozen: v2.1.0 + rev: d2823d321df3af8f878f7ee3414dc94d037145b9 # frozen: v2.1.0 hooks: - id: mypy additional_dependencies: [numpy] + # yamlfmt for formatting YAML files - repo: https://github.com/google/yamlfmt - rev: b5ca1890231d5e1e5181fef75a1be609d1e25029 # frozen: v0.21.0 + rev: b5ca1890231d5e1e5181fef75a1be609d1e25029 # frozen: v0.21.0 hooks: - id: yamlfmt # Codespell for spell checking - repo: https://github.com/codespell-project/codespell - rev: 2ccb47ff45ad361a21071a7eedda4c37e6ae8c5a # frozen: v2.4.2 + rev: 2ccb47ff45ad361a21071a7eedda4c37e6ae8c5a # frozen: v2.4.2 hooks: - id: codespell additional_dependencies: @@ -41,6 +42,6 @@ repos: exclude_types: ["css", "html", "javascript", "json"] # Validate GitHub Actions workflow files - repo: https://github.com/mpalmer/action-validator - rev: 76a805bbfcba3506d6cdb4bba1810ab504e0d72b # frozen: v0.9.0 + rev: 76a805bbfcba3506d6cdb4bba1810ab504e0d72b # frozen: v0.9.0 hooks: - id: action-validator diff --git a/docs/conf.py b/docs/conf.py index a55e3ae..cc7f688 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -10,20 +10,22 @@ # add these directories to sys.path here. If the directory is relative to the # documentation root, use os.path.abspath to make it absolute, like shown here. # -# import os -# import sys -# sys.path.insert(0, os.path.abspath('.')) + +import sys +from pathlib import Path + +sys.path.insert(0, str(Path().resolve())) import undate # -- Project information ----------------------------------------------------- project = "undate" -copyright = "2024, DHtech" +copyright = "2026, DHtech" author = "DHtech Community" # The full version, including alpha/beta/rc tags -release = undate.__version__ +release = undate.__version__ # type: ignore[attr-defined] master_doc = "index" @@ -37,6 +39,7 @@ "sphinx.ext.autodoc", "sphinx.ext.intersphinx", "myst_parser", + "sphinx_pyodide", ] # Add any paths that contain templates here, relative to this directory. From bc91b1d7fb0bfe5ea37ac21913fee90aacbcfe08 Mon Sep 17 00:00:00 2001 From: rlskoeser Date: Thu, 2 Jul 2026 15:43:17 -0400 Subject: [PATCH 4/4] Remove sphinx_pyodide ext since not yet available --- docs/conf.py | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/conf.py b/docs/conf.py index cc7f688..ff5d7d3 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -39,7 +39,6 @@ "sphinx.ext.autodoc", "sphinx.ext.intersphinx", "myst_parser", - "sphinx_pyodide", ] # Add any paths that contain templates here, relative to this directory.