From 5e49daf196886ecf7215eccefc79401fd4a0d7c1 Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:16:32 -0400 Subject: [PATCH 1/9] use trusted publisher for releases --- .github/workflows/publish-pypi.yml | 13 ++++++++++--- .github/workflows/tag-testpypi.yml | 16 ++++++++++++---- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml index 5eceb69..f52593f 100644 --- a/.github/workflows/publish-pypi.yml +++ b/.github/workflows/publish-pypi.yml @@ -5,11 +5,21 @@ on: types: - published +permissions: + contents: read + jobs: build-n-publish-pypi: name: Build and publish Python 🐍 distributions 📦 to PyPI runs-on: ubuntu-latest + environment: production + permissions: + id-token: write steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit - uses: actions/checkout@v3 - name: Set up Python3 uses: actions/setup-python@v4 @@ -23,6 +33,3 @@ jobs: python setup.py sdist bdist_wheel - name: Publish distribution 📦 to PyPI uses: pypa/gh-action-pypi-publish@release/v1 - with: - user: __token__ - password: ${{ secrets.PYPI_API_TOKEN }} diff --git a/.github/workflows/tag-testpypi.yml b/.github/workflows/tag-testpypi.yml index 29ba59a..370da22 100644 --- a/.github/workflows/tag-testpypi.yml +++ b/.github/workflows/tag-testpypi.yml @@ -5,11 +5,21 @@ on: tags: - '*' +permissions: + contents: read + jobs: build-n-publish-testpypi: name: Build and publish Python 🐍 distributions 📦 to TestPyPI runs-on: ubuntu-latest + environment: staging + permissions: + id-token: write steps: + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit - uses: actions/checkout@v3 - name: Set up Python3 uses: actions/setup-python@v4 @@ -24,7 +34,5 @@ jobs: - name: Publish distribution 📦 to Test PyPI uses: pypa/gh-action-pypi-publish@release/v1 with: - user: __token__ - password: ${{ secrets.TEST_PYPI_API_TOKEN }} - repository_url: https://test.pypi.org/legacy/ - skip_existing: true + repository-url: https://test.pypi.org/legacy/ + skip-existing: true From 8fa68f119c9dc68824dbe16432b5a91179d5950e Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:20:42 -0400 Subject: [PATCH 2/9] update pre-commit versions and conventions --- .pre-commit-config.yaml | 115 ++++++++++++++++++++-------------------- 1 file changed, 57 insertions(+), 58 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index de4ed6c..7ed941d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,64 +2,63 @@ default_language_version: python: python3 repos: -- repo: https://github.com/asottile/pyupgrade - rev: v3.15.0 - hooks: - - id: pyupgrade - args: ['--py37-plus'] -- repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 - hooks: - - id: trailing-whitespace - - id: end-of-file-fixer - - id: check-yaml - - id: debug-statements -- repo: https://github.com/kynan/nbstripout - rev: 0.6.1 - hooks: - - id: nbstripout - files: '.ipynb' -- repo: https://github.com/psf/black - rev: 23.12.1 - hooks: - - id: black - args: [ '--target-version=py37' ] -- repo: https://github.com/pycqa/flake8 - rev: 6.1.0 - hooks: - - id: flake8 - args: [ '--config=setup.cfg' ] -- repo: https://github.com/PyCQA/isort - rev: 5.13.2 - hooks: - - id: isort - args: [ '--profile=black' ] -- repo: https://github.com/nbQA-dev/nbQA - rev: 1.7.1 - hooks: - - id: nbqa-black - args: [ '--target-version=py37' ] - additional_dependencies: [ 'black==23.9.1' ] - - id: nbqa-pyupgrade - args: [ '--py37-plus' ] - additional_dependencies: [ 'pyupgrade==v3.14.0' ] - - id: nbqa-isort - args: [ '--profile=black' ] - additional_dependencies: [ 'isort==5.12.0' ] -- repo: https://github.com/pycqa/pydocstyle - rev: 6.3.0 - hooks: - - id: pydocstyle - args: [ '--convention=numpy' ] -- repo: https://github.com/asottile/pyupgrade - rev: v3.15.0 - hooks: - - id: pyupgrade -- repo: meta - hooks: - - id: check-hooks-apply - - id: check-useless-excludes - + - repo: https://github.com/asottile/pyupgrade + rev: v3.15.1 + hooks: + - id: pyupgrade + args: ['--py39-plus'] + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.5.0 + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - id: check-yaml + - id: debug-statements + - repo: https://github.com/kynan/nbstripout + rev: 0.7.1 + hooks: + - id: nbstripout + files: '.ipynb' + - repo: https://github.com/pycqa/flake8 + rev: 7.0.0 + hooks: + - id: flake8 + args: [ '--config=setup.cfg' ] + - repo: https://github.com/psf/black + rev: 24.2.0 + hooks: + - id: black + args: [ '--target-version=py37' ] + - repo: https://github.com/PyCQA/isort + rev: 5.13.2 + hooks: + - id: isort + args: [ '--profile=black' ] + - repo: https://github.com/nbQA-dev/nbQA + rev: 1.8.4 + hooks: + - id: nbqa-black + args: [ '--target-version=py37' ] + additional_dependencies: [ 'black==24.2.0' ] + - id: nbqa-pyupgrade + args: [ '--py37-plus' ] + additional_dependencies: [ 'pyupgrade==v3.15.1' ] + - id: nbqa-isort + args: [ '--profile=black' ] + additional_dependencies: [ 'isort==5.13.2' ] + - repo: https://github.com/pycqa/pydocstyle + rev: 6.3.0 + hooks: + - id: pydocstyle + args: [ '--convention=numpy' ] + - repo: https://github.com/asottile/pyupgrade + rev: v3.15.1 + hooks: + - id: pyupgrade + - repo: meta + hooks: + - id: check-hooks-apply + - id: check-useless-excludes ci: autofix_commit_msg: | From c62a1937d992b28677ee75b9f8f7a9467da7978e Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:21:49 -0400 Subject: [PATCH 3/9] add pyopenssl to conda environment --- environment.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/environment.yml b/environment.yml index e07da5d..48fdf71 100644 --- a/environment.yml +++ b/environment.yml @@ -13,6 +13,7 @@ dependencies: - lxml - owslib>=0.19 - packaging + - pyopenssl - wrapt # optional - netcdf4 From 51d59ca141fcbe6a1f3062a2e48c36de01bd47f3 Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:22:10 -0400 Subject: [PATCH 4/9] remove codacy report, fix build badge --- README.rst | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/README.rst b/README.rst index f0ed701..8565b7c 100644 --- a/README.rst +++ b/README.rst @@ -2,7 +2,7 @@ Birdy ===== -|PyPI| |Docs| |Build| |Codacy| |License| |Gitter| +|PyPI| |Docs| |Build| |License| |Gitter| Birdy (the bird) *Birdy is not a bird but likes to play with them.* @@ -31,14 +31,10 @@ Full `documentation `_ is on ReadTheDoc :target: http://birdy.readthedocs.io/en/latest/?badge=latest :alt: Documentation Status -.. |Build| image:: https://github.com/bird-house/birdy/workflows/build/badge.svg - :target: https://github.com/bird-house/birdy/actions +.. |Build| image:: https://github.com/bird-house/birdy/actions/workflows/main.yml/badge.svg + :target: https://github.com/bird-house/birdy/actions/workflows/main.yml :alt: Build Status -.. |Codacy| image:: https://api.codacy.com/project/badge/Grade/da14405a9a6d4c2e9c405d9c0c8babe7 - :target: https://www.codacy.com/app/cehbrecht/birdy?utm_source=github.com&utm_medium=referral&utm_content=bird-house/birdy&utm_campaign=Badge_Grade - :alt: Codacy Code Checks - .. |License| image:: https://img.shields.io/github/license/bird-house/birdy.svg :target: https://github.com/bird-house/birdy/blob/master/LICENSE.txt :alt: GitHub license From 662caa82fb56a39a8f157111cc5226acc3333801 Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:22:57 -0400 Subject: [PATCH 5/9] pre-commit fixes --- birdy/client/converters.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/birdy/client/converters.py b/birdy/client/converters.py index 7471701..6ee0bae 100644 --- a/birdy/client/converters.py +++ b/birdy/client/converters.py @@ -1,10 +1,11 @@ # noqa: D100 import tempfile +from collections.abc import Sequence from distutils.version import StrictVersion from importlib import import_module from pathlib import Path -from typing import Sequence, Union +from typing import Union from owslib.wps import Output From 9492244d1a94d31da55d289ea2efde4d4f3a97ab Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:23:22 -0400 Subject: [PATCH 6/9] split docs build, use Makefile for linting --- .github/workflows/main.yml | 86 ++++++++++++++++++++++++-------------- Makefile | 1 + 2 files changed, 56 insertions(+), 31 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e0a7a28..eace766 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,8 +6,11 @@ on: - master pull_request: +permissions: + contents: read + jobs: - black: + lint: name: Black (Python${{ matrix.python-version }}) runs-on: ubuntu-latest strategy: @@ -20,43 +23,64 @@ jobs: uses: actions/setup-python@v4 with: python-version: ${{ matrix.python-version }} - - name: Install black + - name: Install flake8 and black + run: | + python -m pip install flake8 black + - name: Check formatting with flake8 and black ⚙️ + run: | + make lint + + docs: + name: Build docs 🏗️ + runs-on: ubuntu-latest + strategy: + matrix: + python-version: + - "3.9" + steps: + - uses: actions/checkout@v4 + - name: Install pandoc + run: | + sudo apt-get -y install pandoc + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + - name: Install requirements 📦 run: | - pip install black - - name: Check formatting with black ⚙️ + python -m pip install --upgrade pip + if [ -f requirements.txt ]; then pip install -r requirements.txt; fi + if [ -f requirements_dev.txt ]; then pip install -r requirements_dev.txt; fi + if [ -f requirements_extra.txt ]; then pip install -r requirements_extra.txt; fi + - name: Build docs 🏗️ run: | - black --check --target-version py39 birdy tests + make docs build: name: Testing with Python${{ matrix.python-version }} - needs: black + needs: + - lint + - docs runs-on: ubuntu-latest strategy: matrix: python-version: ["3.9", "3.10", "3.11"] steps: - - uses: actions/checkout@v4 - - name: Install packages - run: | - sudo apt-get -y install pandoc - if: matrix.python-version == 3.9 - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v4 - with: - python-version: ${{ matrix.python-version }} - - name: Install requirements 📦 - run: | - python -m pip install --upgrade pip - if [ -f requirements.txt ]; then pip install -r requirements.txt; fi - if [ -f requirements_dev.txt ]; then pip install -r requirements_dev.txt; fi - if [ -f requirements_extra.txt ]; then pip install -r requirements_extra.txt; fi - - name: Test with pytest ⚙️ - run: | - make test - - name: Lint with flake8 ⚙️ - run: | - make lint - - name: Build docs 🏗️ - if: matrix.python-version == 3.9 - run: | - make docs + - name: Harden Runner + uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 + with: + egress-policy: audit + - uses: actions/checkout@v4 + - name: Set up Python ${{ matrix.python-version }} + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + - name: Install requirements 📦 + run: | + python -m pip install --upgrade pip + if [ -f requirements.txt ]; then pip install -r requirements.txt; fi + if [ -f requirements_dev.txt ]; then pip install -r requirements_dev.txt; fi + if [ -f requirements_extra.txt ]; then pip install -r requirements_extra.txt; fi + - name: Test with pytest ⚙️ + run: | + make test diff --git a/Makefile b/Makefile index 0e01879..0170f7f 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,7 @@ clean-test: ## remove test and coverage artifacts lint: ## check style with flake8 flake8 birdy tests + black --check --target-version py39 birdy tests test: ## run tests quickly with the default Python # py.test From f71a761c433fa1f7645baeb43872ed34f4915c00 Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:25:59 -0400 Subject: [PATCH 7/9] update CHANGES.rst --- CHANGES.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 54d7db2..1425151 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -7,8 +7,10 @@ Change History Changes: * Update how TIFF files are converted to xarray datasets because `open_rasterio` is deprecated. See issue `239`. -* Remove `GeotiffRasterioConverter` -* Remove Python 3.7 and 3.8 from CI test suite +* Remove `GeotiffRasterioConverter`. +* Remove Python 3.7 and 3.8 from CI test suite. +* Now using Trusted Publisher for TestPyPI/PyPI releases. +* Update `black` to v24.2.0 and code formatting conventions to Python3.9+. 0.8.4 (2023-05-24) ================== From 3c0181de5182f759fc2935215aeaf7074bff0677 Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:26:18 -0400 Subject: [PATCH 8/9] update release date --- CHANGES.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGES.rst b/CHANGES.rst index 1425151..74b1c3f 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,7 +1,7 @@ Change History ************** -0.8.5 (2024-03-13) +0.8.5 (2024-03-14) ================== Changes: From fb6ebb87b82fa3bfe06d10ad9e9e3a7d0258ecdc Mon Sep 17 00:00:00 2001 From: Trevor James Smith <10819524+Zeitsperre@users.noreply.github.com> Date: Thu, 14 Mar 2024 11:32:44 -0400 Subject: [PATCH 9/9] do not rely on docs to finish before running build tests --- .github/workflows/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index eace766..6578150 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -60,7 +60,6 @@ jobs: name: Testing with Python${{ matrix.python-version }} needs: - lint - - docs runs-on: ubuntu-latest strategy: matrix: