Copier update (biome)

[ejfine]

Pull in upstream template changes

Summary by CodeRabbit

• Chores
  • Updated versions for several development tools and dependencies.
  • Refined pre-commit and linting configurations, including expanded file exclusions and new ignore rules.
  • Adjusted automated dependency update settings to reduce noise from non-security patch updates.
  • Added steps to CI workflows to display installed Python packages after installation.
  • Replaced and updated configuration files for formatting and linting, with improved file inclusion/exclusion patterns.

[coderabbitai]

Walkthrough

This update primarily consists of version bumps for dependencies and tooling, refinements to pre-commit and linting configurations, and the introduction of new exclusion patterns for generated or minified files. Several configuration files are renamed or replaced, and a global patch-ignore rule is added to Dependabot settings. Minor workflow improvements and context version updates are also included.

Changes

File(s)	Change Summary
.copier-answers.yml	Updated _commit field from v0.0.55 to v0.0.57.
.devcontainer/devcontainer.json	Updated context hash comment.
.devcontainer/install-ci-tooling.py, extensions/context.py, pyproject.toml	Bumped versions for pnpm, pyright, Pulumi, Pydantic, FastAPI, Uvicorn, and lab_auto_pulumi.
.github/dependabot.yml	Added global ignore rule for patch updates (except security); reordered ignore rules.
.pre-commit-config.yaml, template/.pre-commit-config.yaml	Upgraded hook versions; expanded exclusion patterns for generated, minified, and snapshot files.
biome.json, template/biome.json	Deleted old biome configuration files disabling formatter and linter.
biome.jsonc, template/biome.jsonc	Added new biome JSONC configs disabling formatter/linter, with refined include/exclude patterns (notably for CSS files).
ruff.toml, template/ruff.toml	Added "TC006" to ignore list to avoid IDE confusion with class quoting.
template/.github/workflows/publish.yaml.jinja	Added pip list step after package install in workflow jobs; introduced matrix strategy for OS and Python versions.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Pre-commit
    participant Linter/Formatter
    participant CI Workflow

    User->>Pre-commit: Run hooks on commit
    Pre-commit->>Linter/Formatter: Check files (skip excluded/minified/generated)
    Linter/Formatter-->>Pre-commit: Return results
    Pre-commit-->>User: Show hook results

    User->>CI Workflow: Trigger install job
    CI Workflow->>CI Workflow: Install package
    CI Workflow->>CI Workflow: Run pip list
    CI Workflow-->>User: Output installed packages

Loading

Estimated code review effort

1 (<30 minutes)

Poem

🐇
A hop, a skip, some versions rise,
Exclusions set for minified files,
Linting tamed, the hooks refined,
Dependabot less patch-inclined.
With configs neat and workflows spry,
This bunny cheers the update—oh my!
🌱

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 728cacd and d9df6b5.

📒 Files selected for processing (1)

• template/.github/workflows/publish.yaml.jinja (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• template/.github/workflows/publish.yaml.jinja

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR updates the Copier template to integrate Biome configuration changes and update various tool versions. The changes include migrating from biome.json to biome.jsonc format, updating pre-commit hooks, and bumping dependency versions across the template.

• Migrates Biome configuration from JSON to JSONC format with enhanced file inclusion patterns
• Updates various tool versions including typos, biome, ruff, pnpm, pyright, and multiple Python dependencies
• Enhances pre-commit configuration with better exclusion patterns for generated and minified files

Reviewed Changes

Copilot reviewed 15 out of 16 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
template/biome.jsonc	New Biome configuration file with JSONC format and expanded file inclusion rules
template/biome.json	Removed old JSON format Biome configuration
template/.pre-commit-config.yaml	Updated tool versions and improved exclusion patterns for various file types
template/ruff.toml	Added TC006 rule ignore for type checking quotes
extensions/context.py	Updated version numbers for multiple dependencies including pnpm, pyright, pulumi, pydantic, fastapi, and uvicorn
template/.github/workflows/publish.yaml.jinja	Added dependency display steps in CI workflow
.copier-answers.yml	Updated commit reference from v0.0.55 to v0.0.57

[Copilot]

The wildcard dependency-name pattern "*" is overly broad and may prevent important security patches from being automatically updated. Consider being more specific about which dependencies should ignore patch updates.

Suggested change

	- dependency-name: "*"
	update-types:
	- "version-update:semver-patch" # we don't want to be bothered with patch updates for anything except security updates
	- dependency-name: "example-lib1" # Replace "*" with specific dependencies to ignore
	update-types:
	- "version-update:semver-patch" # we don't want to be bothered with patch updates for anything except security updates
	- dependency-name: "example-lib2" # Add other specific dependencies as needed
	update-types:
	- "version-update:semver-patch"

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (2)

.pre-commit-config.yaml (2)

116-120: Same regex escaping issue as in the template config

Replicate the fix suggested for template/.pre-commit-config.yaml to avoid unintended exclusions in the root config.

---

104-108: Archived Prettier mirror – apply upstream advice here as well

Apply the alternative hook strategy in the root config to stay in sync with the template.

🧹 Nitpick comments (6)

ruff.toml (1)

64-65: Minor: keep ignore list ordered for readability

Great to see TC006 ignored. Consider alphabetising / grouping the ignore codes to avoid duplicate additions in future diff churn.

template/.github/workflows/publish.yaml.jinja (1)

242-244: Mirror the same diagnostics in downstream scripts if any

If other publish/install workflows exist outside this template, mirror this new step to keep logs consistent.

biome.jsonc (1)

1-16: Remove trailing commas for wider JSON tooling compatibility

While Biome’s JSONC parser accepts trailing commas, other tools (e.g. simple jq viewers, Dependabot) parse the file as plain JSON and will choke. Dropping the trailing comma after the final element of each object/array avoids surprises.

-  "formatter": {
-    "enabled": false,
-  },
+  "formatter": {
+    "enabled": false
+  },
 ...
-      "!**/*.css", // still too many false positives, so we exclude CSS files
-    ],
-  },
+      "!**/*.css" // still too many false positives, so we exclude CSS files
+    ]
+  }

.github/dependabot.yml (1)

12-15: Global patch-ignore may hide important (non-security) bug-fixes

Suppressing every patch update reduces noise but also delays innocuous fixes. An alternative is weekly auto-merge of patch PRs or grouping them, which keeps you current without manual effort.

template/biome.jsonc (1)

3-7: Remove trailing commas to maximise parser compatibility

JSONC tolerates comments, but not every consumer gracefully handles trailing commas (e.g., some VS Code extensions fail to parse them).
Safe-guard future tooling by dropping the commas after "enabled": false.

-  "formatter": {
-    "enabled": false,
-  },
+  "formatter": {
+    "enabled": false
+  },
-  "linter": {
-    "enabled": false,
-  },
+  "linter": {
+    "enabled": false
+  },

template/.pre-commit-config.yaml (1)

104-108: Prettier mirror repository is archived – plan a replacement

The comment notes that pre-commit/mirrors-prettier was archived in 2024.
Relying on an archived repo risks stalled updates and security fixes. Evaluate:

1. Switching to jamesgeorge007/pre-commit-prettier or
2. Invoking Prettier via a local hook (npm exec prettier …)

before this mirror becomes obsolete.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d0f4449 and 728cacd.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (15)

• .copier-answers.yml (1 hunks)
• .devcontainer/devcontainer.json (1 hunks)
• .devcontainer/install-ci-tooling.py (1 hunks)
• .github/dependabot.yml (1 hunks)
• .pre-commit-config.yaml (4 hunks)
• biome.json (0 hunks)
• biome.jsonc (1 hunks)
• extensions/context.py (1 hunks)
• pyproject.toml (1 hunks)
• ruff.toml (1 hunks)
• template/.github/workflows/publish.yaml.jinja (2 hunks)
• template/.pre-commit-config.yaml (4 hunks)
• template/biome.json (0 hunks)
• template/biome.jsonc (1 hunks)
• template/ruff.toml (1 hunks)

💤 Files with no reviewable changes (2)

• biome.json
• template/biome.json

🔇 Additional comments (7)

.copier-answers.yml (1)

2-8: Confirm CI matrix vs. default runtime versions

python_ci_versions lists 3.13.2, while the default python_version remains 3.12.7. GitHub-hosted runners may not yet expose a stable 3.13.x image. If 3.13.x is unavailable the matrix will fail early.

Please double-check the runner image availability (or pin to a prerelease tag) before merging.

template/.github/workflows/publish.yaml.jinja (1)

168-170: 👍 Helpful diagnostics step

The extra pip list after staging-install will make debugging dependency resolution much easier.

.devcontainer/install-ci-tooling.py (1)

11-12: Version bump looks fine

PNPM_VERSION updated to 10.13.1 – no other logic impacted. Confirm that any lock-step tooling (e.g., pnpm-workspaces configs) doesn’t pin an older major/minor.

pyproject.toml (1)

12-13: Dependency bump acknowledged

pyright[nodejs] >= 1.1.403 aligns with the context version update. No further action required.

.devcontainer/devcontainer.json (1)

64-64: No functional impact – safe to ignore

The change is limited to the auto-generated context hash. Nothing else to review.

template/ruff.toml (1)

64-65: Confirm Ruff knows about TC006 before merging

TC006 (from flake8-type-checking) is only recognised in Ruff ≥ 0.12.0. Your pre-commit hook is pinned to v0.12.3, which is fine, but if anyone runs an older Ruff locally CI will pass while local lint fails.

Would you like me to add a pre-commit check that fails fast when an unknown ignore code is encountered?

extensions/context.py (1)

14-37: All pinned versions are valid on PyPI
Verified that FastAPI 0.115.14 and Uvicorn 0.35.0 both exist on PyPI—no changes needed.

[coderabbitai]

⚠️ Potential issue

Regex typo – .*.min.js will not behave as intended

.*.min.js (note the un-escaped dot before min) matches any char, not a literal dot, so files such as fooXmin.js will also be skipped.
Use the same, correctly-escaped pattern you applied in the typos hook (.*\.min\.js, etc.) for consistency and precision.

-              .*.min.js|
-              .*.min.css|
-              .*.umd.js|
+              .*\.min\.js|
+              .*\.min\.css|
+              .*\.umd\.js|

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	.*/__snapshots__/.*|
	.*.min.js|
	.*.min.css|
	.*.umd.js|
	.*.yaml|
	.*/__snapshots__/.*|
	.*\.min\.js|
	.*\.min\.css|
	.*\.umd\.js|
	.*.yaml|

🤖 Prompt for AI Agents

In template/.pre-commit-config.yaml around lines 116 to 120, the regex patterns
like `.*.min.js` are incorrect because the dot before "min" is not escaped,
causing unintended matches. Fix this by escaping the dots before "min" and the
file extensions, changing patterns to `.*\.min\.js`, `.*\.min\.css`, and
`.*\.umd\.js` for accurate matching and consistency with other hooks.