update cookiecutter template

.cruft.json

@@ -1,6 +1,6 @@
 {
   "template": "/home/tjs/git/cookiecutter-pypackage",
-  "commit": "55001f0fb2b470d1be2e992bfb8e006b4bc3807c",
+  "commit": "f391bbd6ee14ab2478c64a1f78b74bd9903cae81",
   "checkout": null,
   "context": {
     "cookiecutter": {

.github/workflows/bump-version.yml

@@ -74,7 +74,7 @@ jobs:
       - name: Current Version
         run: |
           bump-my-version show current_version
-          CURRENT_VERSION="$(grep -E '__version__'  xscen/__init__.py | cut -d ' ' -f3)"
+          CURRENT_VERSION="$(grep -E '__version__' xscen/__init__.py | cut -d ' ' -f3)"
           echo "CURRENT_VERSION=${CURRENT_VERSION}" >> $GITHUB_ENV
       - name: Conditional Bump Version
         run: |

.github/workflows/cache-cleaner.yml

@@ -12,6 +12,8 @@ jobs:
   cleanup:
     name: Cleanup
     runs-on: ubuntu-latest
+    permissions:
+      actions: write
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0

.github/workflows/publish-pypi.yml

@@ -20,7 +20,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            files.pythonhosted.org:443
+            github.com:443
+            pypi.org:443
+            upload.pypi.org:443
       - uses: actions/checkout@v4.1.1
       - name: Set up Python3
         uses: actions/setup-python@v5.0.0

.github/workflows/tag-testpypi.yml

@@ -44,7 +44,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
-          egress-policy: audit
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            files.pythonhosted.org:443
+            github.com:443
+            pypi.org:443
+            test.pypi.org:443
       - uses: actions/checkout@v4.1.1
       - name: Set up Python3
         uses: actions/setup-python@v5.0.0
@@ -60,5 +66,5 @@ jobs:
       - name: Publish distribution 📦 to Test PyPI
         uses: pypa/gh-action-pypi-publish@v1.8.12
         with:
-          repository_url: https://test.pypi.org/legacy/
-          skip_existing: true
+          repository-url: https://test.pypi.org/legacy/
+          skip-existing: true

.pre-commit-config.yaml

@@ -27,6 +27,10 @@ repos:
   - repo: https://github.com/pre-commit/pygrep-hooks
     rev: v1.10.0
     hooks:
+      - id: python-check-blanket-noqa
+      - id: python-no-eval
+      - id: python-no-log-warn
+      - id: python-use-type-annotations
       - id: rst-inline-touching-normal
   - repo: https://github.com/pappasam/toml-sort
     rev: v0.23.1
@@ -79,7 +83,7 @@ repos:
     hooks:
       - id: nbstripout
         files: ".ipynb"
-        args: [ '--extra-keys', 'metadata.kernelspec' ]
+        args: [ '--extra-keys=metadata.kernelspec' ]
   - repo: https://github.com/Yelp/detect-secrets
     rev: v1.4.0
     hooks:

CONTRIBUTING.rst

@@ -47,7 +47,7 @@ If you are proposing a feature:
 * Explain in detail how it would work.
 * Keep the scope as narrow as possible, to make it easier to implement.
 * Remember that this is a volunteer-driven project, and that contributions
-  are welcome :)
+  are welcome. :)
 
 Get Started!
 ------------
@@ -204,7 +204,7 @@ Before you submit a pull request, check that it meets these guidelines:
 
 #. The pull request should not break the templates.
 
-#. The pull request should work for Python 3.9, 3.10, and 3.11. Check that the tests pass for all supported Python versions.
+#. The pull request should work for Python 3.9, 3.10, 3.11, and 3.12. Check that the tests pass for all supported Python versions.
 
 Tips
 ----

environment-dev.yml

@@ -38,9 +38,9 @@ dependencies:
   - pyarrow >=1.0.0
   # Dev
   - babel
-  - black ==24.1.1
+  - black ==24.2.0
   - blackdoc ==0.3.9
-  - bump-my-version >=0.17.1
+  - bump-my-version >=0.18.3
 #  - coverage>=6.2.2,<7.0.0
 #  - coveralls>=3.3.1
   - flake8 >=6.1.0

pyproject.toml

@@ -73,7 +73,7 @@ dev = [
   "pip >=23.3.0",
   "black ==24.2.0",
   "blackdoc ==0.3.9",
-  "bump-my-version >=0.17.1",
+  "bump-my-version >=0.18.3",
   "coverage >=6.2.2,<8.0.0",
   "coveralls >=3.3.1",
   "flake8-alphabetize >=0.0.21",
@@ -193,7 +193,7 @@ testpaths = "tests"
 markers = ["requires_netcdf: marks tests that require netcdf files to run"]
 
 [tool.ruff]
-src = [""]
+src = ["xscen"]
 line-length = 150
 target-version = "py39"
 exclude = [
@@ -215,30 +215,30 @@ select = [
   "W"
 ]
 
-[tool.ruff.flake8-bandit]
-check-typed-exception = true
-
 [tool.ruff.format]
 line-ending = "auto"
 
-[tool.ruff.isort]
+[tool.ruff.lint.flake8-bandit]
+check-typed-exception = true
+
+[tool.ruff.lint.isort]
 known-first-party = ["xscen"]
 case-sensitive = true
 detect-same-package = false
 lines-after-imports = 1
 no-lines-before = ["future", "standard-library"]
 
-[tool.ruff.mccabe]
+[tool.ruff.lint.mccabe]
 max-complexity = 15
 
-[tool.ruff.per-file-ignores]
+[tool.ruff.lint.per-file-ignores]
 "xscen/**/__init__.py" = ["F401", "F403"]
 "tests/**/*.py" = ["D100", "D101", "D102", "D103"]
 
-[tool.ruff.pycodestyle]
+[tool.ruff.lint.pycodestyle]
 max-doc-length = 180
 
-[tool.ruff.pydocstyle]
+[tool.ruff.lint.pydocstyle]
 convention = "numpy"
 
 [tool.setuptools]

tox.ini

@@ -19,12 +19,12 @@ download = true
 conda_channels =
 conda_env =
 deps =
-    black ==24.1.1
+    black ==24.2.0
     blackdoc ==0.3.9
     isort ==5.13.2
     flake8
     flake8-rst-docstrings
-    ruff
+    ruff >=0.2.0
 commands_pre =
     pip list
 commands =