feat: add DPoP support

.github/workflows/codeql.yml

@@ -36,7 +36,7 @@ jobs:
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v3

.github/workflows/publish.yml

@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           fetch-tags: true

.github/workflows/rl-scanner.yml

@@ -31,7 +31,7 @@ jobs:
       scan-status: ${{ steps.rl-scan-conclusion.outcome }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
           fetch-tags: true

.github/workflows/snyk.yml

@@ -31,7 +31,7 @@ jobs:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
         run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 

.github/workflows/test.yml

@@ -18,68 +18,53 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-  run:
-    name: Run
+  test:
     runs-on: ubuntu-latest
-
-    env:
-      BUBBLEWRAP_ARGUMENTS: |
-        --unshare-all \
-        --clearenv \
-        --ro-bind / / \
-        --bind ${{ github.workspace }} ${{ github.workspace }} \
-        --tmpfs $HOME \
-        --tmpfs /tmp \
-        --tmpfs /var \
-        --dev /dev \
-        --proc /proc \
-        --die-with-parent \
-        --new-session \
-
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11", "3.12"]
-
+        python-version: [3.9, "3.10", "3.11", "3.12"]
+    
     steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha || github.ref }}
-
-      - name: Configure Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
-        with:
-          python-version: "${{ matrix.python-version }}"
-
-      - name: Configure dependencies
-        run: |
-          sudo apt install bubblewrap
-          pip install --user --upgrade pip
-          pip install --user pipx
-          pip install --user setuptools
-          pipx ensurepath
-          pipx install poetry
-          poetry config virtualenvs.in-project true
-          poetry install --with dev
-          poetry self add "poetry-dynamic-versioning[plugin]"
-
-      - name: Run tests
-        run: |
-          poetry run pytest
+    - name: Checkout code
+      uses: actions/checkout@v5
+
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ matrix.python-version }}
+
+    - name: Install Poetry
+      uses: snok/install-poetry@v1
+      with:
+        version: latest
+        virtualenvs-create: true
+        virtualenvs-in-project: true
+        installer-parallel: true
+
+    - name: Load cached venv
+      id: cached-poetry-dependencies
+      uses: actions/cache@v3
+      with:
+        path: ./.venv
+        key: venv-${{ runner.os }}-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }}
+
+    - name: Install dependencies
+      if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
+      run: poetry install --no-interaction --no-root
+
+    - name: Install package
+      run: poetry install --no-interaction
+
+    - name: Run tests with pytest
+      run: |
+        poetry run pytest -v --cov=src --cov-report=term-missing --cov-report=xml
 
-      # - name: Run lint
-      #   run: |
-      #     pipx install black==23.3.0
-      #     pipx install flake8==5.0.4
-      #     pipx install isort==5.11.5
-      #     pipx install pyupgrade==3.3.2
-      #     black . --check
-      #     flake8 . --count --show-source --statistics
-      #     isort .  --diff --profile black
-      #     pyupgrade .  --py37-plus --keep-runtime-typing
+    - name: Run ruff linting
+      run: |
+        poetry run ruff check .
 
-      - if: ${{ matrix.python-version == '3.10' }}
-        name: Upload coverage
-        uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # pin@5.4.3
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
+    # - if: ${{ matrix.python-version == '3.10' }}
+    #   name: Upload coverage
+    #   uses: codecov/codecov-action@fdcc8476540edceab3de004e990f80d881c6cc00 # pin@5.5.0
+    #   with:
+    #     token: ${{ secrets.CODECOV_TOKEN }}

.ruff.toml

@@ -0,0 +1,16 @@
+line-length = 100
+target-version = "py39"
+select = [
+    "E",   # pycodestyle errors
+    "W",   # pycodestyle warnings
+    "F",   # pyflakes
+    "I",   # isort
+    "B",   # flake8-bugbear
+    "C4",  # flake8-comprehensions
+    "UP",  # pyupgrade
+    "S",   # bandit (security)
+]
+ignore = ["E501", "B904"]  # Line too long (handled by black), Exception handling without from
+
+[per-file-ignores]
+"tests/*" = ["S101", "S105", "S106"]  # Allow assert and ignore hardcoded password warnings in test files