Fast-forward cookiecutter (#147)

### What kind of change does this PR introduce? * Updates the template to the latest commit * GitHub Workflows now point to commits rather than tags * Dependabot will now only update on a monthly schedule * Dependencies have been updated and synchronized ### Does this PR introduce a breaking change? Yes. * `CHANGES.rst` is now `CHANGELOG.rst` * The package now uses a `src` layout in lieu of a `flat` layout * Maintainer-specific directions are now found under `releasing.rst` ### Other information: https://packaging.python.org/en/latest/discussions/src-layout-vs-flat-layout/ https://keepachangelog.com/en/1.0.0/
hydrologie · May 17, 2024 · 40d5910 · 40d5910
2 parents f7ce872 + 8c1754f
commit 40d5910
Show file tree

Hide file tree

Showing 58 changed files with 504 additions and 272 deletions.
diff --git a/.cruft.json b/.cruft.json
@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/Ouranosinc/cookiecutter-pypackage",
-  "commit": "f391bbd6ee14ab2478c64a1f78b74bd9903cae81",
+  "commit": "c65a12012aa323aadd206dd2b5d97c82c648e341",
   "checkout": null,
   "context": {
     "cookiecutter": {
@@ -22,6 +22,26 @@
       "create_author_file": "y",
       "open_source_license": "Apache Software License 2.0",
       "generated_with_cruft": "y",
+      "__gh_slug": "https://github.com/TC-FF/xHydro",
+      "__prompts__": {
+        "full_name": "Your full name",
+        "email": "Your email address",
+        "github_username": "Your GitHub username (or organization)",
+        "project_name": "The name of your project",
+        "project_short_description": "A short description of your project",
+        "pypi_username": "Your PyPI username (or organization)",
+        "version": "The version of your project",
+        "use_pytest": "Do you want to use pytest?",
+        "use_black": "Do you want to use Black for code formatting?",
+        "use_conda": "Do you want to add configurations for Anaconda package management?",
+        "add_pyup_badge": "Do you want to add a pyup.io badge? (not recommended)",
+        "make_docs": "Do you want to generate documentation files",
+        "add_translations": "Do you want to add translations?",
+        "command_line_interface": "Which command-line interface do you want to use?",
+        "create_author_file": "Do you want to create an AUTHORS.rst file?",
+        "open_source_license": "Which open-source license do you want to use?",
+        "generated_with_cruft": "Was this project generated with Cruft? (Add a '.cruft.json' file)"
+      },
       "_template": "https://github.com/Ouranosinc/cookiecutter-pypackage"
     }
   },

diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -5,7 +5,7 @@
   - This PR fixes #xyz
 - [ ] (If applicable) Documentation has been added / updated (for bug fixes / features).
 - [ ] (If applicable) Tests have been added.
-- [ ] CHANGES.rst has been updated (with summary of main changes).
+- [ ] CHANGELOG.rst has been updated (with summary of main changes).
   - [ ] Link to issue (:issue:`number`) and pull request (:pull:`number`) has been added.
 
 ### What kind of change does this PR introduce?

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -3,13 +3,11 @@ updates:
   - package-ecosystem: github-actions
     directory: /
     schedule:
-      interval: daily
-      time: '12:00'
+      interval: monthly
     open-pull-requests-limit: 10
 
   - package-ecosystem: pip
     directory: /
     schedule:
-      interval: daily
-      time: '12:00'
+      interval: monthly
     open-pull-requests-limit: 10
diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml
@@ -19,7 +19,7 @@ on:
       - .yamllint.yaml
       - .zenodo.json
       - AUTHORS.rst
-      - CHANGES.rst
+      - CHANGELOG.rst
       - CONTRIBUTING.rst
       - Makefile
       - docs/*.py
@@ -30,7 +30,7 @@ on:
       - pyproject.toml
       - tests/**.py
       - tox.ini
-      - xhydro/__init__.py
+      - src/xhydro/__init__.py
   workflow_dispatch:
 
 permissions:
@@ -52,12 +52,15 @@ jobs:
             files.pythonhosted.org:443
             github.com:443
             pypi.org:443
-      - uses: actions/checkout@v4.1.1
+      - name: Checkout Repository (no persist-credentials)
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
         with:
           persist-credentials: false
-      - uses: actions/setup-python@v5.1.0
+          fetch-depth: 0
+      - name: Set up Python3
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
-          python-version: "3.9"
+          python-version: "3.x"
       - name: Config Commit Bot
         run: |
           git config --local user.email "bumpversion[bot]@hydrologie.com"
@@ -68,7 +71,7 @@ jobs:
       - name: Current Version
         run: |
           bump-my-version show current_version
-          CURRENT_VERSION="$(grep -E '__version__' xhydro/__init__.py | cut -d ' ' -f3)"
+          CURRENT_VERSION="$(grep -E '__version__' src/xhydro/__init__.py | cut -d ' ' -f3)"
           echo "CURRENT_VERSION=${CURRENT_VERSION}" >> $GITHUB_ENV
       - name: Conditional Bump Version
         run: |
@@ -81,7 +84,7 @@ jobs:
           fi
           bump-my-version show-bump
       - name: Push Changes
-        uses: ad-m/github-push-action@v0.8.0
+        uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0
         with:
           force: false
           github_token: ${{ secrets.BUMP_VERSION_TOKEN }}

diff --git a/.github/workflows/cache-cleaner.yml b/.github/workflows/cache-cleaner.yml
@@ -25,7 +25,8 @@ jobs:
             github.com:443
             objects.githubusercontent.com:443
 
-      - uses: actions/checkout@v4.1.1
+      - name: Checkout Repository
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
 
       - name: Cleanup
         run: |

diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -25,8 +25,8 @@ jobs:
             api.github.com:443
             github.com:443
 
-      - name: 'Checkout Repository'
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Checkout Repository
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
 
-      - name: 'Dependency Review'
+      - name: Dependency Review
         uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
diff --git a/.github/workflows/first-pull-request.yml b/.github/workflows/first-pull-request.yml
@@ -24,7 +24,8 @@ jobs:
           allowed-endpoints: >
             api.github.com:443
 
-      - uses: actions/github-script@v7.0.1
+      - name: Verify Pull Request Opener
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             // Get a list of all issues created by the PR opener

diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml
@@ -32,6 +32,7 @@ jobs:
           allowed-endpoints: >
             api.github.com:443
 
-      - uses: actions/labeler@v5.0.0
+      - name: Label Pull Request
+        uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -6,7 +6,7 @@ on:
       - main
     paths-ignore:
       - .cruft.json
-      - CHANGES.rst
+      - CHANGELOG.rst
       - README.rst
       - pyproject.toml
       - tests/test_xhydro.py
@@ -48,9 +48,10 @@ jobs:
         uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
         with:
           egress-policy: audit
-      - uses: actions/checkout@v4
+      - name: Checkout Repository
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Set up Python${{ matrix.python-version }}
-        uses: actions/setup-python@v5.1.0
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install tox
@@ -78,9 +79,10 @@ jobs:
         uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
         with:
           egress-policy: audit
-      - uses: actions/checkout@v4
+      - name: Checkout Repository
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
-        uses: mamba-org/setup-micromamba@v1
+        uses: mamba-org/setup-micromamba@422500192359a097648154e8db4e39bdb6c6eed7 # v1.8.1
         with:
           cache-downloads: true
           environment-file: environment-dev.yml
@@ -143,7 +145,8 @@ jobs:
             raw.githubusercontent.com:443
             s3.us-east-2.wasabisys.com:443
             s3.wasabisys.com:443
-      - uses: actions/checkout@v4.1.1
+      - name: Checkout Repository
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
         uses: mamba-org/setup-micromamba@v1.8.1
         with:
@@ -196,7 +199,8 @@ jobs:
         uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
         with:
           egress-policy: audit
-      - uses: actions/checkout@v4
+      - name: Checkout Repository
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
         uses: mamba-org/setup-micromamba@v1
         with:

diff --git a/.github/workflows/publish-pypi.yml b/.github/workflows/publish-pypi.yml
@@ -27,9 +27,10 @@ jobs:
             github.com:443
             pypi.org:443
             upload.pypi.org:443
-      - uses: actions/checkout@v4.1.1
+      - name: Checkout Repository
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Set up Python3
-        uses: actions/setup-python@v5.1.0
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: "3.9"
       - name: Install packaging libraries
@@ -39,4 +40,4 @@ jobs:
         run: |
           python -m flit build
       - name: Publish distribution 📦 to PyPI
-        uses: pypa/gh-action-pypi-publish@v1.8.14
+        uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
@@ -36,20 +36,22 @@ jobs:
           allowed-endpoints: >
             api.github.com:443
             api.osv.dev:443
+            api.scorecard.dev:443
             api.securityscorecards.dev:443
             fulcio.sigstore.dev:443
             github.com:443
+            index.docker.io:443
             oss-fuzz-build-logs.storage.googleapis.com:443
             rekor.sigstore.dev:443
             tuf-repo-cdn.sigstore.dev:443
             www.bestpractices.dev:443
 
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
+      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
         with:
           persist-credentials: false
 
       - name: Run analysis
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -69,14 +71,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: Upload artifact
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6  # 3.25.5
+        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # 3.25.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/tag-testpypi.yml b/.github/workflows/tag-testpypi.yml
@@ -21,9 +21,9 @@ jobs:
         with:
           egress-policy: audit
       - name: Checkout code
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Create Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # 2.0.5
         env:
           # This token is provided by Actions, you do not need to create your own token
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -51,9 +51,10 @@ jobs:
             github.com:443
             pypi.org:443
             test.pypi.org:443
-      - uses: actions/checkout@v4.1.1
+      - name: Checkout Repository
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Set up Python3
-        uses: actions/setup-python@v5.1.0
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: "3.9"
       - name: Install packaging libraries
@@ -63,7 +64,7 @@ jobs:
         run: |
           python -m flit build
       - name: Publish distribution 📦 to Test PyPI
-        uses: pypa/gh-action-pypi-publish@v1.8.14
+        uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
         with:
           repository-url: https://test.pypi.org/legacy/
           skip-existing: true
diff --git a/.gitignore b/.gitignore
@@ -75,6 +75,9 @@ target/
 # Jupyter Notebook
 .ipynb_checkpoints
 
+# Dask worker cache
+dask-worker-space/
+
 # pyenv
 .python-version
 

diff --git a/.readthedocs.yml b/.readthedocs.yml
@@ -16,7 +16,7 @@ build:
     python: "mambaforge-22.9"
   jobs:
     pre_build:
-      - sphinx-apidoc -o docs/apidoc --private --module-first xhydro
+      - sphinx-apidoc -o docs/apidoc --private --module-first src/xhydro
       - sphinx-build -M gettext docs docs/_build
 
 conda:

diff --git a/CHANGES.rst → CHANGELOG.rst b/CHANGES.rst → CHANGELOG.rst
@@ -16,11 +16,13 @@ New features and enhancements
 Breaking changes
 ^^^^^^^^^^^^^^^^
 * Hydrological models are now classes instead of functions and dictionaries. (:issue:`93`, :pull:`18`).
+* `xhydro` now uses a `'src' layout <https://packaging.python.org/en/latest/discussions/src-layout-vs-flat-layout>`_ for the package. (:pull:`147`).
 
 Internal changes
 ^^^^^^^^^^^^^^^^
 * Tests using the `gamma` distribution were changed to the `gumbel_r` to avoid changes in `xclim v0.49.0`. (:pull:`145`).
-
+* The cookiecutter template has been updated to the latest commit. Changes include the addition of a `CODE_OF_CONDUCT.rst` file, the renaming of `CHANGES.rst` to `CHANGELOG.rst`, and many small adjustments to the documentation. (:pull:`147`).
+* Added a CODE_OF_CONDUCT.rst file with Contributor Covenant guidelines. (:pull:`147`).
 
 v0.3.5 (2024-03-20)
 -------------------