.codacy.yml

@@ -1,4 +1,5 @@
 exclude_paths:
+  - 'picard/resources.py'
   - 'picard/ui/ui_*.py'
 engines:
   coverage:

.github/workflows/codacy-analysis.yml

@@ -17,6 +17,11 @@ on:
   schedule:
     - cron: '32 4 * * 0'
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 jobs:
   codacy-security-scan:
     name: Codacy Security Scan

.github/workflows/codeql-analysis.yml

@@ -14,6 +14,11 @@ on:
   schedule:
     - cron: '0 14 * * 6'
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 jobs:
   analyze:
     name: Analyze

.github/workflows/package.yml

@@ -22,6 +22,8 @@ on:
     - 'win.version-info.txt.in'
   pull_request:
 
+permissions: {}
+
 jobs:
   package-macos:
     runs-on: macos-11
@@ -32,11 +34,11 @@ jobs:
           python-version: 3.9.12-macosx10.9
           python-sha256sum: 7888174c6fe441b00448c7ab3e9cbf0e6c3c7dea0750577baf09e1383fc44656
         - macos-deployment-version: 10.14
-          python-version: 3.11.1-macos11
-          python-sha256sum: f4de33ad3ef09c3e31196b296aec761eabab4564fc8c25e50ea99edd01969819
+          python-version: 3.11.5-macos11
+          python-sha256sum: c6cd76659bfb364c2ac63bc57f6b10c1e131a20170359c5d65e2d41fdc674a4f
     env:
-      DISCID_VERSION: 0.6.3
-      DISCID_SHA256SUM: 8bca27e2f621c7813a6a9951fd573b31754a6fb51551a373c1acea1aa188adeb
+      DISCID_VERSION: 0.6.4
+      DISCID_SHA256SUM: 829133dd38acbdaa2b989de59e256c8d139ac34cb4dd4b8fd3c9d55a97c824f3
       FPCALC_VERSION: 1.5.1
       FPCALC_SHA256SUM: d4d8faff4b5f7c558d9be053da47804f9501eaa6c2f87906a9f040f38d61c860
       PYTHON_VERSION: ${{ matrix.setup.python-version }}
@@ -71,18 +73,11 @@ jobs:
         cd ..
         pip3 install .
       env:
-        PYINSTALLER_VERSION: v5.12.0
+        PYINSTALLER_VERSION: v5.13.2
         CFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
         CPPFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
         LDFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
         LINKFLAGS: -mmacosx-version-min=${{ matrix.setup.macos-deployment-version }}
-    - name: Install patched mutagen
-      run: |
-        mkdir -p build
-        cd build
-        git clone -b release-1.46-picard --single-branch --depth 1 https://github.com/phw/mutagen.git
-        cd mutagen
-        pip3 install .
     - name: Install dependencies
       run: |
         pip3 install -r requirements-build.txt
@@ -152,17 +147,10 @@ jobs:
         Write-Output "BUILD_NUMBER=$BuildNumber" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8
         New-Item -Name .\artifacts -ItemType Directory
       env:
-        DISCID_VERSION: 0.6.3
-        DISCID_SHA256SUM: c9486ece9796584a5ce5cf49efe88ada4454c24fa6f028c8bde1aaef28e99853
+        DISCID_VERSION: 0.6.4
+        DISCID_SHA256SUM: 330199495d71f71251e91eb0b4e3103b6c663fea09ffc9fd3e5108d48e0452c8
         FPCALC_VERSION: 1.5.1
         FPCALC_SHA256SUM: 36b478e16aa69f757f376645db0d436073a42c0097b6bb2677109e7835b59bbc
-    - name: Install patched mutagen
-      run: |
-        New-Item -Name .\build -ItemType Directory -Force
-        cd build
-        git clone -b release-1.46-picard --single-branch --depth 1 https://github.com/phw/mutagen.git
-        cd mutagen
-        pip install .
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip
@@ -200,8 +188,10 @@ jobs:
     - name: Build Windows 10 signed app package
       if: matrix.type == 'signed-app' && env.CODESIGN == '1'
       run: |
-        $CertPassword = ConvertTo-SecureString -String $Env:CODESIGN_P12_PASSWORD -Force -AsPlainText
-        & .\scripts\package\win-package-appx.ps1 -BuildNumber $Env:BUILD_NUMBER -CertificateFile .\codesign.pfx -CertificatePassword $CertPassword
+        $CertificateFile = ".\codesign.pfx"
+        $CertificatePassword = ConvertTo-SecureString -String $Env:CODESIGN_P12_PASSWORD -Force -AsPlainText
+        & .\scripts\package\win-package-appx.ps1 -BuildNumber $Env:BUILD_NUMBER `
+          -CertificateFile $CertificateFile -CertificatePassword $CertificatePassword
         Move-Item .\dist\*.msix .\artifacts
       env:
         CODESIGN_P12_PASSWORD: ${{ secrets.CODESIGN_P12_PASSWORD }}
@@ -210,12 +200,14 @@ jobs:
       run: |
         # choco install nsis
         If ($Env:CODESIGN -eq "1") {
-          $CertPassword = ConvertTo-SecureString -String $Env:CODESIGN_P12_PASSWORD -Force -AsPlainText
-          $Certificate = Get-PfxCertificate -FilePath .\codesign.pfx -Password $CertPassword
+          $CertificateFile = ".\codesign.pfx"
+          $CertificatePassword = ConvertTo-SecureString -String $Env:CODESIGN_P12_PASSWORD -Force -AsPlainText
         } Else {
-          $Certificate = $null
+          $CertificateFile = $null
+          $CertificatePassword = $null
         }
-        & .\scripts\package\win-package-installer.ps1 -BuildNumber $Env:BUILD_NUMBER -Certificate $Certificate
+        & .\scripts\package\win-package-installer.ps1 -BuildNumber $Env:BUILD_NUMBER `
+          -CertificateFile $CertificateFile -CertificatePassword $CertificatePassword
         Move-Item .\installer\*.exe .\artifacts
         dist\picard\fpcalc -version
       env:
@@ -224,12 +216,14 @@ jobs:
       if: matrix.type == 'portable'
       run: |
         If ($Env:CODESIGN -eq "1") {
-          $CertPassword = ConvertTo-SecureString -String $Env:CODESIGN_P12_PASSWORD -Force -AsPlainText
-          $Certificate = Get-PfxCertificate -FilePath .\codesign.pfx -Password $CertPassword
+          $CertificateFile = ".\codesign.pfx"
+          $CertificatePassword = ConvertTo-SecureString -String $Env:CODESIGN_P12_PASSWORD -Force -AsPlainText
         } Else {
-          $Certificate = $null
+          $CertificateFile = $null
+          $CertificatePassword = $null
         }
-        & .\scripts\package\win-package-portable.ps1 -BuildNumber $Env:BUILD_NUMBER -Certificate $Certificate
+        & .\scripts\package\win-package-portable.ps1 -BuildNumber $Env:BUILD_NUMBER `
+          -CertificateFile $CertificateFile -CertificatePassword $CertificatePassword
         Move-Item .\dist\*.exe .\artifacts
       env:
         CODESIGN_P12_PASSWORD: ${{ secrets.CODESIGN_P12_PASSWORD }}
@@ -254,6 +248,8 @@ jobs:
       - package-macos
       - package-windows
       - package-pypi
+    permissions:
+      contents: write
     steps:
     - uses: actions/checkout@v3
     - uses: actions/setup-python@v4
@@ -297,12 +293,19 @@ jobs:
       run: |
         PICARD_VERSION=$(python -c "import picard; print(picard.__version__)")
         echo "version=$PICARD_VERSION" >> $GITHUB_OUTPUT
+        if [[ "$PICARD_VERSION" =~ (a|b|rc|dev) ]]; then
+          echo "::notice::Releasing pre-release $PICARD_VERSION"
+          echo "prerelease=true" >> $GITHUB_OUTPUT
+        else
+          echo "::notice::Releasing production release $PICARD_VERSION"
+        fi
         ./scripts/tools/changelog-for-version.py $PICARD_VERSION > changes-$PICARD_VERSION.txt
     - name: Create release
       uses: softprops/action-gh-release@v1
       with:
         name: MusicBrainz Picard ${{ steps.changelog.outputs.version }}
         body_path: changes-${{ steps.changelog.outputs.version }}.txt
+        prerelease: ${{ steps.changelog.outputs.prerelease }}
         files: artifacts/*
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pypi-release.yml

@@ -2,6 +2,7 @@ name: Package for PyPI
 
 on: [workflow_call]
 
+permissions: {}
 defaults:
   run:
     shell: bash
@@ -28,6 +29,7 @@ jobs:
         python setup.py test
     - name: Build Python source distribution
       run: |
+        git clean -dfx
         python setup.py clean sdist --formats=gztar,zip
     - name: Prepare GPG signing key
       run: |
@@ -79,7 +81,7 @@ jobs:
       fail-fast: false
       matrix:
         os: [macos-11, windows-2019]
-        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11']
+        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12.0-rc.1']
     steps:
     - uses: actions/checkout@v3
     - name: Set up Python ${{ matrix.python-version }}

.github/workflows/run-tests.yml

@@ -1,14 +1,15 @@
 name: Run tests
 
 on: [push, pull_request]
+permissions: {}
 
 jobs:
   test-latest:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
         os: [macos-latest, ubuntu-latest, windows-2019]
-        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11']
+        python-version: ['3.7', '3.8', '3.9', '3.10', '3.11', '3.12.0-rc.1']
         include:
         - os: macos-11
           python-version: '3.7'

.github/workflows/validate-appstream.yml → .github/workflows/validate-xdg-metadata.yml

@@ -1,32 +1,37 @@
-name: Validate AppStream
+name: Validate XDG metadata
 
 on:
   push:
     paths:
-    - '.github/workflows/validate-appstream.yml'
+    - '.github/workflows/validate-xdg-metadata.yml'
     - 'org.musicbrainz.Picard.appdata.xml.in'
+    - 'org.musicbrainz.Picard.desktop.in'
     - 'po/appstream/*.po'
     - 'NEWS.md'
     - 'setup.py'
   pull_request:
 
 jobs:
-  validate-appstream:
+  validate-xdg-metadata:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
     - name: Set up Python
       uses: actions/setup-python@v4
       with:
         python-version: '3.11'
-    - name: Install appstream-util
+    - name: Install utils
       run: |
         sudo apt-get update
-        sudo apt-get install appstream-util gettext
+        sudo apt-get install appstream-util desktop-file-utils gettext
     - name: Validate AppStream metadata
       run: |
         python setup.py build_appdata
         appstream-util validate-relax org.musicbrainz.Picard.appdata.xml
         # TODO: Consider using appstreamcli once ubuntu-latest provides
         #       appstreamcli>=0.16, as this tool catches more issues.
         #appstreamcli validate --pedantic --explain org.musicbrainz.Picard.appdata.xml
+    - name: Validate desktop file
+      run: |
+        python setup.py build_desktop_file
+        desktop-file-validate org.musicbrainz.Picard.desktop

.gitignore

@@ -7,6 +7,7 @@
 # virtualenv
 .venv
 venv/
+.python-version
 
 # OS generated files
 .DS_Store
@@ -22,6 +23,7 @@ Thumbs.db:encryptable
 *.pyc
 *.pyd
 *.so
+*.mo
 appxmanifest.xml
 build/
 coverage.xml
@@ -30,6 +32,7 @@ installer/picard-setup.nsi
 installer/i18n/out/*.nsh
 locale/
 org.musicbrainz.Picard.appdata.xml
+org.musicbrainz.Picard.desktop
 picard.egg-info
 po/attributes/attributes.pot
 po/countries/countries.pot
@@ -42,3 +45,4 @@ win-version-info.txt
 *~
 appledev.p12
 build.cfg
+.weblate.ini

.markdownlint.json

@@ -0,0 +1,10 @@
+{
+    "no-multiple-blanks": false,
+    "line-length": false,
+    "blanks-around-headers": false,
+    "no-duplicate-header": {
+        "allow_different_nesting": true
+    },
+    "single-h1": false,
+    "blanks-around-lists": false
+}

.pylintrc

@@ -283,8 +283,8 @@ min-similarity-lines=4
 
 # List of additional names supposed to be defined in builtins. Remember that
 # you should avoid defining new builtins when possible.
-additional-builtins=_, N_, ngettext, gettext_countries,
-                    gettext_attributes, pgettext_attributes
+additional-builtins=_, N_, ngettext, gettext_attributes, pgettext_attributes,
+                    gettext_constants, gettext_countries
 
 # Tells whether unused global variables should be treated as a violation.
 allow-global-unused-variables=yes