robbinjanssen · robbinjanssen · Feb 12, 2024 · Feb 8, 2024 · Feb 8, 2024 · Feb 8, 2024
diff --git a/.codespell-ignore b/.codespell-ignore
diff --git a/.flake8 b/.flake8
@@ -0,0 +1,41 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "timezone": "Europe/Amsterdam",
+  "schedule": ["before 6am every weekday"],
+  "rebaseWhen": "behind-base-branch",
+  "dependencyDashboard": true,
+  "labels": ["dependencies"],
+  "lockFileMaintenance": {
+    "enabled": true,
+    "automerge": true
+  },
+  "commitMessagePrefix": "⬆️",
+  "packageRules": [
+    {
+      "matchManagers": ["poetry"],
+      "addLabels": ["python"]
+    },
+    {
+      "matchManagers": ["poetry"],
+      "matchDepTypes": ["dev"],
+      "rangeStrategy": "pin"
+    },
+    {
+      "matchManagers": ["poetry"],
+      "matchUpdateTypes": ["minor", "patch"],
+      "automerge": true
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "addLabels": ["github_actions"],
+      "rangeStrategy": "pin",
+      "extractVersion": "^(?<version>v\\d+\\.\\d+\\.\\d+)$",
+      "versioning": "regex:^v(?<major>\\d+)(\\.(?<minor>\\d+)\\.(?<patch>\\d+))?$"
+    },
+    {
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch"],
+      "automerge": true
+    }
+  ]
+}
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -16,12 +16,10 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v4.1.1
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: python
+        uses: github/codeql-action/init@v3.24.0
 
       - name: Perform Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v3.24.0
diff --git a/.github/workflows/draft-release.yaml b/.github/workflows/draft-release.yaml
@@ -4,6 +4,7 @@ name: Draft Release
 on:
   push:
     branches: [main]
+  workflow_dispatch:
 
 jobs:
   update-release-draft:
@@ -12,6 +13,6 @@ jobs:
 
     steps:
       - name: Run release drafter
-        uses: release-drafter/release-drafter@v6
+        uses: release-drafter/release-drafter@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/issues.yaml b/.github/workflows/issues.yaml
@@ -3,7 +3,7 @@ name: Issues
 
 on:
   schedule:
-    - cron: "0 8 * * *"
+    - cron: "0 17 * * *"
   workflow_dispatch:
 
 jobs:
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: dessant/lock-threads@v5
+      - uses: dessant/lock-threads@v5.0.1
         with:
           github-token: ${{ github.token }}
           issue-inactive-days: "30"
@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Run stale
-        uses: actions/stale@v9
+        uses: actions/stale@v9.0.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30

diff --git a/.github/workflows/linting.yaml b/.github/workflows/linting.yaml
@@ -6,105 +6,186 @@ on:
   pull_request:
   workflow_dispatch:
 
+
+env:
+  DEFAULT_PYTHON: "3.11"
+
 jobs:
-  precommit:
-    name: ${{ matrix.name }}
+  codespell:
+    name: codespell
     runs-on: ubuntu-latest
-    if: ${{ github.actor != 'dependabot[bot]' }}
-    strategy:
-      matrix:
-        include:
-          - id: bandit
-            name: Check with bandit
-          - id: black
-            name: Check code style
-          - id: blacken-docs
-            name: Check code style in documentation
-          - id: check-ast
-            name: Check Python AST
-          - id: check-case-conflict
-            name: Check for case conflicts
-          - id: check-docstring-first
-            name: Check docstring is first
-          - id: check-executables-have-shebangs
-            name: Check that executables have shebangs
-          - id: check-json
-            name: Check JSON files
-          - id: check-merge-conflict
-            name: Check for merge conflicts
-          - id: check-symlinks
-            name: Check for broken symlinks
-          - id: check-toml
-            name: Check TOML files
-          - id: check-yaml
-            name: Check YAML files
-          - id: codespell
-            name: Check code for common misspellings
-          - id: debug-statements
-            name: Debug Statements and imports (Python)
-          - id: detect-private-key
-            name: Detect Private Keys
-          - id: end-of-file-fixer
-            name: Check End of Files
-          - id: fix-byte-order-marker
-            name: Check UTF-8 byte order marker
-          - id: flake8
-            name: Enforcing style guide with flake8
-          - id: isort
-            name: Check imports are sorted
-          - id: poetry
-            name: Check pyproject file
-          - id: pylint
-            name: Check with pylint
-          - id: pyupgrade
-            name: Check for upgradable syntax
-          - id: trailing-whitespace
-            name: Trim Trailing Whitespace
-          - id: vulture
-            name: Check for unused Python code
-          - id: yamllint
-            name: Check YAML style
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4.1.1
+
+      - name: Set up Poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        id: python
+        uses: actions/setup-python@v5.0.0
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+          cache: "poetry"
+
+      - name: Install workflow dependencies
+        run: |
+          poetry config virtualenvs.create true
+          poetry config virtualenvs.in-project true
+
+      - name: Install dependencies
+        run: poetry install --no-interaction
+
+      - name: Check code for common misspellings
+        run: poetry run pre-commit run codespell --all-files
 
+  ruff:
+    name: Ruff
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v4.1.1
 
-      - name: Set up Python 3.9
+      - name: Set up Poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
         id: python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v5.0.0
         with:
-          python-version: '3.9'
+          python-version: ${{ env.DEFAULT_PYTHON }}
+          cache: "poetry"
 
-      - name: Set pip cache dir
-        id: pip-cache
+      - name: Install workflow dependencies
         run: |
-          echo "dir=$(pip cache dir)" >> $GITHUB_OUTPUT
+          poetry config virtualenvs.create true
+          poetry config virtualenvs.in-project true
+
+      - name: Install dependencies
+        run: poetry install --no-interaction
 
-      - name: Restore cached Python pip packages
-        uses: actions/cache@v4
+      - name: Run Ruff linter
+        run: poetry run ruff check --output-format=github .
+
+      - name: Run Ruff formatter
+        run: poetry run ruff format --check .
+
+  pre-commit-hooks:
+    name: pre-commit-hooks
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4.1.1
+
+      - name: Set up Poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        id: python
+        uses: actions/setup-python@v5.0.0
         with:
-          path: ${{ steps.pip-cache.outputs.dir }}
-          key: pip-${{ runner.os }}-v2-${{ steps.python.outputs.python-version }}-${{ hashFiles('.github/workflows/requirements.txt') }}
-          restore-keys: |
-            pip-${{ runner.os }}-v2-${{ steps.python.outputs.python-version }}-
+          python-version: ${{ env.DEFAULT_PYTHON }}
+          cache: "poetry"
 
       - name: Install workflow dependencies
         run: |
-          pip install -r .github/workflows/requirements.txt
           poetry config virtualenvs.create true
           poetry config virtualenvs.in-project true
 
-      - name: Restore cached Python venv
-        id: cached-poetry-dependencies
-        uses: actions/cache@v4
+      - name: Install dependencies
+        run: poetry install --no-interaction
+
+      - name: Check Python AST
+        run: poetry run pre-commit run check-ast --all-files
+
+      - name: Check for case conflicts
+        run: poetry run pre-commit run check-case-conflict --all-files
+
+      - name: Check docstring is first
+        run: poetry run pre-commit run check-docstring-first --all-files
+
+      - name: Check that executables have shebangs
+        run: poetry run pre-commit run check-executables-have-shebangs --all-files
+
+      - name: Check JSON files
+        run: poetry run pre-commit run check-json --all-files
+
+      - name: Check for merge conflicts
+        run: poetry run pre-commit run check-merge-conflict --all-files
+
+      - name: Check for broken symlinks
+        run: poetry run pre-commit run check-symlinks --all-files
+
+      - name: Check TOML files
+        run: poetry run pre-commit run check-toml --all-files
+
+      - name: Check XML files
+        run: poetry run pre-commit run check-xml --all-files
+
+      - name: Check YAML files
+        run: poetry run pre-commit run check-yaml --all-files
+
+      - name: Detect Private Keys
+        run: poetry run pre-commit run detect-private-key --all-files
+
+      - name: Check End of Files
+        run: poetry run pre-commit run end-of-file-fixer --all-files
+
+      - name: Trim Trailing Whitespace
+        run: poetry run pre-commit run trailing-whitespace --all-files
+
+  pylint:
+    name: pylint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4.1.1
+
+      - name: Set up Poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        id: python
+        uses: actions/setup-python@v5.0.0
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+          cache: "poetry"
+
+      - name: Install workflow dependencies
+        run: |
+          poetry config virtualenvs.create true
+          poetry config virtualenvs.in-project true
+
+      - name: Install dependencies
+        run: poetry install --no-interaction
+
+      - name: Run pylint
+        run: poetry run pre-commit run pylint --all-files
+
+  yamllint:
+    name: yamllint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4.1.1
+
+      - name: Set up Poetry
+        run: pipx install poetry
+
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        id: python
+        uses: actions/setup-python@v5.0.0
         with:
-          path: .venv
-          key: >-
-            venv-${{ runner.os }}-v2-${{ steps.python.outputs.python-version }}-${{ hashFiles('poetry.lock') }}
-            venv-${{ runner.os }}-v2-${{ steps.python.outputs.python-version }}-
+          python-version: ${{ env.DEFAULT_PYTHON }}
+          cache: "poetry"
+
+      - name: Install workflow dependencies
+        run: |
+          poetry config virtualenvs.create true
+          poetry config virtualenvs.in-project true
 
       - name: Install dependencies
         run: poetry install --no-interaction
 
-      - name: Run pre-commit for ${{ matrix.id }}
-        run: poetry run pre-commit run ${{ matrix.id }} --all-files
+      - name: Run yamllint
+        run: poetry run yamllint .