wislertt · wislertt · Aug 28, 2025 · Aug 28, 2025
diff --git a/.amazonq/rules/development-rules.md b/.amazonq/rules/development-rules.md
@@ -0,0 +1,46 @@
+# LeetCode Repository Rules
+
+## Discussion Mode
+
+- **Discussion Mode**: Prefix prompt with "D:" to enter read-only discussion mode
+- In discussion mode: NO code updates, only read files and provide analysis/suggestions
+- Always start responses with "[Discussion Mode]" header when in discussion mode
+- Never exit discussion mode automatically - only when user uses "XD:" prefix
+- If user seems to want code changes, remind them to use "XD:" to exit discussion mode
+- **Exit Discussion**: Use "XD:" prefix to exit discussion mode and resume normal operations
+
+## Code Standards
+
+- Use snake_case for Python method names (following Python convention)
+- Always include type hints for function parameters and return types
+- Add return statements to satisfy type checkers even if unreachable
+- Follow the project's linting rules (black, isort, ruff, mypy)
+
+## Template Usage
+
+- **When user copies LeetCode problem**: Use `leetcode/_template/` to structure the question
+- Copy template files to new question directory: `leetcode/{question_name}/`
+- Replace template placeholders with actual problem details:
+    - `{method_name}` - snake_case method name (e.g., `two_sum`)
+    - `{ClassName}` - PascalCase class name (e.g., `TwoSum`)
+    - `{parameters}` - method parameters with types
+    - `{return_type}` - return type annotation
+    - Test case placeholders with actual examples
+- Always use the template structure for consistency
+
+## File Structure
+
+Each LeetCode problem should have:
+
+- `README.md` - Problem description and examples
+- `solution.py` - Solution implementation
+- `tests.py` - Parametrized pytest tests with loguru logging
+- `__init__.py` - Empty file for Python package
+
+## Testing
+
+- Use `make test-question QUESTION=<question_name>` to run tests
+- Use `make test` to run all questions with coverage
+- Default question is set to `two_sum` in Makefile
+- Tests should cover all provided examples
+- Use loguru for beautiful logging in tests
diff --git a/.github/renovate.json5 b/.github/renovate.json5
@@ -0,0 +1,4 @@
+{
+    $schema: "https://docs.renovatebot.com/renovate-schema.json",
+    extends: ["config:recommended"],
+}
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -0,0 +1,57 @@
+name: cd
+
+on:
+    push:
+        branches:
+            - main
+
+permissions:
+    contents: write
+    issues: write
+    pull-requests: write
+
+jobs:
+    versioning:
+        name: versioning
+        runs-on: ubuntu-latest
+        outputs:
+            new_release_version: ${{ steps.set-outputs.outputs.version }}
+            new_release_published: ${{ steps.set-outputs.outputs.published }}
+        steps:
+            - name: Checkout
+              uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+              with:
+                  fetch-depth: 0
+
+            - name: Check existing release
+              id: check-release
+              run: |
+                  CURRENT_SHA=$(git rev-parse HEAD)
+                  EXISTING_TAG=$(git tag --points-at $CURRENT_SHA | grep '^v' | head -1)
+                  if [ -n "$EXISTING_TAG" ]; then
+                      echo "existing_tag=$EXISTING_TAG" >> $GITHUB_OUTPUT
+                      echo "existing_version=${EXISTING_TAG#v}" >> $GITHUB_OUTPUT
+                      echo "has_existing=true" >> $GITHUB_OUTPUT
+                  else
+                      echo "has_existing=false" >> $GITHUB_OUTPUT
+                  fi
+
+            - id: release
+              name: Release
+              if: steps.check-release.outputs.has_existing == 'false'
+              uses: cycjimmy/semantic-release-action@16ca923e6ccbb50770c415a0ccd43709a8c5f7a4 # v4.2.2
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Set outputs
+              id: set-outputs
+              run: |
+                  if [ "${{ steps.check-release.outputs.has_existing }}" == "true" ]; then
+                      echo "version=${{ steps.check-release.outputs.existing_version }}" >> $GITHUB_OUTPUT
+                      echo "published=true" >> $GITHUB_OUTPUT
+                      echo "Using existing release: ${{ steps.check-release.outputs.existing_version }}"
+                  else
+                      echo "version=${{ steps.release.outputs.new_release_version }}" >> $GITHUB_OUTPUT
+                      echo "published=${{ steps.release.outputs.new_release_published }}" >> $GITHUB_OUTPUT
+                      echo "New release: ${{ steps.release.outputs.new_release_version }}"
+                  fi
diff --git a/.github/workflows/ci-pre-commit.yml b/.github/workflows/ci-pre-commit.yml
@@ -0,0 +1,44 @@
+name: ci
+
+on:
+    pull_request:
+        types: [opened, synchronize, reopened]
+
+jobs:
+    pre-commit:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+            - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
+              with:
+                  python-version: "3.x"
+
+            - name: Install Poetry
+              uses: snok/install-poetry@76e04a911780d5b312d89783f7b1cd627778900a # v1.4.1
+              with:
+                  virtualenvs-create: true
+                  virtualenvs-in-project: true
+                  installer-parallel: true
+
+            - name: Load cached venv
+              id: cached-poetry-dependencies
+              uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+              with:
+                  path: .venv
+                  key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
+
+            - name: Install dependencies
+              run: poetry install --no-interaction --no-ansi
+
+            - name: Setup Node.js
+              uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+              with:
+                  node-version: "latest"
+
+            - name: Install Prettier
+              run: npm install -g prettier
+
+            - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
+              with:
+                  extra_args: --all-files
diff --git a/.github/workflows/ci-test.yml b/.github/workflows/ci-test.yml
@@ -0,0 +1,40 @@
+name: ci
+
+on:
+    push:
+        branches: [main]
+    pull_request:
+        branches: [main]
+
+jobs:
+    test:
+        runs-on: ubuntu-latest
+
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Set up Python
+              uses: actions/setup-python@v5
+              with:
+                  python-version: "3.13"
+
+            - name: Install Poetry
+              uses: snok/install-poetry@v1
+              with:
+                  virtualenvs-create: true
+                  virtualenvs-in-project: true
+                  installer-parallel: true
+
+            - name: Load cached venv
+              id: cached-poetry-dependencies
+              uses: actions/cache@v4
+              with:
+                  path: .venv
+                  key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
+
+            - name: Install dependencies
+              if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
+              run: poetry install --no-interaction --no-ansi
+
+            - name: Run tests
+              run: make test
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -0,0 +1,35 @@
+name: security
+on:
+    push:
+    workflow_dispatch:
+    schedule:
+        - cron: "0 4 * * *" # run once a day at 4 AM
+
+jobs:
+    trivy-scan:
+        runs-on: ubuntu-latest
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+            - name: Run Trivy dependency scan
+              uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 # v0.32.0
+              with:
+                  scan-type: fs
+                  format: table
+                  exit-code: "1"
+                  vuln-type: "os,library"
+
+    gitleaks:
+        name: gitleaks
+        runs-on: ubuntu-latest
+
+        steps:
+            - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+              with:
+                  fetch-depth: 0
+
+            - uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7 # v2.3.9
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/semantic-pull-request.yaml b/.github/workflows/semantic-pull-request.yaml
@@ -0,0 +1,19 @@
+name: ci
+
+on:
+    pull_request:
+        branches: [main]
+        types: [opened, edited, synchronize, reopened]
+
+permissions:
+    pull-requests: read
+
+jobs:
+    semantic-pull-request:
+        name: semantic-pull-request
+        runs-on: ubuntu-latest
+        steps:
+            - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6.1.1
+              name: Validate PR title
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}