MaineDSA
diff --git a/‎.github/workflows/python.yml‎
Lines changed: 17 additions & 288 deletions b/‎.github/workflows/python.yml‎
Lines changed: 17 additions & 288 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 9 additions & 9 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 9 additions & 9 deletions
@@ -12,297 +12,26 @@ on:
 permissions: read-all
 
 jobs:
-  pytest:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        python-version:
-          - '3.11'
-          - '3.12'
-          - '3.13'
-          - '3.14'
-        os:
-          - ubuntu-latest
-          - windows-latest
-          - macos-latest
-        resolution:
-          - highest
-          - lowest-direct
-
+  lint:
+    uses: bmos/bmos/.github/workflows/python-lint.yml@main
+    secrets: inherit
+    with:
+      src_folder: "src"
+      python_version: "3.13"
     permissions:
+      # Write
       contents: write
-
-    steps:
-      - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b
-        with:
-          egress-policy: audit
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
-        with:
-          python-version: ${{ matrix.python-version }}
-          cache: pip
-
-      - uses: install-pinned/uv@0590ea0c73b1fdb765847c94975e71c97d9ad0b1
-
-      - run: |
-          uv pip install --system --resolution ${{ matrix.resolution }} -e .[dev]
-
-      - run: |
-          patchright install chrome
-
-      - id: cache-pytest
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
-        with:
-          path: .pytest_cache
-          key: pytest-${{ matrix.python-version }}-${{ matrix.os }}-${{ matrix.resolution }}-${{ hashFiles('pyproject.toml') }}
-
-      - run: pytest
-        env:
-          COVERAGE_FILE: ".coverage.${{ matrix.os }}.${{ matrix.python-version }}.${{ matrix.resolution }}"
-
-      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
-        with:
-          name: coverage-${{ matrix.os }}-${{ matrix.python-version }}-${{ matrix.resolution }}
-          path: .coverage.${{ matrix.os }}.${{ matrix.python-version }}.${{ matrix.resolution }}
-          include-hidden-files: true
-
-  ruff-format:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b
-        with:
-          disable-sudo: true
-          egress-policy: block
-          allowed-endpoints: >
-            files.pythonhosted.org:443
-            github.com:443
-            pypi.org:443
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
-        with:
-          python-version: 3.13
-          cache: pip
-
-      - uses: install-pinned/uv@0590ea0c73b1fdb765847c94975e71c97d9ad0b1
-
-      - run: uv pip install --system .[dev]
-
-      - id: cache-ruff
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
-        with:
-          path: .ruff_cache
-          key: ruff-${{ hashFiles('pyproject.toml') }}
-
-      - id: run-ruff
-        run: ruff format --diff .
-
-  ruff-check:
-    runs-on: ubuntu-latest
-
-    permissions:
       security-events: write
 
-    steps:
-      - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b
-        with:
-          disable-sudo: true
-          egress-policy: block
-          allowed-endpoints: >
-            api.github.com:443
-            files.pythonhosted.org:443
-            github.com:443
-            pypi.org:443
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
-        with:
-          python-version: 3.13
-          cache: pip
-
-      - uses: install-pinned/uv@0590ea0c73b1fdb765847c94975e71c97d9ad0b1
-
-      - run: uv pip install --system .[dev]
-
-      - id: cache-ruff
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
-        with:
-          path: .ruff_cache
-          key: ruff-${{ hashFiles('pyproject.toml') }}
-
-      - id: run-ruff-sarif
-        run: |
-          ruff check --output-format=sarif -o results.sarif .
-
-      - uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e
-        if: ( success() || failure() ) && contains('["success", "failure"]', steps.run-ruff-sarif.outcome)
-        with:
-          sarif_file: results.sarif
-
-      - id: run-ruff
-        if: failure() && contains('["failure"]', steps.run-ruff-sarif.outcome)
-        run: |
-          ruff check --output-format=github .
-
-
-  bandit:
-    runs-on: ubuntu-latest
-
+  test:
+    uses: bmos/bmos/.github/workflows/python-test.yml@main
+    needs: lint
+    secrets: inherit
+    with:
+      src_folder: "src"
+      test_folder: "tests"
+      python_version: "['3.11', '3.12', '3.13', '3.14']"
     permissions:
-      security-events: write
-
-    steps:
-      - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b
-        with:
-          disable-sudo: true
-          egress-policy: block
-          allowed-endpoints: >
-            api.github.com:443
-            files.pythonhosted.org:443
-            github.com:443
-            pypi.org:443
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
-        with:
-          python-version: 3.13
-          cache: pip
-
-      - uses: install-pinned/uv@0590ea0c73b1fdb765847c94975e71c97d9ad0b1
-
-      - run: uv pip install --system .[dev]
-
-      - id: run-bandit-sarif
-        run: |
-          bandit --confidence-level 'medium' --severity-level 'medium' --recursive 'src' --format 'sarif' --output 'results.sarif'
-
-      - uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e
-        if: ( success() || failure() ) && contains('["success", "failure"]', steps.run-bandit-sarif.outcome)
-        with:
-          sarif_file: results.sarif
-
-      - id: run-bandit
-        if: failure() && contains('["failure"]', steps.run-bandit-sarif.outcome)
-        run: |
-          bandit --confidence-level 'medium' --severity-level 'medium' --recursive 'src'
-
-
-  mypy:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b
-        with:
-          disable-sudo: true
-          egress-policy: block
-          allowed-endpoints: >
-            files.pythonhosted.org:443
-            github.com:443
-            pypi.org:443
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
-        with:
-          python-version: '3.13'
-          cache: pip
-
-      - uses: install-pinned/uv@0590ea0c73b1fdb765847c94975e71c97d9ad0b1
-
-      - run: uv pip install --system -e .[dev]
-
-      - id: cache-mypy
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
-        with:
-          path: .mypy_cache
-          key: ${{ runner.os }}-mypy-${{ hashFiles('pyproject.toml') }}
-
-      - run: mypy .
-
-  coverage:
-    runs-on: ubuntu-latest
-    needs: pytest
-
-    permissions:
-      pull-requests: write
+      # Write
       contents: write
-
-    steps:
-      - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b
-        with:
-          disable-sudo: true
-          egress-policy: block
-          allowed-endpoints: >
-            api.github.com:443
-            github.com:443
-            img.shields.io:443
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3
-        with:
-          pattern: coverage-*
-          merge-multiple: true
-
-      - id: coverage_comment
-        uses: py-cov-action/python-coverage-comment-action@e623398c19eb3853a5572d4a516e10b15b5cefbc
-        with:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          MERGE_COVERAGE_FILES: true
-
-      - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
-        if: steps.coverage_comment.outputs.COMMENT_FILE_WRITTEN == 'true'
-        with:
-          name: python-coverage-comment-action
-          path: python-coverage-comment-action.txt
-
-  pre-commit:
-    runs-on: ubuntu-latest
-    needs:
-      - ruff-format
-      - ruff-check
-      - bandit
-
-    permissions:
-      contents: write
-
-    steps:
-      - uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b
-        with:
-          disable-sudo: true
-          egress-policy: block
-          allowed-endpoints: >
-            files.pythonhosted.org:443
-            github.com:443
-            proxy.golang.org:443
-            pypi.org:443
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
-
-      - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548
-        with:
-          python-version: 3.13
-          cache: pip
-
-      - uses: install-pinned/uv@0590ea0c73b1fdb765847c94975e71c97d9ad0b1
-
-      - run: uv pip install --system .[dev]
-
-      - id: cache-pre-commit
-        uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306
-        with:
-          path: .pre-commit-cache
-          key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}-${{ hashFiles('pyproject.toml') }}
-
-      - run: |
-          pre-commit install
-          pre-commit run --all-files
-        env:
-          PRE_COMMIT_HOME: .pre-commit-cache
+      pull-requests: write
@@ -13,18 +13,18 @@ repos:
           - id: check-toml
           - id: debug-statements
           - id: mixed-line-ending
-    - repo: https://github.com/bwhmather/ssort
-      rev: 0.15.0
+    - repo: https://github.com/PyCQA/bandit
+      rev: 1.9.4
       hooks:
-          - id: ssort
+          - id: bandit
+            args: ['--confidence-level', 'medium']
+            files: '^src'
     - repo: https://github.com/astral-sh/ruff-pre-commit
-      rev: 'v0.14.7'
+      rev: v0.15.4
       hooks:
           - id: ruff
           - id: ruff-format
-    - repo: https://github.com/PyCQA/bandit
-      rev: '1.9.2'
+    - repo: https://github.com/bwhmather/ssort
+      rev: 0.15.0
       hooks:
-          - id: bandit
-            args: ['--confidence-level', 'medium']
-            files: '^src'
+          - id: ssort