Merge branch 'main' into maint/ubuntu_latest

Author: SMoraisAnsys

.github/workflows/ci_cd.yml

@@ -63,7 +63,7 @@ jobs:
     steps:
 
       - name: "Download HTML documentation artifacts"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: documentation-html
           path: documentation-html
@@ -84,7 +84,7 @@ jobs:
     steps:
 
     - name: "Download HTML documentation"
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v5
       with:
         name: documentation-html
         path: documentation-html
@@ -96,7 +96,7 @@ jobs:
         dest: documentation-html.zip
 
     - name: "Download PDF documentation"
-      uses: actions/download-artifact@v4
+      uses: actions/download-artifact@v5
       with:
         name: documentation-pdf
         path: documentation-pdf
@@ -125,7 +125,7 @@ jobs:
     steps:
 
       - name: "Download HTML documentation artifacts"
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           name: documentation-html
           path: documentation-html

.github/workflows/labeler.yml

@@ -13,7 +13,7 @@ jobs:
     name: Syncer
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: micnncim/action-label-syncer@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/nightly-build.yml

@@ -16,7 +16,7 @@ jobs:
       - name: Setup headless display
         uses: pyvista/setup-headless-display-action@v4
 
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Set up Python
         uses: actions/setup-python@v5

.pre-commit-config.yaml

@@ -2,7 +2,7 @@ repos:
 
 
 - repo: https://github.com/astral-sh/ruff-pre-commit
-  rev: v0.11.13
+  rev: v0.12.9
   hooks:
     - id: ruff-check
     - id: ruff-format
@@ -20,13 +20,13 @@ repos:
     args: ["--ignore-words", "doc/styles/config/vocabularies/ANSYS/accept.txt"]
 
 - repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v5.0.0
+  rev: v6.0.0
   hooks:
   - id: check-merge-conflict
   - id: debug-statements
 
 - repo: https://github.com/python-jsonschema/check-jsonschema
-  rev: 0.33.0
+  rev: 0.33.3
   hooks:
     - id: check-github-workflows
       name: "Check GitHub workflows"

doc/source/getting-started/administration.rst

@@ -8,6 +8,12 @@ the public release of a PyAnsys library must go through a project approval proce
 First step
 ----------
 
+.. danger::
+
+    Open-source allows users not only to view the source code, but also to modify, share, and reuse it under specific conditions.
+    It differs from making it public as anyone can use and build upon the content.
+    Do not commit any proprietary information belonging either to Ansys or to external sources. If you are uncertain, consult your manager.
+
 To trigger the public release process, project leads must first complete the
 `open source request form`_.
 

doc/source/how-to/documenting.rst

@@ -763,79 +763,7 @@ are changing. For more information, see :ref:`Branching model`.
 As you are making changes in this branch, you want to periodically generate the
 documentation locally so that you can test your changes before you create a
 GitHub pull request. For more information, see :ref:`Build documentation`.
-
-Use PyMeilisearch as a documentation search engine
---------------------------------------------------
-
-PyMeilisearch is a Python client library that lets you use MeiliSearch, an open
-source search engine, to provide fast and relevant documentation search capabilities.
-
-To use PyMeilisearch as a search engine for multi-version documentation, perform
-these steps.
-
-#. Ensure that you are using `Ansys Sphinx Theme <Ansys_Sphinx_theme_repo_>`_ version 0.8
-   or later for building your library's documentation.
-
-#. In the ``conf.py`` file in the ``doc/source`` directory, include these lines:
-
-   .. code-block:: python
-  
-       import os
-  
-       from ansys_sphinx_theme import convert_version_to_pymeilisearch
-  
-  
-       cname = os.getenv("DOCUMENTATION_CNAME", "<DEFAULT_CNAME>")
-       """Canonical name (CNAME) of the webpage hosting the documentation."""
-  
-       html_theme_options = {
-           "use_meilisearch": {
-             "api_key": os.getenv("MEILISEARCH_API_KEY", ""),
-             "index_uids": {
-               f"<your-index-name>{convert_version_to_pymeilisearch(__version__)}": "index name to display",  # noqa: E501
-             },
-           },
-           ...
-       }
-  
-#. In these lines, replace *<your-index-name>* with the name for your MeiliSearch index.
-  
-   The ``convert_version_to_pymeilisearch`` function converts your library's version into
-   a format suitable for MeiliSearch indexing.
-
-#. Enable documentation index deployment for development and stable versions using Ansys actions:
-  
-   .. code-block:: yaml
-
-     jobs:
-       doc-deploy-index:
-         name: "Index the documentation and scrap using PyMeilisearch"
-         runs-on: ubuntu-latest
-         needs: doc-deploy
-         if: github.event_name == 'push'
-         steps:
-           - name: Scrape the stable documentation to PyMeilisearch
-             run: |
-               VERSION=$(python -c "from <your-package> import __version__; print('.'.join(__version__.split('.')[:2]))")
-               VERSION_MEILI=$(python -c "from <your-package> import __version__; print('-'.join(__version__.split('.')[:2]))")
-               echo "Calculated VERSION: $VERSION"
-               echo "Calculated VERSION_MEILI: $VERSION_MEILI"
-
-           - name: "Deploy the latest documentation index"
-             uses: ansys/actions/[email protected]
-             with:
-               cname: "<library>.docs.pyansys.com/version/$VERSION"
-               index-name: "<index-name>v$VERSION_MEILI"
-               host-url: "<meilisearch-host-url>"
-               api-key: ${{ secrets.MEILISEARCH_API_KEY }}
-
-#. Replace *<your-package>*, *<your-index-name>*, and *<library>* with appropriate values
-   for your project. 
-
-The version of your package is automatically calculated and used for indexing, ensuring that
-your documentation remains up to date. For more information, see the `PyMeilisearch`_ and
-`Ansys Sphinx Theme <ansys-sphinx-theme-doc_>`_ documentation.
-
+              
 .. _SEO:
 
 Optimize web searches

doc/source/how-to/vulnerabilities.rst

@@ -204,6 +204,13 @@ and the risk of command injection is significantly reduced.
           # Removing shell=True and using a list
           subprocess.run(["echo", user_input])  # User input is not executed as a shell command
 
+.. note::
+
+  Bandit warning remains even after deactivating the `shell=True` argument.
+  If you are sure that the command is safe, you can ignore the Bandit warning. Please
+  check the `Ignore Bandit warnings`_ section for more information on how to do so.
+
+
 
 **try except continue statements**
 
@@ -285,3 +292,43 @@ provides a secure way to generate random numbers.
 
           secure_random_number = secrets.randbelow(100)  # Secure random number generation
           secure_random_letter = secrets.choice(["a", "b", "c"])  # Secure choice from a list
+
+
+Ignore Bandit warnings
+----------------------
+
+In-line comment
+~~~~~~~~~~~~~~~
+
+When using Bandit, you may encounter warnings that you believe are not relevant to your codebase
+or that you have already addressed. In such cases, you can ignore specific Bandit warnings by
+adding a comment to the end of the line that triggers the warning. The comment should be in the
+format ``# nosec <warning_id>``, where ``<warning_id>`` is the ID of the warning you want to ignore.
+
+When you ignore a Bandit warning, it is essential to provide a clear comment explaining why
+the warning is being ignored. This helps maintainers and other developers understand the context
+and rationale behind the decision.
+
+For example, to ignore the B404 warning, you would add `# nosec B404` to the end of the line:
+
+.. code:: python
+
+  # Subprocess is needed to start the backend. But
+  # the input is controlled by the library. Excluding bandit check.
+  import subprocess  # nosec B404
+
+
+.. warning::
+
+  Please note that ignoring Bandit warnings should be done with caution, and you should ensure
+  that the code is safe and does not introduce any security risks. It is recommended to review the
+  `bandit documentation`_ for more information on each warning and the potential risks involved.
+
+
+Security considerations file
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+In addition to ignoring specific Bandit warnings, it is a good practice to document the ignored
+advisories in a dedicated file. You can find an example of such a file in the `PyACP security
+considerations`_ documentation page. This way, you can provide to the users a clear overview of
+the vulnerabilities that need to be taken into account when using the library.

doc/source/links.rst

@@ -118,6 +118,7 @@
 .. _unzip: https://7-zip.org/
 .. _conventional_commit_types: https://github.com/commitizen/conventional-commit-types/blob/master/index.json
 .. _Test Driven Development (TDD): https://en.wikipedia.org/wiki/Test-driven_development
+.. _bandit documentation: https://bandit.readthedocs.io/en/latest/
 .. _blacklists bandit documentation: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html
 
 .. #Sphinx-related links

doc/styles/config/vocabularies/ANSYS/accept.txt

@@ -56,6 +56,7 @@ Microelectromechanical
 monospaced
 Muela
 [Nn]amespace
+nosec
 npm
 numpy
 [Nn]umpydoc

requirements/requirements_doc.txt

@@ -6,4 +6,4 @@ sphinx_design==0.6.1
 sphinxcontrib-mermaid>=0.7.1
 sphinx-gallery==0.19.0
 Pillow>=9.0
-pyvista==0.45.2
+pyvista==0.46.1