diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md deleted file mode 100644 index 1d8ad18..0000000 --- a/.github/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,133 +0,0 @@ - -# Contributor Covenant Code of Conduct - -## Our Pledge - -We as members, contributors, and leaders pledge to make participation in our -community a harassment-free experience for everyone, regardless of age, body -size, visible or invisible disability, ethnicity, sex characteristics, gender -identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, caste, color, religion, or sexual -identity and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, -diverse, inclusive, and healthy community. - -## Our Standards - -Examples of behavior that contributes to a positive environment for our -community include: - -* Demonstrating empathy and kindness toward other people -* Being respectful of differing opinions, viewpoints, and experiences -* Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our mistakes, - and learning from the experience -* Focusing on what is best not just for us as individuals, but for the overall - community - -Examples of unacceptable behavior include: - -* The use of sexualized language or imagery, and sexual attention or advances of - any kind -* Trolling, insulting or derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or email address, - without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Enforcement Responsibilities - -Community leaders are responsible for clarifying and enforcing our standards of -acceptable behavior and will take appropriate and fair corrective action in -response to any behavior that they deem inappropriate, threatening, offensive, -or harmful. - -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - -## Scope - -This Code of Conduct applies within all community spaces, and also applies when -an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account, or acting as an appointed -representative at an online or offline event. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -. -All complaints will be reviewed and investigated promptly and fairly. - -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series of -actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or permanent -ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within the -community. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.1, available at -[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. - -Community Impact Guidelines were inspired by -[Mozilla's code of conduct enforcement ladder][Mozilla CoC]. - -For answers to common questions about this code of conduct, see the FAQ at -[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at -[https://www.contributor-covenant.org/translations][translations]. - -[homepage]: https://www.contributor-covenant.org -[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html -[Mozilla CoC]: https://github.com/mozilla/diversity -[FAQ]: https://www.contributor-covenant.org/faq -[translations]: https://www.contributor-covenant.org/translations diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md deleted file mode 100644 index 22b68ed..0000000 --- a/.github/CONTRIBUTING.md +++ /dev/null @@ -1,298 +0,0 @@ -# How To Contribute - -Thank you for considering contributing to *attrs*! -It's people like *you* who make it such a great tool for everyone. - -This document intends to make contribution more accessible by codifying tribal knowledge and expectations. -Don't be afraid to open half-finished PRs, and ask questions if something is unclear! - -Please note that this project is released with a Contributor [Code of Conduct](https://github.com/python-attrs/attrs/blob/main/.github/CODE_OF_CONDUCT.md). -By participating in this project you agree to abide by its terms. -Please report any harm to [Hynek Schlawack] in any way you find appropriate. - - -## Support - -In case you'd like to help out but don't want to deal with GitHub, there's a great opportunity: -help your fellow developers on [Stack Overflow](https://stackoverflow.com/questions/tagged/python-attrs)! - -The official tag is `python-attrs` and helping out in support frees us up to improve *attrs* instead! - - -## Workflow - -- No contribution is too small! - Please submit as many fixes for typos and grammar bloopers as you can! -- Try to limit each pull request to *one* change only. -- Since we squash on merge, it's up to you how you handle updates to the `main` branch. - Whether you prefer to rebase on `main` or merge `main` into your branch, do whatever is more comfortable for you. -- *Always* add tests and docs for your code. - This is a hard rule; patches with missing tests or documentation won't be merged. -- Make sure your changes pass our [CI]. - You won't get any feedback until it's green unless you ask for it. -- For the CI to pass, the coverage must be 100%. - If you have problems to test something, open anyway and ask for advice. - In some situations, we may agree to add an `# pragma: no cover`. -- Once you've addressed review feedback, make sure to bump the pull request with a short note, so we know you're done. -- Don’t break backwards-compatibility. - - -## Local Development Environment - -You can (and should) run our test suite using [*tox*]. -However, you’ll probably want a more traditional environment as well. - -First, create a [virtual environment](https://virtualenv.pypa.io/) so you don't break your system-wide Python installation. -We recommend using the Python version from the `.python-version-default` file in project's root directory. - -If you're using [*direnv*](https://direnv.net), you can automate the creation of a virtual environment with the correct Python version by adding the following `.envrc` to the project root after you've cloned it to your computer: - -```bash -layout python python$(cat .python-version-default) -``` - -If you're using tools that understand `.python-version` files like [*pyenv*](https://github.com/pyenv/pyenv) does, you can make it a link to the `.python-version-default` file. - ---- - -Then, [fork](https://github.com/python-attrs/attrs/fork) the repository on GitHub. - -Clone the fork to your computer: - -```console -$ git clone git@github.com:/attrs.git -``` - -Or if you prefer to use Git via HTTPS: - -```console -$ git clone https://github.com//attrs.git -``` - -Then add the *attrs* repository as *upstream* remote: - -```console -$ git remote add -t main -m main --tags upstream https://github.com/python-attrs/attrs.git -``` - -The next step is to sync your local copy with the upstream repository: - -```console -$ git fetch upstream -``` - -This is important to obtain eventually missing tags, which are needed to install the development version later on. -See [#1104](https://github.com/python-attrs/attrs/issues/1104) for more information. - -Change into the newly created directory and after activating a virtual environment install an editable version of *attrs* along with its tests and docs requirements: - -```console -$ cd attrs -$ python -m pip install --upgrade pip wheel # PLEASE don't skip this step -$ python -m pip install -e '.[dev]' -``` - -At this point, - -```console -$ python -m pytest -``` - -should work and pass. -You can *significantly* speed up the test suite by passing `-n auto` to *pytest* which activates [*pytest-xdist*](https://github.com/pytest-dev/pytest-xdist) and takes advantage of all your CPU cores. - -For documentation, you can use: - -```console -$ tox run -e docs-watch -``` - -This will build the documentation, and then watch for changes and rebuild it whenever you save a file. - -To just build the documentation and run doctests, use: - -```console -$ tox run -e docs -``` - -You will find the built documentation in `docs/_build/html`. - - ---- - -To file a pull request, create a new branch on top of the upstream repository's `main` branch: - -```console -$ git fetch upstream -$ git checkout -b my_topical_branch upstream/main -``` - -Make your changes, push them to your fork (the remote *origin*): - -```console -$ git push -u origin -``` - -and publish the PR in GitHub's web interface! - -After your pull request is merged and the branch is no longer needed, delete it: - -```console -$ git checkout main -$ git push --delete origin my_topical_branch && git branch -D my_topical_branch -``` - -Before starting to work on your next pull request, run the following command to sync your local repository with the remote *upstream*: - -```console -$ git fetch upstream -u main:main -``` - ---- - -To avoid committing code that violates our style guide, we strongly advise you to install [*pre-commit*] and its hooks: - -```console -$ pre-commit install -``` - -This is not strictly necessary, because our [*tox*] file contains an environment that runs: - -```console -$ pre-commit run --all-files -``` - -and our CI has integration with [pre-commit.ci](https://pre-commit.ci). -But it's way more comfortable to run it locally and *git* catching avoidable errors. - - -## Code - -- Obey [PEP 8](https://peps.python.org/pep-0008/) and [PEP 257](https://peps.python.org/pep-0257/). - We use the `"""`-on-separate-lines style for docstrings: - - ```python - def func(x): - """ - Do something. - - :param str x: A very important parameter. - - :rtype: str - """ - ``` -- If you add or change public APIs, tag the docstring using `.. versionadded:: 16.0.0 WHAT` or `.. versionchanged:: 16.2.0 WHAT`. -- We use [Ruff](https://github.com/astral-sh/ruff) to sort our imports, and we use [Black](https://github.com/psf/black) with line length of 79 characters to format our code. - As long as you run our full [*tox*] suite before committing, or install our [*pre-commit*] hooks (ideally you'll do both – see [*Local Development Environment*](#local-development-environment) above), you won't have to spend any time on formatting your code at all. - If you don't, [CI] will catch it for you – but that seems like a waste of your time! - - -## Tests - -- Write your asserts as `expected == actual` to line them up nicely: - - ```python - x = f() - - assert 42 == x.some_attribute - assert "foo" == x._a_private_attribute - ``` - -- To run the test suite, all you need is a recent [*tox*]. - It will ensure the test suite runs with all dependencies against all Python versions just as it will in our [CI]. - If you lack some Python versions, you can can always limit the environments like `tox run -e py38,py39`, or make it a non-failure using `tox run --skip-missing-interpreters`. - - In that case you should look into [*asdf*](https://asdf-vm.com) or [*pyenv*](https://github.com/pyenv/pyenv), which make it very easy to install many different Python versions in parallel. -- Write [good test docstrings](https://jml.io/pages/test-docstrings.html). -- To ensure new features work well with the rest of the system, they should be also added to our [*Hypothesis*](https://hypothesis.readthedocs.io/) testing strategy, which can be found in `tests/strategies.py`. -- If you've changed or added public APIs, please update our type stubs (files ending in `.pyi`). - - -## Documentation - -- Use [semantic newlines] in [reStructuredText](https://www.sphinx-doc.org/en/stable/usage/restructuredtext/basics.html) and [Markdown](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax) files (files ending in `.rst` and `.md`): - - ```rst - This is a sentence. - This is another sentence. - ``` - -- If you start a new section, add two blank lines before and one blank line after the header, except if two headers follow immediately after each other: - - ```rst - Last line of previous section. - - - Header of New Top Section - ------------------------- - - Header of New Section - ^^^^^^^^^^^^^^^^^^^^^ - - First line of new section. - ``` - -- If you add a new feature, demonstrate its awesomeness on the [examples page](https://github.com/python-attrs/attrs/blob/main/docs/examples.md)! - - -### Changelog - -If your change is noteworthy, there needs to be a changelog entry so our users can learn about it! - -To avoid merge conflicts, we use the [*Towncrier*](https://pypi.org/project/towncrier) package to manage our changelog. -*towncrier* uses independent *Markdown* files for each pull request – so called *news fragments* – instead of one monolithic changelog file. -On release, those news fragments are compiled into our [`CHANGELOG.md`](https://github.com/python-attrs/attrs/blob/main/CHANGELOG.md). - -You don't need to install *Towncrier* yourself, you just have to abide by a few simple rules: - -- For each pull request, add a new file into `changelog.d` with a filename adhering to the `pr#.(change|deprecation|breaking).md` schema: - For example, `changelog.d/42.change.md` for a non-breaking change that is proposed in pull request #42. -- As with other docs, please use [semantic newlines] within news fragments. -- Wrap symbols like modules, functions, or classes into backticks so they are rendered in a `monospace font`. -- Wrap arguments into asterisks like in docstrings: - `Added new argument *an_argument*.` -- If you mention functions or other callables, add parentheses at the end of their names: - `attrs.func()` or `attrs.Class.method()`. - This makes the changelog a lot more readable. -- Prefer simple past tense or constructions with "now". - For example: - - + Added `attrs.validators.func()`. - + `attrs.func()` now doesn't crash the Large Hadron Collider anymore when passed the *foobar* argument. -- If you want to reference multiple issues, copy the news fragment to another filename. - *Towncrier* will merge all news fragments with identical contents into one entry with multiple links to the respective pull requests. - -Example entries: - - ```md - Added `attrs.validators.func()`. - The feature really *is* awesome. - ``` - -or: - - ```md - `attrs.func()` now doesn't crash the Large Hadron Collider anymore when passed the *foobar* argument. - The bug really *was* nasty. - ``` - ---- - -`tox run -e changelog` will render the current changelog to the terminal if you have any doubts. - - -## Governance - -*attrs* is maintained by [team of volunteers](https://github.com/python-attrs) that is always open to new members that share our vision of a fast, lean, and magic-free library that empowers programmers to write better code with less effort. -If you'd like to join, just get a pull request merged and ask to be added in the very same pull request! - -**The simple rule is that everyone is welcome to review/merge pull requests of others but nobody is allowed to merge their own code.** - -[Hynek Schlawack] acts reluctantly as the [BDFL](https://en.wikipedia.org/wiki/Benevolent_dictator_for_life) and has the final say over design decisions. - - -[CI]: https://github.com/python-attrs/attrs/actions?query=workflow%3ACI -[Hynek Schlawack]: https://hynek.me/about/ -[*pre-commit*]: https://pre-commit.com/ -[*tox*]: https://tox.wiki/ -[semantic newlines]: https://rhodesmill.org/brandon/2012/one-sentence-per-line/ diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 7c250da..0000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -github: hynek -tidelift: "pypi/attrs" diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md deleted file mode 100644 index e84b6c8..0000000 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ /dev/null @@ -1,41 +0,0 @@ -# Summary - - - - -# Pull Request Check List - - - -- [ ] Do **not** open pull requests from your `main` branch – **use a separate branch**! - - There's a ton of footguns waiting if you don't heed this warning. You can still go back to your project, create a branch from your main branch, push it, and open the pull request from the new branch. - - This is not a pre-requisite for your your pull request to be accepted, but **you have been warned**. -- [ ] Added **tests** for changed code. - Our CI fails if coverage is not 100%. -- [ ] New features have been added to our [Hypothesis testing strategy](https://github.com/python-attrs/attrs/blob/main/tests/strategies.py). -- [ ] Changes or additions to public APIs are reflected in our type stubs (files ending in ``.pyi``). - - [ ] ...and used in the stub test file `tests/typing_example.py`. - - [ ] If they've been added to `attr/__init__.pyi`, they've *also* been re-imported in `attrs/__init__.pyi`. -- [ ] Updated **documentation** for changed code. - - [ ] New functions/classes have to be added to `docs/api.rst` by hand. - - [ ] Changes to the signature of `@attr.s()` have to be added by hand too. - - [ ] Changed/added classes/methods/functions have appropriate `versionadded`, `versionchanged`, or `deprecated` [directives](http://www.sphinx-doc.org/en/stable/markup/para.html#directive-versionadded). - The next version is the second number in the current release + 1. - The first number represents the current year. - So if the current version on PyPI is 22.2.0, the next version is gonna be 22.3.0. - If the next version is the first in the new year, it'll be 23.1.0. -- [ ] Documentation in `.rst` and `.md` files is written using [semantic newlines](https://rhodesmill.org/brandon/2012/one-sentence-per-line/). -- [ ] Changes (and possible deprecations) have news fragments in [`changelog.d`](https://github.com/python-attrs/attrs/blob/main/changelog.d). -- [ ] Consider granting [push permissions to the PR branch](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork), so maintainers can fix minor issues themselves without pestering you. - - diff --git a/.github/SECURITY.md b/.github/SECURITY.md deleted file mode 100644 index 3646f59..0000000 --- a/.github/SECURITY.md +++ /dev/null @@ -1,21 +0,0 @@ -# Security Policy - -## Supported Versions - -We are following [Calendar Versioning](https://calver.org) with generous backwards-compatibility guarantees. -Therefore we only support the latest version. - -Put simply, you shouldn't ever be afraid to upgrade as long as you're only using our public APIs. -Whenever there is a need to break compatibility, it is announced in the changelog, and raises a `DeprecationWarning` for a year (if possible) before it's finally really broken. - -> **Warning** -> The structure of the `attrs.Attribute` class is exempt from this rule. -> It *will* change in the future, but since it should be considered read-only, that shouldn't matter. -> -> However if you intend to build extensions on top of *attrs* you have to anticipate that. - - -## Reporting a Vulnerability - -To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). -Tidelift will coordinate the fix and disclosure. diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index fd89895..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -version: 2 -updates: - - package-ecosystem: github-actions - directory: / - schedule: - interval: monthly diff --git a/.github/workflows/build-docset.yml b/.github/workflows/build-docset.yml deleted file mode 100644 index 31ca013..0000000 --- a/.github/workflows/build-docset.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -name: Build docset - -on: - push: - tags: ["*"] - workflow_dispatch: - -env: - PIP_DISABLE_PIP_VERSION_CHECK: "1" - PIP_NO_PYTHON_VERSION_WARNING: "1" - -permissions: {} - -jobs: - docset: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: actions/setup-python@v5 - with: - python-version: "3.x" - - - run: python -Im pip install tox - - - run: python -Im tox run -e docset - - - uses: actions/upload-artifact@v4 - with: - name: docset - path: attrs.tgz diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index c1e0ee4..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,179 +0,0 @@ ---- -name: CI - -on: - merge_group: - push: - branches: [main] - tags: ["*"] - pull_request: - workflow_dispatch: - -env: - FORCE_COLOR: "1" # Make tools pretty. - PIP_DISABLE_PIP_VERSION_CHECK: "1" - PIP_NO_PYTHON_VERSION_WARNING: "1" - # Use oldest version used in doctests / examples. - SETUPTOOLS_SCM_PRETEND_VERSION: "19.2.0" - -permissions: {} - -jobs: - tests: - name: Tests & Mypy on ${{ matrix.python-version }} - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - python-version: - - "3.7" - - "3.8" - - "3.9" - - "3.10" - - "3.11" - - "3.12" - - "3.13" - # - "pypy-3.7" - - "pypy-3.8" - - "pypy-3.9" - - "pypy-3.10" - - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python-version }} - allow-prereleases: true - cache: pip - - - name: Prepare tox - run: | - V=${{ matrix.python-version }} - - if [[ "$V" = pypy-* ]]; then - V=pypy3 - IS_PYPY=1 - else - V=py$(echo $V | tr -d .) - IS_PYPY=0 - fi - - echo IS_PYPY=$IS_PYPY >>$GITHUB_ENV - echo TOX_PYTHON=$V >>$GITHUB_ENV - - python -Im pip install tox - - - run: python -Im tox run -e ${{ env.TOX_PYTHON }}-tests - - run: python -Im tox run -e ${{ env.TOX_PYTHON }}-mypy - if: env.IS_PYPY == '0' && matrix.python-version != '3.7' - - - name: Upload coverage data - uses: actions/upload-artifact@v4 - with: - name: coverage-data-${{ matrix.python-version }} - path: .coverage.* - if-no-files-found: ignore - - coverage: - name: Combine & check coverage. - runs-on: ubuntu-latest - needs: tests - - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version-file: .python-version-default - cache: pip - - - name: Download coverage data - uses: actions/download-artifact@v4 - with: - pattern: coverage-data-* - merge-multiple: true - - - name: Combine coverage & fail if it's <100%. - run: | - python -Im pip install coverage[toml] - - python -Im coverage combine - python -Im coverage html --skip-covered --skip-empty - - # Report and write to summary. - python -Im coverage report --format=markdown >> $GITHUB_STEP_SUMMARY - - # Report again and fail if under 100%. - python -Im coverage report --fail-under=100 - - - name: Upload HTML report if check failed. - uses: actions/upload-artifact@v4 - with: - name: html-report - path: htmlcov - if: ${{ failure() }} - - docs: - name: Build docs & run doctests - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - # Keep in sync with tox/docs and .readthedocs.yaml. - python-version: "3.12" - cache: pip - - - run: python -Im pip install tox - - run: python -Im tox run -e docs,changelog - - pyright: - name: Check types using pyright - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version-file: .python-version-default - cache: pip - - - run: python -Im pip install tox - - run: python -Im tox run -e pyright - - install-dev: - name: Verify dev env - runs-on: ${{ matrix.os }} - strategy: - matrix: - os: [ubuntu-latest, windows-latest] - - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version-file: .python-version-default - cache: pip - - - name: Install in dev mode & import - run: | - python -Im pip install -e .[dev] - python -Ic 'import attr; print(attr.__version__)' - python -Ic 'import attrs; print(attrs.__version__)' - - # Ensure everything required is passing for branch protection. - required-checks-pass: - if: always() - - needs: - - coverage - - docs - - install-dev - - pyright - - runs-on: ubuntu-latest - - steps: - - name: Decide whether the needed jobs succeeded or failed - uses: re-actors/alls-green@release/v1 - with: - jobs: ${{ toJSON(needs) }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index f872eef..0000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -name: CodeQL - -on: - schedule: - - cron: "30 22 * * 4" - -permissions: - contents: read - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [python] - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/pypi-package.yml b/.github/workflows/pypi-package.yml deleted file mode 100644 index 8495480..0000000 --- a/.github/workflows/pypi-package.yml +++ /dev/null @@ -1,68 +0,0 @@ ---- -name: Build & maybe upload PyPI package - -on: - push: - branches: [main] - tags: ["*"] - pull_request: - branches: [main] - release: - types: - - published - workflow_dispatch: - -permissions: - contents: read - id-token: write - -jobs: - # Always build & lint package. - build-package: - name: Build & verify package - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - uses: hynek/build-and-inspect-python-package@v2 - - # Upload to Test PyPI on every commit on main. - release-test-pypi: - name: Publish in-dev package to test.pypi.org - environment: release-test-pypi - if: github.repository_owner == 'python-attrs' && github.event_name == 'push' && github.ref == 'refs/heads/main' - runs-on: ubuntu-latest - needs: build-package - - steps: - - name: Download packages built by build-and-inspect-python-package - uses: actions/download-artifact@v4 - with: - name: Packages - path: dist - - - name: Upload package to Test PyPI - uses: pypa/gh-action-pypi-publish@release/v1 - with: - repository-url: https://test.pypi.org/legacy/ - - # Upload to real PyPI on GitHub Releases. - release-pypi: - name: Publish released package to pypi.org - environment: release-pypi - if: github.repository_owner == 'python-attrs' && github.event.action == 'published' - runs-on: ubuntu-latest - needs: build-package - - steps: - - name: Download packages built by build-and-inspect-python-package - uses: actions/download-artifact@v4 - with: - name: Packages - path: dist - - - name: Upload package to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml new file mode 100644 index 0000000..704e524 --- /dev/null +++ b/.github/workflows/scan.yml @@ -0,0 +1,27 @@ +name: SC GHA test + +on: + push: + branches: + - master + pull_request: + types: [ opened, synchronize, reopened ] + workflow_dispatch: + +permissions: + pull-requests: read # allows SonarCloud to decorate PRs with analysis results + +jobs: + sonarcloud: + name: SonarCloud + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: SonarCloud Scan + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 0000000..1d2f0ac --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,68 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +# This workflow helps you trigger a SonarCloud analysis of your code and populates +# GitHub Code Scanning alerts with the vulnerabilities found. +# Free for open source project. + +# 1. Login to SonarCloud.io using your GitHub account + +# 2. Import your project on SonarCloud +# * Add your GitHub organization first, then add your repository as a new project. +# * Please note that many languages are eligible for automatic analysis, +# which means that the analysis will start automatically without the need to set up GitHub Actions. +# * This behavior can be changed in Administration > Analysis Method. +# +# 3. Follow the SonarCloud in-product tutorial +# * a. Copy/paste the Project Key and the Organization Key into the args parameter below +# (You'll find this information in SonarCloud. Click on "Information" at the bottom left) +# +# * b. Generate a new token and add it to your Github repository's secrets using the name SONAR_TOKEN +# (On SonarCloud, click on your avatar on top-right > My account > Security +# or go directly to https://sonarcloud.io/account/security/) + +# Feel free to take a look at our documentation (https://docs.sonarcloud.io/getting-started/github/) +# or reach out to our community forum if you need some help (https://community.sonarsource.com/c/help/sc/9) + +name: SonarCloud analysis + +on: + push: + branches: [ "master" ] + pull_request: + types: [ opened, synchronize, reopened ] + workflow_dispatch: + +permissions: + pull-requests: read # allows SonarCloud to decorate PRs with analysis results + +jobs: + Analysis: + runs-on: ubuntu-latest + + steps: + - name: Analyze with SonarCloud + + # You can pin the exact commit or the version. + # uses: SonarSource/sonarcloud-github-action@de2e56b42aa84d0b1c5b622644ac17e505c9a049 + uses: SonarSource/sonarcloud-github-action@master + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # Generate a token on Sonarcloud.io, add it to the secrets of this repo with the name SONAR_TOKEN (Settings > Secrets > Actions > add new repository secret) + with: + # Additional arguments for the sonarcloud scanner + args: + # Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu) + # mandatory + -Dsonar.projectKey=istvan-bodo-sonarsource_test_python + -Dsonar.organization=istvan-bodo-sonarsource + # Comma-separated paths to directories containing main source files. + #-Dsonar.sources= # optional, default is project base directory + # When you need the analysis to take place in a directory other than the one from which it was launched + #-Dsonar.projectBaseDir= # optional, default is . + # Comma-separated paths to directories containing test source files. + #-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/ + # Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing. + #-Dsonar.verbose= # optional, default is false diff --git a/test.py b/test.py new file mode 100644 index 0000000..a73d054 --- /dev/null +++ b/test.py @@ -0,0 +1 @@ +print("Test_1")