Overhaul pre-commit and CI infrastructure#173
Draft
camUrban wants to merge 14 commits into
Draft
Conversation
Switch the DOI and license badges in README from dynamic to static shields.io equivalents because the dynamic versions often fail to render or update.
Bring the pre-commit hooks to current upstream releases. Apply the new docformatter 1.7.8 formatting requirements (one-sentence summary lines and no blank line after closing triple-quotes) to the six modules they affect. Rewrite the agent-facing run guidance to defer to pre-commit for any hook, use bare commands from the activated venv for everything else, and drop the obsolete PYTHONPATH-based recipes.
camUrban
added
the
maintenance
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #173 +/- ##
=======================================
Coverage 91.31% 91.31%
=======================================
Files 31 31
Lines 6698 6698
=======================================
Hits 6116 6116
Misses 582 582 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Lock committed text to printable ASCII plus tab, LF, and CR to prevent hidden-character risks like ASCII smuggling, zero-width characters, and stray BOMs, and to keep prose typographically consistent. The hook is implemented as scripts/check_ascii_only.py and paired with a matching GitHub Actions workflow so CI catches violations on every PR. Each violation is reported with its line, column, character, codepoint, Unicode name, and UTF-8 bytes. Existing offenders are transliterated to ASCII equivalents (smart quotes to straight quotes, arrows to ->, Greek letters spelled out, math symbols replaced per the style guide); a BOM is stripped from validation/measured_wing_positions.csv. Qt Designer .ui files are excluded since Qt regenerates them on each save.
Catch unformatted docstrings on PRs without relying on contributors to have run pre-commit locally. The workflow installs pre-commit and runs the docformatter hook so CI uses the same pinned version and file filter as local runs.
Catch type errors locally before commit instead of waiting for the mypy GitHub action to fail. mypy is fast enough on this codebase that the speed cost is negligible (sub-second with warm cache), and the hook uses language: system so it shares the venv mypy and dependency setup with interactive runs.
Normalize text file endings to a single trailing newline so future diffs are not cluttered with no-newline markers. Apply the fix in place to existing files: mostly .idea/ PyCharm config, airfoil .dat data, and a handful of docs and command files. Also add a shared workflow file for hooks sourced from the pre-commit/pre-commit-hooks repo.
Strip trailing whitespace so future diffs are not cluttered by unrelated whitespace changes. Apply the fix in place to existing files: mostly airfoil .dat coordinate data with trailing spaces on header and data lines, plus blank lines in a CONTRIBUTING.md code block.
Bundle mixed-line-ending and 9 check validators from pre-commit-hooks that pass against the current tree with zero fixes required. Bump the repo pin to v6.0.0 in the same change so all entries come in on the same release. Regroup the config into fixers, formatters, and validators sections so each hook runs on the normalized output of earlier ones. Convert the matching CI workflow to a matrix so each hook runs in its own fresh runner, giving per-hook failure attribution in the Actions UI and removing the need to reason about inter-hook revert logic.
Adopt friendly display names for each pre-commit hook and surface them in CI. .pre-commit-config.yaml gains a fixer or checker prefix on each hook name so pre-commit CLI output groups hooks visually by role. The pre-commit-hooks workflow matrix moves to include-pairs so each job exposes its display name in the Actions UI alongside the hook id. Rename the ascii workflow to ascii-only so the workflow name matches the hook id, and update the PR template and CLAUDE.md references to match.
Bundle pre-commit-hooks that pass against the current tree with zero fixes required. fix-byte-order-marker locks in the BOM removal from the recent CSV cleanup. The 5 new validators act as preventive guards: detect-private-key blocks SSH/SSL keys, forbid-submodules locks in the no-submodules policy, check-vcs-permalinks catches line-number GitHub URLs that would rot across rebases, and the shebang pair keeps the executable bit and shebang line in sync.
Bundle three more pre-commit-hooks. check-added-large-files catches new files over 500kB; existing large assets like the hero animation are unaffected since the hook only checks newly-added files. debug-statements catches forgotten breakpoint() and pdb.set_trace() calls in Python source. requirements-txt-fixer alphabetizes requirements files; the one fix it applied moves sphinx into its alphabetical position in docs/website/requirements_docs.txt.
Set every workflow to a read-only GITHUB_TOKEN and disable credential persistence on checkout, so a fork PR cannot escalate privileges or exfiltrate the token via .git/config. Pin all action references to immutable SHAs to defend against compromised action publishers, and add Dependabot with a weekly schedule and a 7-day cooldown to keep those SHAs current without immediately pulling freshly published releases. Pin psf/black to a SHA at 26.3.1, replacing the prior @stable rolling pointer that could not be SHA-pinned. Normalize tests.yml step indentation to match the other workflows.
Apply the same SHA-pinning logic to .pre-commit-config.yaml that was applied to the GitHub Actions workflows, so a compromised hook publisher cannot remap a tag and inject code into developer machines or CI. Extend Dependabot to the pre-commit ecosystem so the new SHA pins receive the same weekly schedule and 7-day cooldown as the GitHub Actions pins. Document the convention in CONTRIBUTING.md so future contributors know not to run pre-commit autoupdate directly, which would rewrite the SHA pins back to moving tags.
Replace the manual build-and-upload step after each GitHub release with a workflow that builds the sdist plus wheel and publishes them on the release: published trigger, removing a stressful and error-prone manual step. Use PyPI's OIDC trusted publisher flow rather than a long-lived API token, so there is no secret to rotate or leak. The pypi GitHub environment adds a required-reviewer gate as a manual approval before each publish. Add a workflow_dispatch trigger so a failed publish can be retried from the Actions tab without cutting a new release.
camUrban
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Motivation
Relevant Issues
Changes
Dependency Updates
None.
Change Magnitude
Minor: Small change such as a bug fix, small enhancement, or documentation update.
Checklist (check each item when completed or not applicable)
mainand is up to date with the upstreammainbranch.--in-place --black). See the style guide for type hints and docstrings for more details.pterasoftwarepackage use type hints. See the style guide for type hints and docstrings for more details.testspackage.testspackage.black,codespell, andisortGitHub actions.mypyGitHub action.testsGitHub actions.