From 846367872cc8c120cd6b2c30219ccc5409614e9e Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Sun, 20 Jul 2025 07:19:18 -0400 Subject: [PATCH 1/8] build: clean up pyproject.toml --- pyproject.toml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index d3e0e13..d5e7e8e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,16 +1,6 @@ -[tool.commitizen] -version = "1.1.1" -tag_format = "v$version" -update_changelog_on_bump = true -changelog_incremental = true -bump_message = "bump: $current_version → $new_version" -version_files = [ - "pyproject.toml:version", -] - [project] name = "syllables" -version = "1.1.1" +dynamic = ["version"] description = "A Python package for estimating the number of syllables in a word." license = { text = "GPLv3" } readme = "README.md" @@ -39,6 +29,18 @@ homepage = "https://github.com/prosegrinder/python-syllables" repository = "https://github.com/prosegrinder/python-syllables" "Bug Tracker" = "https://github.com/prosegrinder/python-syllables/issues" +[tool.commitizen] +version = "1.1.0" +tag_format = "v$version" +update_changelog_on_bump = true +changelog_incremental = true +bump_message = "bump: $current_version → $new_version" +version_files = [ + "pyproject.toml:version", +] + +[tool.poetry] +version = "1.1.1" [tool.poetry.group.dev.dependencies] pytest = "^7.2.0" From 28704fcd65f8e04f0087a2d3154415fa6e6043d1 Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Sun, 20 Jul 2025 07:37:50 -0400 Subject: [PATCH 2/8] ci: use new poetry reusable workflows --- .github/workflows/python-ci.yml | 56 ++++++--------------------------- 1 file changed, 9 insertions(+), 47 deletions(-) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 64e1980..5907ee8 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -8,60 +8,22 @@ concurrency: cancel-in-progress: true jobs: - lint: - uses: prosegrinder/.github/.github/workflows/poetry-lint.yaml@main + pylint: + uses: prosegrinder/.github/.github/workflows/poetry-pylint.yaml@main + + black: + uses: prosegrinder/.github/.github/workflows/poetry-black.yaml@main mypy: - runs-on: ubuntu-latest - steps: - - name: Check Out - uses: actions/checkout@v4 - with: - submodules: true - - name: Install Poetry - uses: snok/install-poetry@v1 - with: - virtualenvs-create: true - virtualenvs-in-project: true - installer-parallel: true - - name: Setup Python - uses: actions/setup-python@v5 - with: - cache: "poetry" - python-version: "3.x" - - name: Install project - run: poetry install --with dev --no-interaction - - name: MyPy - run: | - poetry run mypy src/**/*.py --config-file pyproject.toml + uses: prosegrinder/.github/.github/workflows/poetry-mypy.yaml@main bandit: - runs-on: ubuntu-latest - steps: - - name: Check Out - uses: actions/checkout@v4 - with: - submodules: true - - name: Install Poetry - uses: snok/install-poetry@v1 - with: - virtualenvs-create: true - virtualenvs-in-project: true - installer-parallel: true - - name: Setup Python - uses: actions/setup-python@v5 - with: - cache: "poetry" - python-version: "3.x" - - name: Install project - run: poetry install --with dev --no-interaction - - name: Bandit - run: | - poetry run bandit --configfile pyproject.toml --recursive src/**/*.py + uses: prosegrinder/.github/.github/workflows/poetry-bandit.yaml@main test: needs: - - lint + - pylint + - black - mypy - bandit uses: prosegrinder/.github/.github/workflows/poetry-test.yaml@main From a023f45955dc83ea7dfd2a4ccd2b41bec25943ac Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Sun, 20 Jul 2025 07:51:54 -0400 Subject: [PATCH 3/8] ci: trigger retest --- .github/workflows/python-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 5907ee8..9b8c3aa 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -8,12 +8,12 @@ concurrency: cancel-in-progress: true jobs: - pylint: - uses: prosegrinder/.github/.github/workflows/poetry-pylint.yaml@main - black: uses: prosegrinder/.github/.github/workflows/poetry-black.yaml@main + pylint: + uses: prosegrinder/.github/.github/workflows/poetry-pylint.yaml@main + mypy: uses: prosegrinder/.github/.github/workflows/poetry-mypy.yaml@main From 5b2422e81469d7cc7226d3c395111965429acb88 Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Sun, 20 Jul 2025 07:55:39 -0400 Subject: [PATCH 4/8] ci: add permissions to workflow --- .github/workflows/python-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 9b8c3aa..8f9040b 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -1,5 +1,8 @@ name: Python Poetry CI +permissions: + contents: read + on: pull_request: From eb446cdf667e84264f2eea2883b29d907f4ab2ff Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Sun, 20 Jul 2025 08:11:12 -0400 Subject: [PATCH 5/8] ci: use reusable bump dry run --- .github/workflows/python-ci.yml | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/.github/workflows/python-ci.yml b/.github/workflows/python-ci.yml index 8f9040b..9128fce 100644 --- a/.github/workflows/python-ci.yml +++ b/.github/workflows/python-ci.yml @@ -33,15 +33,6 @@ jobs: cz-dry-run: needs: test - name: "Dry run Commitizen bump" - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Create bump and changelog - uses: commitizen-tools/commitizen-action@0.24.0 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - check_consistency: true - dry_run: true + uses: prosegrinder/.github/.github/workflows/poetry-cz-dry-run.yaml@main + secrets: + VERSION_BUMP_TAG_TOKEN: "${{ secrets.VERSION_BUMP_TAG_TOKEN }}" From 28a6b588d50e15dea7ecb3fb97ee689508c417fe Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Sun, 20 Jul 2025 08:29:41 -0400 Subject: [PATCH 6/8] ci: fix version number --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index d5e7e8e..c0589c9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,7 +30,7 @@ repository = "https://github.com/prosegrinder/python-syllables" "Bug Tracker" = "https://github.com/prosegrinder/python-syllables/issues" [tool.commitizen] -version = "1.1.0" +version = "1.1.1" tag_format = "v$version" update_changelog_on_bump = true changelog_incremental = true From c0b0f17c3322bf38dac97d2775137824682d3bb9 Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Sun, 20 Jul 2025 08:32:35 -0400 Subject: [PATCH 7/8] ci: add full release workflow with permissions --- .github/workflows/python-release.yml | 28 +++++++++++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/.github/workflows/python-release.yml b/.github/workflows/python-release.yml index cfc264f..f152409 100644 --- a/.github/workflows/python-release.yml +++ b/.github/workflows/python-release.yml @@ -1,5 +1,8 @@ name: Bump Version and Create Release +permissions: + contents: write + on: push: branches: @@ -10,9 +13,32 @@ concurrency: cancel-in-progress: true jobs: + black: + uses: prosegrinder/.github/.github/workflows/poetry-black.yaml@main + + pylint: + uses: prosegrinder/.github/.github/workflows/poetry-pylint.yaml@main + + mypy: + uses: prosegrinder/.github/.github/workflows/poetry-mypy.yaml@main + + bandit: + uses: prosegrinder/.github/.github/workflows/poetry-bandit.yaml@main + + test: + needs: + - pylint + - black + - mypy + - bandit + uses: prosegrinder/.github/.github/workflows/poetry-test.yaml@main + release: - if: "!startsWith(github.event.head_commit.message, 'bump:')" + needs: test + if: ${{ !startsWith(github.event.head_commit.message, 'bump:') }} # Don't run 'bump:' + permissions: + contents: write uses: prosegrinder/.github/.github/workflows/poetry-release.yaml@main secrets: VERSION_BUMP_TAG_TOKEN: "${{ secrets.VERSION_BUMP_TAG_TOKEN }}" From 505b8db9ba03e4116cd9fe18d2731cce364480fa Mon Sep 17 00:00:00 2001 From: "David L. Day" Date: Sun, 20 Jul 2025 08:33:06 -0400 Subject: [PATCH 8/8] ci: add full publish workflow with permissions --- .github/workflows/pypi-publish.yml | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index 5821187..f9a9137 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -1,16 +1,32 @@ name: Publish to PyPi +permissions: + contents: read + on: push: tags: - "v*" jobs: - lint: - uses: prosegrinder/.github/.github/workflows/poetry-lint.yaml@main + black: + uses: prosegrinder/.github/.github/workflows/poetry-black.yaml@main + + pylint: + uses: prosegrinder/.github/.github/workflows/poetry-pylint.yaml@main + + mypy: + uses: prosegrinder/.github/.github/workflows/poetry-mypy.yaml@main + + bandit: + uses: prosegrinder/.github/.github/workflows/poetry-bandit.yaml@main test: - needs: lint + needs: + - pylint + - black + - mypy + - bandit uses: prosegrinder/.github/.github/workflows/poetry-test.yaml@main publish: