From e0efce9b04bfda4c15068392987874c170cc0376 Mon Sep 17 00:00:00 2001 From: Thomas Vergauwen Date: Wed, 25 Feb 2026 11:10:34 +0100 Subject: [PATCH 1/7] Add top boundaries to dependencies (based on mayor version) and add a pip-audit ci pipeline --- .github/workflows/dependency-audit.yml | 53 ++++++++++++++++++++++++++ pyproject.toml | 29 +++++++------- 2 files changed, 67 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/dependency-audit.yml diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml new file mode 100644 index 00000000..7d58cc05 --- /dev/null +++ b/.github/workflows/dependency-audit.yml @@ -0,0 +1,53 @@ +name: Dependency compatibility and audit + +on: + push: + branches: + - master + - develop + - bugfix_* + pull_request: + workflow_dispatch: + +jobs: + compatibility-and-audit: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + python-version: ["3.10", "3.11", "3.12", "3.13"] + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + + - name: Install Poetry + uses: snok/install-poetry@v1 + with: + virtualenvs-create: true + virtualenvs-in-project: true + + - name: Install project and dev dependencies + run: poetry install --with dev + + - name: Metadata and dependency compatibility checks + run: | + poetry check + poetry run pip check + + - name: Upgrade pip in venv + run: poetry run python -m pip install --upgrade pip + + - name: Install vulnerability scanner + run: poetry run python -m pip install pip-audit + + - name: Vulnerability audit + run: poetry run pip-audit + + - name: Import smoke test + run: poetry run python -c "import metobs_toolkit; print('Import successful')" diff --git a/pyproject.toml b/pyproject.toml index 59356bd2..5b356d4f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -30,22 +30,21 @@ requires-python = ">=3.10,<4.0" dependencies=[ - "cartopy>=0.23", - "earthengine-api<=1.6.11", # v1.6.12 not compatible with geemap 0.35.3 (latest of geemap) + "cartopy>=0.23,<0.26", + "earthengine-api>=1.6.0,<1.6.12", # v1.6.12 not compatible with geemap 0.35.3 (latest of geemap) # "folium>=0.19.5", # needed for geemap - "geemap>=0.35.3", - "geopandas>=1.0.1", - "mapclassify>=2.8.1", + "geemap>=0.35.3,<0.36", + "geopandas>=1.0.1,<2.0", + "mapclassify>=2.8.1,<3.0", # "numpy>=1.17.3", #in pandas - "matplotlib>=3.9.2", - "numpy>=1", - "pandas>=2", - "pint>=0.24.4", - "setuptools>=78.1.0", - "shapely>=2.0.6", - "xarray>=2022.3.0", - "pyarrow (>=21.0.0,<22.0.0)", - "netcdf4 (>=1.7.2,<2.0.0)" + "matplotlib>=3.9.2,<4.0", + "numpy>=1.26,<3.0", + "pandas>=2.2,<3.0", + "pint>=0.24.4,<1.0", + "shapely>=2.0.6,<3.0", + "xarray>=2022.3.0,<2027.0.0", + "pyarrow>=21.0.0,<22.0.0", + "netcdf4>=1.7.2,<2.0.0" ] [tool.poetry.group.dev.dependencies] @@ -72,7 +71,7 @@ poetry = "^2" # sphinx-rtd-theme = '^1.3.0' pydata-sphinx-theme = "^0.15.4" # Group of dep packages for building the documentation -sphinx = ">=7" +sphinx = ">=7,<9" sphinx-copybutton = "^0.5.2" sphinx-rtd-theme = "^3.0.1" From 45055cbc20d6cbd11ca008596af9e2c3e6e6879a Mon Sep 17 00:00:00 2001 From: Thomas Vergauwen Date: Wed, 25 Feb 2026 11:22:43 +0100 Subject: [PATCH 2/7] add pytz and upgrade version constraint of geemap and ee (testing). --- pyproject.toml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 5b356d4f..29f1159e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,9 +31,9 @@ requires-python = ">=3.10,<4.0" dependencies=[ "cartopy>=0.23,<0.26", - "earthengine-api>=1.6.0,<1.6.12", # v1.6.12 not compatible with geemap 0.35.3 (latest of geemap) + "earthengine-api>=1.6.13,<2.0", # v1.6.12 not compatible with geemap 0.35.3 (latest of geemap) # "folium>=0.19.5", # needed for geemap - "geemap>=0.35.3,<0.36", + "geemap>=0.36,<1.0", "geopandas>=1.0.1,<2.0", "mapclassify>=2.8.1,<3.0", # "numpy>=1.17.3", #in pandas @@ -44,7 +44,8 @@ dependencies=[ "shapely>=2.0.6,<3.0", "xarray>=2022.3.0,<2027.0.0", "pyarrow>=21.0.0,<22.0.0", - "netcdf4>=1.7.2,<2.0.0" + "netcdf4>=1.7.2,<2.0.0", + "pytz>=2024.1,<2027.1 ] [tool.poetry.group.dev.dependencies] From be570e1414422a7e4b40ef8eba14b1a7cb150cf1 Mon Sep 17 00:00:00 2001 From: Thomas Vergauwen Date: Wed, 25 Feb 2026 12:01:02 +0100 Subject: [PATCH 3/7] Fix licence metadata and located and fixed the geemap version issue --- .github/workflows/dependency-audit.yml | 4 ++++ pyproject.toml | 10 +++++----- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml index 7d58cc05..f9868805 100644 --- a/.github/workflows/dependency-audit.yml +++ b/.github/workflows/dependency-audit.yml @@ -49,5 +49,9 @@ jobs: - name: Vulnerability audit run: poetry run pip-audit + - name: Geemap folium import guard + run: | + poetry run python -c "import geemap.foliumap as geemap; print('geemap folium import successful')" + - name: Import smoke test run: poetry run python -c "import metobs_toolkit; print('Import successful')" diff --git a/pyproject.toml b/pyproject.toml index 29f1159e..223dfffb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -5,14 +5,14 @@ requires = ["poetry-core"] [project] name = "MetObs-toolkit" version = "1.0.1" -license = "LICENSE" +license = "MIT" +license-files = ["LICENSE"] authors = [{name = "Thomas Vergauwen", email = "thomas.vergauwen@ugent.be"}] description = "A Meteorological observations toolkit for scientists" readme = "README.md" classifiers = [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Science/Research", - "License :: OSI Approved :: MIT License", "Natural Language :: English", "Operating System :: OS Independent", "Programming Language :: Python :: 3", @@ -31,9 +31,9 @@ requires-python = ">=3.10,<4.0" dependencies=[ "cartopy>=0.23,<0.26", - "earthengine-api>=1.6.13,<2.0", # v1.6.12 not compatible with geemap 0.35.3 (latest of geemap) + "earthengine-api>=1.6.12,<2.0", # geemap>=0.36 requires earthengine-api>=1.6.12 # "folium>=0.19.5", # needed for geemap - "geemap>=0.36,<1.0", + "geemap>=0.36,<0.37", # geemap 0.37.1 has a folium import regression (basemaps.xyz_to_folium) "geopandas>=1.0.1,<2.0", "mapclassify>=2.8.1,<3.0", # "numpy>=1.17.3", #in pandas @@ -45,7 +45,7 @@ dependencies=[ "xarray>=2022.3.0,<2027.0.0", "pyarrow>=21.0.0,<22.0.0", "netcdf4>=1.7.2,<2.0.0", - "pytz>=2024.1,<2027.1 + "pytz>=2024.1,<2027.1" ] [tool.poetry.group.dev.dependencies] From 087fac50d291b3b6a3854dff926f587c8188a8a2 Mon Sep 17 00:00:00 2001 From: Thomas Vergauwen Date: Wed, 25 Feb 2026 12:08:55 +0100 Subject: [PATCH 4/7] Add version check wrt master branch --- .github/workflows/main_workflow.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.github/workflows/main_workflow.yml b/.github/workflows/main_workflow.yml index 7271f709..60508909 100644 --- a/.github/workflows/main_workflow.yml +++ b/.github/workflows/main_workflow.yml @@ -63,6 +63,35 @@ jobs: with: python-version: '3.10' + - name: Ensure version differs from master + if: github.ref != 'refs/heads/master' + run: | + git fetch origin master --depth=1 + python - <<'PY' + import subprocess + import tomllib + + with open("pyproject.toml", "rb") as f: + current = tomllib.load(f) + current_version = current["project"]["version"] + + master_pyproject = subprocess.check_output( + ["git", "show", "origin/master:pyproject.toml"], text=True + ) + master = tomllib.loads(master_pyproject) + master_version = master["project"]["version"] + + print(f"Current version: {current_version}") + print(f"Master version: {master_version}") + + if current_version == master_version: + raise SystemExit( + "Version check failed: current version is identical to origin/master. " + "Please bump [project].version in pyproject.toml." + ) + print("Version check passed: current version differs from origin/master.") + PY + - name: Install Poetry run: | curl -sSL https://install.python-poetry.org | python3 - From 2859c635fd4688c41f4d08309e97305097585cb2 Mon Sep 17 00:00:00 2001 From: Thomas Vergauwen Date: Wed, 25 Feb 2026 12:13:26 +0100 Subject: [PATCH 5/7] move the relative version test in the version test block --- .github/workflows/main_workflow.yml | 56 ++++++++++++++--------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/.github/workflows/main_workflow.yml b/.github/workflows/main_workflow.yml index 60508909..033cf147 100644 --- a/.github/workflows/main_workflow.yml +++ b/.github/workflows/main_workflow.yml @@ -63,34 +63,6 @@ jobs: with: python-version: '3.10' - - name: Ensure version differs from master - if: github.ref != 'refs/heads/master' - run: | - git fetch origin master --depth=1 - python - <<'PY' - import subprocess - import tomllib - - with open("pyproject.toml", "rb") as f: - current = tomllib.load(f) - current_version = current["project"]["version"] - - master_pyproject = subprocess.check_output( - ["git", "show", "origin/master:pyproject.toml"], text=True - ) - master = tomllib.loads(master_pyproject) - master_version = master["project"]["version"] - - print(f"Current version: {current_version}") - print(f"Master version: {master_version}") - - if current_version == master_version: - raise SystemExit( - "Version check failed: current version is identical to origin/master. " - "Please bump [project].version in pyproject.toml." - ) - print("Version check passed: current version differs from origin/master.") - PY - name: Install Poetry run: | @@ -314,6 +286,34 @@ jobs: run: | echo "version tags are not aligned!" exit 1 + - name: Ensure version differs from master + if: github.ref != 'refs/heads/master' + run: | + git fetch origin master --depth=1 + python - <<'PY' + import subprocess + import tomllib + + with open("pyproject.toml", "rb") as f: + current = tomllib.load(f) + current_version = current["project"]["version"] + + master_pyproject = subprocess.check_output( + ["git", "show", "origin/master:pyproject.toml"], text=True + ) + master = tomllib.loads(master_pyproject) + master_version = master["project"]["version"] + + print(f"Current version: {current_version}") + print(f"Master version: {master_version}") + + if current_version == master_version: + raise SystemExit( + "Version check failed: current version is identical to origin/master. " + "Please bump [project].version in pyproject.toml." + ) + print("Version check passed: current version differs from origin/master.") + PY pytest: name: Run Pytest framework From 0ce8a5823679ddaed31a72831779b859a193ee3f Mon Sep 17 00:00:00 2001 From: Thomas Vergauwen Date: Wed, 25 Feb 2026 12:16:48 +0100 Subject: [PATCH 6/7] version bump --- pyproject.toml | 2 +- src/metobs_toolkit/settings_collection/version.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 223dfffb..f76c56a4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ requires = ["poetry-core"] [project] name = "MetObs-toolkit" -version = "1.0.1" +version = "1.0.2" license = "MIT" license-files = ["LICENSE"] authors = [{name = "Thomas Vergauwen", email = "thomas.vergauwen@ugent.be"}] diff --git a/src/metobs_toolkit/settings_collection/version.py b/src/metobs_toolkit/settings_collection/version.py index 5c4105cd..7863915f 100644 --- a/src/metobs_toolkit/settings_collection/version.py +++ b/src/metobs_toolkit/settings_collection/version.py @@ -1 +1 @@ -__version__ = "1.0.1" +__version__ = "1.0.2" From 59ab1f187cc38723dad48724e81325f873488f4f Mon Sep 17 00:00:00 2001 From: Thomas Vergauwen <82087298+vergauwenthomas@users.noreply.github.com> Date: Wed, 25 Feb 2026 13:25:34 +0100 Subject: [PATCH 7/7] Update .github/workflows/dependency-audit.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/dependency-audit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependency-audit.yml b/.github/workflows/dependency-audit.yml index f9868805..ec2e8db3 100644 --- a/.github/workflows/dependency-audit.yml +++ b/.github/workflows/dependency-audit.yml @@ -4,6 +4,7 @@ on: push: branches: - master + - main - develop - bugfix_* pull_request: