From 1901fe61931425640e1ce9f48ff164927ef8b9ab Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Fri, 24 Apr 2026 11:59:05 +0300 Subject: [PATCH 1/2] Update pre-commit --- .pre-commit-config.yaml | 6 ++--- .../tests/data/bm_local_wheel/pyproject.toml | 2 +- pyproject.toml | 25 +++++-------------- 3 files changed, 10 insertions(+), 23 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8b799353..b08a9606 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,7 +1,7 @@ exclude: ^pyperformance/data-files/ repos: - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.13.1 + rev: v0.15.11 hooks: - id: ruff-check name: Run Ruff (lint) @@ -11,11 +11,11 @@ repos: args: [--exit-non-zero-on-fix] - repo: https://github.com/tox-dev/pyproject-fmt - rev: v2.6.0 + rev: v2.21.1 hooks: - id: pyproject-fmt - repo: https://github.com/abravalheri/validate-pyproject - rev: v0.24.1 + rev: v0.25 hooks: - id: validate-pyproject diff --git a/pyperformance/tests/data/bm_local_wheel/pyproject.toml b/pyperformance/tests/data/bm_local_wheel/pyproject.toml index 453345d4..c786891f 100644 --- a/pyperformance/tests/data/bm_local_wheel/pyproject.toml +++ b/pyperformance/tests/data/bm_local_wheel/pyproject.toml @@ -1,7 +1,6 @@ [project] name = "pyperformance-bm-local-wheel" version = "1.0" - requires-python = ">=3.7" classifiers = [ "Programming Language :: Python :: 3 :: Only", @@ -12,6 +11,7 @@ classifiers = [ "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", + "Programming Language :: Python :: 3.14", ] dependencies = [ "pyperf" ] urls = { repository = "https://github.com/python/pyperformance" } diff --git a/pyproject.toml b/pyproject.toml index 483f1ec4..e621c131 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -36,10 +36,8 @@ # - set version to n+1: pyperformance/__init__.py and doc/conf.py # - git commit -a -m "post-release" # - git push - [build-system] build-backend = "setuptools.build_meta" - requires = [ "setuptools>=61" ] [project] @@ -69,7 +67,6 @@ dependencies = [ "pyperf", "tomli; python_version<'3.11'", ] - optional-dependencies.dev = [ "mypy==1.19.1", "tomli", # Needed even on 3.11+ for typechecking with mypy @@ -80,22 +77,15 @@ scripts.pyperformance = "pyperformance.cli:main" [tool.setuptools] include-package-data = true - -[tool.setuptools.packages] -find = {} # Scanning implicit namespaces is active by default - -[tool.setuptools.dynamic] -version = { attr = "pyperformance.__version__" } +dynamic.version = { attr = "pyperformance.__version__" } +packages.find = {} # Scanning implicit namespaces is active by default [tool.ruff] target-version = "py310" - exclude = [ "pyperformance/data-files/", ] - fix = true - lint.select = [ "E", # pycodestyle errors "F", # pyflakes errors @@ -121,13 +111,10 @@ warn_redundant_casts = true warn_unused_ignores = true warn_unused_configs = true files = [ - 'pyperformance/', + "pyperformance/", ] exclude = [ - 'pyperformance/data-files/', - 'pyperformance/tests/', + "pyperformance/data-files/", + "pyperformance/tests/", ] - -[[tool.mypy.overrides]] -module = "pyperf" -ignore_missing_imports = true +overrides = [ { module = "pyperf", ignore_missing_imports = true } ] From f8d08d4e997a7169205ed8382bf8772e66c636de Mon Sep 17 00:00:00 2001 From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com> Date: Fri, 24 Apr 2026 12:02:25 +0300 Subject: [PATCH 2/2] Add zizmor security linter --- .github/workflows/main.yml | 2 ++ .github/workflows/mypy.yml | 2 ++ .github/workflows/publish.yml | 4 ++-- .pre-commit-config.yaml | 21 +++++++++++++++++++++ 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e0ee2f20..beaee861 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -53,6 +53,8 @@ jobs: experimental: false steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python ${{ matrix.python }} uses: actions/setup-python@v6 if: "!endsWith(matrix.python, '-dev')" diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml index 9199c96c..bba464d3 100644 --- a/.github/workflows/mypy.yml +++ b/.github/workflows/mypy.yml @@ -15,6 +15,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - uses: actions/setup-python@v6 with: cache: "pip" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0313f277..4cd6d112 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -16,12 +16,12 @@ jobs: steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python uses: actions/setup-python@v6 with: python-version: '3.x' - cache: pip - cache-dependency-path: pyproject.toml - name: Install dependencies run: | python -m pip install --upgrade build diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b08a9606..18eface6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -10,6 +10,22 @@ repos: name: Run Ruff (format) args: [--exit-non-zero-on-fix] + - repo: https://github.com/python-jsonschema/check-jsonschema + rev: 0.37.1 + hooks: + - id: check-dependabot + - id: check-github-workflows + + - repo: https://github.com/rhysd/actionlint + rev: v1.7.12 + hooks: + - id: actionlint + + - repo: https://github.com/zizmorcore/zizmor-pre-commit + rev: v1.23.1 + hooks: + - id: zizmor + - repo: https://github.com/tox-dev/pyproject-fmt rev: v2.21.1 hooks: @@ -19,3 +35,8 @@ repos: rev: v0.25 hooks: - id: validate-pyproject + + - repo: meta + hooks: + - id: check-hooks-apply + - id: check-useless-excludes