diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..fc9f855 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" # Location of your workflow files + schedule: + interval: "weekly" # Options: daily, weekly, monthly diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 1dea102..ceb26d8 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,4 +1,6 @@ name: Lint +permissions: + contents: read on: push: @@ -13,6 +15,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - uses: codespell-project/actions-codespell@master + with: + persist-credentials: false + - uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2 with: check_filenames: true diff --git a/{{cookiecutter.github_project_name}}/.github/dependabot.yml b/{{cookiecutter.github_project_name}}/.github/dependabot.yml new file mode 100644 index 0000000..fc9f855 --- /dev/null +++ b/{{cookiecutter.github_project_name}}/.github/dependabot.yml @@ -0,0 +1,7 @@ + +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" # Location of your workflow files + schedule: + interval: "weekly" # Options: daily, weekly, monthly diff --git a/{{cookiecutter.github_project_name}}/.github/workflows/lint.yml b/{{cookiecutter.github_project_name}}/.github/workflows/lint.yml index 0e61f94..e38e77c 100644 --- a/{{cookiecutter.github_project_name}}/.github/workflows/lint.yml +++ b/{{cookiecutter.github_project_name}}/.github/workflows/lint.yml @@ -1,4 +1,6 @@ name: Lint +permissions: + contents: read on: push: @@ -11,8 +13,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 + with: + persist-credentials: false - uses: actions/setup-python@v2 - - uses: psf/black@stable + - uses: psf/black@8a737e727ac5ab2f1d4cf5876720ed276dc8dc4b # 25.1.0 with: options: "--check" src: "." diff --git a/{{cookiecutter.github_project_name}}/.github/workflows/publish.yml b/{{cookiecutter.github_project_name}}/.github/workflows/publish.yml index 494b409..0ea2f4c 100644 --- a/{{cookiecutter.github_project_name}}/.github/workflows/publish.yml +++ b/{{cookiecutter.github_project_name}}/.github/workflows/publish.yml @@ -1,5 +1,7 @@ # heavily based on https://github.com/jupyterlab/jupyterlab-git/blob/v0.22.2/.github/workflows/publish.yml name: Publish Package +permissions: + contents: read on: release: @@ -9,8 +11,14 @@ on: jobs: deploy: runs-on: ubuntu-latest + permissions: + id-token: write + attestations: write + contents: read steps: - uses: actions/checkout@v2 + with: + persist-credentials: false - name: Install Python uses: actions/setup-python@v2 with: diff --git a/{{cookiecutter.github_project_name}}/.github/workflows/test.yml b/{{cookiecutter.github_project_name}}/.github/workflows/test.yml index 1c843dd..ad4e5af 100644 --- a/{{cookiecutter.github_project_name}}/.github/workflows/test.yml +++ b/{{cookiecutter.github_project_name}}/.github/workflows/test.yml @@ -1,4 +1,6 @@ name: Test +permissions: + contents: read on: push: @@ -19,6 +21,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 + with: + persist-credentials: false - name: Setup Python ${{ matrix.python-version }} uses: actions/setup-python@v2 diff --git a/{{cookiecutter.github_project_name}}/.gitignore b/{{cookiecutter.github_project_name}}/.gitignore index 49df861..fe3a084 100644 --- a/{{cookiecutter.github_project_name}}/.gitignore +++ b/{{cookiecutter.github_project_name}}/.gitignore @@ -151,5 +151,16 @@ cython_debug/ [._]sw[a-p] [._]*.un~ -## vscode -.vscode \ No newline at end of file + +## Editor temporary/working/backup files # +.#* +[#]*# +*~ +*$ +*.bak +*.kdev4 +.project +.pydevproject +*.swp +.idea +.vscode/