diff --git a/.github/workflows/apptainer-build-deploy.yml b/.github/workflows/apptainer-build-deploy.yml index f96dd31b..00fa8786 100644 --- a/.github/workflows/apptainer-build-deploy.yml +++ b/.github/workflows/apptainer-build-deploy.yml @@ -22,7 +22,7 @@ jobs: # artifact_name: mything # asset_name: mything-macos-amd64 permissions: - write-all + contents: write container: image: quay.io/singularity/singularity:v3.8.1 @@ -32,6 +32,10 @@ jobs: - name: Check out code for the container builds uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 + fetch-tags: true + persist-credentials: false - name: Build Container run: | @@ -43,7 +47,7 @@ jobs: # singularity push container.sif oras://ghcr.io/${GITHUB_REPOSITORY}:${tag} - name: Upload container to release - uses: svenstaro/upload-release-action@v2 + uses: svenstaro/upload-release-action@6b7fa9f267e90b50a19fef07b3596790bb941741 with: repo_token: ${{ secrets.GITHUB_TOKEN }} file: ${{ matrix.artifact_name }} diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index 55d05086..e0b19e81 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -10,13 +10,17 @@ jobs: cov: name: Codecov runs-on: ubuntu-latest + permissions: + contents: read steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.pull_request.head.ref || github.ref }} fetch-depth: 1 + fetch-tags: true + persist-credentials: false - name: Setup Python - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: 3.13 - name: Install dependencies @@ -28,7 +32,7 @@ jobs: run: | pytest -v --cov=gaps --cov-report=html --cov-branch --cov-report=xml:coverage.xml --cov-fail-under=95 - name: Upload coverage to Codecov - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de with: token: ${{ secrets.CODECOV_TOKEN }} files: ./coverage.xml diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 4f7e91a6..07f2a1b9 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -18,8 +18,9 @@ jobs: with: fetch-depth: 0 fetch-tags: true + persist-credentials: false - - uses: prefix-dev/setup-pixi@v0.9.4 + - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e with: pixi-version: v0.62.2 locked: true @@ -33,7 +34,7 @@ jobs: pixi run -e dev python-docs - name: deploy - uses: peaceiris/actions-gh-pages@v4.0.0 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs/_build/html diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index d9970e76..52a0525f 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -11,14 +11,20 @@ jobs: lint: name: Lint Code Base with Ruff runs-on: ubuntu-latest + permissions: + contents: read steps: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - - uses: astral-sh/ruff-action@v3 + with: + fetch-depth: 0 + fetch-tags: true + persist-credentials: false + - uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 with: version: "latest" args: check src: "./gaps" - - uses: astral-sh/ruff-action@v3 + - uses: astral-sh/ruff-action@4919ec5cf1f49eff0871dbcea0da843445b837e6 with: version: "latest" args: format --check diff --git a/.github/workflows/pixi_tests.yml b/.github/workflows/pixi_tests.yml index 625023a9..8e72b6d7 100644 --- a/.github/workflows/pixi_tests.yml +++ b/.github/workflows/pixi_tests.yml @@ -9,6 +9,8 @@ on: jobs: tests: runs-on: ${{ matrix.os }} + permissions: + contents: read strategy: fail-fast: false max-parallel: 8 @@ -20,8 +22,10 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + fetch-tags: true + persist-credentials: false - - uses: prefix-dev/setup-pixi@v0.9.4 + - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e with: pixi-version: v0.62.2 locked: true diff --git a/.github/workflows/pr_rev_cli_tests.yml b/.github/workflows/pr_rev_cli_tests.yml index 8cf24d21..8677649a 100644 --- a/.github/workflows/pr_rev_cli_tests.yml +++ b/.github/workflows/pr_rev_cli_tests.yml @@ -5,21 +5,27 @@ on: pull_request jobs: rev_cli_tests: runs-on: ubuntu-latest + permissions: + contents: read steps: - name: checkout gaps uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 1 + fetch-tags: true path: gaps + persist-credentials: false - name: checkout reV uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: NatLabRockies/reV fetch-depth: 1 path: reV + fetch-tags: true + persist-credentials: false - name: Set up Python - uses: conda-incubator/setup-miniconda@v3 + uses: conda-incubator/setup-miniconda@fc2d68f6413eb2d87b895e92f8584b5b94a10167 with: auto-update-conda: true python-version: 3.9 diff --git a/.github/workflows/publish_to_pypi.yml b/.github/workflows/publish_to_pypi.yml index 44b26e4a..b92e61aa 100644 --- a/.github/workflows/publish_to_pypi.yml +++ b/.github/workflows/publish_to_pypi.yml @@ -20,8 +20,9 @@ jobs: with: fetch-depth: 0 fetch-tags: true + persist-credentials: false - - uses: prefix-dev/setup-pixi@v0.9.4 + - uses: prefix-dev/setup-pixi@a0af7a228712d6121d37aba47adf55c1332c9c2e with: pixi-version: v0.62.2 locked: true @@ -33,4 +34,4 @@ jobs: run: pixi run -e dev build-wheels - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e diff --git a/.github/workflows/release_drafter.yml b/.github/workflows/release_drafter.yml index cf1c4f7f..6ca994b8 100644 --- a/.github/workflows/release_drafter.yml +++ b/.github/workflows/release_drafter.yml @@ -7,8 +7,11 @@ on: jobs: update_release_draft: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Release Drafter - uses: release-drafter/release-drafter@v6.1.0 + uses: release-drafter/release-drafter@6db134d15f3909ccc9eefd369f02bd1e9cffdf97 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/super_linter.yml b/.github/workflows/super_linter.yml index 62281ddd..15b7cbf5 100644 --- a/.github/workflows/super_linter.yml +++ b/.github/workflows/super_linter.yml @@ -25,11 +25,15 @@ jobs: # super-linter needs the full git history to get the # list of files that changed across commits fetch-depth: 0 + fetch-tags: true + persist-credentials: false - name: Lint Code Base - uses: super-linter/super-linter/slim@v8.0.0 + uses: super-linter/super-linter/slim@61abc07d755095a68f4987d1c2c3d1d64408f1f9 env: VALIDATE_ALL_CODEBASE: false + VALIDATE_BIOME_LINT: false + VALIDATE_BIOME_FORMAT: false VALIDATE_CHECKOV: false VALIDATE_CSS: false VALIDATE_GITHUB_ACTIONS: false @@ -44,6 +48,7 @@ jobs: VALIDATE_PYTHON_PYINK: false VALIDATE_PYTHON_PYLINT: false VALIDATE_PYTHON_RUFF: false + VALIDATE_SPELL_CODESPELL: false VALIDATE_YAML: false VALIDATE_YAML_PRETTIER: false DEFAULT_BRANCH: origin/main diff --git a/.github/workflows/tests_tox.yml b/.github/workflows/tests_tox.yml index 583e995b..9b42c989 100644 --- a/.github/workflows/tests_tox.yml +++ b/.github/workflows/tests_tox.yml @@ -11,6 +11,8 @@ on: jobs: test-latest-deps: runs-on: ${{ matrix.os }} + permissions: + contents: read strategy: fail-fast: false max-parallel: 8 @@ -22,9 +24,11 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + fetch-tags: true + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} cache: 'pip' @@ -35,7 +39,7 @@ jobs: python -m pip install tox tox-gh-actions>=2.0 - name: Load tox cache - uses: actions/cache/restore@v5 + uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 with: path: .tox/ key: ${{ runner.os }}-${{ matrix.python-version }}-tox-v1-${{ hashFiles('**/pyproject.toml') }} @@ -49,7 +53,7 @@ jobs: - name: Save tox cache only on main if: github.ref == 'refs/heads/main' - uses: actions/cache/save@v5 + uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 with: path: .tox/ key: ${{ runner.os }}-${{ matrix.python-version }}-tox-v1-${{ hashFiles('**/pyproject.toml') }} @@ -57,6 +61,8 @@ jobs: test-msv: runs-on: ${{ matrix.os }} if: github.event_name == 'pull_request' + permissions: + contents: read strategy: fail-fast: false max-parallel: 8 @@ -67,9 +73,11 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 + fetch-tags: true + persist-credentials: false - name: Set up Python 3.9 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: 3.9 diff --git a/.github/workflows/wildows_pytests.yml b/.github/workflows/wildows_pytests.yml index 00f189b9..5c4b0fb2 100644 --- a/.github/workflows/wildows_pytests.yml +++ b/.github/workflows/wildows_pytests.yml @@ -5,6 +5,8 @@ on: pull_request jobs: pytest: runs-on: windows-latest + permissions: + contents: read strategy: fail-fast: false matrix: @@ -15,8 +17,10 @@ jobs: with: ref: ${{ github.event.pull_request.head.ref }} fetch-depth: 1 + fetch-tags: true + persist-credentials: false - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: ${{ matrix.python-version }} - name: Install Dependencies diff --git a/docs/source/conf.py b/docs/source/conf.py index 7f1d4fb0..004aa285 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -127,7 +127,7 @@ html_context = { "display_github": True, - "github_user": "nlr", + "github_user": "NatLabRockies", "github_repo": "gaps", "github_version": "main", "conf_py_path": "/docs/source/", diff --git a/examples/example_developers.rst b/examples/example_developers.rst index 668925f0..264b4169 100644 --- a/examples/example_developers.rst +++ b/examples/example_developers.rst @@ -723,4 +723,4 @@ to render the CLI documentation for you in a visually appealing format. For an e Questions? ---------- If you run into any issues or questions while coupling GAPs with your model, please reach out to -Paul Pinchuk (ppinchuk@nrl.gov). +Paul Pinchuk (ppinchuk@nlr.gov). diff --git a/pixi.lock b/pixi.lock index bcb525a0..48edd011 100644 --- a/pixi.lock +++ b/pixi.lock @@ -6698,8 +6698,8 @@ packages: timestamp: 1771078206376 - pypi: ./ name: nlr-gaps - version: 0.8.12.dev15+ge5e924373.d20260214 - sha256: 454b58ae9a65d812027658ad7556f04b55540312c4b3cdebf55afe135825c39c + version: 0.8.12.dev20+g5358eced4.d20260214 + sha256: 44b8b547a0185f34d42795b3c1a1fa85e71f8bd6488ac7d2d12ba5fa94a86b0c requires_dist: - click>=8.1.8 - colorama>=0.4.6 diff --git a/pyproject.toml b/pyproject.toml index ac156edf..3c8d29fb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -104,7 +104,7 @@ channels = ["conda-forge", "anaconda", "main"] platforms = ["osx-arm64", "osx-64", "linux-64", "win-64"] [tool.pixi.pypi-dependencies] -NLR-gaps = { path = ".", editable = true } +NLR-GAPs = { path = ".", editable = true } [tool.pixi.environments] default = { solve-group = "default" }