From 33a8aefcdb1ce5305f1f5b0c786d873551be8432 Mon Sep 17 00:00:00 2001 From: Leah Wasser Date: Tue, 16 Sep 2025 15:40:12 -0600 Subject: [PATCH 1/3] chore(deps): Update dependabot configuration for GitHub Actions Make sure that our pure python package workflows are updated weekly. --- .github/dependabot.yml | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 87dbac45b..379d08fb7 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,24 +1,9 @@ version: 2 updates: - - package-ecosystem: "pip" - directory: "/" - insecure-external-code-execution: allow - schedule: - interval: "daily" - open-pull-requests-limit: 100 - labels: - - "maintenance" - - "dependencies" - groups: - pip: - patterns: - - "*" - commit-message: - prefix: "chore" - package-ecosystem: "github-actions" - directory: "/" + directory: "examples/pure-hatch/.github/workflows" schedule: - interval: "daily" + interval: "weekly" open-pull-requests-limit: 100 labels: - "maintenance" From 19e736d49d4e44ffe578dd4c17e191e29156631c Mon Sep 17 00:00:00 2001 From: Leah Wasser Date: Tue, 16 Sep 2025 15:53:58 -0600 Subject: [PATCH 2/3] chore(ci): add release workflow to package --- .../pure-hatch/.github/workflows/release.yml | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 examples/pure-hatch/.github/workflows/release.yml diff --git a/examples/pure-hatch/.github/workflows/release.yml b/examples/pure-hatch/.github/workflows/release.yml new file mode 100644 index 000000000..89f02600e --- /dev/null +++ b/examples/pure-hatch/.github/workflows/release.yml @@ -0,0 +1,46 @@ +name: Release + +on: + release: + types: + - published + +permissions: {} # no permissions to the token at global level + +jobs: + build_package: + name: Build the package + runs-on: ubuntu-latest + permissions: + contents: read # this job only needs read access + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + - name: Set up Hatch + uses: pypa/hatch@257e27e51a6a5616ed08a39a408a21c35c9931bc + - name: Build artifacts + run: hatch build + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + path: dist/ + name: dist.zip + if-no-files-found: error + retention-days: 1 + + publish_release_to_pypi: + name: Publish release to PyPI + needs: [build_package] + runs-on: ubuntu-latest + environment: + name: pypi + url: + permissions: + contents: read # this job needs read access + id-token: write # but also needs to be able to write the publishing token + steps: + - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + name: dist.zip + path: dist/ + - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 From 69abb7afa2669b263f07accdee4be26da58e6581 Mon Sep 17 00:00:00 2001 From: Leah Wasser Date: Tue, 16 Sep 2025 16:00:02 -0600 Subject: [PATCH 3/3] chore(ci): dependabot --- .github/dependabot.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 379d08fb7..03203365a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,34 @@ version: 2 updates: + - package-ecosystem: "pip" + directory: "/" + insecure-external-code-execution: allow + schedule: + interval: "monthly" + open-pull-requests-limit: 100 + labels: + - "maintenance" + - "dependencies" + groups: + pip: + patterns: + - "*" + commit-message: + prefix: "chore" + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + open-pull-requests-limit: 100 + labels: + - "maintenance" + - "dependencies" + groups: + actions: + patterns: + - "*" + commit-message: + prefix: "chore" - package-ecosystem: "github-actions" directory: "examples/pure-hatch/.github/workflows" schedule: