Ouranosinc · Zeitsperre · Jul 4, 2024 · Jul 3, 2024 · Jul 3, 2024 · Jul 3, 2024
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/bump-version.yml b/{{cookiecutter.project_slug}}/.github/workflows/bump-version.yml
@@ -60,7 +60,7 @@ jobs:
             github.com:443
             pypi.org:443
       - name: Checkout Repository (no persist-credentials)
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
           fetch-depth: 0

diff --git a/{{cookiecutter.project_slug}}/.github/workflows/dependency-review.yml b/{{cookiecutter.project_slug}}/.github/workflows/dependency-review.yml
@@ -21,11 +21,12 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
+            api.deps.dev:443
             api.github.com:443
             github.com:443
 
       - name: Checkout Repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Dependency Review
         uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/main.yml b/{{cookiecutter.project_slug}}/.github/workflows/main.yml
@@ -72,7 +72,7 @@ jobs:
         with:
           egress-policy: audit
       - name: Checkout Repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Python__PYTHON_VERSION__
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
@@ -96,7 +96,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.9", "3.10", "3.11"]
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
     defaults:
       run:
         shell: bash -l {0}
@@ -106,18 +106,16 @@ jobs:
         with:
           egress-policy: audit
       - name: Checkout Repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Setup Conda (Micromamba) with Python__PYTHON_VERSION__
         uses: mamba-org/setup-micromamba@422500192359a097648154e8db4e39bdb6c6eed7 # v1.8.1
         with:
           cache-downloads: true
           environment-file: environment-dev.yml
           create-args: >-
-            mamba
             python=__PYTHON_VERSION__
       - name: Conda and Mamba versions
         run: |
-          mamba --version
           echo "micromamba $(micromamba --version)"
       - name: Install {{ cookiecutter.project_name }}
         run: |
@@ -129,7 +127,7 @@ jobs:
       - name: Test with pytest
         run: |
           python -m pytest --cov {{ cookiecutter.project_slug }}
-      - name: Report coverage
+      - name: Report Coverage
         run: |
           python -m coveralls
         env:

diff --git a/{{cookiecutter.project_slug}}/.github/workflows/publish-pypi.yml b/{{cookiecutter.project_slug}}/.github/workflows/publish-pypi.yml
@@ -28,7 +28,7 @@ jobs:
             pypi.org:443
             upload.pypi.org:443
       - name: Checkout Repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Python3
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
@@ -40,4 +40,4 @@ jobs:
         run: |
           python -m flit build
       - name: Publish distribution 📦 to PyPI
-        uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
+        uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/scorecard.yml b/{{cookiecutter.project_slug}}/.github/workflows/scorecard.yml
@@ -47,11 +47,11 @@ jobs:
             www.bestpractices.dev:443
 
       - name: Checkout Repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
 
-      - name: Run analysis
+      - name: Run Analysis
         uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
@@ -71,7 +71,7 @@ jobs:
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
-      - name: Upload artifact
+      - name: Upload Artifact
         uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
@@ -80,6 +80,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # 3.25.5
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c  # 3.25.11
         with:
           sarif_file: results.sarif
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/tag-testpypi.yml b/{{cookiecutter.project_slug}}/.github/workflows/tag-testpypi.yml
@@ -21,7 +21,7 @@ jobs:
         with:
           egress-policy: audit
       - name: Checkout Repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Create Release
         uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # 2.0.5
         env:
@@ -52,7 +52,7 @@ jobs:
             pypi.org:443
             test.pypi.org:443
       - name: Checkout Repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Python3
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
@@ -64,7 +64,7 @@ jobs:
         run: |
           python -m flit build
       - name: Publish distribution 📦 to Test PyPI
-        uses: pypa/gh-action-pypi-publish@81e9d935c883d0b210363ab89cf05f3894778450 # v1.8.14
+        uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0
         with:
           repository-url: https://test.pypi.org/legacy/
           skip-existing: true
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/workflow-warning.yml b/{{cookiecutter.project_slug}}/.github/workflows/workflow-warning.yml
@@ -33,15 +33,15 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443
-      - name: Find comment
+      - name: Find Comment
         uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
         id: fc
         with:
           issue-number: ${{ github.event.pull_request.number }}
           comment-author: 'github-actions[bot]'
           body-includes: |
             This Pull Request modifies GitHub workflows and is coming from a fork.
-      - name: Create comment
+      - name: Create Comment
         if: |
           (steps.fc.outputs.comment-id == '') &&
           (!contains(github.event.pull_request.labels.*.name, 'approved')) &&
@@ -55,7 +55,7 @@ jobs:
             > This Pull Request modifies GitHub Workflows and is coming from a fork.
             **It is very important for the reviewer to ensure that the workflow changes are appropriate.**
           edit-mode: replace
-      - name: Update comment
+      - name: Update Comment
         if: |
           contains(github.event.pull_request.labels.*.name, 'approved')
         uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0

diff --git a/{{cookiecutter.project_slug}}/.pre-commit-config.yaml b/{{cookiecutter.project_slug}}/.pre-commit-config.yaml
@@ -3,7 +3,7 @@ default_language_version:
 
 repos:
   - repo: https://github.com/asottile/pyupgrade
-    rev: v3.15.2
+    rev: v3.16.0
     hooks:
     -   id: pyupgrade
         args: [ '--py38-plus' ]
@@ -46,11 +46,13 @@ repos:
         exclude: ^docs/
   {%- endif %}
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.4.4
+    rev: v0.5.0
     hooks:
       - id: ruff
+        args: [ '--fix' ]
+      - id: ruff-format
   - repo: https://github.com/pycqa/flake8
-    rev: 7.0.0
+    rev: 7.1.0
     hooks:
       - id: flake8
         additional_dependencies: [ 'flake8-rst-docstrings' ]
@@ -68,7 +70,7 @@ repos:
       - id: yamllint
         args: [ '--config-file=.yamllint.yaml' ]
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.28.3
+    rev: 0.28.6
     hooks:
       - id: check-github-workflows
       - id: check-readthedocs