chore(deps): update from template

Author: helmut-hoffer-von-ankershoffen

.copier-answers.yml

@@ -1,4 +1,4 @@
-_commit: v0.8.28
+_commit: v0.8.31
 _src_path: gh:helmut-hoffer-von-ankershoffen/oe-python-template
 attestations_enabled: true
 author_email: helmuthva@gmail.com

.github/workflows/docker-image-build-publish.yml

@@ -24,11 +24,8 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install dev tools
-        run: |
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
-          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
-          sudo apt-get update
-          sudo apt-get install -y curl jq xsltproc gnupg2 trivy
+        shell: bash
+        run: .github/workflows/install_dev_tools.bash
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
@@ -37,7 +34,6 @@ jobs:
         uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
 
-
       - name: Log in to Docker Hub
         uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:

.github/workflows/install_dev_tools.bash

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e  # Exit immediately if a command exits with a non-zero status
+set -o pipefail  # Return value of a pipeline is the value of the last command to exit with a non-zero status
+
+# Log function for better debugging
+log() {
+    echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] $*"
+}
+
+log "Starting installation of development tools..."
+
+wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
+echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
+sudo apt-get update
+sudo apt-get install -y curl jq xsltproc gnupg2 imagemagick trivy
+
+.github/workflows/install_dev_tools_project.bash
+
+log "Completed installation of development tools."

.github/workflows/install_dev_tools_project.bash

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e  # Exit immediately if a command exits with a non-zero status
+set -o pipefail  # Return value of a pipeline is the value of the last command to exit with a non-zero status
+
+# Log function for better debugging
+log() {
+    echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] $*"
+}
+
+log "Starting installation of development tools specific to OE Python Template Example..."
+
+# Add your project specific installation commands here
+# sudo apt-get install -y curl jq xsltproc gnupg2 imagemagick trivy
+
+log "Completed installation of development tools specific to OE Python Template Example."

.github/workflows/package-build-publish-release.yml

@@ -19,12 +19,19 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Install uv
+        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
+        with:
+          version: "0.6.3"
+          cache-dependency-glob: uv.lock
+          enable-cache: true
+
       - name: Install dev tools
-        run: |
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
-          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
-          sudo apt-get update
-          sudo apt-get install -y curl jq xsltproc gnupg2 trivy
+        shell: bash
+        run: .github/workflows/install_dev_tools.bash
+
+      - name: Docs
+        run: make docs
 
       - name: Generate release notes
         uses: orhun/git-cliff-action@4a4a951bc43fafe41cd2348d181853f52356bee7 # v4.4.2
@@ -39,29 +46,23 @@ jobs:
       - name: Print the release notes
         run: cat "${{ steps.git-cliff.outputs.changelog }}"
 
-      - name: Install uv
-        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
-        with:
-          version: "0.6.3"
-          cache-dependency-glob: uv.lock
-          enable-cache: true
-
       - name: Build distribution into dist/
-        run: uv build
+        run: make dist
 
 
       - name: Publish distribution to Python Package Index at pypi.org
         run: uv publish -t ${{ secrets.UV_PUBLISH_TOKEN }}
 
 
       - name: Have audit checks publish to reports/ for auditing
-        run: uv run nox -s audit
+        run: make audit
 
       - name: Create GitHub release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          gh release create ${{ github.ref_name }} ./dist/* ./reports/* --notes-file ${{ steps.git-cliff.outputs.changelog }}
+          gh release create ${{ github.ref_name }} ./dist/* ./reports/* \
+            --notes-file ${{ steps.git-cliff.outputs.changelog }}
 
       - name: Allow other workflows to trigger on release
         env:

.github/workflows/test-and-report.yml

@@ -21,27 +21,19 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Install dev tools
-        run: |
-          wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
-          echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
-          sudo apt-get update
-          sudo apt-get install -y curl jq xsltproc gnupg2 imagemagick trivy
-
-      - name: Install project specific dependencies
-        run: |
-          # sudo apt-get install -y YOUR_PROJECT_DEPENDENCIES
-
-      - name: Install uv (python package manager)
+      - name: Install uv
         uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
         with:
           version: "0.6.3"
           enable-cache: true
           cache-dependency-glob: uv.lock
 
+      - name: Install dev tools
+        shell: bash
+        run: .github/workflows/install_dev_tools.bash
+
       - name: Install Python, venv and dependencies
-        run: |
-          uv sync --all-extras --frozen --link-mode=copy
+        run: uv sync --all-extras --frozen --link-mode=copy
 
       - name: Release version check
         if: startsWith(github.ref, 'refs/tags/v')
@@ -74,25 +66,33 @@ jobs:
             fi
 
       - name: Smoke tests
-        run: |
-          uv run --no-dev oe-python-template-example hello-world
+        run: uv run --no-dev oe-python-template-example hello-world
 
-      - name: Run unit tests, measure coverage, lint, and check vulnerabilities
-        run: |
-          uv run --all-extras nox
+      - name: Lint
+        run: make lint
+
+      - name: Audit
+        run: make audit
+      
+      - name: Test
+        run: make test
 
       - name: Upload test results
         uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: ${{ always() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') }}
         with:
           name: test-results
           path: |
-            junit.xml
-            coverage.xml
-            coverage_html/
-            vulnerabilities.json
-            licenses.json
-            licenses-inverted.json
+            reports/mypy_junit.xml
+            reports/sbom.json
+            reports/sbom.spdx
+            reports/licenses.csv
+            reports/licenses.json
+            reports/licenses_grouped.json
+            reports/vulnerabilities.json
+            reports/junit.xml
+            reports/coverage.xml
+            reports/coverage_html
           retention-days: 30
 
       - name: Upload coverage reports to Codecov

.github/workflows/test-scheduled.yml

@@ -2,7 +2,7 @@ name: "CI Scheduled"
 
 on:
   schedule:
-    - cron: '0 7 * * *'
+    - cron: '0 6 * * *'
 
 jobs:
   test-scheduled:
@@ -24,8 +24,7 @@ jobs:
           cache-dependency-glob: uv.lock
 
       - name: Install Python, venv and dependencies
-        run: |
-          uv sync --all-extras --frozen --link-mode=copy
+        run: uv sync --all-extras --frozen --link-mode=copy
 
       - name: Create .env file
         uses: SpicyPizza/create-envfile@ace6d4f5d7802b600276c23ca417e669f1a06f6f # v2.0.3
@@ -34,5 +33,4 @@ jobs:
           fail_on_empty: true
 
       - name: Run tests marked as scheduled
-        run: |
-          uv run --all-extras nox -s test -p 3.11 -- -m scheduled
+        run: make test_scheduled

.github/workflows/vercel-preview.yml

@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Install uv (python package manager)
+      - name: Install uv
         uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
         with:
           version: "0.6.3"
@@ -27,8 +27,7 @@ jobs:
         run: npm install --global vercel@latest
 
       - name: Make Vercel distribution
-        run: |
-          make dist_vercel
+        run: make dist_vercel
 
       - name: Deploy to Vercel
         id: deploy-vercel

.github/workflows/vercel-production.yml

@@ -16,7 +16,7 @@ jobs:
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Install uv (python package manager)
+      - name: Install uv
         uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
         with:
           version: "0.6.3"
@@ -27,8 +27,7 @@ jobs:
         run: npm install --global vercel@latest
 
       - name: Make Vercel distribution
-        run: |
-          make dist_vercel
+        run: make dist_vercel
 
       - name: Deploy to Vercel
         id: deploy-vercel

.pre-commit-config.yaml

@@ -67,8 +67,8 @@ repos:
       - id: uv-lock
   - repo: local
     hooks:
-      - id: nox
-        name: nox
+      - id: make
+        name: make
         entry: make
         language: system
         pass_filenames: false