chore(deps): update from template

Author: helmut-hoffer-von-ankershoffen

.copier-answers.yml

@@ -1,4 +1,4 @@
-_commit: v0.15.3
+_commit: v0.15.21
 _src_path: gh:helmut-hoffer-von-ankershoffen/oe-python-template
 attestations_enabled: true
 author_email: helmuthva@gmail.com

.dockerignore

@@ -86,9 +86,11 @@ docker-compose.yml
 # Copier
 **/*.rej
 
-
 # Vercel
 **/.vercel
 
+# Scalene
+profile.json
+profile.html
 
-# Application specific
+# Application specific

.github/workflows/_audit.yml

@@ -0,0 +1,49 @@
+name: "Audit"
+
+on:
+  workflow_call:
+    # No inputs needed at this time
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
+        with:
+          version: "0.6.3"
+          enable-cache: true
+          cache-dependency-glob: uv.lock
+
+      - name: Install dev tools
+        shell: bash
+        run: .github/workflows/_install_dev_tools.bash
+
+      - name: Install Python, venv and dependencies
+        run: uv sync --all-extras --frozen --link-mode=copy
+
+      - name: Audit
+        run: make audit
+        
+      - name: Upload audit results
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        if: ${{ always() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') }}
+        with:
+          name: audit-results
+          path: |
+            reports/sbom.json
+            reports/sbom.spdx
+            reports/licenses.csv
+            reports/licenses.json
+            reports/licenses_grouped.json
+            reports/vulnerabilities.json
+          retention-days: 30

.github/workflows/_docker-publish.yml

@@ -0,0 +1,98 @@
+name: "Publish Docker Image"
+
+on:
+  workflow_call:
+    # No inputs needed at this time
+
+jobs:
+  docker_publish:
+    runs-on: ubuntu-latest
+    permissions:
+      attestations: write
+      contents: read
+      id-token: write
+      packages: write
+
+    env:
+      DOCKER_IO_REGISTRY: docker.io
+      DOCKER_IO_IMAGE_NAME_ALL: helmuthva/oe-python-template-example
+      DOCKER_IO_IMAGE_NAME_SLIM: helmuthva/oe-python-template-example-slim
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Install dev tools
+        shell: bash
+        run: .github/workflows/_install_dev_tools.bash
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+
+      - name: Log in to Docker Hub
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ secrets.DOCKER_IO_USERNAME }}
+          password: ${{ secrets.DOCKER_IO_PASSWORD }}
+
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata for Docker
+        id: meta
+        uses: docker/metadata-action@38b8a86137171c128513e9be0b97bc476fbffcb5 # v5.6.0
+        with:
+          images: |
+            ghcr.io/helmut-hoffer-von-ankershoffen/oe-python-template-example
+
+            ${{ env.DOCKER_IO_IMAGE_NAME_ALL }}
+
+          flavor: |
+            latest=auto
+            prefix=
+            suffix=
+          tags: |
+            type=semver,pattern=v
+            type=semver,pattern=v.
+            type=semver,pattern=v
+
+      - name: Build and push Docker image (all)
+        uses: docker/build-push-action@e6ef1f314e8a75f35e85dbd71ebe08d4b3005fc8 # v6.2.0
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          target: all
+          provenance: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Build and push Docker image (slim)
+        uses: docker/build-push-action@e6ef1f314e8a75f35e85dbd71ebe08d4b3005fc8 # v6.2.0
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/helmut-hoffer-von-ankershoffen/oe-python-template-example-slim:latest
+            ghcr.io/helmut-hoffer-von-ankershoffen/oe-python-template-example-slim:${{ github.ref_name }}
+
+            ${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}:latest
+            ${{ env.DOCKER_IO_IMAGE_NAME_SLIM }}:${{ github.ref_name }}
+
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          target: slim
+          provenance: true
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

.github/workflows/install_dev_tools.bash .github/workflows/_install_dev_tools.bash.github/workflows/install_dev_tools.bash renamed to .github/workflows/_install_dev_tools.bash

@@ -13,8 +13,8 @@ log "Starting installation of development tools..."
 wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
 echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
 sudo apt-get update
-sudo apt-get install -y curl jq xsltproc gnupg2 imagemagick trivy
+sudo apt-get install --no-install-recommends -y curl gnupg2 imagemagick jq trivy xsltproc
 
-.github/workflows/install_dev_tools_project.bash
+.github/workflows/_install_dev_tools_project.bash
 
 log "Completed installation of development tools."

.github/workflows/_install_dev_tools_project.bash

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -e # Exit immediately if a command exits with a non-zero status
+set -o pipefail # Return value of a pipeline is the value of the last command to exit with a non-zero status
+
+# Log function for better debugging
+log() {
+echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] $*"
+}
+
+log "Starting installation of development tools specific to OE Python Template Example..."
+
+# Add your project specific installation commands below
+# sudo apt-get install --no-install-recommends -y YOUR_PACKAGE
+
+log "Completed installation of development tools specific to OE Python Template Example."

.github/workflows/_lint.yml

@@ -0,0 +1,35 @@
+name: "Lint"
+
+on:
+  workflow_call:
+    # No inputs needed at this time
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
+        with:
+          version: "0.6.3"
+          enable-cache: true
+          cache-dependency-glob: uv.lock
+
+      - name: Install dev tools
+        shell: bash
+        run: .github/workflows/_install_dev_tools.bash
+
+      - name: Install Python, venv and dependencies
+        run: uv sync --all-extras --frozen --link-mode=copy
+
+      - name: Lint
+        run: make lint

…kflows/package-build-publish-release.yml .github/workflows/_package-publish.yml.github/workflows/package-build-publish-release.yml renamed to .github/workflows/_package-publish.yml .github/workflows/package-build-publish-release.yml renamed to .github/workflows/_package-publish.yml

@@ -1,12 +1,11 @@
-name: "Build package, publish to PyPI, create GitHub release"
+name: "Publish Package"
 
 on:
-  push:
-    tags:
-      - "v*.*.*"
+  workflow_call:
+    # No inputs needed at this time
 
 jobs:
-  package_build_publish_release:
+  package_publish:
     environment: release
     runs-on: ubuntu-latest
     permissions:
@@ -27,7 +26,7 @@ jobs:
 
       - name: Install dev tools
         shell: bash
-        run: .github/workflows/install_dev_tools.bash
+        run: .github/workflows/_install_dev_tools.bash
 
       - name: Docs
         run: make docs
@@ -62,7 +61,7 @@ jobs:
         run: |
           gh release create ${{ github.ref_name }} ./dist/* ./reports/* \
             --notes-file ${{ steps.git-cliff.outputs.changelog }}
-
+            
       - name: Allow other workflows to trigger on release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/_scheduled-test.yml

@@ -0,0 +1,87 @@
+name: "Scheduled Test"
+
+on:
+  workflow_call:
+    # No inputs needed at this time
+
+jobs:
+  test-scheduled:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@f94ec6bedd8674c4426838e6b50417d36b6ab231 # v5.3.1
+        with:
+          version: "0.6.3"
+          enable-cache: true
+          cache-dependency-glob: uv.lock
+
+      - name: Install dev tools
+        shell: bash
+        run: .github/workflows/_install_dev_tools.bash
+
+      - name: Install Python, venv and dependencies
+        run: uv sync --all-extras --frozen --link-mode=copy
+
+      - name: Create .env file
+        uses: SpicyPizza/create-envfile@ace6d4f5d7802b600276c23ca417e669f1a06f6f # v2.0.3
+        with:
+          envkey_OE_PYTHON_TEMPLATE_EXAMPLE_LOGFIRE_TOKEN: "${{ secrets.OE_PYTHON_TEMPLATE_EXAMPLE_LOGFIRE_TOKEN }}"
+          envkey_OE_PYTHON_TEMPLATE_EXAMPLE_SENTRY_DSN: "${{ secrets.OE_PYTHON_TEMPLATE_EXAMPLE_SENTRY_DSN }}"
+          fail_on_empty: false
+
+      - name: Audit
+        run: make audit
+
+      - name: Test / regular + long running
+        run: |
+          set +e
+          make test test_long_running
+          EXIT_CODE=$?
+          # Show test execution in GitHub Job summary
+          found_files=0
+          for file in reports/pytest_*.md; do
+            if [ -f "$file" ]; then
+              cat "$file" >> $GITHUB_STEP_SUMMARY
+              echo "" >> $GITHUB_STEP_SUMMARY
+              found_files=1
+            fi
+          done
+          if [ $found_files -eq 0 ]; then
+            echo "# All tests passed" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+          fi
+          # Show test coverage in GitHub Job summary
+          for file in reports/coverage_*.md; do
+            if [ -f "$file" ]; then
+              cat "$file" >> $GITHUB_STEP_SUMMARY
+              echo "" >> $GITHUB_STEP_SUMMARY
+            fi
+          done
+          exit $EXIT_CODE
+
+      - name: Upload test results
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        if: ${{ always() && (env.GITHUB_WORKFLOW_RUNTIME != 'ACT') }}
+        with:
+          name: test-results-scheduled
+          path: |
+            reports/mypy_junit.xml
+            reports/sbom.json
+            reports/sbom.spdx
+            reports/licenses.csv
+            reports/licenses.json
+            reports/licenses_grouped.json
+            reports/vulnerabilities.json
+            reports/junit.xml
+            reports/coverage.xml
+            reports/coverage_html
+            oe_python_template_example.log
+          retention-days: 7