Skip to content

Add stricter configuration defaults #157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dguido wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Add stricter configuration defaults #157

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
23ece6f
Add stricter configuration defaults
dguido Jan 26, 2026
5cb32c4
freeze revisions
Ninja3047 Jan 26, 2026
79a8adf
add autoupdate workflow
Ninja3047 Jan 26, 2026
b8b24ec
checkout using default CI token and not create PR token
Ninja3047 Jan 26, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion {{cookiecutter.project_slug}}/.github/workflows/tests.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ jobs:
strategy:
matrix:
python:
- "3.10"
- "3.11"
- "3.12"
- "3.13"
Expand Down
20 changes: 20 additions & 0 deletions {{cookiecutter.project_slug}}/.pre-commit-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,26 @@ repos:
- id: check-merge-conflict
- id: detect-private-key

# Shell script linting
- repo: https://github.com/koalaman/shellcheck-precommit
rev: v0.11.0
Copy link
Copy Markdown
Contributor

@Ninja3047 Ninja3047 Jan 26, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there should be a plan for keeping these up to date
dependabot doesn't appear to support keeping these up to date AFAICT, although it might be coming soon dependabot/dependabot-core#1524 dependabot/dependabot-core#13977

also these should probably be frozen to the git hash with a comment of what the version is similar to what's being done in the github actions to mitigate supply chain attacks

Copy link
Copy Markdown
Contributor

@Ninja3047 Ninja3047 Jan 26, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Turns out prek has this using https://prek.j178.dev/cli/#prek-auto-update so we just need to add it as a workflow

Copy link
Copy Markdown
Contributor

@Ninja3047 Ninja3047 Jan 26, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

alright claude implemented a simple auto updater in this commit 79a8adf
but we need to configure a github app id and secret and have it set org-wide

instructions on how to do that are here
https://github.com/actions/create-github-app-token?tab=readme-ov-file#usage

hooks:
- id: shellcheck
args: [--severity=error]

# GitHub Actions linting
- repo: https://github.com/rhysd/actionlint
rev: v1.7.10
hooks:
- id: actionlint

# GitHub Actions security audit
- repo: https://github.com/zizmorcore/zizmor-pre-commit
rev: v1.22.0
hooks:
- id: zizmor
args: [--persona=regular, --min-severity=medium, --min-confidence=medium]

- repo: local
hooks:
- id: format
Expand Down
18 changes: 15 additions & 3 deletions {{cookiecutter.project_slug}}/pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ classifiers = [
"Programming Language :: Python :: 3",
]
dependencies = []
requires-python = ">=3.10"
requires-python = ">=3.11"

[build-system]
requires = ["uv_build>=0.9.0,<0.10.0"]
Expand All @@ -41,10 +41,12 @@ lint = [
"interrogate",
{%- endif %}
]
audit = ["pip-audit"]
dev = [
{include-group = "doc"},
{include-group = "test"},
{include-group = "lint"},
{include-group = "audit"},
"prek",
]

Expand All @@ -60,25 +62,35 @@ Issues = "https://github.com/{{ cookiecutter.github_username }}/{{ cookiecutter.
Source = "https://github.com/{{ cookiecutter.github_username }}/{{ cookiecutter.project_slug }}"

[tool.coverage.run]
branch = true
# don't attempt code coverage for the CLI entrypoints
omit = ["{{ cookiecutter.__project_src_path }}/_cli.py"]

[tool.coverage.report]
exclude_lines = [
"pragma: no cover",
"if TYPE_CHECKING:",
"if __name__ == .__main__.:",
]

[tool.ty.terminal]
error-on-warning = true

[tool.ty.environment]
python-version = "3.10"
python-version = "3.11"

[tool.ty.src]
include = ["src", "test"]

[tool.ruff]
line-length = 100
target-version = "py310"
target-version = "py311"
src = ["src"]

[tool.ruff.format]
line-ending = "lf"
quote-style = "double"
docstring-code-format = true

[tool.ruff.lint]
select = ["ALL"]
Expand Down