Jens Tröger

feat(ci): add the ruff tool to the pre-commit checks

3

We have talked about [`ruff`](https://beta.ruff.rs/) before, so this adds an initial setup to play around with. See also https://github.com/jenstroeger/python-package-template/issues/5#issuecomment-1521568770. Even though `ruff` is supposed to be a [drop-in replacement for...

The [`prune`](https://github.com/jenstroeger/python-package-template/blob/d4544af5a74bfb0763321c1094ebcc68b2d91ff7/Makefile#L210-L223) goal in our Makefile is intended to remove those installed packages that are not direct or indirect dependencies of the repo package itself. Because [`pip` doesn’t provide a...

Add missing community files.

3

Based on the [community profile](https://github.com/jenstroeger/python-package-template/community) a few files are missing: - Code of conduct - Contributing - Issue templates - PR template Consider adding those files, and perhaps go browsing...

Consider tracking performance across package releases.

1

We currently have no way to measure the performance of some functions in the package, or to track performance regressions of said functions. Packages like [pytest-benchmark](https://github.com/ionelmc/pytest-benchmark) plug directly into `pytest`,...

feat(make): add the emergency-release target to locally build and publish a new package release without Github Action workflows

2

Closes https://github.com/jenstroeger/python-package-template/issues/542 However, this new `make` target does not consider — in a way even duplicates! — how the Action workflows proceed. Unless we consider PR https://github.com/jenstroeger/python-package-template/pull/537, trying to lower...

Signing things

2

Git allows for signing commits and tags, see also the [Signing Your Work](https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work) chapter. Furthermore, [twine upload](https://twine.readthedocs.io/en/stable/index.html#twine-upload) allows for signing packages when uploading them to a PyPI server. Related to...

docs: rearrange and rename and add badges to meet current feature set

8

Just playing around with badges, which ones we want to show and how… [](https://github.com/jenstroeger/python-package-template/blob/main/LICENSE.md) [](https://github.com/pre-commit/pre-commit) [](https://www.conventionalcommits.org/en/v1.0.0/) [](https://github.com/psf/black) [](https://github.com/PyCQA/bandit) [](https://github.com/github/codeql) [](http://mypy-lang.org/) [](https://flake8.pycqa.org/) [](http://pylint.org/) [](https://github.com/pytest-dev/pytest) [](https://hypothesis.works/) [](https://github.com/nedbat/coveragepy) Here I focused more on...

Imagine Github is down and Action workflows aren’t available, and you want to publish the next release of your package… 😳 We currently still have small blobs of code in...

Revisit how we create sync PRs

1

I’ve used [`rsync`](https://linux.die.net/man/1/rsync) in the past but unfortunately I’m not deeply familiar with _all_ of its features. My main concern about using `rsync` is that it clobbers the local files,...

Update arguments for the different Step Security workflows.

3

Looking at Step Security’s [Harden Runner results](https://app.stepsecurity.io/github/jenstroeger/python-package-template/actions/runs/4222519143) (see workflow run [4222519143](https://github.com/jenstroeger/python-package-template/actions/runs/4222519143)) it would probably make sense to incorporate their Recommended Policy feedback for the four runs we use in our...