Jens Tröger

Add the Release workflow logs as a release artifact?

1

@behnazh would it make sense to store the Actions log (all jobs) from the `release.yaml` workflow as part of the release artifacts? It looks like the Github API allows to...

feat(ci): add Dependency and License checks to build workflow

4

I stumbled upon the [dependency-review-action](https://github.com/actions/dependency-review-action) which looked useful. Not sure if `build.yaml` is a good place, or better [`pr-change-set.yaml`](https://github.com/jenstroeger/python-package-template/blob/main/.github/workflows/pr-change-set.yaml). What do you think, @behnazh?

What's the point of supporting two Python versions only? Wouldn't it make sense to use packages like [cibuildwheel](https://cibuildwheel.readthedocs.io/en/stable/) to manage the Python version and OS? _Originally posted by @behnazh in...

Messages sent to Slack should also contain the list of changes for the new version; it’s a little uninformative as-is: 

feat: the Pull Request action now verifies signed commits

2

Somewhat related to issue https://github.com/commitizen-tools/commitizen/issues/575, but using plain bash + git instead of commitizen.

The [`pr-conventional-commits.yaml`](https://github.com/jenstroeger/python-package-template/blob/main/.github/workflows/pr-conventional-commits.yaml) checks whether all commits for the PR comply to [conventional commits](https://www.conventionalcommits.org/) format. However, we can also push a bunch of commits _directly_ to the remote `staging` or even...

Improve Pull Request Action behavior

2

The [pull-request.yaml](https://github.com/jenstroeger/python-package-template/blob/main/.github/workflows/pull-request.yaml) Action may not need to trigger the code checks and tests: https://github.com/jenstroeger/python-package-template/blob/f41b0e6a46061081370253b9ac17a1b62b5c85dc/.github/workflows/pull-request.yaml#L57-L61 if the PR is in “draft” mode — the [event payload](https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#pull_request) has a boolean `"draft"`: ```yaml...

## Current approach As of [v2.3.3](https://github.com/jenstroeger/python-package-template/releases/tag/v2.3.3) of this package template, the `pyproject.toml` file declares no package dependencies https://github.com/jenstroeger/python-package-template/blob/25c486b68d04c813c9bd366b44db858e20d281e4/pyproject.toml#L14 and a handful of [optional/extra dependencies](https://peps.python.org/pep-0621/#dependencies-optional-dependencies) https://github.com/jenstroeger/python-package-template/blob/25c486b68d04c813c9bd366b44db858e20d281e4/pyproject.toml#L36-L63 solely for the purpose of...

Tracking issue for: - [ ] https://github.com/jenstroeger/python-package-template/security/code-scanning/34 We already use [Hypothesis](https://hypothesis.readthedocs.io/), and there are fuzzers like [Atheris](https://github.com/google/atheris) and [Frelatage](https://github.com/Rog3rSm1th/Frelatage) that we could consider for fuzzing. However, perhaps we should only...

Add Action that checks and updates the pre-commit configuration.

1

Based on [this conversation](https://github.com/jenstroeger/python-package-template/pull/48#discussion_r757160216) — add a Github Action which runs [`pre-commit autoupdate`](https://pre-commit.com/#updating-hooks-automatically) and, if hooks need updating, opens a PR accordingly. Something like explained in [this blog](https://browniebroke.com/blog/gh-action-pre-commit-autoupdate/).