From 19dcf4a6fae95c172e47f3c17e1e21bceff88925 Mon Sep 17 00:00:00 2001 From: "firstof9@gmail.com" Date: Thu, 14 May 2026 09:52:35 -0700 Subject: [PATCH 1/9] chore: fix codeql.yml indentation --- .github/dependabot.yml | 5 +++++ .github/workflows/codeql.yml | 39 ++++++++++++++++++++++++++++++++++++ .github/workflows/links.yml | 20 ++++++++++++++++++ 3 files changed, 64 insertions(+) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/links.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 28598133..17fc16e8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,8 @@ updates: directory: "/" # Location of package manifests schedule: interval: "daily" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "daily" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..8000dc40 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,39 @@ +name: "CodeQL" + +on: + push: + branches: ["main", "dev"] + pull_request: + branches: ["main", "dev"] + schedule: + - cron: '30 1 * * 6' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["python"] + + steps: + - name: Checkout repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # v3 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # v3 diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml new file mode 100644 index 00000000..06239946 --- /dev/null +++ b/.github/workflows/links.yml @@ -0,0 +1,20 @@ +name: Links + +on: + push: + branches: ["main", "dev"] + pull_request: + branches: ["main", "dev"] + schedule: + - cron: "0 0 * * 1" + +jobs: + linkChecker: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + + - name: Link Checker + uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2 + with: + args: --verbose --no-progress './**/*.md' From 5cecaad28a93c043377786a00b6ea190e675d44e Mon Sep 17 00:00:00 2001 From: "firstof9@gmail.com" Date: Thu, 14 May 2026 09:56:34 -0700 Subject: [PATCH 2/9] chore: add explicit permissions to release-drafter workflow --- .github/workflows/release-drafter.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 22e06631..64b2462b 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -5,6 +5,10 @@ on: branches: - main +permissions: + contents: write + pull-requests: read + jobs: update_release_draft: runs-on: ubuntu-latest From c982ad89a1e8b37c1de55f2260a42cdc4b003fb4 Mon Sep 17 00:00:00 2001 From: Chris <1105672+firstof9@users.noreply.github.com> Date: Thu, 14 May 2026 09:57:10 -0700 Subject: [PATCH 3/9] Potential fix for pull request finding 'CodeQL / Workflow does not contain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/links.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index 06239946..eb2a6b41 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -8,6 +8,9 @@ on: schedule: - cron: "0 0 * * 1" +permissions: + contents: read + jobs: linkChecker: runs-on: ubuntu-latest From 9d443ad6752c70135899fa856059c99c5a9b726f Mon Sep 17 00:00:00 2001 From: "firstof9@gmail.com" Date: Thu, 14 May 2026 10:01:36 -0700 Subject: [PATCH 4/9] chore: remove codeql.yml as it is handled by GitHub default setup --- .github/workflows/codeql.yml | 39 ------------------------------------ 1 file changed, 39 deletions(-) delete mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 8000dc40..00000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: ["main", "dev"] - pull_request: - branches: ["main", "dev"] - schedule: - - cron: '30 1 * * 6' - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["python"] - - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # v3 - with: - languages: ${{ matrix.language }} - - - name: Autobuild - uses: github/codeql-action/autobuild@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7fd177fa680c9881b53cdab4d346d32574c9f7f4 # v3 From 81d44eba3dfd78dc7130f42f41ce738cc6749fbd Mon Sep 17 00:00:00 2001 From: "firstof9@gmail.com" Date: Thu, 14 May 2026 10:11:00 -0700 Subject: [PATCH 5/9] chore: migrate from pre-commit to prek for faster linting --- .pre-commit-config.yaml | 30 +++++++++++++++++++----------- requirements_lint.txt | 2 +- requirements_test.txt | 2 +- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 249c70b3..2a8f6406 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,12 +1,19 @@ +# .pre-commit-config.yaml default_install_hook_types: [pre-commit, pre-push] + repos: + - repo: builtin + hooks: + - id: trailing-whitespace + - id: end-of-file-fixer + - repo: https://github.com/astral-sh/ruff-pre-commit rev: v0.9.7 hooks: - id: ruff - args: - - --fix + args: [--fix] - id: ruff-format + - repo: https://github.com/codespell-project/codespell rev: v2.4.1 hooks: @@ -16,30 +23,31 @@ repos: - --skip="./.*,*.csv,*.json" - --quiet-level=2 exclude_types: [csv, json] + - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: - - id: check-executables-have-shebangs - stages: [manual] - - id: no-commit-to-branch - args: - - --branch=main - - id: trailing-whitespace - - id: end-of-file-fixer - - id: check-docstring-first - id: check-yaml - id: debug-statements + - id: check-docstring-first + - id: no-commit-to-branch + args: [--branch=main] + - id: check-executables-have-shebangs + stages: [manual] + - repo: https://github.com/adrienverge/yamllint.git rev: v1.35.1 hooks: - id: yamllint + - repo: https://github.com/prettier/prettier rev: 2.0.4 hooks: - id: prettier stages: [manual] + - repo: https://github.com/pre-commit/mirrors-mypy - rev: "v1.15.0" + rev: v1.15.0 hooks: - id: mypy files: ^openevsehttp/.+\.py$ diff --git a/requirements_lint.txt b/requirements_lint.txt index 1f74d2c8..9d560e61 100644 --- a/requirements_lint.txt +++ b/requirements_lint.txt @@ -1,4 +1,4 @@ -r requirements.txt -pre-commit==4.6.0 +prek==0.2.28 ruff==0.15.13 mypy==2.1.0 diff --git a/requirements_test.txt b/requirements_test.txt index d620444a..926ab860 100644 --- a/requirements_test.txt +++ b/requirements_test.txt @@ -1,5 +1,5 @@ -r requirements.txt -pre-commit==4.6.0 +prek==0.2.28 pytest==9.0.3 pytest-cov==7.1.0 pytest-timeout==2.4.0 From 76171d8193dcef76c2584248834e9d09e81a4295 Mon Sep 17 00:00:00 2001 From: "firstof9@gmail.com" Date: Thu, 14 May 2026 10:11:23 -0700 Subject: [PATCH 6/9] chore: migrate from pre-commit to prek for faster linting --- .pre-commit-config.yaml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2a8f6406..4a686687 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -2,11 +2,6 @@ default_install_hook_types: [pre-commit, pre-push] repos: - - repo: builtin - hooks: - - id: trailing-whitespace - - id: end-of-file-fixer - - repo: https://github.com/astral-sh/ruff-pre-commit rev: v0.9.7 hooks: @@ -27,6 +22,8 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v5.0.0 hooks: + - id: trailing-whitespace + - id: end-of-file-fixer - id: check-yaml - id: debug-statements - id: check-docstring-first From e4f0b2758b9a751630ddb1b98fc2f5e3b3bf4cf2 Mon Sep 17 00:00:00 2001 From: "firstof9@gmail.com" Date: Thu, 14 May 2026 10:13:45 -0700 Subject: [PATCH 7/9] ci: require prek to pass before running tests --- .github/workflows/test.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 931dc654..0d760483 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -13,8 +13,21 @@ on: - dev jobs: + prek: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - name: Set up Python + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + with: + python-version: "3.14" + - name: Install prek + run: pip install prek + - name: Run prek + run: prek run --all-files build: runs-on: ubuntu-latest + needs: prek strategy: matrix: python-version: From 51d7ffe9d3b5b7dc61f8cd2008422a5e6c8aa65e Mon Sep 17 00:00:00 2001 From: "firstof9@gmail.com" Date: Thu, 14 May 2026 10:14:28 -0700 Subject: [PATCH 8/9] ci: pin prek version in test workflow --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0d760483..822367fc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,7 +22,7 @@ jobs: with: python-version: "3.14" - name: Install prek - run: pip install prek + run: pip install prek==0.2.28 - name: Run prek run: prek run --all-files build: From 12a61c610ec71f3a3459ea3715569d9a2f5a0641 Mon Sep 17 00:00:00 2001 From: "firstof9@gmail.com" Date: Thu, 14 May 2026 10:15:32 -0700 Subject: [PATCH 9/9] chore: upgrade prek to v0.4.0 --- .github/workflows/test.yml | 2 +- requirements_lint.txt | 2 +- requirements_test.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 822367fc..0da3e571 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,7 +22,7 @@ jobs: with: python-version: "3.14" - name: Install prek - run: pip install prek==0.2.28 + run: pip install prek==0.4.0 - name: Run prek run: prek run --all-files build: diff --git a/requirements_lint.txt b/requirements_lint.txt index 9d560e61..c9177ea6 100644 --- a/requirements_lint.txt +++ b/requirements_lint.txt @@ -1,4 +1,4 @@ -r requirements.txt -prek==0.2.28 +prek==0.4.0 ruff==0.15.13 mypy==2.1.0 diff --git a/requirements_test.txt b/requirements_test.txt index 926ab860..7fee7403 100644 --- a/requirements_test.txt +++ b/requirements_test.txt @@ -1,5 +1,5 @@ -r requirements.txt -prek==0.2.28 +prek==0.4.0 pytest==9.0.3 pytest-cov==7.1.0 pytest-timeout==2.4.0