diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a54d63a5952..fbf825c34a0 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -22,7 +22,6 @@ updates: - directory: "/" # Location of package manifests package-ecosystem: "pip" # See documentation for possible values - insecure-external-code-execution: allow schedule: interval: "weekly" day: "friday" diff --git a/.github/workflows/approver.yml b/.github/workflows/approver.yml index 2bc04ba2d22..a49239aa5a4 100644 --- a/.github/workflows/approver.yml +++ b/.github/workflows/approver.yml @@ -24,6 +24,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: autoapprove: # This job only runs for pull request comments @@ -33,7 +37,7 @@ jobs: github.event.comment.user.login == 'germa89' )) || ( github.event_name == 'workflow_dispatch' ) permissions: - pull-requests: write + pull-requests: write # Needed to approve pull requests runs-on: ubuntu-latest steps: diff --git a/.github/workflows/cache_cleaner.yml b/.github/workflows/cache_cleaner.yml index a8691fc9d14..3464db2f9c0 100644 --- a/.github/workflows/cache_cleaner.yml +++ b/.github/workflows/cache_cleaner.yml @@ -7,12 +7,16 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: cleanup: name: Cleanup caches runs-on: ubuntu-latest permissions: - actions: write + actions: write # Needed to delete cache entries steps: - name: Check out code uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0911ce8fabe..f1773f63f4d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -42,7 +42,7 @@ jobs: name: Adding assignee if there is none. runs-on: ubuntu-latest permissions: - pull-requests: write + pull-requests: write # Needed to add assignees to pull requests steps: - uses: actions-ecosystem/action-add-assignees@a5b84af721c4a621eb9c7a4a95ec20a90d0b88e9 #v1.0.1 if: | @@ -61,10 +61,10 @@ jobs: if: github.event_name == 'push' && contains(github.ref, 'refs/tags') runs-on: ubuntu-latest permissions: - contents: write - pull-requests: write + contents: write # Needed to update changelog files + pull-requests: write # Needed to create pull requests with changelog updates steps: - - uses: ansys/actions/doc-deploy-changelog@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + - uses: ansys/actions/doc-deploy-changelog@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} bot-user: ${{ secrets.PYANSYS_CI_BOT_USERNAME }} @@ -76,10 +76,10 @@ jobs: name: Check the name of the pull-request runs-on: ubuntu-latest permissions: - pull-requests: read + pull-requests: read # Needed to read pull request details steps: - name: Check pull-request name - uses: ansys/actions/check-pr-title@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + uses: ansys/actions/check-pr-title@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: token: ${{ secrets.GITHUB_TOKEN }} @@ -94,7 +94,7 @@ jobs: folder: ["doc", "examples"] steps: - name: "Ansys documentation style checks" - uses: ansys/actions/doc-style@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + uses: ansys/actions/doc-style@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: token: ${{ secrets.GITHUB_TOKEN }} files: ${{ matrix.folder }} @@ -122,7 +122,7 @@ jobs: steps: - name: "Build wheelhouse and perform smoke test" id: build-wheelhouse - uses: ansys/actions/build-wheelhouse@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + uses: ansys/actions/build-wheelhouse@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: library-name: ${{ env.PACKAGE_NAME }} operating-system: ${{ matrix.os }} @@ -150,7 +150,7 @@ jobs: permissions: contents: read steps: - - uses: ansys/actions/check-vulnerabilities@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + - uses: ansys/actions/check-vulnerabilities@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: python-version: ${{ env.MAIN_PYTHON_VERSION }} token: ${{ secrets.PYANSYS_CI_BOT_TOKEN }} @@ -161,7 +161,7 @@ jobs: name: "Check actions security" runs-on: ubuntu-latest steps: - - uses: ansys/actions/check-actions-security@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + - uses: ansys/actions/check-actions-security@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: generate-summary: true token: ${{ secrets.GITHUB_TOKEN }} @@ -173,8 +173,8 @@ jobs: needs: doc-style uses: ./.github/workflows/doc-build.yml permissions: - contents: read - packages: read + contents: read # Needed to read repository contents for documentation build + packages: read # Needed to pull Docker images from GitHub packages secrets: license-server: ${{ secrets.LICENSE_SERVER }} username: ${{ github.actor }} @@ -187,10 +187,10 @@ jobs: needs: docs-build if: contains(github.event.pull_request.labels.*.name, 'deploy pr docs') permissions: - contents: write - pull-requests: write + contents: write # Needed to push documentation to gh-pages branch + pull-requests: write # Needed to comment on pull requests with documentation link steps: - - uses: ansys/actions/doc-deploy-pr@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + - uses: ansys/actions/doc-deploy-pr@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: cname: ${{ env.DOCUMENTATION_CNAME }} token: ${{ secrets.GITHUB_TOKEN }} @@ -203,14 +203,14 @@ jobs: name: "Build remote test matrix" runs-on: ubuntu-latest permissions: - contents: read + contents: read # Needed to read repository contents for matrix build if: github.ref != 'refs/heads/main' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: "Install Git and checkout project" - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 with: persist-credentials: false @@ -230,8 +230,8 @@ jobs: fail-fast: false matrix: ${{ fromJson(needs.build-test-remote-matrix.outputs.matrix) }} permissions: - contents: read - packages: read + contents: read # Needed to read repository contents for tests + packages: read # Needed to pull Docker images from GitHub packages uses: ./.github/workflows/test-remote.yml secrets: license-server: ${{ secrets.LICENSE_SERVER }} @@ -248,13 +248,13 @@ jobs: name: "Build test matrix for minimal and local" runs-on: ubuntu-latest permissions: - contents: read + contents: read # Needed to read repository contents for matrix build if: github.ref != 'refs/heads/main' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' outputs: matrix: ${{ steps.set-matrix.outputs.matrix }} steps: - name: "Install Git and checkout project" - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 with: persist-credentials: false @@ -273,8 +273,8 @@ jobs: needs: [smoke-tests, build-test-local-matrix] uses: ./.github/workflows/test-local.yml permissions: - contents: read - packages: read + contents: read # Needed to read repository contents for tests + packages: read # Needed to pull Docker images from GitHub packages strategy: fail-fast: false matrix: ${{ fromJson(needs.build-test-local-matrix.outputs.matrix) }} @@ -301,8 +301,8 @@ jobs: needs: [build-test-ubuntu-local, build-test-remote] uses: ./.github/workflows/test-local.yml permissions: - contents: read - packages: read + contents: read # Needed to read repository contents for tests + packages: read # Needed to pull Docker images from GitHub packages strategy: fail-fast: false matrix: @@ -329,8 +329,8 @@ jobs: if: github.ref != 'refs/heads/main' || github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' needs: [build-test-ubuntu-local, build-test-remote] permissions: - contents: read - packages: read + contents: read # Needed to read repository contents for tests + packages: read # Needed to pull Docker images from GitHub packages uses: ./.github/workflows/test-local.yml strategy: fail-fast: false @@ -358,10 +358,10 @@ jobs: needs: [build-test-remote, build-test-ubuntu-local, build-test-ubuntu-minimal, docs-build] runs-on: ubuntu-latest permissions: - contents: read + contents: read # Needed to read repository contents for packaging steps: - name: "Build library source and wheel artifacts" - uses: ansys/actions/build-library@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + uses: ansys/actions/build-library@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: library-name: ${{ env.PACKAGE_NAME }} python-version: ${{ env.MAIN_PYTHON_VERSION }} @@ -375,11 +375,11 @@ jobs: # Specifying a GitHub environment is optional, but strongly encouraged environment: release permissions: - id-token: write - contents: write + id-token: write # Required for trusted publishing to PyPI + contents: write # Needed to create GitHub releases steps: - name: "Download the library artifacts from build-library step" - uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 + uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 with: name: ${{ env.PACKAGE_NAME }}-artifacts path: ${{ env.PACKAGE_NAME }}-artifacts @@ -396,7 +396,7 @@ jobs: skip-existing: false - name: "Release to GitHub" - uses: ansys/actions/release-github@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + uses: ansys/actions/release-github@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: library-name: ${{ env.PACKAGE_NAME }} additional-artifacts: "minimum_requirements.txt" @@ -408,11 +408,11 @@ jobs: if: github.event_name == 'push' && contains(github.ref, 'refs/tags') runs-on: ubuntu-latest permissions: - contents: write + contents: write # Needed to push documentation to gh-pages branch needs: [release] steps: - name: "Deploy the stable documentation" - uses: ansys/actions/doc-deploy-stable@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + uses: ansys/actions/doc-deploy-stable@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: cname: ${{ env.DOCUMENTATION_CNAME }} token: ${{ secrets.GITHUB_TOKEN }} @@ -426,11 +426,11 @@ jobs: if: github.ref == 'refs/heads/main' && !contains(github.ref, 'refs/tags') runs-on: ubuntu-latest permissions: - contents: write + contents: write # Needed to push documentation to gh-pages branch needs: [docs-build] steps: - name: "Deploy the latest documentation" - uses: ansys/actions/doc-deploy-dev@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 + uses: ansys/actions/doc-deploy-dev@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 with: cname: ${{ env.DOCUMENTATION_CNAME }} token: ${{ secrets.GITHUB_TOKEN }} @@ -444,7 +444,7 @@ jobs: if: failure() && github.event_name == 'schedule' runs-on: ubuntu-latest permissions: - issues: write + issues: write # Needed to create issues on build failures steps: - name: "Open issue" uses: jayqi/failed-build-issue-action@1a893bbf43ef1c2a8705e2b115cd4f0fe3c5649b #v1.2.0 @@ -467,7 +467,7 @@ jobs: os: [ubuntu-latest, windows-latest] steps: - - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 with: persist-credentials: false @@ -485,11 +485,11 @@ jobs: if: always() runs-on: ubuntu-latest permissions: - contents: read - actions: write + contents: read # Needed to read repository contents + actions: write # Needed to generate workflow summaries steps: - name: "Install Git and checkout project" - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 + uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 with: persist-credentials: false diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5cf4ae3431f..7c58ec216c3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -21,6 +21,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: analyze: name: Analyze (${{ matrix.language }}) @@ -31,15 +35,10 @@ jobs: # Consider using larger runners or machines with greater resources for possible analysis time improvements. runs-on: 'ubuntu-latest' permissions: - # required for all workflows - security-events: write - - # required to fetch internal or private CodeQL packs - packages: read - - # only required for workflows in private repositories - actions: read - contents: read + security-events: write # Required to upload security scanning results + packages: read # Required to fetch internal or private CodeQL packs + actions: read # Required for workflows in private repositories + contents: read # Required to read the repository contents strategy: fail-fast: false diff --git a/.github/workflows/doc-build.yml b/.github/workflows/doc-build.yml index 5411fc94ebd..747b292905f 100644 --- a/.github/workflows/doc-build.yml +++ b/.github/workflows/doc-build.yml @@ -65,13 +65,17 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: doc-build: name: Build documentation runs-on: ubuntu-latest permissions: - contents: read - packages: read + contents: read # Needed to read repository contents for documentation build + packages: read # Needed to pull Docker images from GitHub packages env: ON_CI: True ON_DOCUMENTATION: TRUE diff --git a/.github/workflows/docker_clean_untagged.yml b/.github/workflows/docker_clean_untagged.yml index f8228ca0210..5040d2e1e4a 100644 --- a/.github/workflows/docker_clean_untagged.yml +++ b/.github/workflows/docker_clean_untagged.yml @@ -15,8 +15,8 @@ jobs: name: Cleaning unnecessary packages runs-on: ubuntu-latest permissions: - contents: read - packages: write + contents: read # Needed to read repository contents + packages: write # Needed to delete untagged Docker images env: PACKAGE_DELETION_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/label.yml b/.github/workflows/label.yml index caf1d7afe63..e38dc2990ef 100644 --- a/.github/workflows/label.yml +++ b/.github/workflows/label.yml @@ -23,7 +23,7 @@ jobs: name: Syncer runs-on: ubuntu-latest permissions: - issues: write + issues: write # Needed to sync label names and colors steps: - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 #v6.0.0 with: @@ -36,8 +36,8 @@ jobs: name: Set labels needs: [label-syncer] permissions: - contents: read - pull-requests: write + contents: read # Needed to read labeler configuration + pull-requests: write # Needed to add labels to pull requests runs-on: ubuntu-latest steps: @@ -107,7 +107,7 @@ jobs: runs-on: ubuntu-latest needs: [labeler] permissions: - pull-requests: write + pull-requests: write # Needed to create comments on pull requests steps: - name: Suggest to add labels uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 #v5.0.0 @@ -130,8 +130,8 @@ jobs: name: "Create changelog fragment" needs: [labeler] permissions: - contents: write - pull-requests: write + contents: write # Needed to create changelog fragment files + pull-requests: write # Needed to comment on pull requests with changelog info runs-on: ubuntu-latest steps: - uses: ansys/actions/doc-changelog@21c9de9bee9692173780696d4a39964f20b9cfa3 #v10.1.5 diff --git a/.github/workflows/linkchecker.yml b/.github/workflows/linkchecker.yml index 019d31bfbff..91007fc9683 100644 --- a/.github/workflows/linkchecker.yml +++ b/.github/workflows/linkchecker.yml @@ -16,8 +16,8 @@ jobs: name: "Check Links" uses: ./.github/workflows/doc-build.yml permissions: - contents: read - packages: read + contents: read # Needed to read repository contents for link checking + packages: read # Needed to pull Docker images from GitHub packages with: builder: linkcheck build_pdf: false @@ -36,7 +36,7 @@ jobs: if: failure() && github.event_name == 'schedule' runs-on: ubuntu-latest permissions: - issues: write + issues: write # Needed to create issues on linkcheck failures steps: - name: "Open issue" uses: jayqi/failed-build-issue-action@1a893bbf43ef1c2a8705e2b115cd4f0fe3c5649b #v1.2.0 diff --git a/.github/workflows/migrator.yml b/.github/workflows/migrator.yml index 854c7835452..6c61bf8bf91 100644 --- a/.github/workflows/migrator.yml +++ b/.github/workflows/migrator.yml @@ -54,6 +54,10 @@ on: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: migrate: name: Migrate PR from fork to main repo @@ -64,8 +68,8 @@ jobs: ) || ( github.event_name == 'workflow_dispatch' ) runs-on: ubuntu-latest permissions: - contents: write - pull-requests: write + contents: write # Needed to create and push migration branches + pull-requests: write # Needed to create pull requests and add comments steps: - name: Setup the configuration diff --git a/.github/workflows/pr-docs-cleaner.yml b/.github/workflows/pr-docs-cleaner.yml index 93ea0861d4e..9708d1cef76 100644 --- a/.github/workflows/pr-docs-cleaner.yml +++ b/.github/workflows/pr-docs-cleaner.yml @@ -17,12 +17,16 @@ env: permissions: {} +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + jobs: clean-docs-pr: name: "Deploy PR documentation" runs-on: ubuntu-latest permissions: - contents: write + contents: write # Needed to remove documentation from gh-pages branch steps: - uses: ansys/actions/doc-deploy-pr@21c9de9bee9692173780696d4a39964f20b9cfa3 # v10.1.5 with: diff --git a/.github/workflows/test-local.yml b/.github/workflows/test-local.yml index 3170697859a..1f241e1501b 100644 --- a/.github/workflows/test-local.yml +++ b/.github/workflows/test-local.yml @@ -127,8 +127,8 @@ jobs: name: Test MAPDL locally runs-on: ${{ inputs.runner }} permissions: - contents: read - packages: read + contents: read # Needed to read repository contents for tests + packages: read # Needed to pull Docker images from GitHub packages env: ON_CI: True ON_LOCAL: true diff --git a/.github/workflows/test-remote.yml b/.github/workflows/test-remote.yml index 0073b5f6e48..f7faa3dc1c9 100644 --- a/.github/workflows/test-remote.yml +++ b/.github/workflows/test-remote.yml @@ -65,8 +65,8 @@ jobs: name: Test PyMAPDL with remote MAPDL instances runs-on: ubuntu-latest permissions: - contents: read - packages: read + contents: read # Needed to read repository contents for tests + packages: read # Needed to pull Docker images from GitHub packages env: ON_CI: True ON_LOCAL: FALSE diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 51b8bdd92a4..8e1451d1def 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -12,33 +12,33 @@ ci: repos: -- repo: https://github.com/shellcheck-py/shellcheck-py - rev: v0.11.0.1 - hooks: - - id: shellcheck - args: [ "-x"] +- repo: https://github.com/shellcheck-py/shellcheck-py + rev: 745eface02aef23e168a8afb6b5737818efbea95 # v0.11.0.1 + hooks: + - id: shellcheck + args: [ "-x"] - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.19.1 + rev: a66e98df7b4aeeb3724184b332785976d062b92e # v1.19.1 hooks: - id: mypy args: [ --follow-imports=silent, --config-file=pyproject.toml] exclude: ^(doc/|examples/) - repo: https://github.com/ansys/pre-commit-hooks - rev: v0.5.2 + rev: fd1d6b0b4baeb08e32d4de0909999576695c0433 # v0.5.2 hooks: - id: add-license-headers args: - --start_year=2016 - repo: https://github.com/pycqa/isort - rev: 7.0.0 + rev: 0a09c783808cfe77bb3269250f663ff733d23302 # 7.0.0 hooks: - id: isort - repo: https://github.com/numpy/numpydoc - rev: v1.10.0 + rev: 16a20aad58d5532fb12c2a87af0eb4ea290bacb4 # v1.10.0 hooks: - id: numpydoc-validation exclude: | @@ -51,25 +51,25 @@ repos: ) - repo: https://github.com/adamchainz/blacken-docs - rev: 1.20.0 + rev: fda77690955e9b63c6687d8806bafd56a526e45f # 1.20.0 hooks: - id: blacken-docs additional_dependencies: [black==25.12.0] - repo: https://github.com/psf/black-pre-commit-mirror - rev: 25.12.0 # If version changes --> modify "blacken-docs" manually as well. + rev: 831207fd435b47aeffdf6af853097e64322b4d44 # 25.12.0 # If version changes --> modify "blacken-docs" manually as well. hooks: - id: black args: - --line-length=88 - repo: https://github.com/PyCQA/flake8 - rev: 7.3.0 + rev: c48217e1fc006c2dddd14df54e83b67da15de5cd # 7.3.0 hooks: - id: flake8 - repo: https://github.com/codespell-project/codespell - rev: v2.4.1 + rev: 63c8f8312b7559622c0d82815639671ae42132ac # v2.4.1 hooks: - id: codespell args: ["--toml", "pyproject.toml"] @@ -83,20 +83,34 @@ repos: # exclude: "tests/" - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v6.0.0 + rev: 3e8a8703264a2f4a69428a0aa4dcb512790b2c8c # v6.0.0 hooks: - id: check-merge-conflict - id: debug-statements # this validates our github workflow files - repo: https://github.com/python-jsonschema/check-jsonschema - rev: 0.36.0 + rev: 0fe8648804a32455c690e0519c217f8cee6a48c6 # 0.36.0 hooks: - id: check-github-workflows - repo: https://github.com/ComPWA/taplo-pre-commit - rev: v0.9.3 + rev: ade0f95ddcf661c697d4670d2cfcbe95d0048a0a # v0.9.3 hooks: - id: taplo-format # See options: https://taplo.tamasfe.dev/configuration/formatter-options.html args: [--option, "reorder_arrays=true", --option, "reorder_keys=true"] + +- repo: https://github.com/zizmorcore/zizmor-pre-commit + rev: 1e30511413f07e516c1844ba91abce8aca984963 # 1.18.0 + hooks: + - id: zizmor + args: ["--pedantic"] + +# Security checks with bandit +- repo: https://github.com/PyCQA/bandit + rev: ea0d187d78b2e6365e35f676d2eb9b1be264c091 # 1.9.2 + hooks: + - id: bandit + args: ['-c', 'pyproject.toml'] + additional_dependencies: ['bandit[toml]'] diff --git a/doc/changelog.d/4345.maintenance.md b/doc/changelog.d/4345.maintenance.md new file mode 100644 index 00000000000..a925e6e471a --- /dev/null +++ b/doc/changelog.d/4345.maintenance.md @@ -0,0 +1 @@ +Adding more precommit hooks diff --git a/pyproject.toml b/pyproject.toml index 22f035e876f..c41fa336996 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -286,6 +286,8 @@ exclude = [ explicit_package_bases = true namespace_packages = true +[tool.bandit] +exclude_dirs = ["examples", "tests"] [tool.towncrier] directory = "doc/changelog.d"