Fix the CI

.bandit.yaml

@@ -0,0 +1,2 @@
+skips:
+  - B101 # Use of assert detected.

.github/renovate.json5

@@ -0,0 +1,90 @@
+{
+  'extends': ['config:recommended'],
+  timezone: 'Europe/Zurich',
+  schedule: 'after 5pm on the first day of the month',
+  semanticCommits: 'disabled',
+  labels: ['dependencies'],
+  separateMajorMinor: true,
+  separateMinorPatch: true,
+  prHourlyLimit: 0,
+  prConcurrentLimit: 0,
+  lockFileMaintenance: {enabled: true, automerge: true, schedule: 'after 5pm on the first day of the month'},
+  'pre-commit': {enabled: true},
+  baseBranches: ['master'],
+  regexManagers: [
+    /** Do updates on pre-commit additional dependencies */
+    {
+      fileMatch: ['^\\.pre\\-commit\\-config\\.yaml$'],
+      matchStrings: [" +- '?(?<depName>[^' @=]+)(@|==)(?<currentValue>[^' @=]+)'? # (?<datasource>.+)"],
+    },
+    /** Do update on the schema present in the ci/config.yaml */
+    {
+      fileMatch: ['^ci/config\\.yaml$'],
+      matchStrings: [
+        '.*https://raw\\.githubusercontent\\.com/(?<depName>[^\\s]+)/(?<currentValue>[0-9\\.]+)/.*',
+      ],
+      datasourceTemplate: 'github-tags',
+    },
+  ],
+  packageRules: [
+    /** Auto merge the dev dependency update */
+    {
+      matchDepTypes: ['devDependencies'],
+      automerge: true,
+    },
+    /** Group and auto merge the patch updates */
+    {
+      matchUpdateTypes: ['patch'],
+      groupName: 'all patch versions',
+      automerge: true,
+    },
+    /** Group and auto merge the minor updates */
+    {
+      matchUpdateTypes: ['minor'],
+      groupName: 'all minor versions',
+      automerge: true,
+    },
+    /** Group Poetry packages */
+    {
+      matchPackagePrefixes: ['poetry-'],
+      groupName: 'Poetry',
+      automerge: true,
+      separateMajorMinor: false,
+      separateMinorPatch: false,
+      matchDepNames: ['poetry', 'pip'],
+    },
+    /** Accept only the patch on stabilization branches */
+    {
+      matchBaseBranches: ['/^[0-9]+\\.[0-9]+$/'],
+      matchUpdateTypes: ['major', 'minor', 'pin', 'digest', 'lockFileMaintenance', 'rollback', 'bump'],
+      enabled: false,
+    },
+    /** Support the 4 parts of shellcheck-py version with a v prefix */
+    {
+      versioning: 'regex:^v(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)\\.(?<build>\\d+)$',
+      matchDepNames: ['shellcheck-py/shellcheck-py'],
+    },
+    /** Group and auto merge the GitHub action */
+    {
+      matchFileNames: ['.github/workflows/*.yaml'],
+      groupName: 'github-actions',
+      automerge: true,
+      separateMajorMinor: false,
+      separateMinorPatch: false,
+    },
+    /** Group and auto merge the pre-commit updates */
+    {
+      matchFileNames: ['.pre-commit-config.yaml'],
+      groupName: 'pre-commit',
+      automerge: true,
+      separateMajorMinor: false,
+      separateMinorPatch: false,
+    },
+    /** Group and auto merge the CI dependencies */
+    {
+      matchFileNames: ['.github/**', '.pre-commit-config.yaml', 'ci/**'],
+      groupName: 'CI dependencies',
+      automerge: true,
+    },
+  ],
+}

.github/workflows/main.yaml

@@ -0,0 +1,59 @@
+name: Continuous integration
+
+on:
+  push:
+    branches:
+      - master
+      - '[0-9]+.[0-9]+'
+    tags:
+      - '*'
+  pull_request:
+
+env:
+  HAS_SECRETS: ${{ secrets.HAS_SECRETS }}
+
+jobs:
+  main:
+    name: Continuous integration
+    runs-on: ubuntu-22.04
+    timeout-minutes: 15
+    if: "!startsWith(github.event.head_commit.message, '[skip ci] ')"
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - run: echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
+      - run: python3 -m pip install --user --requirement=ci/requirements.txt
+
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache/pre-commit
+          key: pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+          restore-keys: "pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}\npre-commit-"
+        if: matrix.python-version != '3.7'
+      - run: pre-commit run --all-files
+      - run: git diff --exit-code --patch > /tmp/pre-commit.patch || true
+        if: failure()
+      - uses: actions/upload-artifact@v4
+        with:
+          name: Apply pre-commit fix.patch
+          path: /tmp/pre-commit.patch
+          retention-days: 1
+        if: failure()
+
+      - name: Install with Poetry
+        run: poetry install
+
+      - name: Prospector
+        run: |
+          poetry run prospector --output-format=pylint --die-on-tool-error
+
+      - run: make check
+      - run: poetry run pytest -vn
+
+      - name: Publish
+        run: c2cciutils-publish
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+        if: env.HAS_SECRETS == 'HAS_SECRETS'

.github/workflows/pull-request-automation.yaml

@@ -0,0 +1,51 @@
+name: Auto reviews, merge and close pull requests
+
+on:
+  pull_request:
+    types:
+      - opened
+      - reopened
+
+jobs:
+  auto-merge:
+    name: Auto reviews pull requests from bots
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+
+    steps:
+      - name: Print event
+        run: echo "${GITHUB}" | jq
+        env:
+          GITHUB: ${{ toJson(github) }}
+      - name: Print context
+        uses: actions/github-script@v7
+        with:
+          script: |-
+            console.log(context);
+      - name: Auto reviews GHCI updates
+        uses: actions/github-script@v7
+        with:
+          script: |-
+            github.rest.pulls.createReview({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.payload.pull_request.number,
+              event: 'APPROVE',
+            })
+        if: |-
+          startsWith(github.head_ref, 'ghci/audit/')
+          && (github.event.pull_request.user.login == 'geo-ghci-test[bot]'
+            || github.event.pull_request.user.login == 'geo-ghci-int[bot]'
+            || github.event.pull_request.user.login == 'geo-ghci[bot]')
+      - name: Auto reviews Renovate updates
+        uses: actions/github-script@v7
+        with:
+          script: |-
+            github.rest.pulls.createReview({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.payload.pull_request.number,
+              event: 'APPROVE',
+            })
+        if: |-
+          github.event.pull_request.user.login == 'renovate[bot]'

.pre-commit-config.yaml

@@ -0,0 +1,84 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.6.0
+    hooks:
+      - id: detect-private-key
+      - id: check-merge-conflict
+      - id: check-ast
+      - id: debug-statements
+      - id: check-toml
+      - id: check-yaml
+      - id: check-json
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+      - id: mixed-line-ending
+  - repo: https://github.com/sbrunner/jsonschema-validator
+    rev: 0.1.0
+    hooks:
+      - id: jsonschema-validator
+        files: |-
+          (?x)^(
+            ci/config\.yaml
+          )$
+  - repo: https://github.com/sbrunner/hooks
+    rev: 1.0.0
+    hooks:
+      - id: copyright
+      - id: poetry-lock
+        additional_dependencies:
+          - poetry==1.3.2 # pypi
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.3.0
+    hooks:
+      - id: codespell
+        exclude: |-
+          (?x)^(
+            poetry\.lock
+          )$
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.10.0.1
+    hooks:
+      - id: shellcheck
+  - repo: https://github.com/jumanjihouse/pre-commit-hooks
+    rev: 3.0.0
+    hooks:
+      - id: git-check
+  - repo: https://github.com/python-jsonschema/check-jsonschema
+    rev: 0.29.2
+    hooks:
+      - id: check-github-actions
+      - id: check-github-workflows
+      - id: check-jsonschema
+        name: Check GitHub Workflows set timeout-minutes
+        files: ^\.github/workflows/[^/]+$
+        types:
+          - yaml
+        args:
+          - --builtin-schema
+          - github-workflows-require-timeout
+  - repo: https://github.com/renovatebot/pre-commit-hooks
+    rev: 38.59.3
+    hooks:
+      - id: renovate-config-validator
+  - repo: https://github.com/sirwart/ripsecrets
+    rev: v0.1.8
+    hooks:
+      - id: ripsecrets
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.17.0
+    hooks:
+      - id: pyupgrade
+        args:
+          - --py39-plus
+  - repo: https://github.com/PyCQA/autoflake
+    rev: v2.3.1
+    hooks:
+      - id: autoflake
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.13.2
+    hooks:
+      - id: isort
+  - repo: https://github.com/psf/black
+    rev: 24.8.0
+    hooks:
+      - id: black

.prospector.yaml

@@ -0,0 +1,8 @@
+inherits:
+  - duplicated
+  - utils:base
+  - utils:no-design-checks
+
+bandit:
+  options:
+    config: .bandit.yaml

README.md

@@ -0,0 +1,8 @@
+# Papyrus
+
+Geospatial Extensions for the [Pyramid](http://docs.pylonsproject.org/en/latest/docs/pyramid.html) web framework.
+
+The Papyrus doc is hosted on [Read the Docs](http://readthedocs.org/).
+
+* Doc for current stable release: http://papyrus.readthedocs.org/en/stable/
+* Doc for current master branch: http://papyrus.readthedocs.org/en/latest/

ci/requirements.txt

@@ -0,0 +1,7 @@
+poetry==1.8.3
+c2cciutils[checks,publish]==1.6.22
+poetry-dynamic-versioning==1.2.0
+poetry-plugin-export==1.6.0
+poetry-plugin-tweak-dependencies-version==1.5.2
+poetry-plugin-drop-python-upper-constraint==0.1.0
+pre-commit==3.6.2

docs/index.rst

@@ -93,4 +93,3 @@ Indices and tables
 * :ref:`genindex`
 * :ref:`modindex`
 * :ref:`search`
-