Merge pull request #74 from aboutcode-org/release-prep-v31.1.0

Release prep v31.1.0

Author: AyanSinhaMahapatra

.github/workflows/docs-ci.yml

@@ -2,36 +2,34 @@ name: CI Documentation
 
 on: [push, pull_request]
 
+permissions: {}
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
 
     strategy:
       max-parallel: 4
       matrix:
-        python-version: [3.9]
+        python-version: [3.13]
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
         with:
           python-version: ${{ matrix.python-version }}
 
-      - name: Give permission to run scripts
-        run: chmod +x ./docs/scripts/doc8_style_check.sh
-
       - name: Install Dependencies
-        run:  pip install -e .[docs]
+        run:  ./configure --dev
 
-      - name: Check Sphinx Documentation build minimally
-        working-directory: ./docs
-        run: sphinx-build -E -W source build
+      - name: Check documentation and HTML for errors and dead links
+        run: make docs-check
 
-      - name: Check for documentation style errors
-        working-directory: ./docs
-        run: ./scripts/doc8_style_check.sh
+      - name: Check documentation for style errors
+        run: make doc8
 
 

.github/workflows/pypi-release.yml

@@ -18,26 +18,32 @@ on:
     tags:
       - "v*.*.*"
 
+permissions: {}
 jobs:
   build-pypi-distribs:
     name: Build and publish library to PyPI
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
         with:
-          python-version: 3.9
+          python-version: 3.12
 
-      - name: Install pypa/build
-        run: python -m pip install build --user
+      - name: Install pypa/build and twine
+        run: python -m pip install --user --upgrade build twine pkginfo
 
       - name: Build a binary wheel and a source tarball
-        run: python -m build --sdist --wheel --outdir dist/
+        run: python -m build --wheel --sdist --outdir dist/
+
+      - name: Validate wheel and sdis for Pypi
+        run: python -m twine check dist/*
 
       - name: Upload built archives
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
         with:
           name: pypi_archives
           path: dist/*
@@ -47,17 +53,17 @@ jobs:
     name: Create GH release
     needs:
       - build-pypi-distribs
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Download built archives
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
         with:
           name: pypi_archives
           path: dist
 
       - name: Create GH release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda
         with:
           draft: true
           files: dist/*
@@ -67,17 +73,18 @@ jobs:
     name: Create PyPI release
     needs:
       - create-gh-release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
+    environment: pypi-publish
+    permissions:
+      id-token: write
 
     steps:
       - name: Download built archives
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131
         with:
           name: pypi_archives
           path: dist
 
       - name: Publish to PyPI
         if: startsWith(github.ref, 'refs/tags')
-        uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b

.github/workflows/tests-ci-other.yml

@@ -0,0 +1,79 @@
+name: CI on Linux ARM and MacOS Intel
+
+on: [push]
+
+permissions: {}
+jobs:
+
+  test_on_linux_arm:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+
+    name: Test PyPI wheels on linux
+    runs-on: ${{ matrix.os }}
+
+    defaults:
+      run:
+        shell: bash
+
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [ubuntu-24.04-arm]
+        pyver: ["3.10", "3.11", "3.12", "3.13", "3.14"]
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
+
+      - name: Set up Python ${{ matrix.pyver }} on ${{ matrix.os }}
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
+        with:
+          python-version: ${{ matrix.pyver }}
+
+      - name: Configure and setup test environment
+        run: |
+          sudo apt update
+          sudo chmod 0644 /boot/vmlinuz-* && sudo apt install libguestfs-tools
+          ./configure --clean && ./configure --dev-system-provided
+      
+      - name: Run tests
+        run: |
+          make test
+
+
+  test_on_macos_intel:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+
+    name: Test PyPI wheels on linux
+    runs-on: ${{ matrix.os }}
+
+    defaults:
+      run:
+        shell: bash
+
+    strategy:
+      fail-fast: true
+      matrix:
+        os: [macos-15-intel]
+        pyver: ["3.10", "3.11", "3.12", "3.13", "3.14"]
+
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd
+        with:
+          persist-credentials: false
+
+      - name: Set up Python ${{ matrix.pyver }} on ${{ matrix.os }}
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405
+        with:
+          python-version: ${{ matrix.pyver }}
+
+      - name: Configure and setup test environment
+        run: |
+          ./configure --clean && ./configure --dev
+      
+      - name: Run tests
+        run: |
+          make test

.github/workflows/zizmor.yml

@@ -0,0 +1,24 @@
+name: GitHub Actions Security Analysis with zizmor 🌈
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["**"]
+
+permissions: {}
+
+jobs:
+  zizmor:
+    name: Run zizmor 🌈
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write # Required for upload-sarif (used by zizmor-action) to upload SARIF files.
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
+      - name: Run zizmor 🌈
+        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3

.gitignore

@@ -72,3 +72,5 @@ tcl
 
 # Ignore Jupyter Notebook related temp files
 .ipynb_checkpoints/
+/.ruff_cache/
+.env

.readthedocs.yml

@@ -9,7 +9,7 @@ version: 2
 build:
   os: ubuntu-22.04
   tools:
-    python: "3.11"
+    python: "3.13"
 
 # Build PDF & ePub
 formats:
@@ -26,4 +26,4 @@ python:
     - method: pip
       path: .
       extra_requirements:
-        - docs
+        - dev

AUTHORS.rst

@@ -10,4 +10,4 @@ The following organizations or individuals have contributed to this repo:
 - Qingmin Duanmu @qduanmu
 - Rakesh Balusa @balusarakesh
 - Ravi Jain @JRavi2
-- Steven Esser @majurg
+- Steven Esser @majurg

MANIFEST.in

@@ -1,17 +1,25 @@
 graft src
+graft docs
+graft etc
 
 include *.LICENSE
 include NOTICE
 include *.ABOUT
 include *.toml
 include *.yml
 include *.rst
+include *.png
 include setup.*
 include configure*
 include requirements*
-include .giti*
+include .dockerignore
+include .gitignore
+include .readthedocs.yml
+include manage.py
+include Dockerfile*
+include Makefile
+include MANIFEST.in
 
-include extractcode*
+include .VERSION
 
 global-exclude *.py[co] __pycache__ *.*~
-

Makefile

@@ -4,7 +4,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
@@ -13,31 +13,37 @@ PYTHON_EXE?=python3
 VENV=venv
 ACTIVATE?=. ${VENV}/bin/activate;
 
+
+conf:
+	@echo "-> Install dependencies"
+	./configure
+
 dev:
-	@echo "-> Configure the development envt."
+	@echo "-> Configure and install development dependencies"
 	./configure --dev
 
-isort:
-	@echo "-> Apply isort changes to ensure proper imports ordering"
-	${VENV}/bin/isort --sl -l 100 src tests setup.py
-
-black:
-	@echo "-> Apply black code formatter"
-	${VENV}/bin/black -l 100 src tests setup.py
+dev-system-provided:
+	@echo "-> Configure and install development dependencies"
+	./configure --dev-system-provided
 
 doc8:
 	@echo "-> Run doc8 validation"
-	@${ACTIVATE} doc8 --max-line-length 100 --ignore-path docs/_build/ --quiet docs/
+	@${ACTIVATE} doc8 --quiet docs/ *.rst
 
-valid: isort black
+valid:
+	@echo "-> Run Ruff format"
+	@${ACTIVATE} ruff format
+	@echo "-> Run Ruff linter"
+	@${ACTIVATE} ruff check --fix
 
 check:
-	@echo "-> Run pycodestyle (PEP8) validation"
-	@${ACTIVATE} pycodestyle --max-line-length=100 --exclude=.eggs,venv,lib,thirdparty,docs,migrations,settings.py,.cache .
-	@echo "-> Run isort imports ordering validation"
-	@${ACTIVATE} isort --sl --check-only -l 100 setup.py src tests . 
-	@echo "-> Run black validation"
-	@${ACTIVATE} black --check --check -l 100 src tests setup.py
+	@echo "-> Run Ruff linter validation (pycodestyle, bandit, isort, and more)"
+	@${ACTIVATE} ruff check
+	@echo "-> Run Ruff format validation"
+	@${ACTIVATE} ruff format --check
+	@$(MAKE) doc8
+	@echo "-> Run ABOUT files validation"
+	@${ACTIVATE} about check etc/
 
 clean:
 	@echo "-> Clean the Python env"
@@ -49,6 +55,10 @@ test:
 
 docs:
 	rm -rf docs/_build/
-	@${ACTIVATE} sphinx-build docs/ docs/_build/
+	@${ACTIVATE} sphinx-build docs/source docs/_build/
+
+docs-check:
+	@${ACTIVATE} sphinx-build -E -W -b html docs/source docs/_build/
+	@${ACTIVATE} sphinx-build -E -W -b linkcheck docs/source docs/_build/
 
-.PHONY: conf dev check valid black isort clean test docs
+.PHONY: conf dev check valid clean test docs docs-check

NOTICE

@@ -1,7 +1,9 @@
 #
 # Copyright (c) nexB Inc. and others. All rights reserved.
-# ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
+#
+# Visit https://aboutcode.org and https://github.com/aboutcode-org/ for support and download.
+# ScanCode is a trademark of nexB Inc.
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
 # See https://github.com/nexB/extractcode for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.