Merge branch 'main' into 162/pytest-assert-error

.github/.jira_sync_config.yaml

@@ -0,0 +1,25 @@
+settings:
+  components:
+    - Craft CLI
+  labels:
+    - Bug
+    - Enhancement
+    - Spike
+    - Epic
+  # Adds a comment with the JIRA ID
+  add_gh_comment: true
+  # Reflect changes on JIRA
+  sync_description: true
+  # Comments are synced from Github to JIRA
+  # Nothing goes from JIRA to Github
+  sync_comments: true
+  # epic_key: "MTC-296"
+  jira_project_key: "CRAFT"
+  status_mapping:
+    opened: Untriaged
+    closed: done
+  label_mapping:
+    Enhancement: Story
+    Bug: Bug
+    Spike: Spike
+    Epic: Epic

.github/renovate.json5

@@ -1,45 +1,94 @@
 {
   // Configuration file for RenovateBot: https://docs.renovatebot.com/configuration-options
-  extends: ["config:base"],
+  extends: ["config:recommended", ":semanticCommitTypeAll(build)"],
   labels: ["dependencies"],  // For convenient searching in GitHub
+  baseBranches: ["$default", "/^hotfix\\/.*/"],
   pip_requirements: {
-    fileMatch: ["^tox.ini$", "(^|/)requirements([\\w-]*)\\.txt$"]
+    fileMatch: ["^tox.ini$", "(^|/)requirements([\\w-]*)\\.txt$", "^.pre-commit-config.yaml$"]
   },
    packageRules: [
+    {
+      // Internal package minor patch updates get top priority, with auto-merging
+      groupName: "internal package minor releases",
+      matchPackagePatterns: ["^craft-.*"],
+      matchUpdateTypes: ["minor", "patch", "pin", "digest"],
+      prPriority: 10,
+      automerge: true,
+      minimumReleaseAge: "0 seconds",
+      schedule: ["at any time"],
+      matchBaseBranches: ["$default"],  // Only do minor releases on main
+    },
+    {
+      // Same as above, but for hotfix branches, only for patch, and without auto-merging.
+      groupName: "internal package patch releases (hotfix)",
+      matchPackagePatterns: ["^craft-.*"],
+      matchUpdateTypes: ["patch", "pin", "digest"],
+      prPriority: 10,
+      minimumReleaseAge: "0 seconds",
+      schedule: ["at any time"],
+      matchBaseBranches: ["/^hotfix\\/.*/"],  // All hotfix branches
+    },
     {
       // Automerge patches, pin changes and digest changes.
       // Also groups these changes together.
       groupName: "bugfixes",
-      excludePackagePrefixes: ["dev", "lint", "types"],
+      excludeDepPatterns: ["lint/.*", "types/.*"],
       matchUpdateTypes: ["patch", "pin", "digest"],
       prPriority: 3, // Patches should go first!
       automerge: true
     },
     {
       // Update all internal packages in one higher-priority PR
       groupName: "internal packages",
-      matchPackagePrefixes: ["craft-", "snap-"],
-      matchLanguages: ["python"],
-      prPriority: 2
+      matchDepPatterns: ["craft-.*", "snap-.*"],
+      matchCategories: ["python"],
+      prPriority: 2,
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
     },
     {
-      // GitHub Actions are higher priority to update than most dependencies.
+      // GitHub Actions are higher priority to update than most dependencies since they don't tend to break things.
       groupName: "GitHub Actions",
       matchManagers: ["github-actions"],
       prPriority: 1,
       automerge: true,
     },
     // Everything not in one of these rules gets priority 0 and falls here.
+    {
+      //Do all pydantic-related updates together
+      groupName: "pydantic etc.",
+      matchPackagePatterns: ["^pydantic"],
+    },
     {
       // Minor changes can be grouped and automerged for dev dependencies, but are also deprioritised.
       groupName: "development dependencies (non-major)",
       groupSlug: "dev-dependencies",
-      matchPackagePrefixes: [
-        "dev",
-        "lint",
-        "types"
+      matchDepPatterns: [
+        "dev/.*",
+        "lint/.*",
+        "types/.*"
+      ],
+      matchPackagePatterns: [
+        // Brought from charmcraft. May not be complete.
+        // This helps group dependencies in requirements-dev.txt files.
+        "^(.*/)?autoflake$",
+        "^(.*/)?black$",
+        "^(.*/)?codespell$",
+        "^(.*/)?coverage$",
+        "^(.*/)?flake8$",
+        "^(.*/)?hypothesis$",
+        "^(.*/)?mypy$",
+        "^(.*/)?pycodestyle$",
+        "^(.*/)?docstyle$",
+        "^(.*/)?pyfakefs$",
+        "^(.*/)?pyflakes$",
+        "^(.*/)?pylint$",
+        "^(.*/)?pytest",
+        "^(.*/)?responses$",
+        "^(.*/)?ruff$",
+        "^(.*/)?twine$",
+        "^(.*/)?tox$",
+        "^(.*/)?types-",
       ],
-      excludePackagePatterns: ["ruff"],
       matchUpdateTypes: ["minor", "patch", "pin", "digest"],
       prPriority: -1,
       automerge: true
@@ -48,34 +97,39 @@
       // Documentation related updates
       groupName: "documentation dependencies",
       groupSlug: "doc-dependencies",
-      matchPackageNames: ["Sphinx"],
-      matchPackagePatterns: ["^[Ss]phinx.*$", "^furo$"],
-      matchPackagePrefixes: ["docs"],
+      matchPackageNames: ["Sphinx", "furo"],
+      matchPackagePatterns: ["[Ss]phinx.*$"],
+      matchDepPatterns: ["docs/.*"],
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
     },
     {
       // Other major dependencies get deprioritised below minor dev dependencies.
       matchUpdateTypes: ["major"],
-      prPriority: -2
+      prPriority: -2,
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
     },
     {
       // Major dev dependencies are stone last, but grouped.
       groupName: "development dependencies (major versions)",
       groupSlug: "dev-dependencies",
       matchDepTypes: ["devDependencies"],
       matchUpdateTypes: ["major"],
-      prPriority: -3
+      prPriority: -3,
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
     },
     {
-      // Ruff is still unstable, so update it separately.
-      groupName: "ruff",
-      matchPackagePatterns: ["^(lint/)?ruff$"],
-      prPriority: -3
+      // Pyright makes regular breaking changes in patch releases, so we separate these
+      // and do them independently.
+      matchPackageNames: ["pyright", "types/pyright"],
+      prPriority: -4,
+      matchBaseBranches: ["$default"],  // Not for hotfix branches
     }
   ],
-  regexManagers: [
+  customManagers: [
     {
       // tox.ini can get updates too if we specify for each package.
       fileMatch: ["tox.ini"],
+      customType: "regex",
       depTypeTemplate: "devDependencies",
       matchStrings: [
         "# renovate: datasource=(?<datasource>\\S+)\n\\s+(?<depName>.*?)(\\[[\\w]*\\])*[=><]=?(?<currentValue>.*?)\n"
@@ -84,18 +138,22 @@
     {
       // .pre-commit-config.yaml version updates
       fileMatch: [".pre-commit-config.yaml"],
-      depTypeTemplate: "devDependencies",
+      customType: "regex",
+      datasourceTemplate: "pypi",
+      depTypeTemplate: "lint",
       matchStrings: [
-        "# renovate: datasource=(?<datasource>\\S+);\\s*depName=(?<depName>.*?)\n\s+rev: \"v?(?<currentValue>.*?)\""
+        "- repo: .*/<(?<depName>\\S+)\\s*\\n\\s*rev:\s+\"?v?(?<currentValue>\\S*)\"?",
       ]
     }
   ],
   timezone: "Etc/UTC",
-  automergeSchedule: ["every weekend"],
   schedule: ["every weekend"],
   prConcurrentLimit: 2, // No more than 2 open PRs at a time.
+  branchConcurrentLimit: 20, // No more than 20 open branches at a time.
   prCreation: "not-pending", // Wait until status checks have completed before raising the PR
   prNotPendingHours: 4, // ...unless the status checks have been running for 4+ hours.
   prHourlyLimit: 1, // No more than 1 PR per hour.
-  stabilityDays: 2 // Wait 2 days from release before updating.
+  minimumReleaseAge: "2 days",
+  automergeStrategy: "squash", // Squash & rebase when auto-merging.
+  semanticCommitType: "build"  // use `build` as commit header type (i.e. `build(deps): <description>`)
 }

.github/workflows/check-renovate.yaml

@@ -0,0 +1,40 @@
+name: Renovate check
+on:
+  pull_request:
+    paths:
+      - ".github/workflows/check-renovate.yaml"
+      - ".github/renovate.json5"
+
+  # Allows triggering the workflow manually from the Actions tab
+  workflow_dispatch:
+    inputs:
+      enable_ssh_access:
+        type: boolean
+        description: 'Enable ssh access'
+        required: false
+        default: false
+
+jobs:
+  renovate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Install node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+      - name: Install renovate
+        run: npm install --global renovate
+      - name: Enable ssh access
+        uses: mxschmitt/action-tmate@v3
+        if: ${{ inputs.enable_ssh_access }}
+        with:
+          limit-access-to-actor: true
+      - name: Check renovate config
+        run: renovate-config-validator .github/renovate.json5
+      - name: Renovate dry-run
+        run: renovate --dry-run --autodiscover
+        env:
+          RENOVATE_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RENOVATE_USE_BASE_BRANCH_CONFIG: ${{ github.ref }}

.github/workflows/docs.yaml

@@ -21,7 +21,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.11'
       - name: Install Tox
@@ -31,7 +31,7 @@ jobs:
       - name: Build documentation
         run: tox run -e build-docs
       - name: Upload documentation
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: docs
           path: docs/_build/

.github/workflows/release-drafter.yaml

@@ -11,6 +11,6 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Release Drafter
-        uses: release-drafter/release-drafter@v5.25.0
+        uses: release-drafter/release-drafter@v6.0.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release-publish.yaml

@@ -0,0 +1,60 @@
+name: Release
+on:
+  push:
+    tags:
+      # These tags should be protected, remember to enable the rule:
+      # https://github.com/canonical/craft-cli/settings/tag_protection
+      - "[0-9]+.[0-9]+.[0-9]+"
+
+permissions:
+  contents: write
+
+jobs:
+  source-wheel:
+    runs-on: [self-hosted, jammy]
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Fetch tag annotations
+        run: |
+          git fetch --force --tags --depth 1
+          git describe --dirty --long --match '[0-9]*.[0-9]*.[0-9]*' --exclude '*[^0-9.]*'
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.10"
+          check-latest: true
+      - name: Build packages
+        run: |
+          pip install build twine
+          python3 -m build
+          twine check dist/*
+      - name: Upload pypi packages artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: pypi-packages
+          path: dist/
+  pypi:
+    needs: ["source-wheel"]
+    runs-on: [self-hosted, jammy]
+    steps:
+      - name: Get packages
+        uses: actions/download-artifact@v4
+        with:
+          name: pypi-packages
+          path: dist/
+      - name: Publish to pypi
+        uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          password: ${{ secrets.PYPI_API_TOKEN }}
+  github-release:
+    needs: ["source-wheel"]
+    runs-on: [self-hosted, jammy]
+    steps:
+      - name: Get pypi artifacts
+        uses: actions/download-artifact@v4
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: |
+            **

.github/workflows/tests.yaml

@@ -17,15 +17,15 @@ jobs:
         with:
           fetch-depth: 0
       - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10'
       - name: Configure environment
         run: |
           echo "::group::Begin snap install"
           echo "Installing snaps in the background while running apt and pip..."
           sudo snap install --no-wait --classic pyright
-          sudo snap install --no-wait shellcheck
+          sudo snap install --no-wait ruff shellcheck
           echo "::endgroup::"
           echo "::group::pip install"
           python -m pip install 'tox>=4' tox-gh
@@ -48,7 +48,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up Python versions on ${{ matrix.platform }}
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: |
             3.8
@@ -67,13 +67,13 @@ jobs:
       - name: Test with tox
         run: tox run-parallel --parallel all --parallel-no-spinner --skip-pkg-install --result-json results/tox-${{ matrix.platform }}.json -m tests -- --no-header --quiet -rN
       - name: Upload code coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           directory: ./results/
           files: coverage*.xml
       - name: Upload test results
         if: success() || failure()
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: test-results-${{ matrix.platform }}
           path: results/