Merge branch 'main' into github-actions-linting

.github/workflows/ci.yml

@@ -29,10 +29,10 @@ jobs:
 
     steps:
     - name: Checking out the cookie cutter repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python-version }}
 
@@ -82,10 +82,10 @@ jobs:
 
     steps:
     - name: Checking out the cookie cutter repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up Python 3.8
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: 3.8
 

.github/workflows/pypi.yml

@@ -15,10 +15,10 @@ jobs:
 
     steps:
     - name: Checking out the cookie cutter repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: 3.8
 

cookiecutter.json

@@ -23,7 +23,7 @@
     ],
     "__python_module": "{{ cookiecutter|modname }}",
     "_catch_version": "2.13.10",
-    "_cibuildwheel_version": "2.13.0",
+    "_cibuildwheel_version": "2.13.1",
     "_pybind_version": "2.10.4",
     "_sonarscanner_version": "4.7.0.2747"
 }

tests/test_deploy_bake.py

@@ -113,23 +113,6 @@ def rtd_api_request(endpoint):
     assert build["commit"] == sha
 
 
-def codecov_api_verification(remote_url, token, sha):
-    def codecov_api_request(endpoint):
-        resp = requests.get('https://codecov.io/api/{}/{}'.format(remote_url, endpoint),
-                            headers={'Authorization': 'token {}'.format(token)}
-                            )
-        return resp.json()
-
-    # Poll the codecov.io API
-    commit = codecov_api_request('commit/{}'.format(sha))['commit']
-    while commit['state'] != 'complete':
-        time.sleep(5)
-        commit = codecov_api_request('commit/{}'.format(sha))['commit']
-
-    # Assert 100% coverage
-    assert commit['totals']['c'] == '100'
-
-
 @pytest.mark.integrations
 @pytest.mark.flaky(max_runs=3, min_passes=1, rerun_filter=wait_five_seconds)
 @pytest.mark.timeout(120)
@@ -139,25 +122,14 @@ def test_codecovio_github_deploy():
     repo = gh.get_repo('dokempf/test-gha-cookiecutter')
     sha = repo.get_branch('main').commit.sha
 
-    codecov_api_verification(
-        'gh/dokempf/test-gha-cookiecutter',
-        os.getenv('CODECOV_GH_API_ACCESS_TOKEN'),
-        sha
-    )
-
-
-@pytest.mark.integrations
-@pytest.mark.flaky(max_runs=3, min_passes=1, rerun_filter=wait_five_seconds)
-@pytest.mark.timeout(60)
-def test_codecovio_gitlab_deploy():
-    # Authenticate with Gitlab API
-    gl = gitlab.Gitlab('https://gitlab.com', private_token=os.getenv("GL_API_ACCESS_TOKEN"))
-    gl.auth()
-    project = gl.projects.get('dokempf/test-gitlab-ci-cookiecutter-cpp-project')
-    sha = project.branches.get('main').commit['id']
+    # Ask CodeCov API for coverage information
+    resp = requests.get(
+        f'https://api.codecov.io/api/v2/github/dokempf/repos/test-gha-cookiecutter/totals',
+        headers={
+            'authorization': f'Bearer {os.getenv("CODECOV_GH_API_ACCESS_TOKEN")}'
+        },
+        params={"sha": sha}
+    ).json()
 
-    codecov_api_verification(
-        'gl/dokempf/test-gitlab-ci-cookiecutter-cpp-project',
-        os.getenv('CODECOV_GL_API_ACCESS_TOKEN'),
-        sha
-    )
+    # Assert 100% coverage
+    assert resp['totals']['coverage'] == 100

{{cookiecutter.project_slug}}/.github/workflows/ci.yml

@@ -29,7 +29,7 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 {% if cookiecutter.use_submodules == "Yes" %}
       with:
         submodules: 'recursive'
@@ -104,14 +104,14 @@ jobs:
         os: [ubuntu-latest, macos-latest, windows-latest]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 {% if cookiecutter.use_submodules == "Yes" %}
       with:
         submodules: 'recursive'
 {%- endif %}
 
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: 3.8
 
@@ -129,7 +129,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 {% if cookiecutter.use_submodules == "Yes" %}
       with:
         submodules: 'recursive'
@@ -205,5 +205,12 @@ jobs:
       working-directory: ${{ "{{ github.workspace }}" }}
       run: |
         lcov --directory ./build{% if cookiecutter.header_only == "No" %}/src{% endif %} --capture --output-file coverage.info
-        bash <(curl --connect-timeout 10 --retry 5 -s https://codecov.io/bash) -f coverage.info || echo "Codecov did not collect coverage reports"
+
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        fail_ci_if_error: true
+        files: ${{ "{{runner.workspace}}" }}/coverage.info
+      env:
+        CODECOV_TOKEN: ${{ "{{ secrets.CODECOV_TOKEN }}" }}
 {% endif %}

{{cookiecutter.project_slug}}/.github/workflows/pypi.yml

@@ -16,45 +16,43 @@ jobs:
         os: [ubuntu-latest, windows-latest, macos-latest]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         submodules: 'recursive'
 
     - name: Build wheels
       uses: pypa/cibuildwheel@v{{ cookiecutter._cibuildwheel_version }}
 
-    - uses: actions/upload-artifact@v3
+    - uses: actions/upload-artifact@v4
       with:
         path: ./wheelhouse/*.whl
 
   upload_testpypi:
     needs: [build-wheels]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     if: github.event_name == 'release' && github.event.action == 'published'
     steps:
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: artifact
           path: dist
 
-      - uses: pypa/gh-action-pypi-publish@release/v1
+      - uses: pypa/gh-action-pypi-publish@v1.8.11
         with:
-          user: __token__
-          password: ${{ "{{ secrets.TESTPYPI_API_TOKEN }}" }}
           repository_url: https://test.pypi.org/legacy/
 
   upload_pypi:
     needs: [build-wheels, upload_testpypi]
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
     if: github.event_name == 'release' && github.event.action == 'published'
     steps:
-      - uses: actions/download-artifact@v3
+      - uses: actions/download-artifact@v4
         with:
           name: artifact
           path: dist
 
-      - uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ "{{ secrets.PYPI_API_TOKEN }}" }}
-          verbose: true
+      - uses: pypa/gh-action-pypi-publish@release/v1.8.11

{{cookiecutter.project_slug}}/.github/workflows/sonarcloud.yml

@@ -24,7 +24,7 @@ jobs:
     name: SonarCloud
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
           submodules: 'recursive'

{{cookiecutter.project_slug}}/.pre-commit-config.yaml

@@ -2,7 +2,7 @@ repos:
 {%- if cookiecutter.python_bindings %}
   # Run Black - the uncompromising Python code formatter
   - repo: https://github.com/psf/black
-    rev: 23.3.0
+    rev: 23.7.0
     hooks:
       - id: black-jupyter
 {%- endif %}

{{cookiecutter.project_slug}}/TODO.md

@@ -47,15 +47,21 @@ The following tasks need to be done to get a fully working project:
   about your project, such as your email adress, PyPI classifiers and a short project description.
 {%- endif %}
 {%- if cookiecutter.pypi_release == "Yes" %}
-* Add the secret variables `TESTPYPI_API_TOKEN` and `PYPI_API_TOKEN` to your GitHub project.
-  These variables can be generated by heading to `https://test.pypi.org/` and `https://pypi.org`,
-  adding a new project and generating these tokens.
+* Head to your user settings at `https://pypi.org` and `https://test.pypi.org/` to setup PyPI trusted publishing.
+  In order to do so, you have to head to the "Publishing" tab, scroll to the bottom
+  and add a "new pending publisher". The relevant information is:
+  * PyPI project name: `{{ cookiecutter|modname }}`
+  * Owner: `{{ cookiecutter|username }}`
+  * Repository name: `{{ cookiecutter|remote_slug }}`
+  * Workflow name: `pypi.yml`
+  * Environment name: not required
 {%- endif %}
 {%- if cookiecutter.codecovio == "Yes" %}
 * Enable the integration with `codecov.io` by heading to the [Codecov.io Website](https://codecov.io),
-  log in (e.g. with your Github credentials) and enable integration for your repository. This will
-  allow you to have automatic coverage reports on pull requests, but is not necessary to display
-  the coverage badge in the README.
+  log in (e.g. with your Github credentials) and enable integration for your repository. In order to do
+  so, you need to select it from the list of repositories (potentially re-syncing with GitHub) and head
+  to the Settings Tab. Within setting, get your token for this repository and put store it as a secret
+  called `CODECOV_TOKEN` for GitHub Actions.
 {%- endif %}
 {%- if cookiecutter.sonarcloud == "Yes" %}
 * Enable the integration with `sonarcloud.io` by heading to the [Sonarcloud.io Website](https://sonarcloud.io),