Pin CI packages to specific hashes (#51)

janbridley · web-flow · commit fc4d1f0035a1 · 2025-08-25T10:03:46.000-04:00
## Description CI has been updated to pin specific hashes of CI scripts, as per the new group standard. ## Types of Changes  - [ ] Documentation update - [ ] Bug fix - [x] New feature - [ ] Breaking change<sup>1</sup> <sup>1</sup>The change breaks (or has the potential to break) existing functionality and should be merged into the `breaking` branch ## Checklist:  - [ ] I am familiar with the [Development Guidelines](https://github.com/glotzerlab/parsnip/blob/main/doc/source/development.rst) - [ ] The changes introduced by this pull request are covered by existing or newly introduced tests. - [ ] I have updated the [changelog](https://github.com/glotzerlab/parsnip/blob/main/ChangeLog.rst) and added my name to the [credits](https://github.com/glotzerlab/parsnip/blob/main/doc/source/credits.rst).
diff --git a/.github/workflows/pypi-test-and-publish.yaml b/.github/workflows/pypi-test-and-publish.yaml
@@ -15,20 +15,17 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4.2.2
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       with:
         persist-credentials: false
-    - name: Set up Python
-      uses: actions/setup-python@v5.4.0
+    - name: Install uv
+      uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
       with:
-        python-version: "3.x"
-
-    - name: Install pypa/build
-      run: python3 -m pip install build --user
-    - name: Build a binary wheel and a source tarball
-      run: PYTHONWARNINGS=error python3 -m build
+        version: "0.8.11"
+    - name: uv build
+      run: uv build --verbose -o dist
     - name: Store the distribution packages
-      uses: actions/upload-artifact@v4.4.3
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
       with:
         name: python-package-distributions
         path: dist/
@@ -45,12 +42,13 @@ jobs:
 
     steps:
     - name: Download all the dists
-      uses: actions/download-artifact@v4.1.8
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
       with:
         name: python-package-distributions
         path: dist/
-    - name: Publish distribution to TestPyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
+    - name: Publish to TestPyPI
+      # TODO: udpate to use a pinned version rather than a single commit
+      uses: pypa/gh-action-pypi-publish/ed01280d14b6f9a0edaa1a5494d8f7ffed709083
       with:
         repository-url: https://test.pypi.org/legacy/
         verbose: true
@@ -70,9 +68,11 @@ jobs:
 
     steps:
     - name: Download all the dists
-      uses: actions/download-artifact@v4.1.8
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
       with:
         name: python-package-distributions
         path: dist/
+
     - name: Publish to PyPI
-      uses: pypa/gh-action-pypi-publish@v1.12.4
+      # TODO: udpate to use a pinned version rather than a single commit
+      uses: pypa/gh-action-pypi-publish/ed01280d14b6f9a0edaa1a5494d8f7ffed709083
diff --git a/.github/workflows/run_tests.yaml b/.github/workflows/run_tests.yaml
@@ -17,14 +17,14 @@ jobs:
   run_test:
     runs-on: ${{ inputs.runs-on }}
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-python@v5
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
       with:
         python-version: ${{ inputs.python-version }}
     - name: Install uv
-      uses: astral-sh/setup-uv@v4
+      uses: astral-sh/setup-uv@d9e0f98d3fc6adb07d1e3d37f3043649ddad06a1 # v6.5.0
       with:
-        version: "0.6.6"
+        version: "0.8.11"
 
     - name: Install package
       run: |
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -3,7 +3,7 @@ ci:
 
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v6.0.0
     hooks:
       - id: end-of-file-fixer
         exclude: tests/sample_data
@@ -16,7 +16,7 @@ repos:
       - id: debug-statements
       - id: requirements-txt-fixer
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.9.3
+    rev: v0.12.9
     hooks:
       - id: ruff
         types_or: [ python, pyi, jupyter ]
diff --git a/pyproject.toml b/pyproject.toml
@@ -5,7 +5,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "parsnip-cif"
 version = "0.3.0"
-requires-python = ">=3.7"
+requires-python = ">=3.9"
 description = "Minimal library for parsing CIF & mmCIF files in Python."
 readme = "README.rst"
 license-files = ["LICENSE"]
@@ -90,6 +90,7 @@ known-first-party = ["parsnip"]
 
 [tool.ruff.lint.per-file-ignores]
 "tests/*" = ["D", "B018", "F811"]
+"tests/conftest.py" = ["N816", "N806"]
 "parsnip/*" = ["E741"]
 "__init__.py" = ["F401"] # Do not remove "unused" imports in __init__.py files
 
diff --git a/test/output.txt b/test/output.txt
diff --git a/tests/test_key_reader.py b/tests/test_key_reader.py
@@ -47,8 +47,8 @@ def test_read_key_value_pairs_random(cif_data, keys):
     _array_assertion_verbose(keys, parsnip_data, gemmi_data)
 
 
-def test_read_key_value_pairs_badcif(cif_data=bad_cif):
-    parsnip_data = cif_data.file[cif_data.manual_keys]
+def test_read_key_value_pairs_badcif():
+    parsnip_data = bad_cif.file[bad_cif.manual_keys]
     correct_data = [
         "1.000000(x)",
         "4.32343242",
@@ -60,4 +60,4 @@ def test_read_key_value_pairs_badcif(cif_data=bad_cif):
         r"45.6a/\s",
         None,
     ]
-    _array_assertion_verbose(cif_data.manual_keys, parsnip_data, correct_data)
+    _array_assertion_verbose(bad_cif.manual_keys, parsnip_data, correct_data)
diff --git a/tests/test_patterns.py b/tests/test_patterns.py
@@ -144,9 +144,9 @@ def test_semicolon_to_string(line):
             ParseWarning, match="String contains single and double quotes"
         ):
             fixed = _semicolon_to_string(line)
-            assert (fixed == line) if ";" not in line else (";" not in fixed)
-            return
-    elif ";" not in line:
+        assert (fixed == line) if ";" not in line else (";" not in fixed)
+        return
+    if ";" not in line:
         assert _semicolon_to_string(line) == line
         return
     fixed = _semicolon_to_string(line)
diff --git a/tests/test_table_reader.py b/tests/test_table_reader.py
@@ -67,11 +67,6 @@ def test_read_atom_sites(cif_data):
     if not any(
         s in cif_data.filename for s in ["CCDC", "PDB", "AMCSD", "zeolite", "no42"]
     ):
-        import sys
-
-        if sys.version_info < (3, 8):
-            return
-
         warnings.filterwarnings("ignore", category=UserWarning)
 
         atoms = asecif.read_cif(cif_data.filename)
@@ -100,9 +95,9 @@ def test_partial_table_read(cif_data, subset):
 
 
 @pytest.mark.skip("Would be nice to pass, but we are at least as good as gemmi here.")
-def test_bad_cif_symop(cif_data=bad_cif):
+def test_bad_cif_symop():
     # This file is thouroughly cooked - gemmi will not even read it.
-    parsnip_data = cif_data.file.get_from_loops(cif_data.symop_keys)
+    parsnip_data = bad_cif.file.get_from_loops(bad_cif.symop_keys)
     correct_data = [
         ["1", "x,y,z"],
         ["2", "-x,y,-z*1/2"],
@@ -115,26 +110,3 @@ def test_bad_cif_symop(cif_data=bad_cif):
     ]
 
     np.testing.assert_array_equal(parsnip_data, correct_data)
-
-
-@pytest.mark.skip("Too corrupted to be read")
-def test_bad_cif_atom_sites(cif_data=bad_cif):
-    parsnip_data = cif_data.file[cif_data.atom_site_keys]
-    np.testing.assert_array_equal(
-        parsnip_data[:, 0],
-        np.array(["Aa(3)", "SL", "Oo", "O0f"]),
-    )
-    # "_atom_site_type_symbol"
-    np.testing.assert_array_equal(parsnip_data[:, 1], ["Bb", "SM", "O", "O"])
-
-    # "_atom_site_symmetry_multiplicity"
-    np.testing.assert_array_equal(parsnip_data[:, 2], ["1", "3", "5", "7"])
-
-    # "_atom_si te"
-    np.testing.assert_array_equal(
-        parsnip_data[:, 3], ["0.00000(1)", "0.00000", "0.19180", "0.09390"]
-    )
-    # "_atom_site_fract_z"
-    np.testing.assert_array_equal(
-        parsnip_data[:, 4], ["0.25000", "0.(28510)", "0.05170", "0.41220"]
-    )
diff --git a/tests/test_unitcells.py b/tests/test_unitcells.py
@@ -41,7 +41,8 @@ def test_read_wyckoff_positions(cif_data):
 
 
 @all_files_mark
-def test_read_cell_params(cif_data, keys=box_keys):
+def test_read_cell_params(cif_data):
+    keys = box_keys
     if "PDB_4INS_head.cif" in cif_data.filename:
         keys = (key[0] + key[1:].replace("_", ".", 1) for key in keys)
     parsnip_data = cif_data.file.read_cell_params()
