From 765bc0b3663f8eb7541dc2f554306d7d36a55144 Mon Sep 17 00:00:00 2001 From: Nate Prewitt Date: Wed, 10 Dec 2025 14:27:25 -0700 Subject: [PATCH 1/5] Update pins and permissions for CI --- .github/workflows/run-tests.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index 33b3ab7..7831d68 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -2,6 +2,9 @@ name: Run Tests on: [push, pull_request] +permissions: + contents: read + jobs: build: @@ -9,13 +12,13 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-latest] + os: [ubuntu-latest, macOS-latest, windows-latest] python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.14"] steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 with: python-version: ${{ matrix.python-version }} - name: Install dependencies From cdf99532649573a6dcce609a2f3eb293e6cc338c Mon Sep 17 00:00:00 2001 From: Nate Prewitt Date: Wed, 10 Dec 2025 14:27:47 -0700 Subject: [PATCH 2/5] Add dependabot schedule to keep pins up-to-date --- .github/dependabot.yml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..9e10089 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-patch"] From 8e83baea6d89c6a6a5fec95f3693c30eedfe6daf Mon Sep 17 00:00:00 2001 From: Nate Prewitt Date: Wed, 10 Dec 2025 14:28:05 -0700 Subject: [PATCH 3/5] Add codeql to do regular scans --- .github/codeql.yml | 2 ++ .github/workflows/codeql.yml | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 .github/codeql.yml create mode 100644 .github/workflows/codeql.yml diff --git a/.github/codeql.yml b/.github/codeql.yml new file mode 100644 index 0000000..988aeb7 --- /dev/null +++ b/.github/codeql.yml @@ -0,0 +1,2 @@ +paths: +- "jmespath/" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..448c0e6 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,35 @@ +name: "CodeQL" + +on: + push: + branches: ["develop"] + pull_request: + branches: ["develop"] + schedule: + - cron: "0 0 * * 5" + +permissions: "read" + +jobs: + analyze: + name: "Analyze" + runs-on: "ubuntu-latest" + permissions: + actions: read + contents: read + security-events: write + steps: + - name: "Checkout repository" + uses: "actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3" + + - name: "Run CodeQL init" + uses: "github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb" + with: + config-file: "./.github/codeql.yml" + languages: "python" + + - name: "Run CodeQL autobuild" + uses: "github/codeql-action/autobuild@4e94bd11f71e507f7f87df81788dff88d1dacbfb" + + - name: "Run CodeQL analyze" + uses: "github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb" From 989af50092577d90d4b13ed737d634ffbd5a66ab Mon Sep 17 00:00:00 2001 From: Nate Prewitt Date: Wed, 10 Dec 2025 14:37:17 -0700 Subject: [PATCH 4/5] Make test workflow cross-platform compatible --- .github/workflows/run-tests.yml | 4 ++-- requirements.txt | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml index 7831d68..db4ce70 100644 --- a/.github/workflows/run-tests.yml +++ b/.github/workflows/run-tests.yml @@ -25,8 +25,8 @@ jobs: run: | pip install pip==25.1.0 pip install -r requirements.txt - python -m build --wheel - pip install dist/*.whl + python -m pip install . - name: Test with pytest run: | cd tests/ && python -m pytest --cov jmespath --cov-report term-missing + diff --git a/requirements.txt b/requirements.txt index 105cf68..bf75ba9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,4 +6,3 @@ hypothesis==5.35.4 # Setuptools is no longer provided by default in Python 3.12+ setuptools==71.1.0 ; python_version >= '3.12' packaging==24.1 ; python_version >= '3.12' -build==1.2.2.post1 From cdb9327fd597dda1aff703e6e5b98d79503c6f4e Mon Sep 17 00:00:00 2001 From: Nate Prewitt Date: Wed, 10 Dec 2025 14:55:48 -0700 Subject: [PATCH 5/5] Fix file encoding for Windows --- tests/test_compliance.py | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/tests/test_compliance.py b/tests/test_compliance.py index cde6acb..051f1b8 100644 --- a/tests/test_compliance.py +++ b/tests/test_compliance.py @@ -48,19 +48,20 @@ def _walk_files(): def load_cases(full_path): - all_test_data = json.load(open(full_path), object_pairs_hook=OrderedDict) - for test_data in all_test_data: - given = test_data['given'] - for case in test_data['cases']: - if 'result' in case: - test_type = 'result' - elif 'error' in case: - test_type = 'error' - elif 'bench' in case: - test_type = 'bench' - else: - raise RuntimeError("Unknown test type: %s" % json.dumps(case)) - yield (given, test_type, case) + with open(full_path, 'r', encoding='utf-8') as f: + all_test_data = json.load(f, object_pairs_hook=OrderedDict) + for test_data in all_test_data: + given = test_data['given'] + for case in test_data['cases']: + if 'result' in case: + test_type = 'result' + elif 'error' in case: + test_type = 'error' + elif 'bench' in case: + test_type = 'bench' + else: + raise RuntimeError(f"Unknown test type: {json.dumps(case)}") + yield (given, test_type, case) @pytest.mark.parametrize(