LabAutomationAndScreening · ejfine · May 9, 2025 · May 9, 2025 · May 9, 2025 · May 9, 2025
diff --git a/.copier-answers.yml b/.copier-answers.yml
@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v0.0.41-24-g20eac2f
+_commit: v0.0.42
 _src_path: gh:LabAutomationAndScreening/copier-base-template.git
 description: Copier template for creating Python libraries and executables
 python_ci_versions:

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -59,5 +59,5 @@
   "initializeCommand": "sh .devcontainer/initialize-command.sh",
   "onCreateCommand": "sh .devcontainer/on-create-command.sh",
   "postStartCommand": "sh .devcontainer/post-start-command.sh"
-  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 5e3a0577 # spellchecker:disable-line
+  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): e9b90543 # spellchecker:disable-line
 }
diff --git a/.devcontainer/install-ci-tooling.sh b/.devcontainer/install-ci-tooling.sh
@@ -6,7 +6,7 @@ set -ex
 
 
 
-curl -LsSf https://astral.sh/uv/0.6.17/install.sh | sh
+curl -LsSf https://astral.sh/uv/0.7.3/install.sh | sh
 uv --version
 # TODO: add uv autocompletion to the shell https://docs.astral.sh/uv/getting-started/installation/#shell-autocompletion
 

diff --git a/.github/actions/install_deps_uv/action.yml b/.github/actions/install_deps_uv/action.yml
@@ -40,7 +40,7 @@ runs:
       shell: bash
 
     - name: Setup python
-      uses: actions/setup-python@v5.5.0
+      uses: actions/setup-python@v5.6.0
       with:
         python-version: ${{ env.PYTHON_VERSION }}
 

diff --git a/.github/actions/install_deps_uv/install-ci-tooling.ps1 b/.github/actions/install_deps_uv/install-ci-tooling.ps1
@@ -3,7 +3,7 @@
 Set-StrictMode -Version Latest
 $ErrorActionPreference = "Stop"
 
-irm https://astral.sh/uv/0.6.17/install.ps1 | iex
+irm https://astral.sh/uv/0.7.3/install.ps1 | iex
 
 # Add uv to path (in github runner)
 $env:Path = "C:\Users\runneradmin\.local\bin;$env:Path"

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,7 +9,7 @@ updates:
       time: "16:00"
     open-pull-requests-limit: 5
     ignore:
-      - dependency-name: "*"
+      - dependency-name: "boto3" # boto3 gets patch updates way too frequently and they're usually not important
         update-types:
           - "version-update:semver-patch"
 

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -12,7 +12,7 @@ env:
 
 permissions:
     id-token: write
-    contents: write # needed for mutex
+    contents: write # needed for mutex, and updating dependabot branches
     statuses: write # needed for updating status on Dependabot PRs
 
 jobs:
@@ -169,16 +169,13 @@ jobs:
         if: needs.lint-matrix.result != 'success'
         run: |
           exit 1
-      - name: Make updated dependabot hash commit as succeeded
+      - name: Mark updated dependabot hash commit as succeeded
         if: needs.get-values.outputs.dependabot-commit-created == 'true'
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
           gh api \
-            -X POST \
-            -H "Accept: application/vnd.github.v3+json" \
+            -X POST -H "Accept: application/vnd.github.v3+json" \
             "/repos/${{ github.repository }}/statuses/${{ needs.get-values.outputs.new-dependabot-sha }}" \
-            -f state=success \
-            -f context="required-check" \
-            -f description="Initial CI run passed" \
+            -f state=success -f context="required-check" -f description="Initial CI run passed" \
             -f target_url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
diff --git a/extensions/context.py b/extensions/context.py
@@ -10,7 +10,7 @@ class ContextUpdater(ContextHook):
 
     @override
     def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
-        context["uv_version"] = "0.6.17"
+        context["uv_version"] = "0.7.3"
         context["pnpm_version"] = "10.10.0"
         context["pre_commit_version"] = "4.2.0"
         context["pyright_version"] = "1.1.400"
@@ -45,7 +45,7 @@ def hook(self, context: dict[Any, Any]) -> dict[Any, Any]:
         context["graphql_codegen_typescript_version"] = "^4.1.6"
 
         context["gha_checkout"] = "v4.2.2"
-        context["gha_setup_python"] = "v5.5.0"
+        context["gha_setup_python"] = "v5.6.0"
         context["gha_cache"] = "v4.2.2"
         context["gha_upload_artifact"] = "v4.6.2"
         context["gha_download_artifact"] = "v4.2.1"

diff --git a/template/.github/actions/install_deps_uv/action.yml b/template/.github/actions/install_deps_uv/action.yml
@@ -40,7 +40,7 @@ runs:
       shell: bash
 
     - name: Setup python
-      uses: actions/setup-python@v5.5.0
+      uses: actions/setup-python@v5.6.0
       with:
         python-version: ${{ env.PYTHON_VERSION }}
 

diff --git a/template/.github/actions/install_deps_uv/install-ci-tooling.ps1 b/template/.github/actions/install_deps_uv/install-ci-tooling.ps1
@@ -3,7 +3,7 @@
 Set-StrictMode -Version Latest
 $ErrorActionPreference = "Stop"
 
-irm https://astral.sh/uv/0.6.17/install.ps1 | iex
+irm https://astral.sh/uv/0.7.3/install.ps1 | iex
 
 # Add uv to path (in github runner)
 $env:Path = "C:\Users\runneradmin\.local\bin;$env:Path"

diff --git a/template/.github/dependabot.yml.jinja b/template/.github/dependabot.yml.jinja
@@ -9,7 +9,7 @@ updates:
       time: "16:00"
     open-pull-requests-limit: 5
     ignore:
-      - dependency-name: "*"
+      - dependency-name: "boto3" # boto3 gets patch updates way too frequently and they're usually not important
         update-types:
           - "version-update:semver-patch"
 

diff --git a/template/.github/workflows/ci.yaml.jinja b/template/.github/workflows/ci.yaml.jinja
@@ -12,10 +12,15 @@ env:
 
 permissions:
     id-token: write
-    contents: write # needed for mutex
+    contents: write # needed for mutex, and updating dependabot branches
+    statuses: write # needed for updating status on Dependabot PRs
 
 jobs:
+  get-values:
+    uses: ./.github/workflows/get-values.yaml
+
   lint:
+    needs: [ get-values ]
     name: Pre-commit
     runs-on: {% endraw %}{{ gha_linux_runner }}{% raw %}
     steps:
@@ -161,10 +166,24 @@ jobs:
 
   required-check:
     runs-on: {% endraw %}{{ gha_linux_runner }}{% raw %}
-    needs: [ test{% endraw %}{% if create_docs %}, build-docs{% endif %}{% if is_frozen_executable %}, executable{% endif %}{% raw %} ]
+    needs:
+      - test
+      - get-values{% endraw %}{% if create_docs %}
+      - build-docs{% endif %}{% if is_frozen_executable %}
+      - executable{% endif %}{% raw %}
-    needs:
-      - test
-      - get-values{% endraw %}{% if create_docs %}
-      - build-docs{% endif %}{% if is_frozen_executable %}
-      - executable{% endif %}{% raw %}
+    {% set required_needs = ["test", "get-values"] %}
+    {% if create_docs %}
+    {% set required_needs = required_needs + ["build-docs"] %}
+    {% endif %}
+    {% if is_frozen_executable %}
+    {% set required_needs = required_needs + ["executable"] %}
+    {% endif %}
+    needs: {{ required_needs }}
-    needs:
-      - test
-      - get-values{% endraw %}{% if create_docs %}
-      - build-docs{% endif %}{% if is_frozen_executable %}
-      - executable{% endif %}{% raw %}
+    {% set required_needs = ["test", "get-values"] %}
+    {% if create_docs %}
+    {% set required_needs = required_needs + ["build-docs"] %}
+    {% endif %}
+    {% if is_frozen_executable %}
+    {% set required_needs = required_needs + ["executable"] %}
+    {% endif %}
+    needs: {{ required_needs }}
     if: always()
     steps:
       - name: fail if prior job failure
         if: needs.test.result != 'success'{% endraw %}{% if create_docs %} || needs.build-docs.result != 'success'{% endif %}{% if is_frozen_executable %} || needs.executable.result != 'success'{% endif %}{% raw %}
         run: |
-          exit 1{% endraw %}
+          exit 1
+      - name: Mark updated Dependabot commit of devcontainer hash as succeeded
+        if: needs.get-values.outputs.dependabot-commit-created == 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh api \
+            -X POST -H "Accept: application/vnd.github.v3+json" \
+            "/repos/${{ github.repository }}/statuses/${{ needs.get-values.outputs.new-dependabot-sha }}" \
+            -f state=success -f context="required-check" -f description="Initial CI run passed" \
+            -f target_url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"{% endraw %}
diff --git a/template/.github/workflows/get-values.yaml b/template/.github/workflows/get-values.yaml
@@ -0,0 +1,34 @@
+name: Get Values
+
+on:
+  workflow_call:
+    outputs:
+      new-dependabot-sha:
+        description: BUILD_HASH
+        value: ${{ jobs.get-values.outputs.new-dependabot-sha }}
+      dependabot-commit-created:
+        description: whether or not a commit was created on a dependabot branch
+        value: ${{ jobs.get-values.outputs.dependabot-commit-created }}
+
+env:
+  PYTHONUNBUFFERED: True
+
+permissions:
+    contents: write # needed to push commit of new devcontainer hash for dependabot PRs
+
+jobs:
+  get-values:
+    runs-on: ubuntu-24.04
+    outputs:
+      new-dependabot-sha: ${{ steps.update-hash.outputs.new-sha }}
+      dependabot-commit-created: ${{ steps.update-hash.outputs.commit-created }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4.2.2
+
+      - name: Update Devcontainer Hash
+        if: ${{ github.actor == 'dependabot[bot]' }}
+        id: update-hash
+        uses: ./.github/actions/update-devcontainer-hash
+        with:
+          branch: ${{ github.ref_name }}