.clang-format

@@ -0,0 +1,5 @@
+BasedOnStyle: LLVM
+IndentWidth: 4
+BinPackArguments: false
+BinPackParameters: false
+IndentCaseLabels: true

.github/dependabot.yml

@@ -0,0 +1,11 @@
+version: 2
+updates:
+- package-ecosystem: pip
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+- package-ecosystem: "github-actions"
+  directory: "/"
+  schedule:
+    interval: daily

.github/workflows/address-sanitizer.yml

@@ -0,0 +1,40 @@
+name: Run Address Sanitizer
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '13 15 * * SUN'
+
+permissions: {}
+
+jobs:
+  build:
+    name: Address Sanitizer
+    runs-on: ubuntu-latest
+    env:
+      ASAN_OPTIONS: strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:detect_invalid_pointer_pairs=2:detect_leaks=0
+      CC: clang
+      CFLAGS: -fsanitize=address -Wall -Wextra -Wpedantic -Wformat=2 -Walloca -Wvla -Wimplicit-fallthrough -Wcast-qual -Wconversion -Wshadow -Wundef -Wstrict-prototypes -Wswitch-enum -fstack-protector -D_FORTIFY_SOURCE=2 -Werror
+      LDFLAGS: -fsanitize=address
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          persist-credentials: false
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # 6.0.1
+
+      - name: Install packages
+        run: |
+          sudo apt-get update
+          sudo apt-get -y install libasan6
+
+      - name: Test
+        run: uv run pytest
+        env:
+          CFLAGS: "-Werror -Wall -Wextra"
+          LD_PRELOAD: libasan.so.6
+          MAXMINDDB_REQUIRE_EXTENSION: 1
+          MM_FORCE_EXT_TESTS: 1

.github/workflows/clang-analyzer.yml

@@ -0,0 +1,34 @@
+name: Clang Static Analysis
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '3 15 * * SUN'
+
+permissions: {}
+
+jobs:
+  clang-analyzer:
+    name: Clang Static Analysis
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          persist-credentials: false
+
+      - name: Install clang-tools
+        run: sudo apt install clang-tools
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # 6.0.1
+
+      - name: Build and run analyzer
+        # We exclude extension/libmaxminddb/ as libmaxminddb has its own workflow
+        # for this and we are not able to correct any issues with that code here.
+        run: scan-build --exclude extension/libmaxminddb/ --status-bugs uv build
+        env:
+          CFLAGS: "-Werror -Wall -Wextra"
+          MAXMINDDB_REQUIRE_EXTENSION: 1

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,44 @@
+name: "Code scanning - action"
+
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+  pull_request:
+  schedule:
+    - cron: '0 18 * * 0'
+
+permissions: {}
+
+jobs:
+  CodeQL-Build:
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 2
+          submodules: true
+          persist-credentials: false
+      - run: git checkout HEAD^2
+        if: ${{ github.event_name == 'pull_request' }}
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: python, cpp
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # 6.0.1
+
+      - run: uv build
+        env:
+          MAXMINDDB_REQUIRE_EXTENSION: 1
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

.github/workflows/release.yml

@@ -0,0 +1,81 @@
+name: Build and upload to PyPI
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+  release:
+    types:
+      - published
+
+permissions: {}
+
+jobs:
+  build_wheels:
+    name: Build wheels on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos-13, macos-14, ubuntu-24.04-arm, ubuntu-latest, windows-latest]
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+          persist-credentials: false
+
+      - name: Set up QEMU
+        if: runner.os == 'Linux' && runner.arch == 'X64'
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # 3.6.0
+        with:
+          platforms: all
+
+      - name: Build wheels
+        uses: pypa/cibuildwheel@faf86a6ed7efa889faf6996aa23820831055001a # 2.23.3
+        env:
+          CIBW_BUILD_VERBOSITY: 1
+          MAXMINDDB_REQUIRE_EXTENSION: 1
+          # configure cibuildwheel on Linux to build native archs ('auto'),
+          # and to split the remaining architectures between the x86_64 and
+          # ARM runners
+          CIBW_ARCHS_LINUX: ${{ runner.arch == 'X64' && 'auto ppc64le s390x' || 'auto' }}
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: maxminddb-whl-${{ matrix.os }}
+          path: ./wheelhouse/*.whl
+
+  build_sdist:
+    name: Build source distribution
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+          persist-credentials: false
+
+      - name: Build sdist
+        run: pipx run build --sdist
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: maxminddb-sdist
+          path: dist/*.tar.gz
+
+  upload_pypi:
+    needs: [build_wheels, build_sdist]
+    runs-on: ubuntu-latest
+    environment: release
+    permissions:
+      id-token: write
+    if: github.event_name == 'release' && github.event.action == 'published'
+    steps:
+      - uses: actions/download-artifact@v4
+        with:
+          pattern: maxminddb-*
+          path: dist
+          merge-multiple: true
+
+      - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # 1.12.4

.github/workflows/test-libmaxminddb.yml

@@ -0,0 +1,71 @@
+name: Python tests (system libmaxminddb)
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '3 15 * * SUN'
+
+permissions: {}
+
+jobs:
+  build:
+
+    strategy:
+      matrix:
+        env: [3.9, "3.10", 3.11, 3.12, 3.13]
+        # We don't test on Windows currently due to issues
+        # build libmaxminddb there.
+        os: [ubuntu-latest, ubuntu-24.04-arm, macos-latest]
+
+    name: Python ${{ matrix.env }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    env:
+      MAXMINDDB_REQUIRE_EXTENSION: 1
+      MAXMINDDB_USE_SYSTEM_LIBMAXMINDDB: 1
+      MM_FORCE_EXT_TESTS: 1
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+          persist-credentials: false
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # 6.0.1
+
+      - name: Install tox
+        run: uv tool install --python-preference only-managed --python 3.13 tox --with tox-uv --with tox-gh
+
+      - name: Install Python
+        if: matrix.env != '3.13'
+        run: uv python install --python-preference only-managed ${{ matrix.env }}
+
+      - name: Install libmaxminddb
+        run: sudo apt install libmaxminddb-dev
+        if: matrix.os == 'ubuntu-latest' || matrix.os == 'ubuntu-24.04-arm'
+
+      - name: Install libmaxminddb
+        run: brew install libmaxminddb
+        if: matrix.os == 'macos-latest'
+
+      - name: "Work around macos arm64 homebrew directory changes"
+        if: runner.os == 'macOS' && runner.arch == 'ARM64'
+        run: |
+          echo "CFLAGS=-I/opt/homebrew/include" >> "$GITHUB_ENV"
+          echo "LDFLAGS=-L/opt/homebrew/lib" >> "$GITHUB_ENV"
+
+      - name: Build with Werror and Wall
+        run: uv build
+        env:
+          CFLAGS: "${{ env.CFLAGS }} -Werror -Wall -Wextra"
+
+      - name: Setup test suite
+        run: tox run -vv --notest --skip-missing-interpreters false
+        env:
+          TOX_GH_MAJOR_MINOR: ${{ matrix.env }}
+
+      - name: Run test suite
+        run: tox run --skip-pkg-install
+        env:
+          TOX_GH_MAJOR_MINOR: ${{ matrix.env }}

.github/workflows/test.yml

@@ -0,0 +1,41 @@
+name: Python tests
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '3 15 * * SUN'
+
+permissions: {}
+
+jobs:
+  test:
+    name: test with ${{ matrix.env }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        env: [3.9, "3.10", 3.11, 3.12, 3.13]
+        os: [ubuntu-latest, ubuntu-24.04-arm, macos-latest, windows-latest]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+          persist-credentials: false
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # 6.0.1
+      - name: Install tox
+        run: uv tool install --python-preference only-managed --python 3.13 tox --with tox-uv --with tox-gh
+      - name: Install Python
+        if: matrix.env != '3.13'
+        run: uv python install --python-preference only-managed ${{ matrix.env }}
+      - name: Setup test suite
+        run: tox run -vv --notest --skip-missing-interpreters false
+        env:
+          TOX_GH_MAJOR_MINOR: ${{ matrix.env }}
+      - name: Run test suite
+        run: tox run --skip-pkg-install
+        env:
+          MAXMINDDB_REQUIRE_EXTENSION: 1
+          MM_FORCE_EXT_TESTS: 1
+          TOX_GH_MAJOR_MINOR: ${{ matrix.env }}

.github/workflows/zizmor.yml

@@ -0,0 +1,34 @@
+name: GitHub Actions Security Analysis with zizmor
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["**"]
+
+permissions: {}
+
+jobs:
+  zizmor:
+    name: zizmor latest via PyPI
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      # required for workflows in private repositories
+      contents: read
+      actions: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install the latest version of uv
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # 6.0.1
+        with:
+          enable-cache: false
+
+      - name: Run zizmor
+        run: uvx zizmor@1.7.0 --format plain .
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,19 +1,23 @@
 *.egg
+*.iml
 *.pyc
 *.so
 *.sw?
 *~
+.clangd
 .coverage
 .eggs
 .idea
+.pyre
+.tox
 build
+compile_flags.txt
 core
 dist
 docs/_build
+docs/doctrees
 docs/html
 env/
 MANIFEST
 maxminddb.egg-info/
-pylint.txt
 valgrind-python.supp
-violations.pyflakes.txt