move-coop
diff --git a/‎.circleci/config.yml‎
Lines changed: 1 addition & 1 deletion b/‎.circleci/config.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 9 additions & 0 deletions b/‎.github/PULL_REQUEST_TEMPLATE.md‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎.github/dependabot.yml‎
Lines changed: 4 additions & 6 deletions b/‎.github/dependabot.yml‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎.github/workflows/coverage.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/coverage.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dependency-review.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/dependency-review.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/python-checks.yml‎
Lines changed: 15 additions & 15 deletions b/‎.github/workflows/python-checks.yml‎
Lines changed: 15 additions & 15 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 95 additions & 0 deletions b/‎.github/workflows/release.yml‎
Lines changed: 95 additions & 0 deletions
diff --git a/‎.github/workflows/security_scorecard.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/security_scorecard.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.pre-commit-config.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎MANIFEST.in‎
Lines changed: 4 additions & 0 deletions b/‎MANIFEST.in‎
Lines changed: 4 additions & 0 deletions
@@ -7,7 +7,7 @@ version: 2
 
 workflows:
   version: 2
-  build:
+  docs-build:
     jobs:
       - docs-build
       - docs-build-deploy:
 
@@ -0,0 +1,9 @@
+## What is this change?
+- (List out the changes.)
+- (Link to any relevant Github issues or Slack discussion)
+
+## Considerations for discussion
+- (List out any significant design decisions that were made and why.)
+
+## How to test the changes (if needed)
+- (How should a reviewer test this functionality)
@@ -10,12 +10,10 @@ updates:
     schedule:
       interval: weekly
 
-  - package-ecosystem: pip
-    directory: /docs
-    schedule:
-      interval: weekly
-
   - package-ecosystem: pip
     directory: /
     schedule:
-      interval: weekly
+      interval: weekly
+    ignore:
+      - dependency-name: ruff
+      - dependency-name: bandit
@@ -32,7 +32,7 @@ jobs:
             # DO NOT run actions/checkout here, for security reasons
             # For details, refer to https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
             - name: Post comment
-              uses: py-cov-action/python-coverage-comment-action@d1ff8fbb5ff80feedb3faa0f6d7b424f417ad0e1  # v3.30
+              uses: py-cov-action/python-coverage-comment-action@91910686861e4e1d8282a267a896eb39d46240fb  # v3.35
               with:
                   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                   GITHUB_PR_RUN_ID: ${{ github.event.workflow_run.id }}
@@ -18,11 +18,11 @@ jobs:
         runs-on: ubuntu-latest
         steps:
             - name: Harden Runner
-              uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+              uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
               with:
                   egress-policy: audit
 
             - name: 'Checkout Repository'
               uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
             - name: 'Dependency Review'
-              uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+              uses: actions/dependency-review-action@da24556b548a50705dd671f47852072ea4c105d9 # v4.7.1
@@ -27,12 +27,12 @@ jobs:
             - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
             - name: Set up Python ${{ matrix.python-version }}
-              uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+              uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
               with:
                   python-version: ${{ matrix.python-version }}
 
             - name: Install uv
-              uses: install-pinned/uv@cdd7153ace885f698b54dcd2ae4ce134afa2ac05  # 0.4.12
+              uses: install-pinned/uv@3aec1379ab70bb5b1be041748d52f765e3a3dc74  # 0.4.12
 
             - name: Install dependencies
               env:
@@ -61,12 +61,12 @@ jobs:
             - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
             - name: Set up Python 3.13
-              uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+              uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
               with:
                   python-version: "3.13"
 
             - name: Install uv
-              uses: install-pinned/uv@cdd7153ace885f698b54dcd2ae4ce134afa2ac05  # 0.4.12
+              uses: install-pinned/uv@3aec1379ab70bb5b1be041748d52f765e3a3dc74  # 0.4.12
 
             - name: Install dependencies
               run: |
@@ -83,12 +83,12 @@ jobs:
             - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
             - name: Set up Python 3.13
-              uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+              uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
               with:
                   python-version: "3.13"
 
             - name: Install uv
-              uses: install-pinned/uv@cdd7153ace885f698b54dcd2ae4ce134afa2ac05  # 0.4.12
+              uses: install-pinned/uv@3aec1379ab70bb5b1be041748d52f765e3a3dc74  # 0.4.12
 
             - name: Install dependencies
               run: |
@@ -105,12 +105,12 @@ jobs:
             - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
             - name: Set up Python 3.13
-              uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+              uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
               with:
                   python-version: "3.13"
 
             - name: Install uv
-              uses: install-pinned/uv@cdd7153ace885f698b54dcd2ae4ce134afa2ac05  # 0.4.12
+              uses: install-pinned/uv@3aec1379ab70bb5b1be041748d52f765e3a3dc74  # 0.4.12
 
             - name: Install bandit
               run: |
@@ -132,20 +132,20 @@ jobs:
 
         steps:
             - name: Harden Runner
-              uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481  # v2.11.0
+              uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911  # v2.13.0
               with:
                   egress-policy: audit
 
             - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
 
             - name: Set up Python 3.13
-              uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38  # v5.4.0
+              uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55  # v5.5.0
               with:
                   python-version: 3.13
                   cache: pip
 
             - name: Install uv
-              uses: install-pinned/uv@cdd7153ace885f698b54dcd2ae4ce134afa2ac05  # 0.4.12
+              uses: install-pinned/uv@3aec1379ab70bb5b1be041748d52f765e3a3dc74  # 0.4.12
 
             - name: Install module and dependencies
               run: |
@@ -177,15 +177,15 @@ jobs:
         steps:
             - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-            - uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
+            - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
               id: download
               with:
                   pattern: coverage-*
                   merge-multiple: true
 
             - name: Coverage comment
               id: coverage_comment
-              uses: py-cov-action/python-coverage-comment-action@d1ff8fbb5ff80feedb3faa0f6d7b424f417ad0e1  # v3.30
+              uses: py-cov-action/python-coverage-comment-action@91910686861e4e1d8282a267a896eb39d46240fb  # v3.35
               with:
                   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
                   MERGE_COVERAGE_FILES: true
@@ -209,14 +209,14 @@ jobs:
 
         steps:
             - name: Harden Runner
-              uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+              uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
               with:
                   egress-policy: audit
 
             - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
             - name: Set up Python ${{ matrix.python-version }}
-              uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
+              uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
               with:
                   python-version: ${{ matrix.python-version }}
                   cache: pip
 
@@ -0,0 +1,95 @@
+name: Build & Publish Wheels + Source
+
+on:
+  workflow_dispatch:
+  release:
+    types:
+      - published
+
+permissions: read-all
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: Set up Python 3.13
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38
+        with:
+            python-version: "3.13"
+            cache: pip
+
+      - name: Install uv
+        uses: install-pinned/uv@3aec1379ab70bb5b1be041748d52f765e3a3dc74
+
+      - name: Install dependencies
+        run: |
+            uv pip install --system -r requirements-dev.txt
+            uv pip install --system -e .[all]
+
+      - name: Check setup.py
+        run: |
+          python setup.py check
+
+      - name: Build src dist
+        run: |
+          python -m build --sdist --outdir dist
+
+      - name: Upload dist directory
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1
+        with:
+          name: parsons-dist
+          path: dist/
+
+  test:
+    needs: build
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest, macos-latest]
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+      - name: Download package
+        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806
+        with:
+          name: parsons-dist
+          path: dist
+
+      - name: Install package using pip
+        run: |
+          file=$(find ./dist -name 'parsons-*.tar.gz' | head -1)
+          pip install "$file"
+        shell: bash
+
+  publish:
+    if: github.repository_owner == 'move-coop'
+    needs:
+      - test
+
+    runs-on: ubuntu-latest
+    environment: release
+
+    permissions:
+      id-token: write # IMPORTANT: this permission is mandatory for trusted publishing
+
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: Download package
+        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806
+        with:
+          name: parsons-dist
+          path: dist
+
+      # Publish
+      - name: Publish
+        uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc
+        with:
+          verify-metadata: true
+          skip-existing: true
+          packages-dir: dist
+          verbose: true
@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
         with:
           egress-policy: audit
 
@@ -43,7 +43,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
@@ -74,6 +74,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
+        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
         with:
           sarif_file: results.sarif
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: 'v0.11.2'
+    rev: 'v0.11.7'
     hooks:
       - id: ruff
       - id: ruff-format
 
@@ -0,0 +1,4 @@
+include requirements.txt
+include README.md
+include LICENSE.md
+recursive-include parsons *.py