refresh to match pallets (#386)

Author: davidism

.editorconfig

@@ -0,0 +1,13 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+insert_final_newline = true
+trim_trailing_whitespace = true
+end_of_line = lf
+charset = utf-8
+max_line_length = 88
+
+[*.{css,html,js,json,jsx,scss,ts,tsx,yaml,yml}]
+indent_size = 2

.github/ISSUE_TEMPLATE/bug-report.md

@@ -4,8 +4,8 @@ about: Report a bug in Quart (not other projects which depend on Quart)
 ---
 
 <!--
-This issue tracker is a tool to address bugs in Quart itself. Please
-use Pallets Discord or Stack Overflow for questions about your own code.
+This issue tracker is a tool to address bugs in Quart itself. Please use
+GitHub Discussions or the Pallets Discord for questions about your own code.
 
 Replace this comment with a clear outline of what the bug is.
 -->

.github/ISSUE_TEMPLATE/config.yml

@@ -1,11 +1,11 @@
 blank_issues_enabled: false
 contact_links:
   - name: Security issue
-    url: security@palletsprojects.com
-    about: Do not report security issues publicly. Email our security contact.
+    url: https://github.com/pallets/quart/security/advisories/new
+    about: Do not report security issues publicly. Create a private advisory.
   - name: Questions
-    url: https://stackoverflow.com/questions/tagged/quart?tab=Frequent
-    about: Search for and ask questions about your code on Stack Overflow.
-  - name: Questions and discussions
+    url: https://github.com/pallets/quart/discussions/
+    about: Ask questions about your own code on the Discussions tab.
+  - name: Questions on
     url: https://discord.gg/pallets
-    about: Discuss questions about your code on our Discord chat.
+    about: Ask questions about your own code on our Discord chat.

.github/ISSUE_TEMPLATE/feature-request.md

@@ -5,11 +5,11 @@ about: Suggest a new feature for Quart
 
 <!--
 Replace this comment with a description of what the feature should do.
-Include details such as links relevant specs or previous discussions.
+Include details such as links to relevant specs or previous discussions.
 -->
 
 <!--
 Replace this comment with an example of the problem which this feature
-would resolve. Is this problem solvable without changes to Quart,
-such as by subclassing or using an extension?
+would resolve. Is this problem solvable without changes to Quart, such
+as by subclassing or using an extension?
 -->

.github/dependabot.yml

@@ -1,6 +1,7 @@
 <!--
 Before opening a PR, open a ticket describing the issue or feature the
-PR will address. Follow the steps in CONTRIBUTING.rst.
+PR will address. An issue is not required for fixing typos in
+documentation, or other simple non-code changes.
 
 Replace this comment with a description of the change. Describe how it
 addresses the linked ticket.
@@ -9,22 +10,6 @@ addresses the linked ticket.
 <!--
 Link to relevant issues or previous PRs, one per line. Use "fixes" to
 automatically close an issue.
--->
-
-- fixes #<issue number>
-
-<!--
-Ensure each step in CONTRIBUTING.rst is complete by adding an "x" to
-each box below.
 
-If only docs were changed, these aren't relevant and can be removed.
+fixes #<issue number>
 -->
-
-Checklist:
-
-- [ ] Add tests that demonstrate the correct behavior of the change. Tests should fail without the change.
-- [ ] Add or update relevant docs, in the docs folder and in code.
-- [ ] Add an entry in `CHANGES.rst` summarizing the change and linking to the issue.
-- [ ] Add `.. versionchanged::` entries in any relevant code docs.
-- [ ] Run `pre-commit` hooks and fix any issues.
-- [ ] Run `pytest` and `tox`, no tests failed.

.github/pull_request_template.md

@@ -1,25 +1,22 @@
-name: 'Lock threads'
-# Lock closed issues that have not received any further activity for
-# two weeks. This does not close open issues, only humans may do that.
-# We find that it is easier to respond to new issues with fresh examples
-# rather than continuing discussions on old issues.
+name: Lock inactive closed issues
+# Lock closed issues that have not received any further activity for two weeks.
+# This does not close open issues, only humans may do that. It is easier to
+# respond to new issues with fresh examples rather than continuing discussions
+# on old issues.
 
 on:
   schedule:
     - cron: '0 0 * * *'
-
 permissions:
   issues: write
   pull-requests: write
-
 concurrency:
   group: lock
-
 jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v5
+      - uses: dessant/lock-threads@1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771 # v5.0.1
         with:
           issue-inactive-days: 14
           pr-inactive-days: 14

.github/workflows/lock.yaml

@@ -0,0 +1,16 @@
+name: pre-commit
+on:
+  pull_request:
+  push:
+    branches: [main, stable]
+jobs:
+  main:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      with:
+        python-version: 3.x
+    - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
+    - uses: pre-commit-ci/lite-action@5d6cc0eb514c891a40562a58a8e71576c5c7fb43 # v1.1.0
+      if: ${{ !cancelled() }}

.github/workflows/pre-commit.yaml

@@ -9,40 +9,42 @@ jobs:
     outputs:
       hash: ${{ steps.hash.outputs.hash }}
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version: '3.x'
-      - run: pip install poetry
-      - run: poetry build
+          cache: pip
+          cache-dependency-path: requirements*/*.txt
+      - run: pip install -r requirements/build.txt
+      # Use the commit date instead of the current date during the build.
+      - run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
+      - run: python -m build
       # Generate hashes used for provenance.
       - name: generate hash
         id: hash
         run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           path: ./dist
-
   provenance:
-    needs: ['build']
+    needs: [build]
     permissions:
       actions: read
       id-token: write
       contents: write
     # Can't pin with hash due to how this workflow works.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
     with:
       base64-subjects: ${{ needs.build.outputs.hash }}
-
   create-release:
     # Upload the sdist, wheels, and provenance to a GitHub release. They remain
     # available as build artifacts for a while as well.
-    needs: ['provenance']
+    needs: [provenance]
     runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
       - name: create release
         run: >
           gh release create --draft --repo ${{ github.repository }}
@@ -51,15 +53,17 @@ jobs:
         env:
           GH_TOKEN: ${{ github.token }}
   publish-pypi:
-    needs: ['provenance']
+    needs: [provenance]
     # Wait for approval before attempting to upload to PyPI. This allows reviewing the
     # files in the draft release.
-    environment: 'publish'
+    environment:
+      name: publish
+      url: https://pypi.org/project/Quart/${{ github.ref_name }}
     runs-on: ubuntu-latest
     permissions:
       id-token: write
     steps:
-      - uses: actions/download-artifact@v4
-      - uses: pypa/gh-action-pypi-publish@release/v1
+      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
         with:
           packages-dir: artifact/

.github/workflows/publish.yaml

@@ -1,54 +1,48 @@
 name: Tests
 on:
   push:
-    branches:
-      - main
-      - pallets
-    paths-ignore:
-      - 'docs/**'
-      - '*.md'
-      - '*.rst'
+    branches: [main, stable]
+    paths-ignore: ['docs/**', '*.md', '*.rst']
   pull_request:
-    branches:
-      - main
-    paths-ignore:
-      - 'docs/**'
-      - '*.md'
-      - '*.rst'
+    paths-ignore: [ 'docs/**', '*.md', '*.rst' ]
 jobs:
   tests:
-    name: ${{ matrix.name }}
-    runs-on: ${{ matrix.os }}
+    name: ${{ matrix.name || matrix.python }}
+    runs-on: ${{ matrix.os || 'ubuntu-latest' }}
     strategy:
       fail-fast: false
       matrix:
         include:
-          - {name: Linux, python: '3.13', os: ubuntu-latest, tox: py313}
-          - {name: Windows, python: '3.13', os: windows-latest, tox: py313}
-          - {name: Mac, python: '3.13', os: macos-latest, tox: py313}
-          - {name: '3.13', python: '3.13', os: ubuntu-latest, tox: py313}
-          - {name: '3.12', python: '3.12', os: ubuntu-latest, tox: py312}
-          - {name: '3.11', python: '3.11', os: ubuntu-latest, tox: py311}
-          - {name: '3.9', python: '3.9', os: ubuntu-latest, tox: py39}
-          - {name: Typing, python: '3.13', os: ubuntu-latest, tox: mypy}
-          - {name: Package, python: '3.13', os: ubuntu-latest, tox: package}
-          - {name: Lint, python: '3.13', os: ubuntu-latest, tox: pep8}
-          - {name: Format, python: '3.13', os: ubuntu-latest, tox: format}
+          - {python: '3.13'}
+          - {name: Windows, python: '3.13', os: windows-latest}
+          - {name: Mac, python: '3.13', os: macos-latest}
+          - {python: '3.12'}
+          - {python: '3.11'}
+          - {python: '3.10'}
+          - {python: '3.9'}
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version: ${{ matrix.python }}
-      - name: update pip
-        run: |
-          pip install -U wheel
-          pip install -U setuptools
-          python -m pip install -U pip
+          allow-prereleases: true
+          cache: pip
+          cache-dependency-path: requirements*/*.txt
+      - run: pip install tox
+      - run: tox run -e ${{ matrix.tox || format('py{0}', matrix.python) }}
+  typing:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+        with:
+          python-version: '3.x'
+          cache: pip
+          cache-dependency-path: requirements*/*.txt
       - name: cache mypy
-        uses: actions/cache@v4.0.0
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
         with:
           path: ./.mypy_cache
-          key: mypy|${{ matrix.python }}|${{ hashFiles('pyproject.toml') }}
-        if: matrix.tox == 'typing'
+          key: mypy|${{ hashFiles('pyproject.toml') }}
       - run: pip install tox
-      - run: tox -e ${{ matrix.tox }}
+      - run: tox run -e typing

.github/workflows/tests.yaml

@@ -1,15 +1,11 @@
-*~
-venv/
+.idea/
+.vscode/
+.venv*/
+venv*/
 __pycache__/
-Quart.egg-info/
-.cache/
+dist/
+.coverage*
+htmlcov/
 .tox/
-TODO
-.mypy_cache/
-.pytest_cache/
-.hypothesis/
+docs/reference/source
 docs/_build/
-docs/reference/source/
-dist/
-.coverage
-poetry.lock

.gitignore

@@ -1,32 +1,14 @@
 repos:
-  - repo: https://github.com/asottile/pyupgrade
-    rev: v3.9.0
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.7.3
     hooks:
-      - id: pyupgrade
-        args: ["--py38-plus"]
-  - repo: https://github.com/pycqa/isort
-    rev: 5.12.0
-    hooks:
-      - id: isort
-  - repo: https://github.com/psf/black
-    rev: 23.7.0
-    hooks:
-      - id: black
-  - repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
-    hooks:
-      - id: flake8
-        additional_dependencies:
-          - flake8-bugbear
-          - flake8-implicit-str-concat
-  - repo: https://github.com/peterdemin/pip-compile-multi
-    rev: v2.6.3
-    hooks:
-      - id: pip-compile-multi-verify
+      - id: ruff
+      - id: ruff-format
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v5.0.0
     hooks:
+      - id: check-merge-conflict
+      - id: debug-statements
       - id: fix-byte-order-marker
       - id: trailing-whitespace
       - id: end-of-file-fixer
-        exclude: "^tests/.*.http$"

.pre-commit-config.yaml

@@ -1,16 +1,13 @@
 version: 2
-
 build:
   os: ubuntu-22.04
   tools:
-    python: "3.12"
-
+    python: '3.12'
 python:
   install:
+    - requirements: requirements/docs.txt
     - method: pip
       path: .
-      extra_requirements:
-        - docs
-
 sphinx:
-   configuration: docs/conf.py
+  builder: html
+  fail_on_warning: false