@oddessentials/repo-standards 1.0.1 → 1.2.0

package/dist/config/standards.python.azure-devops.json

@@ -404,6 +404,62 @@
       }
     ],
     "recommended": [
+      {
+        "ciHints": {
+          "azure-devops": {
+            "notes": "CI hints are suggested mappings; adjust to your pipeline topology.",
+            "stage": "quality"
+          }
+        },
+        "description": "Automate dependency updates using Renovate or Dependabot to keep dependencies current and reduce security exposure window.",
+        "id": "dependency-update-automation",
+        "label": "Dependency Update Automation",
+        "stack": {
+          "anyOfFiles": [
+            "renovate.json",
+            ".renovaterc.json",
+            ".github/dependabot.yml"
+          ],
+          "exampleConfigFiles": [
+            "renovate.json",
+            ".github/dependabot.yml"
+          ],
+          "exampleTools": [
+            "renovate",
+            "dependabot"
+          ],
+          "notes": "Renovate supports pyproject.toml, requirements.txt, Pipfile, poetry.lock. For AzDO: self-hosted Renovate or schedule-triggered pipeline.",
+          "pinningNotes": "Use requirements.txt with pinned versions or poetry.lock for deterministic installs.",
+          "verification": "Check for renovate.json OR .github/dependabot.yml. Verify Python dependency PRs."
+        }
+      },
+      {
+        "ciHints": {
+          "azure-devops": {
+            "notes": "CI hints are suggested mappings; adjust to your pipeline topology.",
+            "stage": "quality"
+          }
+        },
+        "description": "Enforce module boundaries and import constraints to prevent architectural drift and unwanted coupling.",
+        "id": "dependency-architecture-rules",
+        "label": "Dependency Architecture Rules",
+        "stack": {
+          "exampleConfigFiles": [
+            "pyproject.toml",
+            ".importlinter"
+          ],
+          "exampleTools": [
+            "import-linter",
+            "pydeps"
+          ],
+          "notes": "Configure [tool.importlinter] in pyproject.toml OR use standalone .importlinter file. pydeps is visualization-only.",
+          "optionalFiles": [
+            "pyproject.toml",
+            ".importlinter"
+          ],
+          "verification": "Run 'lint-imports' successfully. Config must exist in pyproject.toml [tool.importlinter] section OR .importlinter file."
+        }
+      },
       {
         "ciHints": {
           "azure-devops": {
@@ -525,7 +581,8 @@
           "type-checking",
           "unit-test-runner",
           "unit-test-reporter",
-          "dependency-security"
+          "dependency-security",
+          "dependency-update-automation"
         ],
         "notes": "Pin tool and runtime versions in CI and containers to avoid flaky differences across environments.",
         "step": 3,
@@ -553,5 +610,5 @@
   },
   "stack": "python",
   "stackLabel": "Python",
-  "version": 1
+  "version": 2
 }

package/dist/config/standards.python.github-actions.json

@@ -404,6 +404,62 @@
       }
     ],
     "recommended": [
+      {
+        "ciHints": {
+          "github-actions": {
+            "job": "ci",
+            "notes": "CI hints are suggested mappings; adjust to your workflow structure."
+          }
+        },
+        "description": "Automate dependency updates using Renovate or Dependabot to keep dependencies current and reduce security exposure window.",
+        "id": "dependency-update-automation",
+        "label": "Dependency Update Automation",
+        "stack": {
+          "anyOfFiles": [
+            "renovate.json",
+            ".renovaterc.json",
+            ".github/dependabot.yml"
+          ],
+          "exampleConfigFiles": [
+            "renovate.json",
+            ".github/dependabot.yml"
+          ],
+          "exampleTools": [
+            "renovate",
+            "dependabot"
+          ],
+          "notes": "Renovate supports pyproject.toml, requirements.txt, Pipfile, poetry.lock. For AzDO: self-hosted Renovate or schedule-triggered pipeline.",
+          "pinningNotes": "Use requirements.txt with pinned versions or poetry.lock for deterministic installs.",
+          "verification": "Check for renovate.json OR .github/dependabot.yml. Verify Python dependency PRs."
+        }
+      },
+      {
+        "ciHints": {
+          "github-actions": {
+            "job": "ci",
+            "notes": "CI hints are suggested mappings; adjust to your workflow structure."
+          }
+        },
+        "description": "Enforce module boundaries and import constraints to prevent architectural drift and unwanted coupling.",
+        "id": "dependency-architecture-rules",
+        "label": "Dependency Architecture Rules",
+        "stack": {
+          "exampleConfigFiles": [
+            "pyproject.toml",
+            ".importlinter"
+          ],
+          "exampleTools": [
+            "import-linter",
+            "pydeps"
+          ],
+          "notes": "Configure [tool.importlinter] in pyproject.toml OR use standalone .importlinter file. pydeps is visualization-only.",
+          "optionalFiles": [
+            "pyproject.toml",
+            ".importlinter"
+          ],
+          "verification": "Run 'lint-imports' successfully. Config must exist in pyproject.toml [tool.importlinter] section OR .importlinter file."
+        }
+      },
       {
         "ciHints": {
           "github-actions": {
@@ -525,7 +581,8 @@
           "type-checking",
           "unit-test-runner",
           "unit-test-reporter",
-          "dependency-security"
+          "dependency-security",
+          "dependency-update-automation"
         ],
         "notes": "Pin tool and runtime versions in CI and containers to avoid flaky differences across environments.",
         "step": 3,
@@ -553,5 +610,5 @@
   },
   "stack": "python",
   "stackLabel": "Python",
-  "version": 1
+  "version": 2
 }

package/dist/config/standards.python.json

@@ -452,6 +452,70 @@
       }
     ],
     "recommended": [
+      {
+        "ciHints": {
+          "azure-devops": {
+            "notes": "CI hints are suggested mappings; adjust to your pipeline topology.",
+            "stage": "quality"
+          },
+          "github-actions": {
+            "job": "ci",
+            "notes": "CI hints are suggested mappings; adjust to your workflow structure."
+          }
+        },
+        "description": "Automate dependency updates using Renovate or Dependabot to keep dependencies current and reduce security exposure window.",
+        "id": "dependency-update-automation",
+        "label": "Dependency Update Automation",
+        "stack": {
+          "anyOfFiles": [
+            "renovate.json",
+            ".renovaterc.json",
+            ".github/dependabot.yml"
+          ],
+          "exampleConfigFiles": [
+            "renovate.json",
+            ".github/dependabot.yml"
+          ],
+          "exampleTools": [
+            "renovate",
+            "dependabot"
+          ],
+          "notes": "Renovate supports pyproject.toml, requirements.txt, Pipfile, poetry.lock. For AzDO: self-hosted Renovate or schedule-triggered pipeline.",
+          "pinningNotes": "Use requirements.txt with pinned versions or poetry.lock for deterministic installs.",
+          "verification": "Check for renovate.json OR .github/dependabot.yml. Verify Python dependency PRs."
+        }
+      },
+      {
+        "ciHints": {
+          "azure-devops": {
+            "notes": "CI hints are suggested mappings; adjust to your pipeline topology.",
+            "stage": "quality"
+          },
+          "github-actions": {
+            "job": "ci",
+            "notes": "CI hints are suggested mappings; adjust to your workflow structure."
+          }
+        },
+        "description": "Enforce module boundaries and import constraints to prevent architectural drift and unwanted coupling.",
+        "id": "dependency-architecture-rules",
+        "label": "Dependency Architecture Rules",
+        "stack": {
+          "exampleConfigFiles": [
+            "pyproject.toml",
+            ".importlinter"
+          ],
+          "exampleTools": [
+            "import-linter",
+            "pydeps"
+          ],
+          "notes": "Configure [tool.importlinter] in pyproject.toml OR use standalone .importlinter file. pydeps is visualization-only.",
+          "optionalFiles": [
+            "pyproject.toml",
+            ".importlinter"
+          ],
+          "verification": "Run 'lint-imports' successfully. Config must exist in pyproject.toml [tool.importlinter] section OR .importlinter file."
+        }
+      },
       {
         "ciHints": {
           "azure-devops": {
@@ -586,7 +650,8 @@
           "type-checking",
           "unit-test-runner",
           "unit-test-reporter",
-          "dependency-security"
+          "dependency-security",
+          "dependency-update-automation"
         ],
         "notes": "Pin tool and runtime versions in CI and containers to avoid flaky differences across environments.",
         "step": 3,
@@ -614,5 +679,5 @@
   },
   "stack": "python",
   "stackLabel": "Python",
-  "version": 1
+  "version": 2
 }