psycache 26.1.0__tar.gz

psycache-26.1.0/.github/AI_POLICY.md

@@ -0,0 +1,71 @@
+# Generative AI / LLM Policy
+
+We appreciate that we can't realistically police how you author your pull requests, which includes whether you employ large-language model (LLM)-based development tools.
+So, we don't.
+
+However, due to both legal and human reasons, we have to establish boundaries.
+
+> [!CAUTION]
+> **TL;DR:**
+> - We take the responsibility for this project very seriously and we expect you to take your responsibility for your contributions seriously, too.
+>   This used to be a given, but it changed now that a pull request is just one prompt away.
+>
+> - Every contribution has to be backed by a human who unequivocally owns the copyright for all changes.
+>   No LLM bots in `Co-authored-by:`s.
+>
+> - DoS-by-slop leads to a permanent ban.
+>
+> - Absolutely **no** unsupervised agentic tools like OpenClaw.
+>
+> ---
+>
+> By submitting a pull request, you certify that:
+>
+> - You are the author of the contribution or have the legal right to submit it.
+> - You either hold the copyright to the changes or have explicit legal authorization to contribute them under this project's license.
+> - You understand the code.
+> - You accept full responsibility for it.
+
+
+## Legal
+
+There is ongoing legal uncertainty regarding the copyright status of LLM-generated works and their provenance.
+Since we do not have a formal [Contributor License Agreement](https://en.wikipedia.org/wiki/Contributor_license_agreement) (CLA), you retain your copyright to your changes to this project.
+
+Therefore, allowing contributions by LLMs has unpredictable consequences for the copyright status of this project – even when leaving aside possible copyright violations due to plagiarism.
+
+
+## Human
+
+As the makers of software that is used by millions of people worldwide and with a reputation for high-quality maintenance, we take our responsibility to our users very seriously.
+No matter what LLM vendors or boosters on LinkedIn tell you, we have to manually review every change before merging, because it's **our responsibility** to keep the project stable.
+
+Please understand that by opening low-quality pull requests you're not helping anyone.
+Worse, you're [poisoning the open source ecosystem](https://lwn.net/Articles/1058266/) that was precarious even before the arrival of LLM tools.
+Having to wade through plausible-looking-but-low-quality pull requests and trying to determine which ones are legit is extremely demoralizing and has already burned out many good maintainers.
+
+Put bluntly, we have no time or interest to become part of your vibe coding loop where you drop LLM slop at our door, we spend time and energy to review it, and you just feed it back into the LLM for another iteration.
+
+This dynamic is especially pernicious because it poisons the well for mentoring new contributors which we are committed to.
+
+
+## Summary
+
+In practice, this means:
+
+- Pull requests that have an LLM product listed as co-author can't be merged and will be closed without further discussion.
+  We cannot risk the copyright status of this project.
+
+  If you used LLM tools during development, you may still submit – but you must remove any LLM co-author tags and take full ownership of every line.
+
+- By submitting a pull request, **you** take full **technical and legal** responsibility for the contents of the pull request and promise that **you** hold the copyright for the changes submitted.
+
+  "An LLM wrote it" is **not** an acceptable response to questions or critique.
+  **If you cannot explain and defend the changes you submit, do not submit them** and open a high-quality bug report/feature request instead.
+
+- Accounts that exercise bot-like behavior – like automated mass pull requests – will be permanently banned, whether they belong to a human or not.
+
+- Do **not** post LLM-generated review comments – we can prompt LLMs ourselves should we desire their wisdom.
+  Do **not** post summaries unless you've fact-checked them and take responsibility for 100% of their content.
+  Remember that *all* LLM output *looks* **plausible**.
+  When using these tools, it's **your** responsibility to ensure that it's also **correct** and has a reasonable signal-to-noise ratio.

psycache-26.1.0/.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,16 @@
+# Code of Conduct
+
+While not being a [Python Software Foundation](https://www.python.org/psf-landing/) project, everyone interacting in this project is expected to follow the [PSF Code of Conduct](https://policies.python.org/python.org/code-of-conduct/).
+
+In general, this means that everyone is expected to be **open**, **considerate**, and **respectful** of others no matter what their position is within the project.
+
+
+## Enforcement
+
+We take Code of Conduct violations seriously, and will act to ensure our spaces are welcoming, inclusive, and professional environments to communicate in.
+
+If you need to raise a Code of Conduct report, you may do so privately by email to [Hynek Schlawack](mailto:hs@ox.cx).
+
+Reports will be treated confidentially.
+
+Alternately you can make a [report to the Python Software Foundation](https://policies.python.org/python.org/code-of-conduct/Procedures-for-Reporting-Incidents/).

psycache-26.1.0/.github/CONTRIBUTING.md

@@ -0,0 +1,241 @@
+# How To Contribute
+
+> [!IMPORTANT]
+> - This document is mainly to help you to get started by codifying tribal knowledge and expectations and make it more accessible to everyone.
+>   But don't be afraid to open half-finished PRs and ask questions if something is unclear!
+>
+> - If you use LLM / "AI" tools for your contributions, please read and follow our [_Generative AI / LLM Policy_][llm].
+
+
+## Workflow
+
+> [!WARNING]
+> Before starting to work on **feature** pull requests, **please** discuss your idea with us on the [Ideas board](https://github.com/hynek/psycache/discussions/categories/ideas) to save you time and effort!
+
+First off, thank you for considering to contribute!
+It's people like *you* who make this project such a great tool for everyone.
+
+- No contribution is too small!
+  Please submit as many fixes for typos and grammar bloopers as you can!
+
+- **Only contribute code that you fully understand.**
+  See also our [AI policy][llm].
+
+- Very relatedly, our pull request check list is our mandatory [Van Halen test](https://en.wikipedia.org/wiki/Van_Halen_test).
+  Sadly, the current state of the world has forced us into being stricter about policies -- sorry fellow humans!
+
+- Try to limit each pull request to *one* change only.
+
+- Since we squash on merge, it's up to you how you handle updates to the `main` branch.
+  Whether you prefer to rebase on `main` or merge `main` into your branch, do whatever is more comfortable for you.
+
+- *Always* add tests and docs for your code.
+  This is a hard rule; patches with missing tests or documentation won't be merged.
+
+- Consider updating [`CHANGELOG.md`](../CHANGELOG.md) to reflect the changes as observed by people using this library.
+
+- Make sure your changes pass our [CI](https://github.com/hynek/psycache/actions).
+  You won't get any feedback until it's green unless you ask for it.
+  For the CI to pass, the coverage must be 100%.
+  If you have problems to test something, open anyway and ask for advice.
+  In some situations, we may agree to add an `# pragma: no cover`.
+
+- Once you've addressed review feedback, make sure to bump the pull request with a short note, so we know you're done.
+
+- Don't break [backwards-compatibility](SECURITY.md).
+
+
+## Local development environment
+
+### Postgres
+
+The test suite requires a running Postgres database that is accessible via the `postgresql://postgres@127.0.0.1/postgres` DSN (no password).
+It will use it only to create a database `psycache` with a no-password user `psycache` that is used for the actual tests.
+
+
+### Python
+
+First, **fork** the repository on GitHub.
+Make sure to **uncheck** the `Copy the main branch only` radio button on the `Create a new fork` page.
+If you don't, our test suite will fail because we use Git tags for packaging.
+
+Finally, **clone** it using one of the alternatives that you can copy-paste by pressing the big green button labeled `<> Code`.
+
+You can (and should) run our test suite using [*tox*](https://tox.wiki/).
+However, you'll probably want a more traditional environment as well.
+
+We recommend using the Python version from the `.python-version` file in the project's root directory, because that's the one that is used in the CI by default, too.
+
+If you're using [*direnv*](https://direnv.net), you can automate the creation of the project virtual environment with the correct Python version by adding the following `.envrc` to the project root:
+
+```bash
+layout python python$(cat .python-version)
+```
+
+or, if you like [*uv*](https://github.com/astral-sh/uv):
+
+```bash
+test -d .venv || (uv venv && uv pip install -e . --group dev)
+. .venv/bin/activate
+```
+
+> [!WARNING]
+> - **Before** you start working on a new pull request, use the "*Sync fork*" button in GitHub's web UI to ensure your fork is up to date.
+> - **Always create a new branch off `main` for each new pull request.**
+>   Yes, you can work on `main` in your fork and submit pull requests.
+>   But this will *inevitably* lead to you not being able to synchronize your fork with upstream and having to start over.
+
+Change into the newly created directory and after activating a virtual environment, install an editable version of this project along with its tests requirements:
+
+```console
+$ pip install -e . --group dev  # or `uv pip install -e . --group dev`
+```
+
+Now you can run the test suite:
+
+```console
+$ python -Im pytest
+```
+
+To run doctests:
+
+```console
+$ tox run -e docs-doctests
+```
+
+
+## Code
+
+- Obey [PEP 8](https://peps.python.org/pep-0008/) and [PEP 257](https://peps.python.org/pep-0257/).
+  We use the `"""`-on-separate-lines style for docstrings with [Napoleon](https://www.sphinx-doc.org/en/master/usage/extensions/napoleon.html)-style API documentation:
+
+  ```python
+  def func(x: str, y: int) -> str:
+      """
+      Do something.
+
+      Args:
+          x: A very important argument.
+
+          y:
+            Another very important argument, but its description is so long
+            that it doesn't fit on one line. So, we start the whole block on a
+            fresh new line to keep the block together.
+
+      Returns:
+          The result of doing something.
+      """
+  ```
+
+  Please note that unlike everything else, the API docstrings are still reStructuredText.
+
+- If you add or change public APIs, tag the docstring using `..  versionadded:: 26.1.0 WHAT` or `..  versionchanged:: 26.1.0 WHAT`.
+  We follow [Calendar Versioning](https://calver.org/), so the next version will be the current with with the middle number incremented (for example, `26.1.0` -> `26.2.0`).
+
+- We use [Ruff](https://ruff.rs/) to sort our imports and format our code with a line length of 79 characters.
+  As long as you run our full *tox* suite before committing, or install our [*pre-commit*](https://pre-commit.com/) hooks (ideally you'll do both -- see [*Local Development Environment*](#local-development-environment) above), you won't have to spend any time on formatting your code at all.
+  If you don't, CI will catch it for you -- but that seems like a waste of your time!
+
+
+## Tests
+
+- Write your asserts as `expected == actual` to line them up nicely, and leave an empty line before them:
+
+  ```python
+  x = f()
+
+  assert 42 == x.some_attribute
+  assert "foo" == x._a_private_attribute
+  ```
+
+- You can run the test suite runs with all (optional) dependencies against all supported Python versions just as it will in our CI by running `tox`.
+
+- Write [good test docstrings](https://jml.io/test-docstrings/).
+
+
+## Documentation
+
+- Use [semantic newlines] in [reStructuredText](https://www.sphinx-doc.org/en/stable/usage/restructuredtext/basics.html) (`*.rst`) and [Markdown](https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax) (`*.md`) files:
+
+  ```markdown
+  This is a sentence.
+  This is another sentence.
+
+  This is a new paragraph.
+  ```
+
+- If you start a new section, add two blank lines before and one blank line after the header except if two headers follow immediately after each other:
+
+  ```markdown
+  # Main Header
+
+  Last line of previous section.
+
+
+  ## Header of New Top Section
+
+  ### Header of New Section
+
+  First line of new section.
+  ```
+
+
+### Changelog
+
+If your change is interesting to end-users, there needs to be an entry in our `CHANGELOG.md`, so they can learn about it.
+
+- The changelog follows the [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) standard.
+  Add the best-fitting section if it's missing for the current release.
+  We use the following order: `Security`, `Removed`, `Deprecated`, `Added`, `Changed`, `Fixed`.
+
+- As with other docs, please use [semantic newlines] in the changelog.
+
+- Make the last line a link to your pull request.
+  You probably have to open it first to know the number.
+
+- Leave an empty line between entries, so it doesn't look like a wall of text.
+
+- Refer to all symbols by their fully-qualified names.
+  For example, `psycache.Foo` -- not just `Foo`.
+
+- Wrap symbols like modules, functions, or classes into backticks, so they are rendered in a `monospace font`.
+
+- Wrap arguments into asterisks so they are *italicized* like in API documentation:
+  `Added new argument *an_argument*.`
+
+- If you mention functions or methods, add parentheses at the end of their names:
+  `psycache.func()` or `psycache.Class.method()`.
+  This makes the changelog a lot more readable.
+
+- Prefer simple past tense or constructions with "now".
+  In the `Added` section, you can leave out the "Added" prefix:
+
+  ```markdown
+  ### Added
+
+  - `psycache.func()` that does foo.
+    It's pretty cool.
+    [#1](https://github.com/hynek/psycache/pull/1)
+
+
+  ### Fixed
+
+  - `psycache.func()` now doesn't crash the Large Hadron Collider anymore.
+    That was a nasty bug!
+    [#2](https://github.com/hynek/psycache/pull/2)
+  ```
+
+
+## See you on GitHub!
+
+Again, this whole file is mainly to help you to get started by codifying tribal knowledge and expectations to save you time and turnarounds.
+It is **not** meant to be a barrier to entry, so don't be afraid to open half-finished PRs and ask questions if something is unclear!
+
+Please note that this project is released with a Contributor [Code of Conduct](CODE_OF_CONDUCT.md).
+By participating in this project you agree to abide by its terms.
+Please report any harm to [Hynek Schlawack](https://hynek.me/about/) in any way you find appropriate.
+
+
+[semantic newlines]: https://rhodesmill.org/brandon/2012/one-sentence-per-line/
+[llm]: AI_POLICY.md
+[install *uv*]: https://docs.astral.sh/uv/getting-started/installation/

psycache-26.1.0/.github/FUNDING.yml

@@ -0,0 +1,5 @@
+---
+github: hynek
+tidelift: pypi/psycache
+thanks_dev: u/gh/hynek
+custom: https://hynek.me/say-thanks/

psycache-26.1.0/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,34 @@
+# Summary
+
+<!-- Please tell us what your pull request is about here. -->
+
+
+# Pull Request Check List
+
+<!--
+This list is our brown M&M test:
+Ignoring -- or even deleting -- leads to instant closing of this pull request.
+The only exceptions are pure documentation fixes.
+
+Please read our [contribution guide](https://github.com/hynek/psycache/blob/main/.github/CONTRIBUTING.md) at least once; it will save you unnecessary review cycles!
+
+You may check boxes that don't apply to your pull request to indicate that there isn't anything left to do.
+-->
+
+- [ ] I acknowledge this project's [**AI policy**](https://github.com/hynek/psycache/blob/main/.github/AI_POLICY.md).
+- [ ] Typos aside (please, always submit typo fixes!), I understand that this pull request may be **closed** in case there was **no [previous discussion](https://github.com/hynek/psycache/discussions/categories/ideas)**.
+- [ ] This pull request is [**not** from my `main` branch](https://hynek.me/articles/pull-requests-branch/).
+  - Consider granting [push permissions to the PR branch](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork), so maintainers can fix minor issues themselves without pestering you.
+- [ ] There's **tests** for all new and changed code.
+- [ ] **New APIs** are added to our typing tests at <https://github.com/hynek/psycache/blob/main/tests/typing/>.
+- [ ] Updated **documentation** for changed code.
+    - [ ] New functions/classes have to be added to `docs/core-concepts.md` or one of the integration guides by hand.
+    - [ ] Changed/added classes/methods/functions have appropriate `versionadded`, `versionchanged`, or `deprecated` [directives](http://www.sphinx-doc.org/en/stable/markup/para.html#directive-versionadded).
+      - The next version is the second number in the current release + 1. The first number represents the current year. So if the current version on PyPI is 26.1.0, the next version is gonna be 26.2.0. If the next version is the first in the new year, it'll be 27.1.0.
+- [ ] Documentation in `.md` files is written using [**semantic newlines**](https://rhodesmill.org/brandon/2012/one-sentence-per-line/).
+- [ ] Changes (and possible deprecations) are documented in the [**changelog**](https://github.com/hynek/psycache/blob/main/CHANGELOG.md).
+
+<!--
+If you have *any* questions to *any* of the points above, just **submit and ask**!
+Given the ongoing AI slop wave we need to be strict about policies, but we're happy to help out fellow humans.
+-->

psycache-26.1.0/.github/dependabot.yml

@@ -0,0 +1,14 @@
+---
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: monthly
+    cooldown:
+      # https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
+      default-days: 7
+    groups:
+      github-actions:
+        patterns:
+          - "*"

psycache-26.1.0/.github/workflows/ci.yml

@@ -0,0 +1,226 @@
+---
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+  workflow_dispatch:
+
+env:
+  FORCE_COLOR: "1" # Make tools pretty.
+  PIP_DISABLE_PIP_VERSION_CHECK: "1"
+  PIP_NO_PYTHON_VERSION_WARNING: "1"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  build-package:
+    name: Build & verify package
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - uses: hynek/build-and-inspect-python-package@d44ca7d91762de7a7d5436ddae667c6da6d1c3df # v2.18.0
+        id: baipp
+
+    outputs:
+      # Used to define the matrix for tests below. The value is based on
+      # packaging metadata (trove classifiers).
+      python-versions: ${{ steps.baipp.outputs.supported_python_classifiers_json_array }}
+
+  tests:
+    name: Tests on ${{ matrix.python-version }}
+    runs-on: ubuntu-24.04 # the version affects postgres paths!
+    needs: build-package
+
+    strategy:
+      fail-fast: false
+      matrix:
+        # Created by the build-and-inspect-python-package action above.
+        python-version: ${{ fromJson(needs.build-package.outputs.python-versions) }}
+
+    env:
+      PYTHON: ${{ matrix.python-version }}
+
+    steps:
+      - name: Download pre-built packages
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: Packages
+          path: dist
+      - run: |
+          tar xf dist/*.tar.gz --strip-components=1
+          rm -rf src
+      - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
+        with:
+          python-version: ${{ matrix.python-version }}
+          allow-prereleases: true
+      - uses: hynek/setup-cached-uv@4300ec2180bc77d705e626a34e381b81a4772c51 # v2.5.0
+
+      - name: Start PostgreSQL
+        run: |
+          printf '%s\n' \
+            'local all all              trust' \
+            'host  all all 127.0.0.1/32 trust' \
+            'host  all all ::1/128      trust' \
+            | sudo tee /etc/postgresql/16/main/pg_hba.conf >/dev/null
+
+          sudo systemctl start postgresql.service
+
+          until sudo -u postgres pg_isready -q; do sleep 1; done
+
+      - name: Run tests
+        run: >
+          uvx --with tox-uv tox run
+          --installpkg dist/*.whl
+          -f ${PYTHON}-tests
+
+      - name: Upload coverage data
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: coverage-data-${{ matrix.python-version }}
+          path: .coverage.*
+          include-hidden-files: true
+          if-no-files-found: ignore
+
+  coverage:
+    name: Ensure 100% test coverage
+    runs-on: ubuntu-latest
+    needs: tests
+    if: always()
+
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        with:
+          persist-credentials: false
+      - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
+        with:
+          python-version-file: .python-version
+      - uses: hynek/setup-cached-uv@4300ec2180bc77d705e626a34e381b81a4772c51 # v2.5.0
+
+      - name: Download coverage data
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          pattern: coverage-data-*
+          merge-multiple: true
+
+      - name: Combine coverage and fail if it's <100%.
+        run: |
+          uv tool install coverage
+
+          coverage combine
+          coverage html --skip-covered --skip-empty
+
+          # Report and write to summary.
+          coverage report --format=markdown >> $GITHUB_STEP_SUMMARY
+
+          # Report again and fail if under 100%.
+          coverage report --fail-under=100
+
+      - name: Upload HTML report if check failed.
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
+        with:
+          name: html-report
+          path: htmlcov
+        if: ${{ failure() }}
+
+  typing:
+    name: Check types using supported type checkers
+    runs-on: ubuntu-latest
+    needs: build-package
+
+    steps:
+      - name: Download pre-built packages
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: Packages
+          path: dist
+      - run: tar xf dist/*.tar.gz --strip-components=1
+      - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
+        with:
+          python-version-file: .python-version
+      - uses: hynek/setup-cached-uv@4300ec2180bc77d705e626a34e381b81a4772c51 # v2.5.0
+
+      - run: >
+          uvx --with tox-uv
+          tox run -f typing
+
+  docs:
+    name: Run doctests
+    needs: build-package
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download pre-built packages
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
+        with:
+          name: Packages
+          path: dist
+      - run: tar xf dist/*.tar.gz --strip-components=1
+      - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
+        with:
+          # Keep in sync with tox.ini's base_python_file.
+          python-version-file: .python-version
+      - uses: hynek/setup-cached-uv@4300ec2180bc77d705e626a34e381b81a4772c51 # v2.5.0
+
+      - name: Start PostgreSQL
+        # The README examples connect to a real database, so the doctests need
+        # a running PostgreSQL with password-less local access.
+        run: |
+          printf '%s\n' \
+            'local all all              trust' \
+            'host  all all 127.0.0.1/32 trust' \
+            'host  all all ::1/128      trust' \
+            | sudo tee /etc/postgresql/16/main/pg_hba.conf >/dev/null
+
+          sudo systemctl start postgresql.service
+
+          until sudo -u postgres pg_isready -q; do sleep 1; done
+
+      - run: >
+          uvx --with tox-uv
+          tox run -e docs-doctests
+
+  install-dev:
+    name: Verify dev env
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        with:
+          persist-credentials: false
+      - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0
+        with:
+          python-version-file: .python-version
+      - uses: hynek/setup-cached-uv@4300ec2180bc77d705e626a34e381b81a4772c51 # v2.5.0
+
+      - run: uv venv
+      - run: uv pip install -e . --group dev
+
+      - run: .venv/bin/python -Ic 'from importlib.metadata import version; print(version("psycache"))'
+
+  required-checks-pass:
+    name: Ensure everything required is passing for branch protection
+    if: always()
+
+    needs:
+      - coverage
+      - install-dev
+      - typing
+      - docs
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Decide whether the needed jobs succeeded or failed
+        uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
+        with:
+          jobs: ${{ toJSON(needs) }}

psycache-26.1.0/.github/workflows/codeql-analysis.yml

@@ -0,0 +1,42 @@
+---
+name: CodeQL
+
+on:
+  schedule:
+    - cron: "41 3 * * 6"
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+permissions: {}
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write  # necessary according to docs
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [python]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        with:
+          persist-credentials: false
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2