tox-pre-commit 0.0.1a0__tar.gz

tox_pre_commit-0.0.1a0/.codecov.yml

@@ -0,0 +1,39 @@
+---
+
+codecov:
+  notify:
+    manual_trigger: true  # prevent notifications until we notify Codecov
+    wait_for_ci: false
+
+  require_ci_to_pass: false
+
+comment:
+  require_changes: true
+
+coverage:
+  range: 100..100
+  status:
+    patch:
+      default:
+        target: 100%
+      pytest:
+        target: 100%
+        flags:
+        - pytest
+    project:
+      default:
+        target: 100%
+      lib:
+        flags:
+        - pytest
+        paths:
+        - src/
+        target: 100%
+      tests:
+        flags:
+        - pytest
+        paths:
+        - tests/
+        target: 100%
+
+...

tox_pre_commit-0.0.1a0/.codespellrc

@@ -0,0 +1,35 @@
+[codespell]
+# Ref: https://github.com/codespell-project/codespell#using-a-config-file
+
+builtin = clear,code,en-GB_to_en-US,informal,names,rare
+
+check-filenames =
+check-hidden =
+
+count =
+
+# NOTE: `exclude-file` should be uncommented once we have Sphinx
+# exclude-file = docs/spelling_ignorelines.txt
+
+# NOTE: `ignore-words` should be uncommented once we have Sphinx
+# ignore-words = docs/spelling_wordlist.txt
+ignore-words-list = THIRDPARTY
+# NOTE: `cancelled()` is a common helper function in GHA
+ignore-regex = \b!?cancelled()\b
+
+quiet-level = 3
+
+# NOTE: `.gitignore` is skipped due to
+# NOTE: https://github.com/codespell-project/codespell/issues/3941
+skip =
+  .git,
+  .gitignore,
+  .mypy_cache,
+  .ruff_cache,
+  .tox,
+  __pycache__,
+  build,
+  dist,
+  *.egg-info,
+
+# write-changes = true

tox_pre_commit-0.0.1a0/.coveragerc

@@ -0,0 +1,38 @@
+[html]
+show_contexts = true
+skip_covered = false
+
+[paths]
+_site-packages-to-src-mapping =
+  src
+  */src
+  *\src
+  */lib/pypy*/site-packages
+  */lib/python*/site-packages
+  *\Lib\site-packages
+
+[report]
+skip_covered = true
+skip_empty = true
+show_missing = true
+# custom excludes extend baselines from coverage + covdefaults
+# for reference, see
+# coverage: https://coverage.readthedocs.io/en/latest/excluding.html#default-exclusions
+# covdefaults: https://github.com/asottile/covdefaults/blob/8d8712c26ad505f1269851a7c8431b8c1fedaa62/covdefaults.py#L86-L105
+exclude_also =
+  ^\s*@pytest\.mark\.xfail
+  ^\s*if _t\.TYPE_CHECKING:
+
+[run]
+branch = true
+cover_pylib = false
+# https://coverage.rtfd.io/en/latest/contexts.html#dynamic-contexts
+# dynamic_context = test_function  # conflicts with `pytest-cov` if set here
+parallel = true
+plugins =
+  covdefaults
+relative_files = true
+source =
+  .
+source_pkgs =
+  tox_plugins

tox_pre_commit-0.0.1a0/.darglint

@@ -0,0 +1,9 @@
+[darglint]
+# NOTE: All `darglint` styles except for `sphinx` hit ridiculously low
+# NOTE: performance on some of the in-project Python modules.
+# Refs:
+# * https://github.com/terrencepreilly/darglint/issues/186
+# * https://github.com/wemake-services/wemake-python-styleguide/issues/2287
+docstring_style = sphinx
+# enable = DAR104  # covered by `sphinx_autodoc_typehints`
+strictness = full

tox_pre_commit-0.0.1a0/.editorconfig

@@ -0,0 +1,18 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 4
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.{bat,cmd,ps1}]
+end_of_line = crlf
+
+[*.{js,json,json5,yml,yaml,md,rb}]
+indent_size = 2
+
+[Makefile]
+indent_style = tab

tox_pre_commit-0.0.1a0/.flake8

@@ -0,0 +1,171 @@
+[flake8]
+
+# Print the total number of errors:
+count = true
+
+# Don't even try to analyze these:
+extend-exclude =
+  # Circle CI configs
+  .circleci,
+  # No need to traverse egg info dir
+  *.egg-info,
+  # GitHub configs
+  .github,
+  # Cache files of MyPy
+  .mypy_cache,
+  # Cache files of pytest
+  .pytest_cache,
+  # Temp dir of pytest-testmon
+  .tmontmp,
+  # Countless third-party libs in venvs
+  .tox,
+  # Occasional virtualenv dir
+  .venv,
+  # VS Code
+  .vscode,
+  # Temporary build dir
+  build,
+  # This contains sdists and wheels that we don't want to check
+  dist,
+  # Metadata of `pip wheel` cmd is autogenerated
+  pip-wheel-metadata,
+
+# IMPORTANT: avoid using ignore option, always use extend-ignore instead
+# Completely and unconditionally ignore the following errors:
+extend-ignore =
+  # Legitimate cases, no need to "fix" these violations:
+  # E501: "line too long", its function is replaced by `flake8-length`
+  E501,
+  # I: isort-handled
+  I,
+  # W505: "doc line too long", its function is replaced by `flake8-length`
+  W505,
+  # S101: MyPy requires `asserts`, plus they're not bad if cooked well
+  S101,
+  # WPS300: "Found local folder import" -- nothing bad about this
+  WPS300,
+  # WPS305: "Found f string" -- nothing bad about this
+  WPS305,
+  # An opposite consistency expectation is currently enforced
+  # by pylint via: useless-object-inheritance (R0205):
+  # WPS306: "Found class without a base class: *" -- nothing bad about this
+  WPS306,
+  # WPS317 enforces weird indents
+  WPS317,
+  # WPS318 enforces weird indents too
+  WPS318,
+  # WPS322: "Found incorrect multi-line string" -- false-positives with
+  # attribute docstrings. Ref:
+  # https://github.com/wemake-services/wemake-python-styleguide/issues/3056
+  WPS322,
+  # WPS326: "Found implicit string concatenation" -- nothing bad about this
+  WPS326,
+  # WPS332: "Found walrus operator" -- nothing bad about this
+  WPS332,
+  # WPS422: "Found future import: *" -- we need these for multipython
+  WPS422,
+  # WPS428: "Found statement that has no effect" -- false-positives with
+  # attribute docstrings. Ref:
+  # https://github.com/wemake-services/wemake-python-styleguide/issues/3056
+  WPS428,
+  # WPS462: "Wrong multiline string usage" -- false-positives with
+  # attribute docstrings. Ref:
+  # https://github.com/wemake-services/wemake-python-styleguide/issues/3056
+  WPS462,
+
+# IMPORTANT: avoid using select option, always use extend-select instead
+# Enable the following errors:
+extend-select =
+  # B950: "line too long", longer than `max-line-length` + 10%
+  B950,
+
+# https://wemake-python-stylegui.de/en/latest/pages/usage/formatter.html
+format = wemake
+
+# Let's not overcomplicate the code:
+max-complexity = 10
+
+# Accessibility/large fonts and PEP8 friendly.
+# This is being flexibly extended through the `flake8-length`:
+max-line-length = 79
+
+# Allow certain violations in certain files:
+# Please keep both sections of this list sorted, as it will be easier for others to find and add entries in the future
+per-file-ignores =
+  # The following ignores have been researched and should be considered permanent
+  # each should be preceded with an explanation of each of the error codes
+  # If other ignores are added for a specific file in the section following this,
+  # these will need to be added to that line as well.
+
+  # There are multiple `assert`s (S101) in tests;
+  # we don't care about the security of temporary directories in tests (S108);
+  # also, using fixtures looks like shadowing the outer scope (WPS442);
+  # nested functions are often necessary for mocking (WPS430);
+  # furthermore, we should be able to import and test private attributes
+  # (WPS450) and modules (WPS436); `pytest.raises()` allows inspecting the
+  # exception outside the CM (WPS441); additionally test docstrings don't
+  # need param lists (DAR, DCO020):
+  tests/**.py: DAR, DCO020, S101, S108, WPS430, WPS436, WPS441, WPS442, WPS450
+
+  tests/importable_test.py: ANN101, DAR
+
+# Count the number of occurrences of each error/warning code and print a report:
+statistics = true
+
+# ## Plugin-provided settings: ##
+
+# flake8-eradicate
+# E800:
+eradicate-whitelist-extend = isort:\s+\w+|(Ref:|\*)\s+https?:\/\/
+
+# flake8-pytest-style
+# PT001:
+pytest-fixture-no-parentheses = true
+# PT006:
+pytest-parametrize-names-type = tuple
+# PT007:
+pytest-parametrize-values-type = tuple
+pytest-parametrize-values-row-type = tuple
+# PT023:
+pytest-mark-no-parentheses = true
+
+# flake8-quotes
+inline-quotes = single
+multiline-quotes = double
+docstring-quotes = double
+
+# flake8-rst-docstrings
+rst-directives =
+  spelling
+rst-roles =
+  # Built-in Sphinx roles:
+  class,
+  data,
+  file,
+  func,
+  exc,
+  meth,
+  mod,
+  term,
+  py:class,
+  py:data,
+  py:exc,
+  py:func,
+  py:meth,
+  py:term,
+  # Sphinx's internal role:
+  event,
+
+# flake8-typing-as-t
+# TYT02:
+typing-as-t-imported-name = _t
+
+# wemake-python-styleguide
+# WPS111:
+# `_t` will be enforced by `flake8-typing-as-t`
+allowed-domain-names =
+  _t,
+  _c,
+i-control-code = false
+show-violation-links = true
+show-source = true

tox_pre_commit-0.0.1a0/.gitattributes

@@ -0,0 +1,5 @@
+# Force LF line endings for text files
+* text=auto eol=lf
+
+# Needed for setuptools-scm-git-archive
+.git_archival.txt  export-subst

tox_pre_commit-0.0.1a0/.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,87 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project
+and our community a harassment-free experience for everyone, regardless of
+age, body size, disability, ethnicity, gender identity and expression,
+level of experience, nationality, personal appearance, race, religion, or
+sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention
+  or advances
+* Trolling, insulting/derogatory comments, and personal or political
+  attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Submitting low-quality AI-generated contributions (commonly known as
+  "AI slop") -- unsolicited LLM-authored pull requests, issues, comments,
+  or documentation that the human submitter has not personally reviewed,
+  validated, and taken responsibility for. See the [contribution guide]
+  for the full LLM contribution policy.
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+[contribution guide]: ./CONTRIBUTING.md#llm-generated-contributions
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of
+acceptable behavior and are expected to take appropriate and fair
+corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other
+contributions that are not aligned to this Code of Conduct, or to ban
+temporarily or permanently any contributor for other behaviors that they
+deem inappropriate, threatening, offensive, or harmful. **Repeated
+submission of AI-generated spam contributions constitutes grounds for a
+ban under this provision.**
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public
+spaces when an individual is representing the project or its community.
+Examples of representing a project or community include using an
+official project e-mail address, posting via an official social media
+account, or acting as an appointed representative at an online or
+offline event. Representation of a project may be further defined and
+clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may
+be reported by contacting the project maintainer at
+`wk+~foss/tox-dev/tox-plugins/coc@sydorenko.org.ua`. The project team
+will review and investigate all complaints, and will respond in a way
+that it deems appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an
+incident. Further details of specific enforcement policies may be
+posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in
+good faith may face temporary or permanent repercussions as determined
+by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

tox_pre_commit-0.0.1a0/.github/CONTRIBUTING.md

@@ -0,0 +1,88 @@
+# Contributing
+
+<!-- sphinx-inclusion-post-this-line -->
+
+This project is part of the [tox-dev] ecosystem. By contributing, you
+agree to abide by the [Contributor Code of Conduct][coc] and follow the
+conventions outlined below.
+
+## Project Contribution Guidelines
+
+The following apply to contributions in this repository:
+
+- Use [`tox`] to invoke the testing, linting and packaging environments
+  declared in `tox.ini`.
+- Local code-style and static-analysis checks run under [`pre-commit`].
+  Run `pre-commit run --all-files` before pushing.
+- Add tests for behavioral changes. The test suite uses [`tox.pytest`]
+  to exercise the plugin against a real `tox` runtime.
+- Give a clear one-line description in the pull request title.
+- Wait for review from at least one other contributor before merging,
+  even if you have write access.
+
+The only exception to these guidelines is for trivial changes, such as
+documentation corrections or contributions that do not change the
+plugin itself.
+
+Contributions following these guidelines are always welcomed, encouraged
+and appreciated.
+
+[`pre-commit`]: https://pre-commit.com
+[`tox`]: https://tox.wiki
+[`tox.pytest`]:
+https://tox.wiki/en/latest/plugin/howto.html#testing-plugins
+[coc]: ./CODE_OF_CONDUCT.md
+[tox-dev]: https://github.com/tox-dev
+
+### LLM Generated Contributions
+
+Contributors are free to use whatever tools they like, but we have some
+additional guidance for LLM-assisted contributions.
+
+When interacting in this project's spaces (issues, pull requests,
+discussions, etc.), do not use LLMs to speak for you, except for
+translation or grammar edits. This includes the creation of change
+logs and pull request descriptions. Human-to-human communication is
+foundational to open source communities.
+
+> [!CAUTION]
+> In extreme cases, low quality PRs may be closed as spam.
+
+#### Responsibility
+
+Remember that you, not the LLM, are responsible for your contributions.
+Be ready to discuss your changes.
+Do not submit code you have not reviewed.
+
+Do your best to follow the conventions and standards of the project.
+Make sure your code really works.
+Be thoughtful about testing and documentation.
+
+Try to make your code brief, and recognize when less is more.
+
+#### Autonomous Code Submissions
+
+The use of agents which write code and submit pull requests without
+human review is not permitted.
+
+We can already run these tools ourselves, if we want to. Contributions
+should provide value beyond running a tool.
+
+#### Pull Request Templates
+
+Please do not replace the pull request template, which is part of the
+maintainers' process.
+
+### The `good first issue` label
+
+The [`good first issue` label] is used to designate items which are
+being left for new contributors.
+They're a great way to get onboarded into the project and learn.
+
+Having an LLM resolve one of these issues does not help anyone learn.
+Therefore, please be considerate of those who may benefit from these
+opportunities, and refrain from asking an LLM to produce a complete
+solution.
+
+[`good first issue` label]:
+https://github.com/search?q=org%3Atox-dev+label%3A%22good+first+issue%22&type=issues

tox_pre_commit-0.0.1a0/.github/FUNDING.yml

@@ -0,0 +1,22 @@
+---
+
+custom:
+- https://savelife.in.ua/donate-en
+- https://github.com/vshymanskyy/StandWithUkraine#for-maintainers-and-authors
+- https://www.paypal.me/webknjazCZ
+- https://webknjaz.me
+
+github:
+- webknjaz
+
+ko_fi: webknjaz
+
+liberapay: webknjaz
+
+open_collective: webknjaz
+
+# patreon: webknjaz  # not in use because of the ties with ruscism
+
+thanks_dev: u/gh/webknjaz
+
+...

tox_pre_commit-0.0.1a0/.github/INCIDENT_RESPONSE.md

@@ -0,0 +1,88 @@
+# Incident Response Playbook
+
+This document captures how the maintainer triages, fixes and discloses
+confirmed security incidents covering this plugin. The path is
+written down here so it is decided in calm waters, not in the middle
+of a live disclosure.
+
+> [!note]
+> Reporters should follow [`SECURITY.md`][SECURITY] to reach the
+> maintainer. This file is for the maintainer's response side.
+
+[SECURITY]: ./SECURITY.md
+
+
+## Severity Classes
+
+| Class | Definition |
+|-------|------------|
+| **Critical** | Arbitrary code execution from default plugin behavior, or any vulnerability that compromises the integrity of the published distribution. |
+| **High** | Information disclosure or denial of service that the plugin can cause without explicit user opt-in. |
+| **Medium** | Broken builds for legitimate users; CI hangs; spurious data leaks limited to the user's own machine. |
+| **Low** | Cosmetic, non-exploitable bugs incorrectly classified as security. |
+
+
+## Triage Timeline
+
+| Step | Target turnaround |
+|------|-------------------|
+| Initial acknowledgment to the reporter | **≤ 72 hours** from receipt |
+| Severity-class assignment | **≤ 72 hours** |
+| Impact assessment + remediation plan | **≤ 7 days** |
+| Fix-or-yank decision | **≤ 14 days** |
+| Coordinated disclosure window for **Critical** / **High** | **≤ 45 days** from initial report by default; extendable on reporter request |
+
+These are targets, not hard SLAs -- this is unpaid maintenance on an
+open-source project.
+
+
+## Coordination
+
+* For **Critical** and **High**: open a GitHub Security Advisory
+  draft as soon as the issue is reproduced. The draft serves as the
+  shared workspace between the maintainer and the reporter.
+* Cross-link the advisory to the `tox-dev` maintainer chat for severe
+  cross-project impact (e.g. if the bug originates in `tox` itself
+  rather than the plugin).
+* CVE assignment is requested via GitHub's GHSA flow when CVSS
+  v4.0 base score ≥ 7.0 (High or Critical).
+
+
+## Disclosure Philosophy
+
+* Coordinated disclosure is preferred.
+* The advisory is **published after** the fix release reaches PyPI
+  so users have a remediation available immediately.
+* Embargo only when downstream coordination warrants it (e.g.
+  affected downstream packagers have not yet shipped the fix).
+
+
+## Remediation Playbook
+
+1. Cut a hot-fix branch from the latest released tag.
+2. Land the minimal fix + a regression test under `tests/`.
+3. Bump the patch component of the version.
+4. Release via Trusted Publishing on PyPI (the existing
+   `ci-cd.yml` release flow does this).
+5. If older versions are confirmed affected and not in active use,
+   `pip` yank them (PyPI maintainer console). Yanking does not
+   delete; it warns installers off.
+6. Publish the GHSA advisory.
+7. Open a public GitHub Discussion announcing the fix.
+
+
+## Post-Incident
+
+* A short public post-mortem is published within **30 days** after
+  disclosure for any **Critical** / **High** incident.
+* The [threat model][threat-model] is updated to reflect any new
+  mitigations added.
+* Regression coverage is verified to be in place under `tests/`.
+
+[threat-model]: ./THREAT_MODEL.md
+
+
+## Drills
+
+Incident response drills are not currently scheduled. Revisit if user
+base or attack surface grows substantially.