chore: 🥇 set up Python project

.gitattributes

@@ -0,0 +1,32 @@
+# Auto detect text files and perform LF normalization
+* text=auto eol=lf
+
+# Basic .gitattributes for a python repo.
+
+# Source files
+# ============
+*.pxd    text diff=python
+*.py     text diff=python
+*.py3    text diff=python
+*.pyw    text diff=python
+*.pyx    text diff=python
+*.pyz    text diff=python
+*.pyi    text diff=python
+
+# Binary files
+# ============
+*.db     binary
+*.p      binary
+*.pkl    binary
+*.pickle binary
+*.pyc    binary export-ignore
+*.pyo    binary export-ignore
+*.pyd    binary
+
+# Jupyter notebook
+*.ipynb  text eol=lf
+
+# Note: .db, .p, and .pkl files are associated
+# with the python modules ``pickle``, ``dbm.*``,
+# ``shelve``, ``marshal``, ``anydbm``, & ``bsddb``
+# (among others).

.github/CODEOWNERS

@@ -0,0 +1,3 @@
+# All files are by default owned by this team,
+# unless a more specific ownership rule is set below.
+* @RomainBrault

.github/dependabot.yml

@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+    commit-message:
+      prefix: "build(dependency): ⬆️"
+      prefix-development: "build(ci-dependency): ⬆️"
+    labels:
+      - "ci"
+      - "github_actions"
+      - "dependencies"

.github/workflows/tests.yml

@@ -0,0 +1,83 @@
+name: Tests
+on:
+  workflow_dispatch:
+  push:
+    branches: ["main"]
+    tags-ignore: ["**"]
+  pull_request:
+  schedule:
+    - cron: "0 8 * * *"
+
+concurrency:
+  group: check-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check:
+    name: tox env ${{ matrix.tox_env }} under python ${{ matrix.python }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: true
+      matrix:
+        python:
+          - "3.13"
+        tox_env:
+          - pre-commit
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+      - name: Pick environment to run
+        run: |
+          import os;
+          env = "TOXENV=${{ matrix.tox_env }}\n"
+          with open(os.environ["GITHUB_ENV"], mode="a", encoding="utf-8") as file_handler:
+              file_handler.write(env)
+        shell: python
+      - name: Run the test suite
+        run: |
+          uvx --no-progress --quiet --with tox-uv tox run
+  test:
+    name: Run ${{ matrix.session }} tests under python ${{ matrix.python }} on ${{ matrix.os }}
+    needs: check
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 10
+    environment: test
+    strategy:
+      fail-fast: true
+      matrix:
+        python:
+          - "3.13"
+          - "3.12"
+          - "3.11"
+          - "3.10"
+          - "3.9"
+        os:
+          - ubuntu-latest
+          - macos-latest
+          - windows-latest
+        session:
+          - open-source
+          - proprietary
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v4
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+      - name: Pick environment to run
+        run: |
+          import os;
+          toxenv = "TOXENV=py{}{}-test-${{ matrix.session }}\n".format(*"${{ matrix.python }}".split("."))
+          os_name = "OS_NAME=${{ matrix.os }}\n"
+          env = toxenv + os_name
+          with open(os.environ["GITHUB_ENV"], mode="a", encoding="utf-8") as file_handler:
+              file_handler.write(env)
+        shell: python
+      - name: Github Login
+        run: |
+          echo "${{ secrets.GH_TOKEN }}" | gh auth login --with-token
+      - name: Run the test suite
+        run: |
+          git config --global init.defaultBranch main
+          uvx --no-progress --quiet --with tox-uv tox run

.gitignore

@@ -0,0 +1,13 @@
+# General
+.secrets.*
+
+## Integration
+.nox
+.tox
+.venv
+
+## Generated files
+scripts/licenses.txt
+scripts/code_licenses.txt
+scripts/resource_licenses.txt
+BOM/

README.md

@@ -0,0 +1,3 @@
+# template-github
+
+Protect a GitHub repository (branch and tags)

REUSE.toml

@@ -0,0 +1,97 @@
+version = 1
+SPDX-PackageName = "whiteprint"
+SPDX-PackageSupplier = "Romain Brault <mail@romainbrault.com>"
+SPDX-PackageDownloadLocation = "https://github.com/whiteprints/whiteprint"
+
+# Project root
+
+[[annotations]]
+path = "REUSE.toml"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+[[annotations]]
+path = "README.md"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "CC0-1.0"
+
+[[annotations]]
+path = "MAINTAINERS.md"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "CC0-1.0"
+
+## Jinja includes
+
+[[annotations]]
+path = "includes/*.jinja"
+precedence = "override"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+## scripts
+
+[[annotations]]
+path = "scripts/*.sh"
+precedence = "override"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+## Project configuration
+
+[[annotations]]
+path = "tox.ini"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+[[annotations]]
+path = "copier.yml"
+precedence = "override"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+## Tools configuration
+
+[[annotations]]
+path = ".gitignore"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+[[annotations]]
+path = ".gitattributes"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+## Project configuration
+
+[[annotations]]
+path = ".pre-commit-config.yaml"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+## Continuous Integration
+
+[[annotations]]
+path = ".github/**/*.yml"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+[[annotations]]
+path = ".github/CODEOWNERS"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "CC0-1.0"
+
+## Template
+
+[[annotations]]
+path = "template/**"
+precedence = "override"
+SPDX-FileCopyrightText = "© 2024 Romain Brault <mail@romainbrault.com>"
+SPDX-License-Identifier = "MIT-0"
+
+[[annotations]]
+path = "template/CODE_OF_CONDUCT.md.jinja"
+SPDX-FileCopyrightText = [
+    "© 2014 Coraline Ada Ehmeke",
+    "© 2024 Romain Brault <mail@romainbrault.com>",
+]
+SPDX-License-Identifier = "CC-BY-4.0"

copier.yml

@@ -0,0 +1,4 @@
+_subdirectory: "template"
+_tasks:
+  - ["uv", "run", "injectors/call_gh.py"]
+  - ["rm", "-r", "injectors", "github_protection_ruleset"]

template/github_protection_ruleset/branch_ruleset/pr_and_commits.json

@@ -0,0 +1,55 @@
+{
+  "name": "Pull Requests and Commits Protection",
+  "target": "branch",
+  "source_type": "Repository",
+  "enforcement": "active",
+  "conditions": {
+    "ref_name": {
+      "exclude": [],
+      "include": [
+        "~DEFAULT_BRANCH",
+        "refs/heads/v*.*.*"
+      ]
+    }
+  },
+  "rules": [
+    {
+      "type": "deletion"
+    },
+    {
+      "type": "non_fast_forward"
+    },
+    {
+      "type": "required_signatures"
+    },
+    {
+      "type": "required_linear_history"
+    },
+    {
+      "type": "pull_request",
+      "parameters": {
+        "require_code_owner_review": true,
+        "require_last_push_approval": true,
+        "dismiss_stale_reviews_on_push": true,
+        "required_approving_review_count": 0,
+        "required_review_thread_resolution": true
+      }
+    },
+    {
+      "type": "required_status_checks",
+      "parameters": {
+        "required_status_checks": [
+          {
+            "context": "Coverage",
+            "integration_id": 15368
+          },
+          {
+            "context": "Validate PR title",
+            "integration_id": 15368
+          }
+        ],
+        "strict_required_status_checks_policy": false
+      }
+    }
+  ]
+}

template/github_protection_ruleset/tag_ruleset/protect_tags.json

@@ -0,0 +1,58 @@
+{
+  "name": "Tags Protection",
+  "target": "tag",
+  "source_type": "Repository",
+  "enforcement": "active",
+  "conditions": {
+    "ref_name": {
+      "exclude": [],
+      "include": [
+        "~ALL"
+      ]
+    }
+  },
+  "rules": [
+    {
+      "type": "creation"
+    },
+    {
+      "type": "update"
+    },
+    {
+      "type": "deletion"
+    },
+    {
+      "type": "non_fast_forward"
+    },
+    {
+      "type": "required_signatures"
+    },
+    {
+      "type": "required_linear_history"
+    },
+    {
+      "type": "required_status_checks",
+      "parameters": {
+        "required_status_checks": [
+          {
+            "context": "Coverage",
+            "integration_id": 15368
+          }
+        ],
+        "strict_required_status_checks_policy": false
+      }
+    }
+  ],
+  "bypass_actors": [
+    {
+      "actor_id": 5,
+      "actor_type": "RepositoryRole",
+      "bypass_mode": "always"
+    },
+    {
+      "actor_id": 1,
+      "actor_type": "OrganizationAdmin",
+      "bypass_mode": "always"
+    }
+  ]
+}