Priority: Low (Infrastructure)
Improvements
1. Add .python-version File
For tools like pyenv, mise, asdf:
echo "3.12" > .python-version
2. Add py.typed Marker
For PEP 561 compliance (distributing type information):
touch pyensemblrest/py.typed
Update pyproject.toml:
[tool.poetry]
packages = [
{ include = "pyensemblrest" },
]
include = ["pyensemblrest/py.typed"]3. Add Security Scanning to CI
Add to .github/workflows/pull_request.yaml:
- name: Security check with Safety
run: |
poetry run pip install safety
poetry run safety check
- name: Security check with Bandit
run: |
poetry run pip install bandit
poetry run bandit -r pyensemblrest/4. Add Dependabot Configuration
Create .github/dependabot.yml:
version: 2
updates:
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"5. Add Issue Templates
Create .github/ISSUE_TEMPLATE/bug_report.md:
---
name: Bug report
about: Create a report to help us improve
---
**Describe the bug**
A clear description of what the bug is.
**To Reproduce**
Steps to reproduce:
1. ...
2. ...
**Expected behavior**
What you expected to happen.
**Environment:**
- OS: [e.g. macOS, Linux]
- Python version: [e.g. 3.12]
- pyEnsemblRest version: [e.g. 0.8.0]
**Additional context**
Any other context about the problem.
6. Add Pull Request Template
Create .github/pull_request_template.md:
## Description
Brief description of changes
## Type of change
- [ ] Bug fix
- [ ] New feature
- [ ] Breaking change
- [ ] Documentation update
## Checklist
- [ ] Tests pass locally
- [ ] Added tests for new code
- [ ] Updated documentation
- [ ] Pre-commit hooks pass
Tasks
Files to Create/Update
.python-version (new)pyensemblrest/py.typed (new)pyproject.toml (update).github/workflows/pull_request.yaml (update).github/dependabot.yml (new).github/ISSUE_TEMPLATE/ (new directory).github/pull_request_template.md (new)
Note
The security scan mentioned in the push output shows 3 moderate vulnerabilities - should investigate those as part of this work.
Priority: Low (Infrastructure)
Improvements
1. Add .python-version File
For tools like pyenv, mise, asdf:
2. Add py.typed Marker
For PEP 561 compliance (distributing type information):
Update
pyproject.toml:3. Add Security Scanning to CI
Add to
.github/workflows/pull_request.yaml:4. Add Dependabot Configuration
Create
.github/dependabot.yml:5. Add Issue Templates
Create
.github/ISSUE_TEMPLATE/bug_report.md:6. Add Pull Request Template
Create
.github/pull_request_template.md:Tasks
Files to Create/Update
.python-version(new)pyensemblrest/py.typed(new)pyproject.toml(update).github/workflows/pull_request.yaml(update).github/dependabot.yml(new).github/ISSUE_TEMPLATE/(new directory).github/pull_request_template.md(new)Note
The security scan mentioned in the push output shows 3 moderate vulnerabilities - should investigate those as part of this work.