Development

.github/workflows/allowed-pr-sources-dev-release.yaml

@@ -9,6 +9,8 @@ on:
 
 jobs:
   enforce:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - name: Check PR source branch

.github/workflows/generate-docs.yml

@@ -0,0 +1,26 @@
+name: Update Documentation
+on:
+  workflow_dispatch:
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+jobs:
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/configure-pages@v5
+      - uses: actions/checkout@v5
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.x
+      - run: pip install zensical
+      - run: zensical build --clean
+      - uses: actions/upload-pages-artifact@v4
+        with:
+          path: site
+      - uses: actions/deploy-pages@v4
+        id: deployment

.github/workflows/openssf-scorecard.yml

@@ -14,8 +14,9 @@ on:
   push:
     branches: [ "main" ]
 
-# Declare default permissions as read only.
-permissions: read-all
+# Declare default permissions as read only (minimal for Scorecard).
+permissions:
+  contents: read
 
 jobs:
   analysis:
@@ -34,12 +35,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@v5
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -64,7 +65,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: SARIF file
           path: results.sarif
@@ -73,6 +74,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif

.github/workflows/pr-quality-gate.yaml.yml

@@ -5,21 +5,21 @@ on:
     branches: [ rc, main ]
     types: [ opened, synchronize, reopened, ready_for_review ]
 
-permissions:
-  contents: read
-  pull-requests: write
 
 concurrency:
   group: pr-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: true
 
 jobs:
   precommit:
+    permissions:
+      contents: read
+      pull-requests: write
     name: pre-commit
     if: ${{ !github.event.pull_request.draft }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
       # NOTE: point "uses:" to the DIRECTORY that contains action.yaml
       # If your composite is at ./pre-commit/action.yaml, use "./pre-commit"
       - name: Run pre-commit composite
@@ -28,20 +28,26 @@ jobs:
           python-version: ${{ env.MAIN_PYTHON_VERSION }}
 
   pytest:
+    permissions:
+      contents: read
+      pull-requests: write
     name: pytest
     if: ${{ !github.event.pull_request.draft }}
     runs-on: ubuntu-latest
     strategy:
       matrix:
         python-version: ${{ fromJSON(env.SUPPORTED_PYTHON_VERSIONS) }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
       - name: Run pytest composite
         uses: ./.github/workflows/pytest
         with:
           python-version: ${{ matrix.python-version }}
 
   pytest-windows:
+    permissions:
+      contents: read
+      pull-requests: write
     name: pytest (Windows, non-blocking)
     if: ${{ !github.event.pull_request.draft }}
     runs-on: windows-latest
@@ -50,19 +56,22 @@ jobs:
       matrix:
         python-version: ${{ fromJSON(env.SUPPORTED_PYTHON_VERSIONS) }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
       - name: Run pytest composite
         uses: ./.github/workflows/pytest
         with:
           python-version: ${{ matrix.python-version }}
 
   sonarqube:
+    permissions:
+      contents: read
+      pull-requests: write
     name: SonarQube
     if: ${{ !github.event.pull_request.draft }}
     runs-on: ubuntu-latest
     needs: [ pytest ]        # starts only after pytest completes
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
       - name: Run SonarCloud composite
         uses: ./.github/workflows/sonar
         with:

.github/workflows/pre-commit/action.yaml

@@ -18,9 +18,20 @@ runs:
       with:
         python-version: ${{ inputs.python-version }}
 
+
+    - name: Validate Python version
+      if: ${{ hashFiles('.pre-commit-config.yaml') != '' }}
+      run: |
+        ALLOWED_VERSIONS="3.14 3.15"
+        if ! echo "$ALLOWED_VERSIONS" | grep -wq "${{ inputs.python-version }}"; then
+          echo "Error: python-version ${{ inputs.python-version }} is not allowed. Allowed: $ALLOWED_VERSIONS"
+          exit 1
+        fi
+      shell: bash
+
     - name: Install Poetry
       if: ${{ hashFiles('.pre-commit-config.yaml') != '' }}
-      run: pipx install --python python${{ inputs.python-version }} poetry
+      run: pipx install --python "python${{ inputs.python-version }}" poetry
       shell: bash
 
     - name: Install pre-commit

.pre-commit-config.yaml

@@ -3,8 +3,12 @@
 
 # Hooks
 repos:
+  - repo: https://github.com/fsfe/reuse-tool
+    rev: v6.2.0
+    hooks:
+      - id: reuse
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v6.0.0
     hooks:
       - id: check-yaml
       - id: end-of-file-fixer
@@ -14,7 +18,7 @@ repos:
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
     # Ruff version.
-    rev: v0.5.7
+    rev: v0.15.7
     hooks:
       # Run the linter.
       - id: ruff
@@ -23,24 +27,26 @@ repos:
       - id: ruff-format
 
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.11.1
+    rev: v1.19.1
     hooks:
       - id: mypy
+        additional_dependencies: ["types-shapely"]
 
   - repo: https://github.com/compilerla/conventional-pre-commit
-    rev: v3.2.0
+    rev: v4.4.0
     hooks:
       - id: conventional-pre-commit
         stages: [commit-msg]
         args: []
 
   - repo: https://github.com/codespell-project/codespell
-    rev: v2.3.0
+    rev: v2.4.2
     hooks:
     - id: codespell
       exclude: >
         (?x)^(
-            .*\.svg
+            LICENSES/.*
+            | .*\.svg
             | .*\.lock
         )$
 
@@ -51,7 +57,7 @@ repos:
       args: ['--lock']
 
   - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.41.0
+    rev: v0.48.0
     hooks:
     - id: markdownlint
       args: [ "--config", ".markdownlint.yaml" ]

.vscode/settings.json

@@ -0,0 +1,32 @@
+{
+    "sonarlint.connectedMode.project": {
+        "connectionId": "alliander-opensource",
+        "projectKey": "alliander-opensource_meteoforge"
+    },
+    "python.defaultInterpreterPath": "/home/linnr02/.cache/pypoetry/virtualenvs/meteoforge-Xj3O_PoL-py3.14/bin/python",
+    "psi-header.lang-config": [
+        {
+            "language": "python",
+            "begin": "",
+            "prefix": "# ",
+            "end": "",
+            "blankLinesAfter": 1
+        }
+    ],
+    "psi-header.templates": [
+        {
+            "language": "*",
+            "template": [
+                "SPDX-FileCopyrightText: 2025-<<year>> Contributors to the MeteoForge project",
+                "SPDX-License-Identifier: MPL-2.0"
+            ]
+        }
+    ],
+    "psi-header.config.forceToTop": true,
+    "psi-header.changes-tracking.enforceHeader": true,
+    "python.testing.pytestArgs": [
+        "tests"
+    ],
+    "python.testing.unittestEnabled": false,
+    "python.testing.pytestEnabled": true
+}

CODE_OF_CONDUCT.rst → CODE_OF_CONDUCT.md

@@ -1,15 +1,9 @@
 [//]: # (SPDX-FileCopyrightText: 2024-2025 Copyright Contributors to the MeteoForge project)
 [//]: # (SPDX-License-Identifier: MPL-2.0)
 
-.. _code-of-conduct:
+# Code of Conduct
 
-===============
-Code of Conduct
-===============
-
-----------
-Our Pledge
-----------
+## Our Pledge
 
 In the interest of fostering an open and welcoming environment, we as
 contributors and maintainers pledge to making participation in our project and
@@ -18,33 +12,29 @@ size, disability, ethnicity, gender identity and expression, level of
 experience, education, socioeconomic status, nationality, personal appearance,
 race, religion, or sexual identity and orientation.
 
--------------
-Our Standards
--------------
+## Our Standards
 
 Examples of behavior that contributes to creating a positive environment
 include:
 
-*   Using welcoming and inclusive language
-*   Being respectful of differing viewpoints and experiences
-*   Gracefully accepting constructive criticism
-*   Focusing on what is best for the community
-*   Showing empathy towards other community members
+- Using welcoming and inclusive language
+- Being respectful of differing viewpoints and experiences
+- Gracefully accepting constructive criticism
+- Focusing on what is best for the community
+- Showing empathy towards other community members
 
 Examples of unacceptable behavior by participants include:
 
-*   The use of sexualized language or imagery and unwelcome sexual attention or
-    advances
-*   Trolling, insulting/derogatory comments, and personal or political attacks
-*   Public or private harassment
-*   Publishing others' private information, such as a physical or electronic
-    address, without explicit permission
-*   Other conduct which could reasonably be considered inappropriate in a
-    professional setting
+- The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+- Trolling, insulting/derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
 
---------------------
-Our Responsibilities
---------------------
+## Our Responsibilities
 
 Project maintainers are responsible for clarifying the standards of acceptable
 behavior and are expected to take appropriate and fair corrective action in
@@ -56,9 +46,7 @@ not aligned to this Code of Conduct, or to ban temporarily or permanently any
 contributor for other behaviors that they deem inappropriate, threatening,
 offensive, or harmful.
 
------
-Scope
------
+## Scope
 
 This Code of Conduct applies both within project spaces and in public spaces
 when an individual is representing the project or its community. Examples of
@@ -67,18 +55,17 @@ address, posting via an official social media account, or acting as an appointed
 representative at an online or offline event. Representation of a project may be
 further defined and clarified by project maintainers.
 
--------------------
-Conflict Resolution
--------------------
+## Conflict Resolution
 
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at OSPO@alliander. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at *
+*OSPO@alliander**. All complaints will be reviewed and investigated and will result in a response that is deemed
+necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to
+the reporter of an incident. Further details of specific enforcement policies may be posted separately.
 
 Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project’s leadership.
 
------------
-Attribution
------------
+## Attribution
 
 This Code of Conduct is adapted from the Contributor Covenant, version 1.4,
 available at
-https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+<https://www.contributor-covenant.org/version/1/4/code-of-conduct.html>