Sync Project with generate-demo nox session and test CI/CD

.cookiecutter.json

@@ -1,5 +1,5 @@
 {
-  "_commit": "252149c8d29f972741ea3a7bbf5de824f4bdaabd",
+  "_commit": "87a677683e54c30ad9ec09aba0c43a3572e4c215",
   "_template": "C:\\Users\\56kyl\\source\\repos\\cookiecutter-robust-python",
   "add_rust_extension": false,
   "author": "Kyle Oliver",

.cruft.json

@@ -1,6 +1,6 @@
 {
   "template": "C:\\Users\\56kyl\\source\\repos\\cookiecutter-robust-python",
-  "commit": "252149c8d29f972741ea3a7bbf5de824f4bdaabd",
+  "commit": "87a677683e54c30ad9ec09aba0c43a3572e4c215",
   "checkout": null,
   "context": {
     "cookiecutter": {
@@ -18,7 +18,7 @@
       "license": "MIT",
       "development_status": "Development Status :: 1 - Planning",
       "_template": "C:\\Users\\56kyl\\source\\repos\\cookiecutter-robust-python",
-      "_commit": "252149c8d29f972741ea3a7bbf5de824f4bdaabd"
+      "_commit": "87a677683e54c30ad9ec09aba0c43a3572e4c215"
     }
   },
   "directory": null

.github/workflows/build-python.yml

@@ -47,10 +47,10 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version-file: .python-version
+          python-version-file: ".github\workflows\.python-version"
 
       - name: Run package build
-        run: uvx nox -s build-python-package
+        run: uvx nox -s build-python
 
       - name: Upload built packages artifact
         uses: actions/upload-artifact@v4

.github/workflows/docs-build.yml

@@ -43,7 +43,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version-file: .python-version
+          python-version-file: ".github/workflows/.python-version"
 
       - name: Build documentation
         run: uvx nox -s docs-build

.github/workflows/lint-python.yml

@@ -43,7 +43,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version-file: .python-version
+          python-version-file: ".github/workflows/.python-version"
 
       - name: Run formatting checks
         run: uvx nox -s format-python

.github/workflows/release-python.yml

@@ -32,7 +32,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version-file: .python-version
+          python-version-file: ".github/workflows/.python-version"
 
       - name: Upload built package artifacts
         uses: actions/upload-artifact@v4
@@ -65,16 +65,11 @@ jobs:
         description: "Release notes body extracted from CHANGELOG.md"
         value: ${{ steps.changelog.outputs.changes }} # Output the extracted changelog body
 
-  # Job 2: Publish to Production PyPI
-  # This job runs only if Job 1 completes successfully (implicit dependency)
-  # and only on tag push events (NOT manual dispatch for production).
   publish_pypi:
     name: Publish to Production PyPI
     runs-on: ubuntu-latest
-    # This job explicitly depends on build_and_testpypi completing successfully
     needs: build_and_testpypi
 
-    # Only run on tag push events, NOT on manual dispatch for the final PyPI publish
     if: "github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')"
     steps:
       - name: Download package artifacts
@@ -86,31 +81,22 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version-file: .python-version
+          python-version-file: ".github/workflows/.python-version"
 
       - name: Set up uv
         uses: astral-sh/setup-uv@v6
 
-      # --- Publish to Production PyPI Step ---
       - name: Publish to PyPI
-        # Execute the Task Automation publish session for Production PyPI.
-        # Calls uv publish dist/* which defaults to pypi.org (Topic 10).
-        # Configure Production PyPI credentials securely.
         env:
-          # Production PyPI credentials stored as secrets in GitHub Settings -> Secrets
           TWINE_USERNAME: __token__
-          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }} # Use GitHub Encrypted Secret
-          # Optional: TWINE_REPOSITORY if publishing to a custom production index
-        run: uvx nox -s publish-package # Call the publish-package session (defaults to pypi.org)
+          TWINE_PASSWORD: ${{ secrets.PYPI_API_TOKEN }}
+        run: uvx nox -s publish-python
 
-  # Job 3: Create GitHub Release (Runs regardless of PyPI publish success, relies on build job for info/artifacts)
   create_github_release:
     name: Create GitHub Release
     runs-on: ubuntu-latest
-    # Needs the build job (which includes getting changelog)
     needs: build_and_testpypi
 
-    # Only run this job if triggered by a tag push
     if: "github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')"
 
     steps:
@@ -124,18 +110,10 @@ jobs:
         run: echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT
 
       - name: Create GitHub Release
-        # Uses a standard action to create a release in GitHub based on the tag.
         uses: softprops/action-gh-release@v2
         with:
-          # The Git tag the release is associated with
           tag_name: ${{ steps.get_tag.outputs.tag }}
-          # The name of the release (often the same as the tag)
           name: Release ${{ steps.get_tag.outputs.tag }}
-          # The body of the release notes - access the output from the 'build_and_testpypi' job
-          body: ${{ needs.build_and_testpypi.outputs.changelog_body }} # Access changelog body from dependent job output
-
-          files: dist/* # Attach built sdist and wheel files as release assets
-          # Optional: Mark as a draft release for manual review before publishing
-          # draft: true
-          # Optional: Mark as a pre-release for tags containing hyphens (e.g., v1.0.0-rc1)
+          body: ${{ needs.build_and_testpypi.outputs.changelog_body }}
+          files: dist/*
           prerelease: ${{ contains(steps.get_tag.outputs.tag, '-') }} # Checks if tag contains hyphen (e.g. v1.0.0-rc.1)

.github/workflows/security-python.yml

@@ -43,7 +43,7 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version-file: .python-version
+          python-version-file: ".github/workflows/.python-version"
 
       - name: Run Python code security analysis
         run: uvx nox -s security-python

.github/workflows/test-python.yml

@@ -28,13 +28,18 @@ on:
 
 jobs:
   test-python:
-    name: Run Python Tests on ${{ matrix.os }}/${{ matrix.python-version }}
+    name: Run Python Tests on ${{ matrix.os }}/${{ matrix.python }}
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        python-version: [ "3.9", "3.10", "3.11", "3.12", "3.13" ]
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
-
+        include:
+          - { python: "3.9", os: "ubuntu-latest" }
+          - { python: "3.10", os: "ubuntu-latest" }
+          - { python: "3.11", os: "ubuntu-latest" }
+          - { python: "3.12", os: "ubuntu-latest" }
+          - { python: "3.13", os: "ubuntu-latest" }
+          - { python: "3.13", os: "macos-latest" }
+          - { python: "3.13", os: "windows-latest" }
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -45,21 +50,21 @@ jobs:
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python-version }}
+          python-version: ${{ matrix.python }}
 
       - name: Run test suite
-        run: uvx nox -s test-python
+        run: uvx nox -s tests-python-${{ matrix.python }}
 
       - name: Upload test reports
         uses: actions/upload-artifact@v4
         with:
-          name: test-results-${{ matrix.os }}-py${{ matrix.python-version }}
+          name: test-results-${{ matrix.os }}-py${{ matrix.python }}
           path: tests/results/*.xml
           retention-days: 5
 
       - name: Upload coverage report
         uses: actions/upload-artifact@v4
         with:
-          name: coverage-report-${{ matrix.os }}-py${{ matrix.python-version }}
+          name: coverage-report-${{ matrix.os }}-py${{ matrix.python }}
           path: coverage.xml
           retention-days: 5

.github/workflows/typecheck-python.yml

@@ -50,4 +50,4 @@ jobs:
           python-version: ${{ matrix.python-version }}
 
       - name: Run Python type checking
-        run: uvx nox -s typecheck-python
+        run: uvx nox -s typecheck-${{ matrix.python-version }}

.pre-commit-config.yaml

@@ -60,19 +60,11 @@ repos:
       - id: prettier
         name: Prettier
 
-  - repo: https://github.com/doublify/pre-commit-rust
-    rev: master
-    hooks:
-      - id: fmt
-      - id: clippy
-        args: ["--all-features", "--", "--write"]
-      - id: cargo-check
-
   - repo: https://github.com/commitizen-tools/commitizen
     rev: v4.8.2
     hooks:
       - id: commitizen
         name: Commitizen
       - id: commitizen-branch
         name: Commitizen Branch
-        stages: [commit-msg]
+        stages: [ commit-msg ]

noxfile.py

@@ -90,10 +90,10 @@ def lint_python(session: Session) -> None:
 def typecheck(session: Session) -> None:
     """Run static type checking (Pyright) on Python code."""
     session.log("Installing type checking dependencies...")
-    session.install("pyright")
+    session.install("-e", ".", "--group", "dev")
 
     session.log(f"Running Pyright check with py{session.python}.")
-    session.run("pyright")
+    session.run("pyright", "--pythonversion", session.python)
 
 
 @nox.session(python=None, name="security-python", tags=[SECURITY, PYTHON, CI])
@@ -124,7 +124,7 @@ def tests_python(session: Session) -> None:
         "--cov-report=term",
         "--cov-report=xml",
         f"--junitxml={junitxml_file}",
-        "tests/",
+        "tests/"
     )