LabAutomationAndScreening · ejfine · Dec 20, 2025 · Dec 8, 2025 · Dec 11, 2025 · Dec 11, 2025
diff --git a/.copier-answers.yml b/.copier-answers.yml
@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v0.0.87
+_commit: v0.0.91
 _src_path: gh:LabAutomationAndScreening/copier-base-template.git
 description: Template for creating a Static Website using Nuxt frontend hosted on
     AWS
@@ -13,6 +13,8 @@ repo_org_name: LabAutomationAndScreening
 repo_org_name_for_copyright: LabAutomationAndScreening
 ssh_port_number: 55734
 template_might_want_to_install_aws_ssm_port_forwarding_plugin: false
+template_might_want_to_use_python_asyncio: false
+template_might_want_to_use_vcrpy: false
 template_uses_javascript: true
 template_uses_pulumi: true
 template_uses_python: true

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -16,7 +16,7 @@
       "extensions": [
         // basic tooling
         // "eamodio.gitlens@15.5.1",
-        "coderabbit.coderabbit-vscode@0.16.0",
+        "coderabbit.coderabbit-vscode@0.16.1",
         "ms-vscode.live-server@0.5.2025051301",
         "MS-vsliveshare.vsliveshare@1.0.5905",
         "github.copilot@1.388.0",
@@ -58,5 +58,5 @@
   "initializeCommand": "sh .devcontainer/initialize-command.sh",
   "onCreateCommand": "sh .devcontainer/on-create-command.sh",
   "postStartCommand": "sh .devcontainer/post-start-command.sh"
-  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 1808ffaf # spellchecker:disable-line
+  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 9dd42247 # spellchecker:disable-line
 }
diff --git a/.devcontainer/install-ci-tooling.py b/.devcontainer/install-ci-tooling.py
@@ -7,10 +7,10 @@
 import tempfile
 from pathlib import Path
 
-UV_VERSION = "0.9.11"
-PNPM_VERSION = "10.24.0"
-COPIER_VERSION = "9.11.0"
-COPIER_TEMPLATE_EXTENSIONS_VERSION = "0.3.3"
+UV_VERSION = "0.9.18"
+PNPM_VERSION = "10.25.0"
+COPIER_VERSION = "==9.11.0"
+COPIER_TEMPLATE_EXTENSIONS_VERSION = "==0.3.3"
 PRE_COMMIT_VERSION = "4.5.0"
 GITHUB_WINDOWS_RUNNER_BIN_PATH = r"C:\Users\runneradmin\.local\bin"
 INSTALL_SSM_PLUGIN_BY_DEFAULT = False
@@ -76,9 +76,9 @@ def main():
                 uv_path,
                 "tool",
                 "install",
-                f"copier=={COPIER_VERSION}",
+                f"copier{COPIER_VERSION}",
                 "--with",
-                f"copier-template-extensions=={COPIER_TEMPLATE_EXTENSIONS_VERSION}",
+                f"copier-template-extensions{COPIER_TEMPLATE_EXTENSIONS_VERSION}",
             ],
             check=True,
             env=uv_env,

diff --git a/.devcontainer/windows-host-helper.sh b/.devcontainer/windows-host-helper.sh
@@ -7,7 +7,7 @@
 
 # If you're still having issues, make sure in Windows Developer Settings that you enabled Developer Mode, and also that you set your git config to have `core.autocrlf=false` and `core.symlinks=true` globally
 
-set -e  # Exit immediately on error
+set -euo pipefail  # Exit immediately on error
 
 if [ -z "$BASH_VERSION" ]; then
   echo "Error: This script must be run with bash (e.g., 'bash windows-host-helper.sh')." >&2

diff --git a/.github/actions/install_deps/action.yml b/.github/actions/install_deps/action.yml
@@ -58,13 +58,13 @@ runs:
 
     - name: Setup python
       if: ${{ inputs.python-version != 'notUsing' }}
-      uses: actions/setup-python@v6.0.0
+      uses: actions/setup-python@v6.1.0
       with:
         python-version: ${{ env.PYTHON_VERSION }}
 
     - name: Setup node
       if: ${{ inputs.node-version != 'notUsing' }}
-      uses: actions/setup-node@v6.0.0
+      uses: actions/setup-node@v6.1.0
       with:
         node-version: ${{ inputs.node-version }}
 
@@ -75,7 +75,7 @@ runs:
 
     - name: OIDC Auth for CodeArtifact
       if: ${{ inputs.code-artifact-auth-role-name != 'no-code-artifact' }}
-      uses: aws-actions/configure-aws-credentials@v5.1.0
+      uses: aws-actions/configure-aws-credentials@v5.1.1
       with:
         role-to-assume: arn:aws:iam::${{ inputs.code-artifact-auth-role-account-id }}:role/${{ inputs.code-artifact-auth-role-name }}
         aws-region: ${{ inputs.code-artifact-auth-region }}

diff --git a/.github/actions/update-devcontainer-hash/action.yml b/.github/actions/update-devcontainer-hash/action.yml
@@ -27,7 +27,7 @@ runs:
       shell: bash
 
     - name: Checkout code
-      uses: actions/checkout@v5.0.0
+      uses: actions/checkout@v6.0.1
       with:
         persist-credentials: true
         fetch-depth: 1

diff --git a/.github/reusable_workflows/build-docker-image.yaml b/.github/reusable_workflows/build-docker-image.yaml
@@ -66,13 +66,13 @@ jobs:
         shell: bash
 
       - name: Checkout code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           persist-credentials: false
 
       - name: OIDC Auth for ECR
         if: ${{ inputs.push-role-name != 'no-push' }}
-        uses: aws-actions/configure-aws-credentials@v5.1.0
+        uses: aws-actions/configure-aws-credentials@v5.1.1
         with:
           role-to-assume: arn:aws:iam::${{ steps.parse_ecr_url.outputs.aws_account_id }}:role/${{ inputs.push-role-name }}
           aws-region: ${{ steps.parse_ecr_url.outputs.aws_region }}

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -20,7 +20,8 @@ jobs:
       contents: write # needed for updating dependabot branches
 
   pre-commit:
-    needs: [ get-values ]
+    needs:
+      - get-values
     uses: ./.github/workflows/pre-commit.yaml
     permissions:
       contents: write # needed for mutex
@@ -29,7 +30,8 @@ jobs:
       python-version: 3.12.7
 
   lint-matrix:
-    needs: [ pre-commit ]
+    needs:
+      - pre-commit
     strategy:
       matrix:
         os:
@@ -53,7 +55,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           persist-credentials: false
 
@@ -65,7 +67,7 @@ jobs:
         uses: ./.github/actions/install_deps
         with:
           python-version: ${{ matrix.python-version }}
-          node-version: 24.7.0
+          node-version: 24.11.1
           install-deps: false
 
       - name: Instantiate copier template
@@ -111,7 +113,7 @@ jobs:
         timeout-minutes: 8  # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
-        uses: actions/cache@v4.2.4
+        uses: actions/cache@v4.3.0
         env:
           cache-name: cache-pre-commit-hooks
         with:
@@ -123,7 +125,13 @@ jobs:
       - name: Run pre-commit
         run: |
           # skip devcontainer context hash because the template instantiation may make it different every time
-          SKIP=git-dirty,compute-devcontainer-context-hash,uv-check-graphql-lambda pre-commit run -a
+          SKIP=git-dirty,compute-devcontainer-context-hash,uv-check-graphql-lambda pre-commit run -a || PRE_COMMIT_EXIT_CODE=$?
+          if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then
+            echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE"
+            echo "Showing git diff:"
+            git --no-pager diff
+            exit $PRE_COMMIT_EXIT_CODE
+          fi
 
       - name: Upload pre-commit log if failure
         if: ${{ failure() }}
@@ -135,7 +143,9 @@ jobs:
   required-check:
     runs-on: ubuntu-24.04
     timeout-minutes: 2
-    needs: [ lint-matrix, get-values ]
+    needs:
+      - lint-matrix
+      - get-values
     permissions:
       statuses: write # needed for updating status on Dependabot PRs
     if: always()

diff --git a/.github/workflows/get-values.yaml b/.github/workflows/get-values.yaml
@@ -35,7 +35,7 @@ jobs:
           JSON
 
       - name: Checkout code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           persist-credentials: false
 

diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -33,14 +33,14 @@ jobs:
     steps:
       - name: Checkout code during push
         if: ${{ github.event_name == 'push' }}
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           ref: ${{ github.ref_name }} # explicitly get the head of the branch, which will include any new commits pushed if this is a dependabot branch
           persist-credentials: false
 
       - name: Checkout code not during push
         if: ${{ github.event_name != 'push' }}
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           persist-credentials: false
 
@@ -59,7 +59,7 @@ jobs:
         timeout-minutes: 8  # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
-        uses: actions/cache@v4.2.4
+        uses: actions/cache@v4.3.0
         env:
           cache-name: cache-pre-commit-hooks
         with:
@@ -69,4 +69,11 @@ jobs:
             ubuntu-24.04-py${{ inputs.python-version }}-node-${{ inputs.node-version}}-${{ env.cache-name }}-
 
       - name: Run pre-commit
-        run: pre-commit run -a
+        run: |
+          pre-commit run -a || PRE_COMMIT_EXIT_CODE=$?
+          if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then
+            echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE"
+            echo "Showing git diff:"
+            git --no-pager diff
+            exit $PRE_COMMIT_EXIT_CODE
+          fi
diff --git a/.github/workflows/tag-on-merge.yaml b/.github/workflows/tag-on-merge.yaml
@@ -14,7 +14,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v5.0.0
+      - uses: actions/checkout@v6.0.1
         with:
           ref: ${{ github.event.pull_request.merge_commit_sha }}
           fetch-depth: '0'

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -42,7 +42,7 @@ repos:
 
   # Reformatting (should generally come before any file format or other checks, because reformatting can change things)
   - repo: https://github.com/crate-ci/typos
-    rev: 6573587991823ef75e4d6ca97fe895f45e9f14e4  # frozen: v1
+    rev: 802d5794ff9cf7b15610c47eca99cd1ab757d8d4  # frozen: v1
     hooks:
       - id: typos
         exclude: |
@@ -108,7 +108,7 @@ repos:
           )$
 
   - repo: https://github.com/rbubley/mirrors-prettier
-    rev: 5ba47274f9b181bce26a5150a725577f3c336011  # frozen: v3.6.2
+    rev: 14abee445aea04b39069c19b4bd54efff6775819  # frozen: v3.7.4
     hooks:
       - id: prettier
         # TODO: get template YAML and MD files more in line with prettier expectations so we can start using prettier on those too
@@ -195,7 +195,7 @@ repos:
       - id: check-case-conflict
 
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 83b816d020105076daac266dbf6bfed199a2da93  # frozen: 0.34.1
+    rev: 16a6ad2fead09286ee6eb6b0a3fab55655a6c22a  # frozen: 0.35.0
     hooks:
       - id: check-github-workflows
 
@@ -249,15 +249,15 @@ repos:
         description: Runs hadolint to lint Dockerfiles
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: 3db93a2be6f214ed722bf7bce095ec1b1715422a  # frozen: v0.14.2
+    rev: 1a1f58ba4c35362efe8fed2279715a905baee93d  # frozen: v0.14.8
     hooks:
       - id: ruff
         name: ruff-src
         args: [--fix, --config=./ruff.toml]
         files: src/.+\.py$
         exclude: |
           (?x)^(
-              .*/graphql_codegen/.*|
+              .*/generated/graphql/.*|
               .*/generated/open[-_]api/.*|
               template/.*|
           )$
@@ -267,26 +267,26 @@ repos:
         files: tests?/.+\.py$
         exclude: |
           (?x)^(
-              .*/graphql_codegen/.*|
+              .*/generated/graphql/.*|
               .*/generated/open[-_]api/.*|
               template/.*|
           )$
       - id: ruff-format
         exclude: |
           (?x)^(
-              .*/graphql_codegen/.*|
+              .*/generated/graphql/.*|
               .*/generated/open[-_]api/.*|
           )$
 
   - repo: https://github.com/pylint-dev/pylint
-    rev: 0eb92d25fd38ba5bad2f8d2ea7df63ad23e18ae3  # frozen: v4.0.2
+    rev: e16f942166511d6fb4427e503a734152fae0c4fe  # frozen: v4.0.4
     hooks:
       - id: pylint
         name: pylint
         # exclude the template files---duplication within them will be discovered during CI of that template instantiation
         exclude: |
           (?x)^(
-              .*/graphql_codegen/.*|
+              .*/generated/graphql/.*|
               .*/generated/open[-_]api/.*|
               template/.*|
           )$
@@ -302,7 +302,7 @@ repos:
         files: '.+\.py$'
         exclude: |
           (?x)^(
-              .*/graphql_codegen/.*|
+              .*/generated/graphql/.*|
               .*/generated/open[-_]api/.*|
           )$
         # don't pass filenames else the command line sees them twice

diff --git a/copier.yml b/copier.yml
@@ -34,6 +34,7 @@ node_version:
 
 
 
+
-
+ node_version:
+     type: str
+     help: What version of NodeJS is used for development?
+     default: "{{ node_version }}"
+ 
+ 
+ python_version:
-
+ node_version:
+     type: str
+     help: What version of NodeJS is used for development?
+     default: "{{ node_version }}"
+ 
+ 
+ python_version:
 python_version:
     type: str
     help: What version of Python is used for development?