LabAutomationAndScreening · ejfine · Dec 15, 2025 · Dec 15, 2025 · Dec 15, 2025 · Dec 15, 2025
diff --git a/.copier-answers.yml b/.copier-answers.yml
@@ -1,5 +1,5 @@
 # Changes here will be overwritten by Copier
-_commit: v0.0.85
+_commit: v0.0.90
 _src_path: gh:LabAutomationAndScreening/copier-base-template.git
 description: Copier template for creating Python libraries and executables
 install_claude_cli: false
@@ -12,6 +12,8 @@ repo_org_name: LabAutomationAndScreening
 repo_org_name_for_copyright: Lab Automation & Screening
 ssh_port_number: 55874
 template_might_want_to_install_aws_ssm_port_forwarding_plugin: true
+template_might_want_to_use_python_asyncio: true
+template_might_want_to_use_vcrpy: true
 template_uses_javascript: false
 template_uses_pulumi: false
 template_uses_python: true

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -3,11 +3,6 @@
   "service": "devcontainer",
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
   "features": {
-    "ghcr.io/devcontainers/features/aws-cli:1.1.2": {
-      // https://github.com/devcontainers/features/blob/main/src/aws-cli/devcontainer-feature.json
-      // view latest version https://raw.githubusercontent.com/aws/aws-cli/v2/CHANGELOG.rst
-      "version": "2.31.11"
-    },
     "ghcr.io/devcontainers/features/python:1.7.1": {
       // https://github.com/devcontainers/features/blob/main/src/python/devcontainer-feature.json
       "version": "3.12.7",
@@ -21,7 +16,7 @@
       "extensions": [
         // basic tooling
         // "eamodio.gitlens@15.5.1",
-        "coderabbit.coderabbit-vscode@0.16.0",
+        "coderabbit.coderabbit-vscode@0.16.1",
         "ms-vscode.live-server@0.5.2025051301",
         "MS-vsliveshare.vsliveshare@1.0.5905",
         "github.copilot@1.388.0",
@@ -63,5 +58,5 @@
   "initializeCommand": "sh .devcontainer/initialize-command.sh",
   "onCreateCommand": "sh .devcontainer/on-create-command.sh",
   "postStartCommand": "sh .devcontainer/post-start-command.sh"
-  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): eeccb984 # spellchecker:disable-line
+  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 99b3f7c4 # spellchecker:disable-line
 }
diff --git a/.devcontainer/install-ci-tooling.py b/.devcontainer/install-ci-tooling.py
@@ -7,8 +7,8 @@
 import tempfile
 from pathlib import Path
 
-UV_VERSION = "0.9.11"
-PNPM_VERSION = "10.23.0"
+UV_VERSION = "0.9.17"
+PNPM_VERSION = "10.25.0"
 COPIER_VERSION = "9.11.0"
 COPIER_TEMPLATE_EXTENSIONS_VERSION = "0.3.3"
 PRE_COMMIT_VERSION = "4.5.0"

diff --git a/.devcontainer/windows-host-helper.sh b/.devcontainer/windows-host-helper.sh
@@ -27,38 +27,30 @@ repoName=$(basename "$gitUrl" .git)
 
 echo "Repo name extracted as '$repoName'"
 
-# Remove any existing subfolder with the repository name and recreate it
-rm -rf "./$repoName" || true # sometimes deleting the .venv folder fails
-rm -rf "./$repoName/*.md" # for some reason, sometimes md files are left behind
+sudo rm -rf "./$repoName" || true
+sudo rm -rf "./$repoName/*.md"
 mkdir -p "./$repoName"
+sudo chown -R "$(whoami):$(whoami)" "./$repoName" # TODO: see if this alone is enough to fix everything
 
 # Create a temporary directory for cloning
 tmpdir=$(mktemp -d)
 
-# Clone the repository into a subfolder inside the temporary directory.
-# This creates "$tmpdir/$repoName" with the repository's contents.
+# Clone the repository into a subfolder inside the temporary directory
 git clone "$gitUrl" "$tmpdir/$repoName"
 
-
-SRC="$(realpath "$tmpdir/$repoName")"
-DST="$(realpath "./$repoName")"
-
-# 1) Recreate directory tree under $DST
-while IFS= read -r -d '' dir; do
-  rel="${dir#$SRC/}"             # strip leading $SRC/ → e.g. "sub/dir"
-  mkdir -p "$DST/$rel"
-done < <(find "$SRC" -type d -print0)
-
-# 2) Move all files into that mirror
-while IFS= read -r -d '' file; do
-  rel="${file#$SRC/}"            # e.g. "sub/dir/file.txt"
-  # ensure parent exists (though step 1 already did)
-  mkdir -p "$(dirname "$DST/$rel")"
-  mv "$file" "$DST/$rel"
-done < <(find "$SRC" -type f -print0)
-
-# 3) Clean up now‑empty dirs and the tmp clone
-find "$SRC" -depth -type d -empty -delete
+# Use rsync to merge all contents (including hidden files) from cloned repo to target
+# -a: archive mode (preserves permissions, timestamps, etc.)
+# -v: verbose
+# --exclude: skip volume mount directories that should not be overwritten
+echo "Syncing repository contents..."
+rsync -av \
+    --exclude='node_modules' \
+    --exclude='.pnpm-store' \
+    --exclude='.venv' \
+    "$tmpdir/$repoName/" "./$repoName/"
+
+# Clean up: remove the temporary directory
 rm -rf "$tmpdir"
 
-echo "Repository '$repoName' has been synced into '$DST'."
+echo "Repository '$repoName' has been updated."
+echo "Note: Volume mounts (node_modules, .pnpm-store, .venv) were preserved."
diff --git a/.github/actions/install_deps/action.yml b/.github/actions/install_deps/action.yml
@@ -58,13 +58,13 @@ runs:
 
     - name: Setup python
       if: ${{ inputs.python-version != 'notUsing' }}
-      uses: actions/setup-python@v6.0.0
+      uses: actions/setup-python@v6.1.0
       with:
         python-version: ${{ env.PYTHON_VERSION }}
 
     - name: Setup node
       if: ${{ inputs.node-version != 'notUsing' }}
-      uses: actions/setup-node@v6.0.0
+      uses: actions/setup-node@v6.1.0
       with:
         node-version: ${{ inputs.node-version }}
 
@@ -75,7 +75,7 @@ runs:
 
     - name: OIDC Auth for CodeArtifact
       if: ${{ inputs.code-artifact-auth-role-name != 'no-code-artifact' }}
-      uses: aws-actions/configure-aws-credentials@v5.1.0
+      uses: aws-actions/configure-aws-credentials@v5.1.1
       with:
         role-to-assume: arn:aws:iam::${{ inputs.code-artifact-auth-role-account-id }}:role/${{ inputs.code-artifact-auth-role-name }}
         aws-region: ${{ inputs.code-artifact-auth-region }}

diff --git a/.github/actions/update-devcontainer-hash/action.yml b/.github/actions/update-devcontainer-hash/action.yml
@@ -27,7 +27,7 @@ runs:
       shell: bash
 
     - name: Checkout code
-      uses: actions/checkout@v5.0.0
+      uses: actions/checkout@v6.0.1
       with:
         persist-credentials: true
         fetch-depth: 1

diff --git a/.github/reusable_workflows/build-docker-image.yaml b/.github/reusable_workflows/build-docker-image.yaml
@@ -66,13 +66,13 @@ jobs:
         shell: bash
 
       - name: Checkout code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           persist-credentials: false
 
       - name: OIDC Auth for ECR
         if: ${{ inputs.push-role-name != 'no-push' }}
-        uses: aws-actions/configure-aws-credentials@v5.1.0
+        uses: aws-actions/configure-aws-credentials@v5.1.1
         with:
           role-to-assume: arn:aws:iam::${{ steps.parse_ecr_url.outputs.aws_account_id }}:role/${{ inputs.push-role-name }}
           aws-region: ${{ steps.parse_ecr_url.outputs.aws_region }}

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -20,7 +20,8 @@ jobs:
       contents: write # needed for updating dependabot branches
 
   pre-commit:
-    needs: [ get-values ]
+    needs:
+      - get-values
     uses: ./.github/workflows/pre-commit.yaml
     permissions:
       contents: write # needed for mutex
@@ -29,7 +30,8 @@ jobs:
       python-version: 3.12.7
 
   lint-matrix:
-    needs: [ pre-commit ]
+    needs:
+      - pre-commit
     strategy:
       matrix:
         os:
@@ -54,7 +56,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           persist-credentials: false
 
@@ -111,7 +113,7 @@ jobs:
         timeout-minutes: 8  # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
-        uses: actions/cache@v4.2.4
+        uses: actions/cache@v4.3.0
         env:
           cache-name: cache-pre-commit-hooks
         with:
@@ -123,7 +125,13 @@ jobs:
       - name: Run pre-commit
         run: |
           # skip devcontainer context hash because the template instantiation may make it different every time
-          SKIP=git-dirty,compute-devcontainer-context-hash pre-commit run -a
+          SKIP=git-dirty,compute-devcontainer-context-hash pre-commit run -a || PRE_COMMIT_EXIT_CODE=$?
+          if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then
+            echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE"
+            echo "Showing git diff:"
+            git --no-pager diff
+            exit $PRE_COMMIT_EXIT_CODE
+          fi
 
       - name: Upload pre-commit log if failure
         if: ${{ failure() }}
@@ -135,7 +143,9 @@ jobs:
   required-check:
     runs-on: ubuntu-24.04
     timeout-minutes: 2
-    needs: [ lint-matrix, get-values ]
+    needs:
+      - lint-matrix
+      - get-values
     permissions:
       statuses: write # needed for updating status on Dependabot PRs
     if: always()

diff --git a/.github/workflows/get-values.yaml b/.github/workflows/get-values.yaml
@@ -9,6 +9,9 @@ on:
       dependabot-commit-created:
         description: whether or not a commit was created on a dependabot branch
         value: ${{ jobs.get-values.outputs.dependabot-commit-created }}
+      pr-short-num:
+        description: the last two digits of the PR number (to be used for fixed width naming, like Pulumi stacks)
+        value: ${{ jobs.get-values.outputs.pr-short-num }}
 
 env:
   PYTHONUNBUFFERED: True
@@ -32,7 +35,7 @@ jobs:
           JSON
 
       - name: Checkout code
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           persist-credentials: false
 

diff --git a/.github/workflows/hash_git_files.py b/.github/workflows/hash_git_files.py
@@ -65,19 +65,16 @@ def compute_adler32(repo_path: Path, files: list[str]) -> int:
                     if not chunk:
                         break
                     checksum = zlib.adler32(chunk, checksum)
-        except Exception as e:
-            if "[Errno 21] Is a directory" in str(e):
-                # Ignore symlinks that on windows sometimes get confused as being directories
-                continue
-            print(f"Error reading file {file}: {e}", file=sys.stderr)  # noqa: T201 # this just runs as a simple script, so using print instead of log
-            raise
+        except IsADirectoryError:
+            # Ignore symlinks that on windows sometimes get confused as being directories
+            continue
 
     return checksum
 
 
 def find_devcontainer_hash_line(lines: list[str]) -> tuple[int, str | None]:
     """Find the line index and current hash in the devcontainer.json file."""
-    for i in range(len(lines) - 1, -1, -1):
+    for i in reversed(range(len(lines))):
         if lines[i].strip() == "}":
             # Check the line above it
             if i > 0:

diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
@@ -33,14 +33,14 @@ jobs:
     steps:
       - name: Checkout code during push
         if: ${{ github.event_name == 'push' }}
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           ref: ${{ github.ref_name }} # explicitly get the head of the branch, which will include any new commits pushed if this is a dependabot branch
           persist-credentials: false
 
       - name: Checkout code not during push
         if: ${{ github.event_name != 'push' }}
-        uses: actions/checkout@v5.0.0
+        uses: actions/checkout@v6.0.1
         with:
           persist-credentials: false
 
@@ -59,7 +59,7 @@ jobs:
         timeout-minutes: 8  # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
-        uses: actions/cache@v4.2.4
+        uses: actions/cache@v4.3.0
         env:
           cache-name: cache-pre-commit-hooks
         with:
@@ -69,4 +69,11 @@ jobs:
             ubuntu-24.04-py${{ inputs.python-version }}-node-${{ inputs.node-version}}-${{ env.cache-name }}-
 
       - name: Run pre-commit
-        run:  pre-commit run -a
+        run: |
+          pre-commit run -a || PRE_COMMIT_EXIT_CODE=$?
+          if [ -n "$PRE_COMMIT_EXIT_CODE" ]; then
+            echo "Pre-commit failed with exit code $PRE_COMMIT_EXIT_CODE"
+            echo "Showing git diff:"
+            git --no-pager diff
+            exit $PRE_COMMIT_EXIT_CODE
+          fi
diff --git a/.github/workflows/tag-on-merge.yaml b/.github/workflows/tag-on-merge.yaml
@@ -14,7 +14,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v5.0.0
+      - uses: actions/checkout@v6.0.1
         with:
           ref: ${{ github.event.pull_request.merge_commit_sha }}
           fetch-depth: '0'

diff --git a/.gitignore b/.gitignore
@@ -77,7 +77,6 @@ dist
 **/logs/*.log.*
 
 # macOS dev cleanliness
-*.DS_Store
-.DS_Store
+**/.DS_Store
 
 # Ignores specific to this repository