Copier update (CI Timeouts)

.coderabbit.yaml

@@ -0,0 +1,26 @@
+# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
+reviews:
+  profile: assertive
+  path_instructions:
+    - path: "**/vendor_files/**"
+      instructions: "These files came from a vendor and we're not allowed to change them. Refer to it if you need to understand how the main code interacts with it, but do not make comments about it."
+  tools:
+    eslint: # when the code contains typescript, eslint will be run by pre-commit, and coderabbit often generates false positives
+      enabled: false
+    ruff: # when the code contains python, ruff will be run by pre-commit, and coderabbit often generates false positives
+      enabled: false
+    pylint: # when the code contains python, pylint will be run by pre-commit, and coderabbit often generates false positives
+      enabled: false
+    flake8: # we use ruff instead (when we use Python)
+      enabled: false
+  poem: false
+  # the commit status is driven by our repository config and required checks, we don't want CodeRabbit messing with it
+  commit_status: false
+  auto_review:
+    # a main purpose of opening a draft PR might be to get CodeRabbit feedback early
+    drafts: true
+  finishing_touches:
+    docstrings:
+      enabled: false # if we wanted AI to generate docstrings, it would be via CLI, not in the GitHub interface
+    unit_tests:
+      enabled: false # Quis custodiet ipsos custodes? not something we want AI doing, especially not via the GitHub interface

.copier-answers.yml

@@ -1,11 +1,12 @@
 # Changes here will be overwritten by Copier
-_commit: v0.0.52
+_commit: v0.0.57
 _src_path: gh:LabAutomationAndScreening/copier-python-package-template.git
 create_docs: true
 description: Generating programs for Vialab to control an Integra Assist Plus liquid
     handling robot
 full_repo_url: https://github.com/LabAutomationAndScreening/pyalab
 install_aws_ssm_port_forwarding_plugin: false
+install_claude_cli: false
 is_frozen_executable: false
 is_open_source: true
 package_name: pyalab

.coveragerc

@@ -3,6 +3,11 @@ branch = True
 omit =
     # omit anything supplied by vendors
     */vendor_files/*
+    # omit any auto-generated API client code
+    */generated/open_api/*
+    # omit CircuitPython firmware
+    */firmware/code.py
+    */firmware/boot.py
 
 [report]
 # Regexes for lines to exclude from consideration

.devcontainer/devcontainer.json

@@ -3,10 +3,10 @@
   "service": "devcontainer",
   "workspaceFolder": "/workspaces/${localWorkspaceFolderBasename}",
   "features": {
-    "ghcr.io/devcontainers/features/aws-cli:1.1.1": {
+    "ghcr.io/devcontainers/features/aws-cli:1.1.2": {
       // https://github.com/devcontainers/features/blob/main/src/aws-cli/devcontainer-feature.json
       // view latest version https://raw.githubusercontent.com/aws/aws-cli/v2/CHANGELOG.rst
-      "version": "2.27.14"
+      "version": "2.31.11"
     },
     "ghcr.io/devcontainers/features/python:1.7.1": {
       // https://github.com/devcontainers/features/blob/main/src/python/devcontainer-feature.json
@@ -20,17 +20,18 @@
       // Add the IDs of extensions you want installed when the container is created.
       "extensions": [
         // basic tooling
-        "eamodio.gitlens@15.5.1",
+        // "eamodio.gitlens@15.5.1",
+        "coderabbit.coderabbit-vscode@0.16.0",
         "ms-vscode.live-server@0.5.2025051301",
         "MS-vsliveshare.vsliveshare@1.0.5905",
-        "github.copilot@1.366.1775",
-        "github.copilot-chat@0.31.2025090401",
+        "github.copilot@1.388.0",
+        "github.copilot-chat@0.34.2025112401",
 
         // Python
-        "ms-python.python@2025.13.2025090201",
-        "ms-python.vscode-pylance@2025.7.102",
+        "ms-python.python@2025.17.2025100201",
+        "ms-python.vscode-pylance@2025.8.3",
         "ms-vscode-remote.remote-containers@0.414.0",
-        "charliermarsh.ruff@2025.24.0",
+        "charliermarsh.ruff@2025.28.0",
 
         // Misc file formats
         "bierner.markdown-mermaid@1.28.0",
@@ -44,6 +45,7 @@
         "extensions.autoUpdate": false,
         "extensions.autoCheckUpdates": false,
         "livePreview.portNumber": 3025, // arbitrary not to conflict with default 3000 Nuxt port number
+        "github.copilot.nextEditSuggestions.allowWhitespaceOnlyChanges": false,
         "[python]": {
           "editor.formatOnSave": true,
           "editor.defaultFormatter": "charliermarsh.ruff"
@@ -61,5 +63,5 @@
   "initializeCommand": "sh .devcontainer/initialize-command.sh",
   "onCreateCommand": "sh .devcontainer/on-create-command.sh",
   "postStartCommand": "sh .devcontainer/post-start-command.sh"
-  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 9be2b25c # spellchecker:disable-line
+  // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 4a87b24b # spellchecker:disable-line
 }

.devcontainer/install-ci-tooling.py

@@ -7,11 +7,11 @@
 import tempfile
 from pathlib import Path
 
-UV_VERSION = "0.8.22"
-PNPM_VERSION = "10.17.1"
-COPIER_VERSION = "9.10.2"
+UV_VERSION = "0.9.11"
+PNPM_VERSION = "10.23.0"
+COPIER_VERSION = "9.11.0"
 COPIER_TEMPLATE_EXTENSIONS_VERSION = "0.3.3"
-PRE_COMMIT_VERSION = "4.3.0"
+PRE_COMMIT_VERSION = "4.5.0"
 GITHUB_WINDOWS_RUNNER_BIN_PATH = r"C:\Users\runneradmin\.local\bin"
 INSTALL_SSM_PLUGIN_BY_DEFAULT = False
 parser = argparse.ArgumentParser(description="Install CI tooling for the repo")
@@ -42,7 +42,7 @@ def main():
     args = parser.parse_args(sys.argv[1:])
     is_windows = platform.system() == "Windows"
     uv_env = dict(os.environ)
-    uv_env.update({"UV_PYTHON_PREFERENCE": "only-system", "UV_PYTHON": args.python_version})
+    uv_env.update({"UV_PYTHON": args.python_version, "UV_PYTHON_PREFERENCE": "only-system"})
     uv_path = ((GITHUB_WINDOWS_RUNNER_BIN_PATH + "\\") if is_windows else "") + "uv"
     if is_windows:
         pwsh = shutil.which("pwsh") or shutil.which("powershell")

.devcontainer/manual-setup-deps.py

@@ -11,12 +11,13 @@
 
 REPO_ROOT_DIR = Path(__file__).parent.parent.resolve()
 ENVS_CONFIG = REPO_ROOT_DIR / ".devcontainer" / "envs.json"
+UV_PYTHON_ALREADY_CONFIGURED = "UV_PYTHON" in os.environ
 parser = argparse.ArgumentParser(description="Manual setup for dependencies in the repo")
 _ = parser.add_argument(
     "--python-version",
     type=str,
-    default=f"{sys.version_info.major}.{sys.version_info.minor}.{sys.version_info.micro}",
-    help="What version to install.",
+    default=None,
+    help="What version to install. This will override anything in .python-version files. But if the UV_PYTHON envvar is set prior to starting the script, that will take precedence over everything.",
 )
 _ = parser.add_argument("--skip-check-lock", action="store_true", default=False, help="Skip the lock file check step")
 _ = parser.add_argument(
@@ -34,6 +35,15 @@
 _ = parser.add_argument(
     "--no-node", action="store_true", default=False, help="Do not process any environments using node package managers"
 )
+_ = parser.add_argument(
+    "--skip-updating-devcontainer-hash", action="store_true", default=False, help="Do not update the devcontainer hash"
+)
+_ = parser.add_argument(
+    "--allow-uv-to-install-python",
+    action="store_true",
+    default=False,
+    help="Allow uv to install new versions of Python on the fly. This is typically only needed when instantiating the copier template.",
+)
 
 
 class PackageManager(str, enum.Enum):
@@ -60,7 +70,8 @@ def main():
     args = parser.parse_args(sys.argv[1:])
     is_windows = platform.system() == "Windows"
     uv_env = dict(os.environ)
-    uv_env.update({"UV_PYTHON_PREFERENCE": "only-system", "UV_PYTHON": args.python_version})
+    if not args.allow_uv_to_install_python:
+        uv_env.update({"UV_PYTHON_PREFERENCE": "only-system"})
     generate_lock_file_only = args.only_create_lock
     check_lock_file = not (args.skip_check_lock or args.optionally_check_lock or generate_lock_file_only)
     if args.skip_check_lock and args.optionally_check_lock:
@@ -78,6 +89,17 @@ def main():
         if args.no_node and env.package_manager == PackageManager.PNPM:
             print(f"Skipping environment {env.path} as it uses a Node package manager and --no-node is set")
             continue
+        if env.package_manager == PackageManager.UV and not UV_PYTHON_ALREADY_CONFIGURED:
+            if args.python_version is not None:
+                uv_env.update({"UV_PYTHON": args.python_version})
+            else:
+                python_version_path = env.lock_file.parent / ".python-version"
+                python_version_path_in_repo_root = REPO_ROOT_DIR / ".python-version"
+                if python_version_path.exists():
+                    uv_env.update({"UV_PYTHON": python_version_path.read_text().strip()})
+                elif python_version_path_in_repo_root.exists():
+                    uv_env.update({"UV_PYTHON": python_version_path_in_repo_root.read_text().strip()})
+
         env_check_lock = check_lock_file
         if args.optionally_check_lock and env.lock_file.exists():
             env_check_lock = True
@@ -126,6 +148,16 @@ def main():
             )
         else:
             raise NotImplementedError(f"Package manager {env.package_manager} is not supported for installation")
+    if args.skip_updating_devcontainer_hash:
+        return
+    result = subprocess.run(  # update the devcontainer hash after changing lock files
+        [sys.executable, ".github/workflows/hash_git_files.py", ".", "--for-devcontainer-config-update", "--exit-zero"],
+        capture_output=True,
+        text=True,
+        check=True,
+        cwd=REPO_ROOT_DIR,
+    )
+    print(result.stdout)
 
 
 if __name__ == "__main__":

.github/actions/install_deps/action.yml

@@ -39,6 +39,11 @@ inputs:
     type: string
     description: What region should the role use?
     required: false
+  skip-updating-devcontainer-hash:
+    type: boolean
+    description: Whether to skip updating the hash when running manual-setup-deps.py
+    default: true
+    required: false
 
 
 runs:
@@ -59,7 +64,7 @@ runs:
 
     - name: Setup node
       if: ${{ inputs.node-version != 'notUsing' }}
-      uses: actions/setup-node@v5.0.0
+      uses: actions/setup-node@v6.0.0
       with:
         node-version: ${{ inputs.node-version }}
 
@@ -70,13 +75,13 @@ runs:
 
     - name: OIDC Auth for CodeArtifact
       if: ${{ inputs.code-artifact-auth-role-name != 'no-code-artifact' }}
-      uses: aws-actions/configure-aws-credentials@v5.0.0
+      uses: aws-actions/configure-aws-credentials@v5.1.0
       with:
         role-to-assume: arn:aws:iam::${{ inputs.code-artifact-auth-role-account-id }}:role/${{ inputs.code-artifact-auth-role-name }}
         aws-region: ${{ inputs.code-artifact-auth-region }}
 
     - name: Install dependencies
       # the funky syntax is github action ternary
       if: ${{ inputs.install-deps }}
-      run: python .devcontainer/manual-setup-deps.py ${{ inputs.python-version == 'notUsing' && '--no-python' || '' }} ${{ inputs.node-version == 'notUsing' && '--no-node' || '' }}
+      run: python .devcontainer/manual-setup-deps.py ${{ inputs.python-version == 'notUsing' && '--no-python' || '' }} ${{ inputs.node-version == 'notUsing' && '--no-node' || '' }} ${{ inputs.skip-updating-devcontainer-hash && '--skip-updating-devcontainer-hash' || '' }}
       shell: pwsh

.github/workflows/ci.yaml

@@ -49,6 +49,7 @@ jobs:
             JOB_MATCHING_DEV_ENV: true
 
     runs-on: ${{ matrix.os }}
+    timeout-minutes: 8
     env:
       UV_PYTHON: ${{ matrix.python-version }}
     steps:
@@ -92,6 +93,7 @@ jobs:
 
 
     runs-on: ubuntu-24.04
+    timeout-minutes: 8
     env:
       UV_PYTHON: ${{ matrix.python-version }}
 
@@ -118,6 +120,7 @@ jobs:
       - get-values
       - build-docs
     if: always()
+    timeout-minutes: 2
     steps:
       - name: fail if prior job failure
         if: needs.test.result != 'success' || needs.build-docs.result != 'success'

.github/workflows/get-values.yaml

@@ -19,6 +19,7 @@ permissions:
 jobs:
   get-values:
     runs-on: ubuntu-24.04
+    timeout-minutes: 2
     outputs:
       new-dependabot-sha: ${{ steps.update-hash.outputs.new-sha }}
       dependabot-commit-created: ${{ steps.update-hash.outputs.commit-created }}

.github/workflows/pre-commit.yaml

@@ -28,6 +28,7 @@ permissions:
 jobs:
   pre-commit:
     runs-on: ubuntu-24.04
+    timeout-minutes: 8
     name: Pre-commit
     steps:
       - name: Checkout code during push
@@ -55,7 +56,7 @@ jobs:
         uses: ben-z/gh-action-mutex@1ebad517141198e08d47cf72f3c0975316620a65 # v1.0.0-alpha.10
         with:
           branch: mutex-venv-ubuntu-24.04-py${{ inputs.python-version }}-nodejs-${{ inputs.node-version }}
-        timeout-minutes: 30 # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
+        timeout-minutes: 8  # this is the amount of time this action will wait to attempt to acquire the mutex lock before failing, e.g. if other jobs are queued up in front of it
 
       - name: Cache Pre-commit hooks
         uses: actions/cache@v4.2.4

.github/workflows/publish.yaml

@@ -19,6 +19,7 @@ permissions:
 jobs:
   get-values:
     name: Get Values
+    timeout-minutes: 2
     runs-on: ubuntu-24.04
     outputs:
       package-version: ${{ steps.extract-package-version.outputs.package_version }}
@@ -64,6 +65,7 @@ jobs:
             JOB_MATCHING_DEV_ENV: true
 
     runs-on: ${{ matrix.os }}
+    timeout-minutes: 8
     env:
       UV_PYTHON: ${{ matrix.python-version }}
 
@@ -81,6 +83,7 @@ jobs:
 
   build:
     needs: [ test ]
+    timeout-minutes: 8
     runs-on: ubuntu-24.04
 
     steps:
@@ -99,7 +102,7 @@ jobs:
           uv build --no-sources
 
       - name: Upload build package
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5.0.0
         with:
           name: python-package-distributions
           path: dist/
@@ -108,6 +111,7 @@ jobs:
 
   publish-to-staging:
     name: Publish Python distribution to Staging Package Registry
+    timeout-minutes: 8
     needs: [ build ]
     runs-on: ubuntu-24.04
     environment:
@@ -118,7 +122,7 @@ jobs:
       id-token: write
     steps:
       - name: Download all the dists
-        uses: actions/download-artifact@v5.0.0
+        uses: actions/download-artifact@v6.0.0
         with:
           name: python-package-distributions
           path: dist/
@@ -133,6 +137,7 @@ jobs:
 
   install-from-staging:
     name: Install package from staging registry
+    timeout-minutes: 8
     needs: [ publish-to-staging, get-values ]
     strategy:
       matrix:
@@ -222,6 +227,7 @@ jobs:
   create-tag:
     name: Create the git tag
     if: ${{ fromJSON(github.event.inputs.publish_to_primary) }}
+    timeout-minutes: 8
     needs: [ install-from-staging ]
     permissions:
       contents: write # needed to push the tag
@@ -242,6 +248,7 @@ jobs:
     name: Publish Python distribution to Primary Package Registry
     if: ${{ fromJSON(github.event.inputs.publish_to_primary) }}
     needs: [ create-tag ]
+    timeout-minutes: 8
     runs-on: ubuntu-24.04
     environment:
       name: pypi
@@ -251,7 +258,7 @@ jobs:
       id-token: write
     steps:
       - name: Download all the dists
-        uses: actions/download-artifact@v5.0.0
+        uses: actions/download-artifact@v6.0.0
         with:
           name: python-package-distributions
           path: dist/
@@ -282,6 +289,7 @@ jobs:
             JOB_MATCHING_DEV_ENV: true
 
     runs-on: ${{ matrix.os }}
+    timeout-minutes: 8
     env:
       UV_PYTHON: ${{ matrix.python-version }}
 

.gitignore

@@ -44,8 +44,6 @@ pytest.log
 tests/__coverage__
 test/__coverage__
 coverage-report-pytest
-.pytest_cache/
-.mypy_cache/
 .coverage
 .coverage.*
 coverage.xml