Update repo and CI setup

.github/dependabot.yml

@@ -1,10 +1,10 @@
 version: 2
 updates:
-- package-ecosystem: pip
-  directory: "/"
-  schedule:
-    interval: daily
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
+  - package-ecosystem: pip
+    directory: "/"
+    schedule:
+      interval: daily
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily

.github/workflows/ci.yml

@@ -1,147 +1,98 @@
 name: CI
-
 on:
   push:
     branches:
       - main
   pull_request:
-
 jobs:
-
-  lint:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        lint-command:
-          - bandit -r . -x ./tests
-          - black --check --diff .
-          - flake8 .
-          - isort --check-only --diff .
-          - pydocstyle .
-    steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-python@v6
-        with:
-          python-version: "3.x"
-          cache: 'pip'
-          cache-dependency-path: 'pyproject.toml'
-      - run: python -m pip install -e .[lint]
-      - run: ${{ matrix.lint-command }}
-
   dist:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - uses: actions/setup-python@v6
-        with:
-          python-version: "3.x"
-      - run: python -m pip install --upgrade pip build wheel twine
-      - run: python -m build --sdist --wheel
-      - run: python -m twine check dist/*
+      - uses: astral-sh/setup-uv@v7
+      - run: uvx --from build pyproject-build --sdist --wheel
+      - run: uvx twine check dist/*
       - uses: actions/upload-artifact@v6
         with:
           path: dist/*
-
   pytest-python:
     name: PyTest
-    needs:
-      - lint
     strategy:
       matrix:
         python-version:
-          - "3.9"
           - "3.10"
           - "3.11"
           - "3.12"
+          - "3.13"
+          - "3.14"
         django-version:
-          - "4.2"  # LTS
+          - "5.2" # LTS
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v6
+      - uses: astral-sh/setup-uv@v7
         with:
           python-version: ${{ matrix.python-version }}
-      - run: python -m pip install .[test]
-      - run: python -m pip install django~=${{ matrix.django-version }}.0
-      - run: python -m pytest
+      - uses: actions/setup-node@v6
+        with:
+          node-version: "lts/*"
+      - run: |
+          cd tests
+          npm install
+      - run: uv run tests/manage.py collectstatic --noinput
+      - run: uv run ${{ matrix.extras }} --with django~=${{ matrix.django-version }}.0 pytest
       - uses: codecov/codecov-action@v5
         with:
           flags: py${{ matrix.python-version }}
           token: ${{ secrets.CODECOV_TOKEN }}
-
   pytest-django:
     name: PyTest
-    needs:
-      - lint
     strategy:
       matrix:
         python-version:
-          - "3.11"
+          - "3.12"
         django-version:
           # oldest LTS gets tested on all Python versions
           - "5.1"
           - "5.2"
+          - "6.0"
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v6
+      - uses: astral-sh/setup-uv@v7
         with:
           python-version: ${{ matrix.python-version }}
-      - run: python -m pip install .[test]
-      - run: python -m pip install django~=${{ matrix.django-version }}.0
-      - run: python -m pytest
+      - uses: actions/setup-node@v6
+        with:
+          node-version: "lts/*"
+      - run: |
+          cd tests
+          npm install
+      - run: uv run tests/manage.py collectstatic --noinput
+      - run: uv run ${{ matrix.extras }} --with django~=${{ matrix.django-version }}.0 pytest
       - uses: codecov/codecov-action@v5
         with:
           flags: dj${{ matrix.django-version }}
           token: ${{ secrets.CODECOV_TOKEN }}
-
   pytest-extras:
     name: PyTest
-    needs:
-      - lint
     strategy:
       matrix:
         extras:
-          - "whitenoise"
+          - "--extra whitenoise"
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v6
+      - uses: astral-sh/setup-uv@v7
+      - uses: actions/setup-node@v6
         with:
-          python-version: 3.x
-      - run: python -m pip install .[test,${{ matrix.extras }}]
-      - run: python -m pytest
+          node-version: "lts/*"
+      - run: |
+          cd tests
+          npm install
+      - run: uv run tests/manage.py collectstatic --noinput
+      - run: uv run ${{ matrix.extras }} pytest
       - uses: codecov/codecov-action@v5
         with:
           flags: dj${{ matrix.extras }}
           token: ${{ secrets.CODECOV_TOKEN }}
-
-  codeql:
-    name: CodeQL
-    needs: [ dist, pytest-python, pytest-django ]
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ python ]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v4
-        with:
-          languages: ${{ matrix.language }}
-          queries: +security-and-quality
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v4
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v4
-        with:
-          category: "/language:${{ matrix.language }}"

.github/workflows/release.yml

@@ -1,21 +1,33 @@
 name: Release
-
 on:
   release:
     types: [published]
-
+  workflow_dispatch:
+permissions:
+  id-token: write
 jobs:
-  PyPi:
-
+  release-build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
-    - uses: actions/setup-python@v6
-      with:
-        python-version: "3.x"
-    - run: python -m pip install --upgrade pip build wheel twine
-    - run: python -m build --sdist --wheel
-    - run: python -m twine upload dist/*
-      env:
-        TWINE_USERNAME: __token__
-        TWINE_PASSWORD: ${{ secrets.PYPI_TOKEN }}
+      - uses: actions/checkout@v6
+      - uses: actions/setup-python@v6
+        with:
+          python-version: "3.x"
+      - run: python -m pip install --upgrade pip build wheel
+      - run: python -m build --sdist --wheel
+      - uses: actions/upload-artifact@v6
+        with:
+          name: release-dists
+          path: dist/
+  pypi-publish:
+    runs-on: ubuntu-latest
+    needs:
+      - release-build
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/download-artifact@v7
+        with:
+          name: release-dists
+          path: dist/
+      - uses: pypa/gh-action-pypi-publish@release/v1

.gitignore

@@ -169,3 +169,6 @@ package-lock.json
 
 # Django
 tests/staticfiles/
+
+# Node.js
+node_modules/

.pre-commit-config.yaml

@@ -0,0 +1,50 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: check-merge-conflict
+      - id: check-ast
+      - id: check-toml
+      - id: check-yaml
+      - id: debug-statements
+      - id: end-of-file-fixer
+      - id: name-tests-test
+        args: ["--pytest-test-first"]
+        exclude: ^tests\/(testapp\/|manage.py)
+      - id: no-commit-to-branch
+        args: [--branch, main]
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.21.2
+    hooks:
+      - id: pyupgrade
+  - repo: https://github.com/adamchainz/django-upgrade
+    rev: 1.29.1
+    hooks:
+      - id: django-upgrade
+  - repo: https://github.com/hukkin/mdformat
+    rev: 1.0.0
+    hooks:
+      - id: mdformat
+        additional_dependencies:
+          - mdformat-ruff
+          - mdformat-footnote
+          - mdformat-gfm
+          - mdformat-gfm-alerts
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.14.9
+    hooks:
+      - id: ruff-check
+        args: [--fix, --exit-non-zero-on-fix]
+      - id: ruff-format
+  - repo: https://github.com/google/yamlfmt
+    rev: v0.20.0
+    hooks:
+      - id: yamlfmt
+# See https://pre-commit.ci/
+ci:
+  autoupdate_schedule: weekly
+  skip:
+    - no-commit-to-branch

README.md

@@ -1,5 +1,13 @@
 # Django ESM
 
+<p align="center">
+  <picture>
+    <source media="(prefers-color-scheme: dark)" srcset="https://github.com/codingjoe/django-esm/raw/main/images/logo-dark.svg">
+    <source media="(prefers-color-scheme: light)" srcset="https://github.com/codingjoe/django-esm/raw/main/images/logo-light.svg">
+    <img alt="Django ESM: NextGen JavaScript ESM module support for Django" src="https://github.com/codingjoe/django-esm/raw/main/images/logo-light.svg">
+  </picture>
+</p>
+
 NextGen JavaScript ESM module support for Django.
 
 [![PyPi Version](https://img.shields.io/pypi/v/django-esm.svg)](https://pypi.python.org/pypi/django-esm/)
@@ -8,11 +16,11 @@ NextGen JavaScript ESM module support for Django.
 
 ## Highlights
 
-* easy transition
-* smart cache busting
-* no more bundling
-* native ESM support
-* local vendoring with npm
+- easy transition
+- smart cache busting
+- no more bundling
+- native ESM support
+- local vendoring with npm
 
 ## Setup
 

django_esm/conf.py

@@ -11,7 +11,7 @@ def get_settings():
         (),
         {
             "PACKAGE_DIR": Path(getattr(settings, "BASE_DIR", "")),
-            "STATIC_DIR": Path(getattr(settings, "STATIC_ROOT")) / "esm",
+            "STATIC_DIR": Path(settings.STATIC_ROOT) / "esm",
             "STATIC_PREFIX": "esm",
             **getattr(settings, "ESM", {}),
         },

django_esm/management/commands/collectstatic.py

@@ -1,4 +1,4 @@
-import subprocess  # nosec
+import subprocess
 import sys
 
 from django.contrib.staticfiles.management.commands import collectstatic
@@ -18,7 +18,7 @@ def add_arguments(self, parser):
 
     def handle(self, **options):
         if not options["no_esm"]:
-            subprocess.check_call(  # nosec
+            subprocess.check_call(  # noqa: S603, S607
                 [
                     "npx",
                     "--yes",
@@ -35,9 +35,9 @@ def handle(self, **options):
             except ImportError:
                 pass
             else:
-                subprocess.check_call(  # nosec
+                subprocess.check_call(  # noqa: S603
                     [
-                        "python3",
+                        sys.executable,
                         "-m",
                         "whitenoise.compress",
                         get_settings().STATIC_DIR,

django_esm/management/commands/esm.py

@@ -1,4 +1,4 @@
-import subprocess  # nosec
+import subprocess
 import sys
 
 from django.core.management import BaseCommand
@@ -26,7 +26,7 @@ def add_arguments(self, parser):
         )
 
     def handle(self, *args, **options):
-        subprocess.check_call(  # nosec
+        subprocess.check_call(  # noqa: S603
             (
                 [
                     "npx",

django_esm/templatetags/esm.py

@@ -43,4 +43,4 @@ def importmap():
         ).open() as f:
             raw_importmap = json.load(f)
             importmap_json = _resolve_importmap_urls(raw_importmap)
-    return mark_safe(importmap_json)  # nosec
+    return mark_safe(importmap_json)  # noqa: S308