Quantco · ivergara · Jan 29, 2024 · Jan 28, 2024 · ivergara · Jan 29, 2024
@@ -0,0 +1,7 @@
+# This file is managed by Copier; DO NOT EDIT OR REMOVE.
+_commit: v0.1.1
+_src_path: git@github.com:quantco/copier-template-pre-commit-mirrors
+description: Check for common security issues.
+entry: bandit
+tool: bandit
+url: https://github.com/PyCQA/bandit
@@ -3,7 +3,7 @@ updates:
   - package-ecosystem: github-actions
     directory: /
     schedule:
-      interval: weekly
+      interval: monthly
     reviewers:
       - quantco/ci
     groups:

@@ -1,8 +1,9 @@
 name: Autoupdate
+
 on:
  workflow_dispatch:
  schedule:
-   - cron: "0 */6 * * *"
+   - cron: "0 0 * * 0"
 
 defaults:
   run:
@@ -16,11 +17,10 @@ jobs:
     steps:
       - name: Checkout branch
         uses: actions/checkout@v4
-        with:
-          ref: ${{ github.head_ref }}
       - name: Set up Conda env
-        uses: mamba-org/provision-with-micromamba@3c96c0c27676490c63c18bc81f5c51895ac3e0e6
+        uses: mamba-org/setup-micromamba@e820223f89c8720d6c740ca154a7adf32fcd278a
         with:
+          environment-file: environment.yml
           environment-name: check-env
       - name: Find latest version
         id: versions
@@ -31,8 +31,8 @@ jobs:
           new_version=$(micromamba list -n check-env "$pkgname" --json | jq -r '.[0].version')
           if [[ "$new_version" != "$old_version" ]]; then
             sed -i "s/$old_version/$new_version/g" environment.yml
-            echo "pkgname=$pkgname" >> "$GITHUB_OUTPUT"
-            echo "new-version=$new_version" >> "$GITHUB_OUTPUT"
+            echo "pkgname=$pkgname" >> $GITHUB_OUTPUT
+            echo "new-version=$new_version" >> $GITHUB_OUTPUT
           fi
       - uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38
         if: steps.versions.outputs.pkgname

@@ -16,6 +16,7 @@ jobs:
         with:
           ref: ${{ github.head_ref }}
       - name: Set up Conda env
-        uses: mamba-org/provision-with-micromamba@3c96c0c27676490c63c18bc81f5c51895ac3e0e6
+        uses: mamba-org/setup-micromamba@e820223f89c8720d6c740ca154a7adf32fcd278a
         with:
+          environment-file: environment.yml
           environment-name: test-env
@@ -0,0 +1,17 @@
+name: Keep
+on:
+  schedule:
+    - cron: 0 6 * * SUN
+
+jobs:
+  keep-alive:
+    name: Alive
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: gautamkrishnar/keepalive-workflow@60b13c92aeda855e493b83aaf482c25da7e0043b
+        with:
+          commit_message: Ah ah ah, stayin' alive
+          committer_username: ForrestQuant
+          committer_email: forrestquant@users.noreply.github.com
+          time_elapsed: 50 # days
@@ -1,6 +1,6 @@
 - id: bandit-conda
   name: bandit-conda
+  description: Check for common security issues.
   entry: bandit
   language: conda
-  description: Check for common security issues.
-  'types': [python]
+  types: [python]
@@ -1,4 +1,4 @@
-Copyright 2022 QuantCo, Inc.
+Copyright 2024 QuantCo, Inc.
 
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 

@@ -1,17 +1,17 @@
-bandit(-conda) mirror
-========================
+# bandit mirror
 
 Mirror of bandit for pre-commit with conda as a language.
 
-* For pre-commit: see https://github.com/pre-commit/pre-commit
-* For bandit: see https://github.com/PyCQA/bandit
+For pre-commit: see [here](https://github.com/pre-commit/pre-commit)
 
-### Using bandit with pre-commit and conda:
+For ansible-lint: see [here](https://github.com/PyCQA/bandit)
+
+## Using bandit with pre-commit and conda:
 
 Add this to your `.pre-commit-config.yaml`
 
 ```yaml
- - repo: https://github.com/Quantco/pre-commit-mirrors-bandit
+ - repo: https://github.com/quantco/pre-commit-mirrors-bandit
    rev: ''  # Use the sha / tag you want to point at
    hooks:
      - id: bandit-conda

@@ -1,4 +1,5 @@
 channels:
   - conda-forge
+  - nodefaults
 dependencies:
   - bandit=1.7.7