ci: Switch to using reusable workflows from tektronix/python-package-ci-cd

.github/CODEOWNERS

@@ -1,4 +1,7 @@
 # These owners will be the default owners for everything in
 # the repo. Unless a later match takes precedence they
 # will be requested for review when someone opens a pull request.
-# TODO: Update the list of owners
+*                            @tektronix/tm-data-types-maintainers
+
+# Protect the configuration files
+.github/                     @tektronix/tm-data-types-admins

.github/workflows/check-api-for-breaking-changes.yml

@@ -5,6 +5,6 @@ on:
     branches: [main]
 jobs:
   check-api-for-breaking-changes:
-    uses: tektronix/tm_devices/.github/workflows/check-api-for-breaking-changes.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-check-api-for-breaking-changes.yml@v1.0.0
     with:
       package-name: tm_data_types

.github/workflows/codeql-analysis.yml

@@ -8,8 +8,11 @@ on:
   schedule:
     - cron: 17 16 * * 4
 jobs:
-  codeql-analysis:
-    uses: tektronix/tm_devices/.github/workflows/codeql-analysis.yml@main
+  analyze:
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-codeql-analysis.yml@v1.0.0
+    with:
+      languages-array: '["python", "javascript"]'
+      codeql-queries: security-extended,security-and-quality
     permissions:
       actions: read
       contents: read

.github/workflows/dependency-review.yml

@@ -3,9 +3,15 @@ name: Pull Request Dependency Review
 on:
   pull_request:
     branches: [main]
+permissions:
+  contents: read
+  pull-requests: write
 jobs:
   dependency-review:
-    uses: tektronix/tm_devices/.github/workflows/dependency-review.yml@main
-    permissions:
-      contents: read
-      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/dependency-review-action@v4
+        with:
+          fail-on-severity: low
+          comment-summary-in-pr: on-failure

.github/workflows/enforce-community-standards.yml

@@ -0,0 +1,10 @@
+---
+name: Enforce Open Source Community Standards
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+jobs:
+  enforce-community-standards:
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-enforce-community-standards.yml@v1.0.0

.github/workflows/package-build.yml

@@ -6,11 +6,18 @@ on:
     tags: ['*']
   pull_request:
     branches: [main]
+# Cancel running jobs for the same workflow and branch.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 jobs:
   package-build:
-    uses: tektronix/tm_devices/.github/workflows/package-build.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-package-build.yml@v1.0.0
     with:
       package-name: tm_data_types
+      python-versions-array: '["3.8", "3.9", "3.10", "3.11", "3.12"]'  # when updating this, make sure to update all workflows that use this strategy
+      operating-systems-array: '["ubuntu", "windows", "macos"]'
     permissions:
+      contents: read
       id-token: write
       attestations: write

.github/workflows/package-release.yml

@@ -1,13 +1,13 @@
 ---
-name: Package Release
+name: Publish to GitHub & PyPI
 on:
   workflow_dispatch:
     inputs:
-      release_level:
+      release-level:
         type: choice
         required: true
         description: |
-          Select the release level,
+          Select the release level:
           patch for backward compatible minor changes and bug fixes,
           minor for backward compatible larger changes,
           major for non-backward compatible changes.
@@ -16,11 +16,23 @@ concurrency:
   group: pypi
 jobs:
   package-release:
-    uses: tektronix/tm_devices/.github/workflows/package-release.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-package-release.yml@v1.0.0
     with:
       package-name: tm_data_types
-      release_level: ${{ inputs.release_level }}
+      repo-name: tektronix/tm_data_types
+      commit-user-name: ${{ vars.TEK_OPENSOURCE_NAME }}
+      commit-user-email: ${{ vars.TEK_OPENSOURCE_EMAIL }}
+      release-level: ${{ inputs.release-level }}
+      build-and-publish-python-package: true
+      python-versions-array: '["3.8", "3.9", "3.10", "3.11", "3.12"]'  # when updating this, make sure to update all workflows that use this strategy
+      operating-systems-array: '["ubuntu", "windows", "macos"]'
+      previous-changelog-filepath: python_semantic_release_templates/.previous_changelog_for_template.md
+      previous-release-notes-filepath: python_semantic_release_templates/.previous_release_notes_for_template.md
     permissions:
-      id-token: write
       contents: write
-    secrets: inherit
+      id-token: write
+      attestations: write
+    secrets:
+      checkout-token: ${{ secrets.TEK_OPENSOURCE_TOKEN }}
+      ssh-signing-key-private: ${{ secrets.TEK_OPENSOURCE_SSH_SIGNING_KEY_PRIVATE }}
+      ssh-signing-key-public: ${{ secrets.TEK_OPENSOURCE_SSH_SIGNING_KEY_PUBLIC }}

.github/workflows/package-testpypi.yml

@@ -1,5 +1,4 @@
 ---
-# Upload to Test PyPI on every push to main
 name: Publish to TestPyPI
 on:
   push:
@@ -8,9 +7,11 @@ concurrency:
   group: pypi
 jobs:
   package-testpypi:
-    uses: tektronix/tm_devices/.github/workflows/package-testpypi.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-package-testpypi.yml@v1.0.0
     with:
       package-name: tm_data_types
+      repo-name: tektronix/tm_data_types
     permissions:
+      contents: read
       id-token: write
       attestations: write

.github/workflows/publish-api-comparison.yml

@@ -6,7 +6,7 @@ on:
     types: [completed]
 jobs:
   publish-api-comparison:
-    uses: tektronix/tm_devices/.github/workflows/publish-test-results.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-publish-api-comparison.yml@v1.0.0
     permissions:
       checks: write
       pull-requests: write

.github/workflows/publish-test-results.yml

@@ -6,7 +6,9 @@ on:
     types: [completed]
 jobs:
   publish-test-results:
-    uses: tektronix/tm_devices/.github/workflows/check-api-for-breaking-changes.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-publish-test-results.yml@v1.0.0
+    with:
+      operating-systems-array: '["ubuntu", "windows", "macos"]'
     permissions:
       checks: write
       pull-requests: write

.github/workflows/sbom-scan.yml

@@ -9,7 +9,7 @@ on:
     types: [published]
 jobs:
   sbom-scan:
-    uses: tektronix/tm_devices/.github/workflows/sbom-scan.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-sbom-scan.yml@v1.0.0
     permissions:
       security-events: write
       contents: write

.github/workflows/test-code.yml

@@ -5,13 +5,16 @@ on:
     branches: [main]
   pull_request:
     branches: [main]
-# Cancel running jobs for the same workflow and branch.
 concurrency:
-  group: ${{ github.workflow }}-caller-${{ github.ref }}
+  group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 jobs:
   test-code:
-    uses: tektronix/tm_devices/.github/workflows/test-code.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-test-code.yml@v1.0.0
     with:
-      repo-name: tm_data_types
-    secrets: inherit
+      repo-name: tektronix/tm_data_types
+      operating-systems-array: '["ubuntu", "windows", "macos"]'
+      python-versions-array: '["3.8", "3.9", "3.10", "3.11", "3.12"]'  # when updating this, make sure to update all workflows that use this strategy
+      upload-to-codecov: true
+    secrets:
+      codecov-token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/test-docs.yml

@@ -5,13 +5,13 @@ on:
     branches: [main]
   pull_request:
     branches: [main]
-# Cancel running jobs for the same workflow and branch.
 concurrency:
-  group: ${{ github.workflow }}-caller-${{ github.ref }}
+  group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 jobs:
   test-docs:
-    uses: tektronix/tm_devices/.github/workflows/test-docs.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-test-docs.yml@v1.0.0
     with:
       node-version: 20  # The node version needs to stay in sync with .readthedocs.yml
       python-version: '3.11'  # This needs to stay in sync with .readthedocs.yml and the tox config in pyproject.toml
+      tox-env-array: '["docs", "doctests"]'

.github/workflows/update-python-and-pre-commit-dependencies.yml

@@ -5,9 +5,18 @@ on:
     branches: [main]
 jobs:
   update-python-and-pre-commit-dependencies:
-    uses: tektronix/tm_devices/.github/workflows/update-python-and-pre-commit-dependencies.yml@main
+    uses: tektronix/python-package-ci-cd/.github/workflows/_reusable-update-python-and-pre-commit-dependencies.yml@v1.0.0
     with:
+      commit-user-name: ${{ vars.TEK_OPENSOURCE_NAME }}
+      commit-user-email: ${{ vars.TEK_OPENSOURCE_EMAIL }}
+      dependency-dict: '{"dev": ["pylint", "pyright"]}'
+      update-pre-commit: true
+      run-pre-commit: true
       pre-commit-hook-skip-list: pylint,pyright,pyright-verifytypes,pyroma,poetry-audit
+      export-dependency-groups: docs,tests
     permissions:
       contents: write
-    secrets: inherit
+    secrets:
+      checkout-token: ${{ secrets.TEK_OPENSOURCE_TOKEN }}
+      gpg-signing-key-private: ${{ secrets.TEK_OPENSOURCE_GPG_SIGNING_KEY_PRIVATE }}
+      gpg-signing-key-passphrase: ${{ secrets.TEK_OPENSOURCE_GPG_SIGNING_KEY_PASSPHRASE }}

.pre-commit-config.yaml

@@ -39,7 +39,7 @@ repos:
       - id: remove-tabs
       - id: forbid-tabs
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: e2dde74d0702d15f4f43e4f4fb93e301b4bc1e30  # frozen: 0.29.1
+    rev: 5c70e3d884fdbe99af42f2714a444e39f321498d  # frozen: 0.29.2
     hooks:
       - id: check-readthedocs
       - id: check-dependabot
@@ -59,7 +59,7 @@ repos:
         additional_dependencies: [black==24.4.2]  # This may need to be updated/removed in the future once ruff supports formatting python code blocks in markdown
         args: [--line-length=100]
   - repo: https://github.com/lyz-code/yamlfix
-    rev: 47039c9bf8039e81f092c9777a1bc8be32fb7870  # frozen: 1.16.0
+    rev: 8072181c0f2eab9f2dd8db2eb3b9556d7cd0bd74  # frozen: 1.17.0
     hooks:
       - id: yamlfix
 # TODO: get this working
@@ -139,7 +139,7 @@ repos:
         always_run: true
         args: [audit, --json, --ignore-code=CVE-2019-8341]
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: 718fbf5fa5fb8cbe6aeac32a863271695104cd5d  # frozen: v0.6.0
+    rev: 24d039e647a08707e6cb31e75e01844eeff925e7  # frozen: v0.6.2
     hooks:
       - id: ruff
         args: [--fix, --exit-non-zero-on-fix]

docs/advanced/writing_to_a_file.md

@@ -1,5 +1,5 @@
 write_file is a generic method which takes two arguments, the path to write to and the waveform
-to write. The method begins by utilizing a lookup table 
+to write. The method begins by utilizing a lookup table
 along with the waveform type to determine what type of behavior it will utilize to write.
 Following this, the waveform is formatted and written to the path specified.
 
@@ -10,7 +10,7 @@ distinct process for saving. The write process is identical to the standard writ
 
 This writing process is involved, and is distinctly different between each format and waveform type
 No transformations are done when saving to the .wfm format if the data is of the RawSample type.
-This done as the express purpose of this library is to save and load .wfm files as fast as possible. 
+This done as the express purpose of this library is to save and load .wfm files as fast as possible.
 However if the data type is Normalized, a transformed is performed, as .wfm files are required to contain
 digitized data with the spacing and offset being separate.
 
@@ -24,6 +24,6 @@ read_files_in_parallel handles the same way functionally as write_files_in_paral
 the two being what arguments are passed in and the queue of waveforms returned.
 
 Reading will reformat the waveform data to match what is required for the oscilloscope to display.
-Waveform files will all return the waveform in the RawSample format. This process takes some time 
+Waveform files will all return the waveform in the RawSample format. This process takes some time
 as the conversion utilizes mathematical transformations
-on the entire dataset, so the best way to utilize this library is to utilize the .wfm extension.
+on the entire dataset, so the best way to utilize this library is to utilize the .wfm extension.

pyproject.toml

@@ -68,7 +68,6 @@ scipy = [
 ]
 
 [tool.poetry.group.dev.dependencies]
-docformatter = {extras = ["tomli"], version = "1.7.5"}
 docutils = "^0.20"  # TODO: remove this when the minimum Python version is >=3.9
 docutils-stubs = "^0.0.22"
 matplotlib = [
@@ -85,22 +84,16 @@ pre-commit = [
   {python = ">=3.9", version = "^3.7"},
   {python = "3.8", version = "^3.5"}
 ]
-pyclean = "^3.0.0"
 pylint = "3.2.6"
 pyright = "1.1.377"
 pyroma = "^4.2"
-python-semantic-release = "^9.6.0"
-ruff = "0.6.1"
-toml-sort = "^0.23.0"
-tomli-w = "^1.0.0"
 tox = "^4.0"
 tox-gh-actions = "^3.1.0"
 twine = "^5.0.0"
 types-python-dateutil = "^2.9"
 types-pyyaml = "^6.0"
 types-requests = "^2.31"
 wheel = "^0.44"
-yamlfix = "^1.16.0"
 
 [tool.poetry.group.docs.dependencies]
 black = "^24.4.2"
@@ -131,7 +124,6 @@ pytest-env = "^1.1.3"
 pytest-github-report = "^0.0.1"
 pytest-html = "^4.1.1"
 pytest-order = "^1.2.1"
-tomli = "^2.0.1"
 
 [tool.poetry.urls]
 "Bug Tracker" = "https://github.com/tektronix/tm_data_types/issues"
@@ -311,9 +303,11 @@ install_command = python -I -m pip install --upgrade --upgrade-strategy=eager {o
 deps =
     poetry
 setenv =
-    PYRIGHT_PYTHON_GLOBAL_NODE = False  # This will cause python-pyright to use nodeenv to install node rather than use the system node
+    DOC_PYTHON_VERSION = python3.11  # Keep this in sync with .readthedocs.yml and any CI scripts
+    # Skip pre-commit checks that are not needed (yamlfix should be removed from this list once Python 3.8 support is dropped)
+    SKIP = file-contents-sorter,yamlfix
 commands_pre =
-    poetry install --no-root
+    poetry install --no-root --without=main
 commands =
     !tests: poetry build --output=dist_{envname}
     !tests: twine check --strict dist_{envname}/*
@@ -325,6 +319,12 @@ commands =
 basepython = python
 deps =
     -rtests/requirements.txt
+passenv =
+    pytest_report_title
+setenv =
+    pytest_github_report = true
+    pytest_use_blanks = true
+    GITHUB_STEP_SUMMARY = {tox_root}/.results_{envname}/github_report.md
 commands_pre =
 
 [testenv:docs]

python_semantic_release_templates/.release_notes.md.j2

@@ -1,7 +1,9 @@
 {%- import ".macros.j2" as macros %}
 
 {%- call(output) macros.populate_variables() %}
-    {%-  filter replace("Things to be included in the next release go here.", "# " + output[0] + " (" + output[1] + ")" + output[2])|replace("##", "#") %}
-        {%-  include ".previous_release_notes_for_template.md" %}
+    {%- filter replace("## Unreleased", "# " + output[0] + " (" + output[1] + ")" + output[2])|replace("##", "#") %}
+        {%- filter replace("Things to be included in the next release go here.\n\n", "") %}
+            {%- include ".previous_release_notes_for_template.md" %}
+        {%- endfilter %}
     {%- endfilter %}
 {% endcall %}

python_semantic_release_templates/CHANGELOG.md.j2

@@ -1,7 +1,9 @@
 {%- import ".macros.j2" as macros %}
 
 {%- call(output) macros.populate_variables() %}
-    {%-  filter replace("Things to be included in the next release go here.", "Things to be included in the next release go here.\n\n---\n\n## " + output[0] + " (" + output[1] + ")" + output[2]) %}
-        {%-  include ".previous_changelog_for_template.md" %}
+    {%- filter replace("## Unreleased", "## Unreleased\n\nThings to be included in the next release go here.\n\n---\n\n## " + output[0] + " (" + output[1] + ")" + output[2]) %}
+        {%- filter replace("Things to be included in the next release go here.\n\n", "") %}
+            {%- include ".previous_changelog_for_template.md" %}
+        {%- endfilter %}
     {%- endfilter %}
 {% endcall %}