From 99e849adff3f78ae75f55443a4cf1aa533f4cd17 Mon Sep 17 00:00:00 2001 From: Kyle Benesch <4b796c65+github@gmail.com> Date: Fri, 28 Nov 2025 14:03:58 -0800 Subject: [PATCH 01/12] Prepare 5.4.2 release --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 315869e..d95f21d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [5.4.2] - 2025-11-28 + ### Removed - Dropped support for Python 3.8 & 3.9. From 8cf25a242863b9df07c0700c9b502e96b00ef96d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 22:07:13 +0000 Subject: [PATCH 02/12] Bump the github-actions group with 2 updates Bumps the github-actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/upload-artifact` from 5 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) Updates `actions/download-artifact` from 6 to 7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v6...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/python-package.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index dd34d66..f057176 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -64,7 +64,7 @@ jobs: run: pip install build - name: Build package run: python -m build - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@v6 with: name: python-dist path: dist/* @@ -82,7 +82,7 @@ jobs: permissions: id-token: write steps: - - uses: actions/download-artifact@v6 + - uses: actions/download-artifact@v7 with: name: python-dist path: dist/ From 57c7027a94caee5b1e7fdd37276b58661895242d Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 5 Jan 2026 21:35:41 +0000 Subject: [PATCH 03/12] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/astral-sh/ruff-pre-commit: v0.14.6 → v0.14.10](https://github.com/astral-sh/ruff-pre-commit/compare/v0.14.6...v0.14.10) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index da481ac..55464e5 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,7 +17,7 @@ repos: - id: fix-byte-order-marker - id: detect-private-key - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.14.6 + rev: v0.14.10 hooks: - id: ruff-check args: [--fix, --exit-non-zero-on-fix] From 9913c439b334c40fc0a5cc9a98d8a7410b083b21 Mon Sep 17 00:00:00 2001 From: Kyle Benesch <4b796c65+github@gmail.com> Date: Wed, 14 Jan 2026 14:26:41 -0800 Subject: [PATCH 04/12] Remove sentinel-value dependency I did not like this how this library doesn't use pickle singletons I'll use classes for now since those can switch to something better later Typing-extensions can be used for `_raise` because that doesn't need to support pickle --- CHANGELOG.md | 4 ++++ pyproject.toml | 3 +-- tcod/ecs/constants.py | 17 +++++++++++++---- tcod/ecs/entity.py | 5 ++--- tests/test_ecs.py | 7 +++++++ 5 files changed, 27 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d95f21d..f7a77aa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Removed dependency on `sentinel-value`. + ## [5.4.2] - 2025-11-28 ### Removed diff --git a/pyproject.toml b/pyproject.toml index 0b84935..84cea06 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -21,8 +21,7 @@ requires-python = ">=3.10" dependencies = [ "attrs >=23.1.0", "cattrs >=23.1.2", - "sentinel-value >=1.0.0", - "typing-extensions >=4.13.1", + "typing-extensions >=4.14.0", ] [tool.setuptools_scm] diff --git a/tcod/ecs/constants.py b/tcod/ecs/constants.py index 6c7980d..adbd11c 100644 --- a/tcod/ecs/constants.py +++ b/tcod/ecs/constants.py @@ -2,9 +2,18 @@ from __future__ import annotations -from typing import Final -from sentinel_value import sentinel +class _IgnoreSetState(type): + def __setstate__(cls, _state: object) -> None: + """Ignore setstate on outdated sentinel-value pickle data.""" -IsA: Final = sentinel("IsA") -"""The default is-a relationship tag used for entity inheritance.""" + +class IsA(metaclass=_IgnoreSetState): + """The default is-a relationship tag used for entity inheritance.""" + + def __new__(cls: type[IsA], *_args: object) -> type[IsA]: # type: ignore[misc] + """Return own type instead of instance, for outdated sentinel-value pickle data.""" + return cls + + +_sentinel_IsA = IsA # Compatibility with sentinel-value, deprecated since 5.4 # noqa: N816 diff --git a/tcod/ecs/entity.py b/tcod/ecs/entity.py index 6013bee..3f5d1dc 100644 --- a/tcod/ecs/entity.py +++ b/tcod/ecs/entity.py @@ -14,8 +14,7 @@ from weakref import WeakKeyDictionary, WeakValueDictionary import attrs -from sentinel_value import sentinel -from typing_extensions import Self, TypeForm, deprecated +from typing_extensions import Self, Sentinel, TypeForm, deprecated import tcod.ecs.callbacks import tcod.ecs.query @@ -34,7 +33,7 @@ _T1 = TypeVar("_T1") _T2 = TypeVar("_T2") -_raise: Final = sentinel("_raise") +_raise: Final = Sentinel("_raise") _entity_table: WeakKeyDictionary[Registry, WeakValueDictionary[object, Entity]] = WeakKeyDictionary() """A weak table of registries and unique identifiers to entity objects. diff --git a/tests/test_ecs.py b/tests/test_ecs.py index a245f24..95c334c 100644 --- a/tests/test_ecs.py +++ b/tests/test_ecs.py @@ -301,3 +301,10 @@ def test_type_form() -> None: world[None].components[TupleKey] = (1, 2) x, y = world[None].components[TupleKey] assert (x, y) == (1, 2) + + +PICKLED_ISA = b"\x80\x03ctcod.ecs.constants\n_sentinel_IsA\nq\x00X\x12\x00\x00\x00tcod.ecs.constantsq\x01X\x03\x00\x00\x00IsAq\x02\x86q\x03\x81q\x04}q\x05(X\r\x00\x00\x00instance_nameq\x06h\x02X\x0b\x00\x00\x00module_nameq\x07h\x01X\x0e\x00\x00\x00qualified_nameq\x08X\x16\x00\x00\x00tcod.ecs.constants.IsAq\tub." # cspell: disable-line + + +def test_unpickle_is_a() -> None: + assert pickle.loads(PICKLED_ISA) is tcod.ecs.IsA # noqa: S301 From f2ee28b92ae677623f59fb2eabda7e3ab61c0ef8 Mon Sep 17 00:00:00 2001 From: Kyle Benesch <4b796c65+github@gmail.com> Date: Wed, 14 Jan 2026 14:40:18 -0800 Subject: [PATCH 05/12] Prepare 5.5.0 release --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7a77aa..4f14484 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [5.5.0] - 2026-01-14 + ### Changed - Removed dependency on `sentinel-value`. From 419e5dc2510818df70c31276afa0e5d6c86be540 Mon Sep 17 00:00:00 2001 From: Kyle Benesch <4b796c65+github@gmail.com> Date: Wed, 14 Jan 2026 15:07:09 -0800 Subject: [PATCH 06/12] Fix documentation Attempt to make sentinel workarounds look as nice as possible --- docs/api.rst | 2 +- tcod/ecs/constants.py | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/api.rst b/docs/api.rst index 5f6450b..d1e60e9 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -5,7 +5,7 @@ API reference :members: :undoc-members: :show-inheritance: - :exclude-members: Registry, World, Entity + :exclude-members: Registry, World, Entity, IsA .. automodule:: tcod.ecs.registry :members: diff --git a/tcod/ecs/constants.py b/tcod/ecs/constants.py index adbd11c..a7a122a 100644 --- a/tcod/ecs/constants.py +++ b/tcod/ecs/constants.py @@ -2,6 +2,8 @@ from __future__ import annotations +from typing_extensions import Never + class _IgnoreSetState(type): def __setstate__(cls, _state: object) -> None: @@ -11,9 +13,9 @@ def __setstate__(cls, _state: object) -> None: class IsA(metaclass=_IgnoreSetState): """The default is-a relationship tag used for entity inheritance.""" - def __new__(cls: type[IsA], *_args: object) -> type[IsA]: # type: ignore[misc] - """Return own type instead of instance, for outdated sentinel-value pickle data.""" - return cls + def __new__(cls: type[IsA], *_: object) -> Never: # noqa: D102 + # Return own type instead of instance, for outdated sentinel-value pickle data. + return cls # type: ignore[misc] _sentinel_IsA = IsA # Compatibility with sentinel-value, deprecated since 5.4 # noqa: N816 From 55d029877814c66f33de6c131a72d0f7b7bef6b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Mar 2026 23:04:47 +0000 Subject: [PATCH 07/12] Bump the github-actions group with 2 updates Bumps the github-actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...v7) Updates `actions/download-artifact` from 7 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v7...v8) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/python-package.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index f057176..ee781c8 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -64,7 +64,7 @@ jobs: run: pip install build - name: Build package run: python -m build - - uses: actions/upload-artifact@v6 + - uses: actions/upload-artifact@v7 with: name: python-dist path: dist/* @@ -82,7 +82,7 @@ jobs: permissions: id-token: write steps: - - uses: actions/download-artifact@v7 + - uses: actions/download-artifact@v8 with: name: python-dist path: dist/ From c5788a2fc3b062bf474024373bef4fda29e6aa98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Mar 2026 22:12:40 +0000 Subject: [PATCH 08/12] Bump codecov/codecov-action from 5 to 6 in the github-actions group Bumps the github-actions group with 1 update: [codecov/codecov-action](https://github.com/codecov/codecov-action). Updates `codecov/codecov-action` from 5 to 6 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5...v6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/python-package.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index ee781c8..d281493 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -52,7 +52,7 @@ jobs: - name: Run tests run: pytest --cov-report=xml - name: Upload coverage - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@v6 with: token: ${{ secrets.CODECOV_TOKEN }} From dc300c52f353e2a31bb88f8449e69b61503255a9 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 6 Apr 2026 22:05:29 +0000 Subject: [PATCH 09/12] [pre-commit.ci] pre-commit autoupdate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/astral-sh/ruff-pre-commit: v0.14.10 → v0.15.9](https://github.com/astral-sh/ruff-pre-commit/compare/v0.14.10...v0.15.9) --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 55464e5..0c6f16e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,7 +17,7 @@ repos: - id: fix-byte-order-marker - id: detect-private-key - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.14.10 + rev: v0.15.9 hooks: - id: ruff-check args: [--fix, --exit-non-zero-on-fix] From 2a5d957c687bc9a931c96b3d6649f3a3cf6fc05b Mon Sep 17 00:00:00 2001 From: Kyle Benesch <4b796c65+github@gmail.com> Date: Wed, 27 May 2026 19:15:59 -0700 Subject: [PATCH 10/12] Add Zizmor linter Apply fixes for new rules --- .github/dependabot.yml | 4 +++- .github/workflows/python-package.yml | 23 ++++++++++++++++++----- .github/zizmor.yaml | 9 +++++++++ .pre-commit-config.yaml | 6 +++++- .vscode/settings.json | 4 +++- 5 files changed, 38 insertions(+), 8 deletions(-) create mode 100644 .github/zizmor.yaml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index be006de..2b2eb8c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,8 @@ updates: groups: github-actions: patterns: - - "*" # Group all Actions updates into a single larger pull request + - "*" # Group all Actions updates into a single larger pull request schedule: interval: weekly + cooldown: + default-days: 7 diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index d281493..e873d39 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -16,17 +16,25 @@ defaults: run: shell: bash +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + jobs: pre-commit: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - uses: pre-commit/action@v3.0.1 mypy: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - uses: actions/setup-python@v6 - name: Install package run: pip install -e ".[test]" @@ -43,6 +51,8 @@ jobs: python-version: ["3.10", "3.11", "3.12", "3.13", "3.14", "3.15-dev"] steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - uses: actions/setup-python@v6 name: Setup Python ${{ matrix.python-version }} with: @@ -60,6 +70,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 + with: + persist-credentials: false - name: Install build run: pip install build - name: Build package @@ -80,7 +92,7 @@ jobs: name: pypi url: https://pypi.org/project/tcod-ecs/${{ github.ref_name }}/ permissions: - id-token: write + id-token: write # Attestation steps: - uses: actions/download-artifact@v8 with: @@ -93,14 +105,15 @@ jobs: name: Create Release runs-on: ubuntu-latest permissions: - contents: write + contents: write # Publish GitHub Releases steps: - name: Checkout code uses: actions/checkout@v6 + with: + persist-credentials: false - name: Generate body run: scripts/get_release_description.py | tee release_body.md - name: Create Release id: create_release - uses: ncipollo/release-action@v1 - with: - bodyFile: release_body.md + # https://cli.github.com/manual/gh_release_create + run: gh release create "${GITHUB_REF_NAME}" --verify-tag --notes-file release_body.md diff --git a/.github/zizmor.yaml b/.github/zizmor.yaml new file mode 100644 index 0000000..d9e822c --- /dev/null +++ b/.github/zizmor.yaml @@ -0,0 +1,9 @@ +rules: + anonymous-definition: + disable: true + cache-poisoning: + disable: true + excessive-permissions: + disable: true + unpinned-uses: + disable: true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0c6f16e..524851c 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,8 +17,12 @@ repos: - id: fix-byte-order-marker - id: detect-private-key - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.15.9 + rev: v0.15.14 hooks: - id: ruff-check args: [--fix, --exit-non-zero-on-fix] - id: ruff-format + - repo: https://github.com/zizmorcore/zizmor-pre-commit + rev: v1.25.2 + hooks: + - id: zizmor diff --git a/.vscode/settings.json b/.vscode/settings.json index 445fcc1..c0fdc09 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -12,6 +12,7 @@ "buildapi", "cattrs", "codecov", + "cooldown", "docstrings", "doctest", "doctests", @@ -60,7 +61,8 @@ "unstructure", "WASD", "WAXD", - "WINDOWLEAVE" + "WINDOWLEAVE", + "zizmor" ], "editor.codeActionsOnSave": { "source.fixAll": "always" From 8272dc7a5294eb14e6c7573ba14fbce480c7e484 Mon Sep 17 00:00:00 2001 From: Kyle Benesch <4b796c65+github@gmail.com> Date: Wed, 27 May 2026 19:20:50 -0700 Subject: [PATCH 11/12] Remove liskin/gh-problem-matcher-wrap The better aesthetics are not worth an extra dependency --- .github/workflows/python-package.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index e873d39..8262b4b 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -39,10 +39,7 @@ jobs: - name: Install package run: pip install -e ".[test]" - name: Mypy - uses: liskin/gh-problem-matcher-wrap@v3 - with: - linters: mypy - run: mypy --show-column-numbers + run: mypy --show-column-numbers test: runs-on: ubuntu-latest From dd8407449d0ec5e3f3f7a93979bce2d6f6f21869 Mon Sep 17 00:00:00 2001 From: Kyle Benesch <4b796c65+github@gmail.com> Date: Wed, 3 Jun 2026 20:50:12 -0700 Subject: [PATCH 12/12] Add missing token for GitHub CLI --- .github/workflows/python-package.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index 8262b4b..a91c4d8 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -114,3 +114,5 @@ jobs: id: create_release # https://cli.github.com/manual/gh_release_create run: gh release create "${GITHUB_REF_NAME}" --verify-tag --notes-file release_body.md + env: + GH_TOKEN: ${{ github.token }}