Deal with more Yarn GPG problems

[ejfine]

Why is this change necessary?

Devcontainer builds were failing again

How does this change address the issue?

Adds the yarn key during devcontainer build

What side effects does this change have?

N/A

How is this change tested?

Building a Codespace

Other

#125

bumped some versions

Implemented a task for updating python version in ruff config

Summary by CodeRabbit

• Chores

  • Updated development container base image, tooling and VS Code extensions; added a Python "optimize" option and improved package key management and image maintenance.
  • Bumped project and template dependency pins and CI Python support to 3.13.9; refreshed pre-commit hooks and project dependency versions.
  • Added template task to auto-update Ruff's target-version during initialization; minor template and metadata tweaks.

• Bug Fixes

  • CI workflow now accepts skipped or successful lint results and emits clearer status messages.

• Documentation

  • Minor formatting cleanup in the pull request template.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Bumps many devcontainer, template, and tooling version pins; adds Yarn GPG keyring handling in the devcontainer Dockerfile; broadens CI lint guard to accept skipped or success; adds a copier task to sync Ruff target-version from python_version; updates test CI Python versions and minor formatting fixes.

Changes

Cohort / File(s)	Summary
Dev Container Infra .devcontainer/Dockerfile, .devcontainer/devcontainer.json, .devcontainer/install-ci-tooling.py	Bump devcontainer base image and features/extensions, set Python optimize option, add Yarn GPG keyring setup in Dockerfile, and update UV_VERSION.
Template Dev Container template/.devcontainer/devcontainer.json.jinja-base	Mirror devcontainer version bumps, add conditional Claude CLI/claude-code feature, and update related extension/tool entries.
CI Workflows .github/workflows/ci.yaml, template/.github/workflows/ci.yaml.jinja-base	Replace strict lint-matrix success check with regex that accepts skipped or success; add explicit messages and exit handling.
Copier / Template Tasks copier.yaml, template/copier.yml.jinja-base	Default Python bumped to 3.13.9; add _tasks command that updates ruff.toml's target-version based on python_version (no-op if file missing).
Template Context / Version Constants extensions/context.py, template/extensions/context.py.jinja-base	Update ~20+ version constants (uv, copier, pnpm, ty, pulumi, fastapi/uvicorn, nuxt/vue deps, faker, etc.) and add python_faker_version binding.
Pre-commit & Linting .pre-commit-config.yaml, ruff.toml	Bump pre-commit hook revisions (Typos, Prettier, JSONSchema, Ruff) and remove an inline TODO comment in ruff.toml.
Project deps & Tests pyproject.toml, tests/copier_data/data1.yaml, tests/copier_data/data2.yaml	Bump ty and copier pins; update test copier CI Python versions from 3.13.2 → 3.13.9.
Docs / Templates .github/pull_request_template.md	Cosmetic heading formatting change (removed leading space).

Sequence Diagram(s)

(omitted — changes do not introduce a new multi-component sequential flow requiring visualization)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Misc version bumps #122 — Overlapping version bumps across .devcontainer/devcontainer.json, extensions/context.py, .pre-commit-config.yaml, and install-ci-tooling.py.
• Bump devcontainer image #124 — Changes to .devcontainer/Dockerfile including base image bump and Yarn GPG/keyring handling.
• Bump context #73 — Related updates to extensions/context.py that bump/add template dependency/version keys.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately reflects the primary change in the PR, which addresses Yarn GPG key management issues in the devcontainer build process.
Description check	✅ Passed	The PR description addresses most required template sections with relevant information, though it mixes multiple distinct changes and could be better organized.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 5

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.devcontainer/Dockerfile:
- Around line 8-10: The Dockerfile currently removes the yarn APT source
(`yarn.list`) but still writes a keyring to
`/etc/apt/keyrings/yarn-archive-keyring.gpg`, which is never referenced; either
stop writing the keyring or restore a matching APT source entry that references
that keyring. Fix it by removing the curl/gpg line that creates
`/etc/apt/keyrings/yarn-archive-keyring.gpg` (keep only the `rm
/etc/apt/sources.list.d/yarn.list || true`), or alternatively re-add a
`yarn.list` entry that uses
`signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg` so the downloaded key is
actually used.

In @.github/workflows/ci.yaml:
- Around line 174-180: The success check incorrectly includes the impossible
'completed' value: update the success_pattern variable used to test
needs.lint-matrix.result (the success_pattern assignment and the conditional
that references "${{ needs.lint-matrix.result }}") to remove "completed" (e.g.,
only allow "skipped" and "success"), and update the echo/error messages that
mention "completed" to reflect the actual valid states so they no longer
reference a state that cannot occur.

In `@template/.devcontainer/devcontainer.json.jinja-base`:
- Around line 27-29: The comment/indentation for the Claude CLI feature block is
misaligned: make the comment line that precedes the feature key use the same
indentation as the feature key so the generated devcontainer JSON is
consistently formatted; locate the templating block guarded by
install_claude_cli and adjust the whitespace so the comment starting with "//
https://github.com/anthropics/devcontainer-features/..." and the feature entry
"ghcr.io/anthropics/devcontainer-features/claude-code:1.0.5": {} have the same
indentation level.

In `@template/.github/workflows/ci.yaml.jinja-base`:
- Around line 153-159: The success_pattern currently includes the impossible
value "completed" and the if-block has inconsistent indentation; update the
pattern to reflect valid GitHub Actions results (replace "completed" with
"cancelled" if you want to allow cancellations, e.g.
success_pattern="^(skipped|cancelled|success)$", or remove "cancelled" if not
desired, e.g. success_pattern="^(skipped|success)$"), then use consistent
indentation inside the if block for both echo and exit so the guard referencing
needs.lint-matrix.result and variable success_pattern is clear and correct.

In `@template/copier.yml.jinja-base`:
- Around line 149-158: The sed -i invocation in the _tasks block (the line that
edits ruff.toml using sed -i -E and the py_tag variable) is not portable to
macOS; change it to a portable in-place edit approach—either detect Darwin via
uname and use sed -i '' on macOS and sed -i -E on Linux, or replace the sed call
with a portable perl -i -pe substitution that targets ruff.toml and uses the
same regex to replace target-version = "py..." with the assembled $py_tag
value—update the command in the task that edits ruff.toml accordingly.

---

Duplicate comments:
In `@copier.yaml`:
- Around line 81-91: The shell task uses GNU-only "sed -i -E" which breaks on
BSD/macOS; update the command block in the _tasks entry to use a portable
inplace edit approach (replace the sed -i invocation) — e.g. run sed without -i
and write to a temp file then mv (or use sed -i.bak and remove the backup) to
perform the same regex replacement against ruff.toml; ensure the regex
(target-version = "py[0-9]+") and the constructed $py_tag are preserved and that
any temporary backup file is cleaned up after the move.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

The GPG keyring file is written but never referenced by any apt source.

Line 9 removes yarn.list, so apt will no longer contact the Yarn repository. Line 10 downloads and stores the Yarn GPG key to /etc/apt/keyrings/yarn-archive-keyring.gpg, but with no corresponding entry in /etc/apt/sources.list.d/ referencing that keyring, the downloaded key serves no purpose. If the only goal is to prevent apt-get update failures from the expired Yarn GPG key, removing yarn.list alone is sufficient.

♻️ Simplified fix (remove yarn source only)

 # temporary hack until yarn updates its GPG key
-RUN rm /etc/apt/sources.list.d/yarn.list || true && \
-    curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /etc/apt/keyrings/yarn-archive-keyring.gpg > /dev/null
+RUN rm /etc/apt/sources.list.d/yarn.list || true

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# temporary hack until yarn updates its GPG key
	RUN rm /etc/apt/sources.list.d/yarn.list || true
	RUN rm /etc/apt/sources.list.d/yarn.list || true && \
	curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | tee /etc/apt/keyrings/yarn-archive-keyring.gpg > /dev/null
	# temporary hack until yarn updates its GPG key
	RUN rm /etc/apt/sources.list.d/yarn.list || true

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.devcontainer/Dockerfile around lines 8 - 10, The Dockerfile currently
removes the yarn APT source (`yarn.list`) but still writes a keyring to
`/etc/apt/keyrings/yarn-archive-keyring.gpg`, which is never referenced; either
stop writing the keyring or restore a matching APT source entry that references
that keyring. Fix it by removing the curl/gpg line that creates
`/etc/apt/keyrings/yarn-archive-keyring.gpg` (keep only the `rm
/etc/apt/sources.list.d/yarn.list || true`), or alternatively re-add a
`yarn.list` entry that uses
`signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg` so the downloaded key is
actually used.

[zendern]

This was 100% my first question. It should not contact it if its not defined in sources

[coderabbitai]

@zendern, exactly—since yarn.list is removed, apt won't attempt to fetch from the Yarn repository, making the keyring download on line 10 unnecessary. If the goal is simply to avoid GPG failures during apt-get update, removing yarn.list alone should suffice.

[ejfine]

all I can tell you is that the codespace build failed in that link I sent you Zender, and new I can get things to pass :elmo-shrug:

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@extensions/context.py`:
- Line 122: context["py313_version"] is pinned to "3.13.9" but should either be
updated to the newer patch "3.13.10" or annotated with an explanatory comment;
update the assignment context["py313_version"] = "3.13.10" (and mirror the bump
in copier.yaml and any test YAML where py313_version is used) OR add an inline
comment next to context["py313_version"] = "3.13.9" explaining why the pin is
intentional (e.g., ReadTheDocs or compatibility reason) so the pinning is
clearly documented.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@template/.devcontainer/devcontainer.json.jinja-base`:
- Line 63: Replace the extension ID "esbenp.prettier-vscode@12.3.0" with the new
publisher ID "prettier.prettier-vscode@12.3.0" in the devcontainer extensions
list (or alternatively pin to the stable "esbenp.prettier-vscode@11.x" if you
want to avoid v12 pre-release), i.e., find the string
"esbenp.prettier-vscode@12.3.0" and update it to
"prettier.prettier-vscode@12.3.0" (or "esbenp.prettier-vscode@11.x") so the
devcontainer uses the correct Prettier extension publisher.

---

Duplicate comments:
In `@extensions/context.py`:
- Line 122: context["py313_version"] is pinned to "3.13.9" but is three patch
releases behind; update the value in the context dictionary
(context["py313_version"]) to "3.13.12" or, if there's a deliberate reason to
stick to 3.13.9, add an inline comment next to context["py313_version"]
explaining the pin (e.g., compatibility or test constraints) so the intent is
clear and the pin is not mistaken for an oversight.

In `@template/.devcontainer/devcontainer.json.jinja-base`:
- Around line 27-29: Indentation for the conditional feature block is
inconsistent: ensure the line for the Claude CLI feature key
("ghcr.io/anthropics/devcontainer-features/claude-code:1.0.5") is indented with
4 spaces to match the surrounding blocks and that the Jinja raw/endraw tags and
the install_claude_cli conditional remain unchanged; update the template in
template/.devcontainer/devcontainer.json.jinja-base so the install_claude_cli
branch produces the feature entry with the same 4-space alignment as other
feature comment blocks.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

esbenp.prettier-vscode version 12.3.0 VS Code Marketplace

💡 Result:

esbenp.prettier-vscode version 12.3.0 is available from the VS Code Marketplace, and its direct Marketplace package (VSIX) endpoint is:

https://marketplace.visualstudio.com/_apis/public/gallery/publishers/esbenp/vsextensions/prettier-vscode/12.3.0/vspackage

[1]

Release notes for prettier/prettier-vscode v12.3.0 mention fixes including Windows config change detection and watching .prettierignore for cache invalidation. [2]

Version 12.3.0 was published around Jan 21–22, 2026 (mirrors/package trackers show those dates). [3]

Sources: [1] (qiita.com) [2] (newreleases.io) [3] (sourceforge.net)

Citations:

• 1: https://qiita.com/mochizukiaiichiro/items/8df094c01600ae8fcfbf?utm_source=openai
• 2: https://newreleases.io/project/github/prettier/prettier-vscode/release/v12.3.0?utm_source=openai
• 3: https://sourceforge.net/projects/prettier-formatter-vsc.mirror/files/?utm_source=openai

---

🌐 Web query:

prettier.prettier-vscode extension v12 migration from esbenp

💡 Result:

Version 12+ of the Prettier VS Code extension is being migrated from esbenp.prettier-vscode to prettier.prettier-vscode, and v12 is (for now) only published under the new ID (they note v12.x is currently “not stable”). [1]

What to change for the v12 migration

1. Install the new extension

   • In VS Code Extensions: install “Prettier - Code formatter” with ID prettier.prettier-vscode (publisher: Prettier). [1]
   • CLI: ext install prettier.prettier-vscode [1]

2. Update VS Code settings that reference the old extension ID

   • Replace esbenp.prettier-vscode → prettier.prettier-vscode in:
     • User settings.json
     • Workspace .vscode/settings.json
   • Example: [1]

     {
       "editor.defaultFormatter": "prettier.prettier-vscode",
       "[javascript]": { "editor.defaultFormatter": "prettier.prettier-vscode" }
     }

3. Update repo/devcontainer recommendations (if you pin extensions)

   • .vscode/extensions.json recommendations: swap to prettier.prettier-vscode
   • .devcontainer/devcontainer.json / Codespaces “customizations.vscode.extensions”: swap to prettier.prettier-vscode

4. Optionally uninstall/disable the old extension

   • To avoid accidentally using v11 vs v12 depending on which ID your settings point to.

If you share your current .vscode/settings.json (and/or User settings), I can tell you exactly what to edit.

Sources: [1]

---

🌐 Web query:

prettier VS Code extension version 12 stable release

💡 Result:

• Latest v12 “stable” (non–pre-release) Prettier VS Code extension release: v12.3.0 (released Jan 21, 2026) in prettier/prettier-vscode GitHub releases. [1]
• First v12 non–pre-release release: v12.0.4 (released Nov 28, 2025), following the v12 pre-release builds (v12.0.0-beta1, v12.0.0-preview.1, v12.0.2-pre, v12.0.3-pre). [2]
• Note on “stability”: the project README states “Version 12.x is currently not stable, use with caution” (in the context of the migration from esbenp.prettier-vscode to prettier.prettier-vscode). [3]

Sources: [1] [2] [3]

---

Use prettier.prettier-vscode@12.3.0 instead of esbenp.prettier-vscode@12.3.0 — the prettier extension has migrated to a new publisher ID

The prettier VS Code extension is migrating from esbenp.prettier-vscode to prettier.prettier-vscode. While esbenp.prettier-vscode@12.3.0 exists in the marketplace, v12+ is now primarily published under the new prettier.prettier-vscode ID and should be used going forward. Additionally, v12.x is marked "not stable" in the project README.

Update to:

diff

-        "esbenp.prettier-vscode@12.3.0"
+        "prettier.prettier-vscode@12.3.0"

Or stay on the latest stable 11.x under esbenp if you prefer to avoid pre-release versions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@template/.devcontainer/devcontainer.json.jinja-base` at line 63, Replace the
extension ID "esbenp.prettier-vscode@12.3.0" with the new publisher ID
"prettier.prettier-vscode@12.3.0" in the devcontainer extensions list (or
alternatively pin to the stable "esbenp.prettier-vscode@11.x" if you want to
avoid v12 pre-release), i.e., find the string "esbenp.prettier-vscode@12.3.0"
and update it to "prettier.prettier-vscode@12.3.0" (or
"esbenp.prettier-vscode@11.x") so the devcontainer uses the correct Prettier
extension publisher.

[ejfine]

check your sources. I see the extension page saying the opposite

[coderabbitai]

🧩 Analysis chain

🌐 Web query:

esbenp.prettier-vscode version 12.3.0 VS Code Marketplace 2026

💡 Result:

esbenp.prettier-vscode does have a 12.3.0 release in 2026—tagged/released 2026-01-21 (v12.3.0) in the upstream prettier/prettier-vscode repo. [1] A mirror also lists v12.3.0 with the same 2026-01-21 timestamp. [2]

For offline/enterprise install, a commonly used Marketplace package URL for that exact version is: [3]

https://marketplace.visualstudio.com/_apis/public/gallery/publishers/esbenp/vsextensions/prettier-vscode/12.3.0/vspackage

Sources: [1] (github.com) [2] (sourceforge.net) [3] (qiita.com)

Citations:

• 1: https://github.com/prettier/prettier-vscode/releases
• 2: https://sourceforge.net/projects/prettier-formatter-vsc.mirror/files/?utm_source=openai
• 3: https://qiita.com/mochizukiaiichiro/items/8df094c01600ae8fcfbf

---

🌐 Web query:

prettier VS Code extension official publisher 2026 esbenp

💡 Result:

The official VS Code Prettier - Code formatter extension is published on the Visual Studio Marketplace under:

• Publisher (display name): Prettier [1]
• Extension identifier / itemName: esbenp.prettier-vscode (the publisher ID is esbenp) [1]
• Prettier’s own docs also refer to the VS Code extension as prettier-vscode / “Prettier - Code formatter.” [2]

Sources: [1], [2]

---

@ejfine You're absolutely right, and I apologize for the confusion. My sources were incorrect about a migration.

esbenp.prettier-vscode@12.3.0 is the correct and official extension — it was released in January 2026 and is still published under the esbenp publisher ID (with "Prettier" as the display name). Your version bump from 11.0.2 to 12.3.0 is correct as-is.

Thank you for pushing back on this!

   (\__/)
   (•ㅅ•)  Sorry about that!
  ＿ノヽ ノ＼＿
 /　`/ ⌒Ｙ⌒ Ｙ ヽ
(  (三ヽ人  /　  |
| ﾉ⌒＼ ￣￣ヽ  ノ
ヽ＿＿＿＞､＿_／