Copier update (CI Timeouts)

[ejfine]

Pull in upstream template changes, and add timeouts to this template CI

Summary by CodeRabbit

• Chores

  • Updated development tools, dependencies, and VS Code extensions to latest versions
  • Optimized CI/CD workflow timeouts for improved resource efficiency

• Documentation

  • Updated README badges to use secure HTTPS links

• Tests

  • Added CircuitPython firmware file exclusions to code coverage configuration

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR performs a coordinated update of development tooling versions, GitHub Actions workflow timeouts, and template metadata. It bumps versions for UV, PNPM, COPIER, PRE_COMMIT, pytest, and numerous dependencies, adds explicit timeout configurations across CI workflows, introduces new GitHub Actions timeout context variables, and updates dev container extensions.

Changes

Cohort / File(s)	Summary
Metadata and Documentation ".copier-answers.yml", "README.md"	.copier-answers.yml version bumped from v0.0.83 to v0.0.85; README badge link switched from http to https.
Development Tooling ".devcontainer/devcontainer.json", "template/.devcontainer/devcontainer.json.jinja"	CodeRabbit VS Code extension updated from 0.15.2 to 0.16.0; GitHub Copilot Chat extension updated from 0.33.2025102701 to 0.34.2025112401.
CI Tooling Installation ".devcontainer/install-ci-tooling.py"	Version constants updated: UV (0.9.7 → 0.9.11), PNPM (10.21.0 → 10.23.0), COPIER (9.10.3 → 9.11.0), PRE_COMMIT (4.3.0 → 4.5.0).
GitHub Actions Workflow Timeouts ".github/reusable_workflows/build-docker-image.yaml", ".github/workflows/ci.yaml", ".github/workflows/get-values.yaml", ".github/workflows/pre-commit.yaml", ".github/workflows/tag-on-merge.yaml"	Explicit timeout-minutes added to jobs: build job (15 min), lint/test/required-check jobs (2-8 min), pre-commit job (8 min), mutex lock (8 min).
Template GitHub Actions Workflows "template/.github/workflows/ci.yaml.jinja", "template/.github/workflows/get-values.yaml", "template/.github/workflows/pre-commit.yaml", "template/.github/workflows/{%\ if\ not\ is_frozen_executable\ %}publish.yaml{%\ endif\ %}.jinja"	Timeout configurations applied using new template context variables (gha_short_timeout_minutes, gha_medium_timeout_minutes); jobs include get-values, test, build, publish, and create-tag.
Context and Project Dependencies "extensions/context.py", "pyproject.toml"	Dependency versions bumped: pytest (9.0.0 → 9.0.1), copier (9.10.3 → 9.11.0); new context keys added (kiota_cli_version=1.29.0, GitHub Actions timeout constants); numerous other dependency versions incremented.
Coverage Configuration "template/.coveragerc"	Two CircuitPython firmware paths added to omit patterns: \*/firmware/code.py and \*/firmware/boot.py.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Key areas requiring attention:
  • Verify timeout values (2, 8, 15 minutes) are appropriate for each workflow job and consistent across base workflows and templates.
  • Confirm new GitHub Actions context timeout variables (gha_short_timeout_minutes=2, gha_medium_timeout_minutes=8, gha_long_timeout_minutes, gha_xlong_timeout_minutes) are correctly propagated to all template workflow jobs.
  • Validate version bumps for UV, PNPM, COPIER, and PRE_COMMIT do not introduce breaking changes or require additional configuration.
  • Check kiota_cli_version=1.29.0 availability and compatibility with the project.
  • Confirm CircuitPython firmware patterns in .coveragerc accurately exclude intended paths without over-matching.

Possibly related PRs

• Copier update (misc version bumps) #74: Overlapping changes to .devcontainer/devcontainer.json, .devcontainer/install-ci-tooling.py, extensions/context.py, and pyproject.toml with version bumps to the same tools.
• Copier update (fix repo init) #75: Same files modified (.copier-answers.yml, .devcontainer/*, extensions/context.py, pyproject.toml) with similar tool/dependency version updates and CI timeout adjustments.
• Copier update (misc version bumps) #56: Similar metadata updates to .copier-answers.yml and version bumps in extensions/context.py context entries.

Pre-merge checks

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description check	❓ Inconclusive	The description is minimal and lacks required template sections such as issue link, detailed reasoning, testing information, and side effects documentation.	Expand the description to follow the template structure, including issue context, detailed rationale for timeouts, testing approach, and potential side effects of the workflow changes.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main objective: updating Copier and adding CI timeouts, which aligns with the substantial changes across workflow files and dependency versions.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

template/.github/workflows/{% if not is_frozen_executable %}publish.yaml{% endif %}.jinja (1)

20-323: Timeouts are wired correctly across publish jobs; install-from- jobs may need a longer budget*

Wiring timeout-minutes through {{ gha_short_timeout_minutes }} / {{ gha_medium_timeout_minutes }} for the various publish jobs is clean and keeps this workflow aligned with the shared timeout policy.

One thing to watch: both install-from-staging and install-from-primary have bash loops that, in the worst case, can spend roughly 5 minutes polling the (Test)PyPI JSON API plus ~2 minutes of 10-second retry sleeps for pip install, before even running the final verification/import steps. With job-level "medium" currently set to 8 minutes (defined in extensions/context.py), these paths are very close to the cap and may be prematurely killed by the job timeout instead of failing via the scripted checks.

If you want to preserve the full retry behavior under adverse registry conditions, consider either:

• Using {{ gha_long_timeout_minutes }} (15 min) just for the install-from-staging / install-from-primary jobs, or
• Tightening the inner loop bounds so their worst-case runtime has more headroom under the 8-minute "medium" ceiling.

Everything else about the new timeouts in this file looks good.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 11d61cf and f8815df.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (17)

• .copier-answers.yml (1 hunks)
• .devcontainer/devcontainer.json (2 hunks)
• .devcontainer/install-ci-tooling.py (1 hunks)
• .github/reusable_workflows/build-docker-image.yaml (2 hunks)
• .github/workflows/ci.yaml (3 hunks)
• .github/workflows/get-values.yaml (1 hunks)
• .github/workflows/pre-commit.yaml (2 hunks)
• .github/workflows/tag-on-merge.yaml (1 hunks)
• README.md (1 hunks)
• extensions/context.py (4 hunks)
• pyproject.toml (1 hunks)
• template/.coveragerc (1 hunks)
• template/.devcontainer/devcontainer.json.jinja (1 hunks)
• template/.github/workflows/ci.yaml.jinja (4 hunks)
• template/.github/workflows/get-values.yaml (1 hunks)
• template/.github/workflows/pre-commit.yaml (2 hunks)
• template/.github/workflows/{% if not is_frozen_executable %}publish.yaml{% endif %}.jinja (8 hunks)

🔇 Additional comments (16)

.github/reusable_workflows/build-docker-image.yaml (1)

46-46: Approve timeout configuration; verify adequacy for Docker builds.

The timeout additions align well with the PR objective to improve CI hygiene. The mutex timeout of 8 minutes (line 98) is well-calibrated to prevent indefinite stalling without being overly restrictive. The inline comment explaining its purpose is helpful.

However, the overall job timeout of 15 minutes (line 46) combined with the conditional 8-minute mutex wait creates a relatively tight timeline for Docker build, ECR operations, and artifact uploads. Depending on typical image sizes and build complexity in this repository, the remaining ~7 minutes may be insufficient for larger builds.

Please verify that the 15-minute job timeout is adequate for typical Docker build scenarios in this codebase. Check:

1. Historical CI run times for this job (if available)
2. Expected Docker image build times
3. Whether any images frequently approach or exceed 7 minutes to build

If the verification reveals that Docker builds commonly exceed 5–10 minutes, consider increasing the job timeout to 20–25 minutes to account for the 8-minute mutex overhead.

Also applies to: 98-98

template/.coveragerc (1)

8-10: CircuitPython firmware omit patterns are consistent and correct

The new omit entries match the existing globbing style and will reliably exclude firmware/code.py and firmware/boot.py from coverage as intended.

.github/workflows/get-values.yaml (1)

22-22: Timeout setting is appropriate.

A 2-minute timeout is well-suited for this job's operations (checkout, context display, and optional PR number extraction), which are all lightweight and deterministic.

README.md (1)

5-5: LGTM!

The upgrade from HTTP to HTTPS is a security best practice and poses no functional risk to the badge.

template/.github/workflows/get-values.yaml (1)

22-22: Timeout setting is appropriate.

Consistent with the non-template workflow, a 2-minute timeout suits the lightweight operations in this job.

.github/workflows/tag-on-merge.yaml (1)

13-13: Timeout is appropriate for tagging operations.

A 2-minute timeout is suitable for checkout and tag creation. The mathieudutour tag action typically completes quickly unless GitHub API is experiencing delays.

template/.github/workflows/pre-commit.yaml (1)

31-31: Coordinated timeouts provide appropriate job and mutex constraints.

The 8-minute timeout accommodates pre-commit hook execution, and the matching mutex timeout prevents unnecessary waiting. The updated comment clarifies the mutex timeout semantics.

Also applies to: 59-59

.github/workflows/pre-commit.yaml (1)

31-31: Coordinated timeouts provide appropriate job and mutex constraints.

The 8-minute timeout accommodates pre-commit hook execution, and the matching mutex timeout prevents unnecessary waiting. The updated comment clarifies the mutex timeout semantics.

Also applies to: 59-59

.copier-answers.yml (1)

2-2: Metadata update is consistent with upstream template sync.

The _commit field correctly reflects the new template version as part of pulling in upstream changes (aligns with copier 9.11.0 in pyproject.toml).

.github/workflows/ci.yaml (2)

31-111: Lint-matrix job and mutex step timeouts look structurally correct; verify 8-minute budget against real runtimes

The job-level timeout-minutes: 8 and the mutex step’s timeout-minutes: 8 are correctly placed and align with the new “medium” timeout convention; they’ll prevent this matrix from hanging indefinitely while still bounding mutex wait time.

Since this job does copier instantiation, dependency setup, and a full pre-commit run, it’s worth double‑checking recent CI runs to ensure the slowest lint-matrix configurations comfortably fit within 8 minutes, including occasional contention on the mutex. If you see frequent near‑timeouts, consider moving this job to the “long” bucket instead of “medium”.

---

135-156: Short timeout on required-check is reasonable for this lightweight guard job

Adding timeout-minutes: 2 to required-check is consistent with treating this as a quick gate that either fails fast on upstream failures or posts a status via gh api. The steps are simple enough that 2 minutes should be ample, while preventing this job from hanging.

Just keep an eye on runs triggered by Dependabot or high-load periods to ensure the gh api call doesn’t occasionally bump into this 2‑minute cap.

.devcontainer/install-ci-tooling.py (1)

10-15: Tooling version bumps are consistent with context and usage

The new pins for UV_VERSION, PNPM_VERSION, COPIER_VERSION, and PRE_COMMIT_VERSION match how they’re consumed later in this script and line up with the context values used by the templates, so there’s no behavioral or structural concern here.

Please just confirm that these specific versions are available and behave as expected on the GitHub-hosted runners you target (especially UV’s installer URLs and PNPM’s global install), since that’s the only remaining external dependency risk.

extensions/context.py (1)

13-111: Context version and timeout updates are coherent and match template usage

The new and bumped context entries (tooling versions, gha_*_timeout_minutes, kiota_cli_version, and the py312/py313/py314 values) are internally consistent and align with how they’re referenced in the Jinja workflows and the install-ci-tooling script. Using centralized gha_*_timeout_minutes will make it much easier to tune CI timeouts across templates.

Since these are all pinned external versions, please confirm they’re in sync with pyproject.toml and any other consumer configs, and that they’re supported/stable on your target runners.

template/.github/workflows/ci.yaml.jinja (1)

33-161: Centralized timeouts for CI template jobs are well-structured; confirm “medium” fits your heaviest matrices

Hooking timeout-minutes for test, executable, and build-docs into {{ gha_medium_timeout_minutes }} and using {{ gha_short_timeout_minutes }} for required-check is a clean way to keep concrete workflows aligned with a single set of timeout policies.

Functionally this looks solid; just verify that your slowest test/doc/executable matrices (especially when Windows runners are enabled) reliably complete within the “medium” budget, and consider switching particular jobs to gha_long_timeout_minutes if you start to see spurious timeouts.

.devcontainer/devcontainer.json (1)

22-29: Devcontainer extension bumps and context hash update look consistent

Updating coderabbit.coderabbit-vscode and github.copilot-chat here, and refreshing the devcontainer context hash, keeps this concrete devcontainer in sync with the template version.

Structurally everything is fine; just verify that these specific extension versions are available in the Marketplace and behave as expected inside the container (especially given auto‑update is disabled), so users don’t get stuck on a broken pin.

Also applies to: 66-66

template/.devcontainer/devcontainer.json.jinja (1)

31-35: Template devcontainer extension versions are aligned and straightforward

The updated coderabbit.coderabbit-vscode and github.copilot-chat pins here match the concrete devcontainer config, so newly generated projects will get the same extension set.

No template issues spotted; please just confirm these versions are valid in the VS Code Marketplace and compatible with your current VS Code/Dev Containers versions.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

pytest 9.0.1 release notes PyPI

---

<web_search_result>
pytest 9.0.1 — released 2025-11-12.

Summary of changes (high-level):

• Bug fixes: restore support for raise unittest.SkipTest; disable terminal progress plugin on iTerm2; fix TOML type for verbosity in docs; fix UserWarning on some Python 3.12/3.13 point versions.
• Packaging note: tox/SETUPTOOLS_SCM version handling adjusted for the release process.
  (Full notes contain details and issue numbers.) [1][2]

Sources: PyPI release files and metadata; official changelog. [1][2]
</web_search_result>

---

copier 9.11.0 release notes PyPI breaking changes

---

<web_search_result>
Summary — Copier v9.11.0 (released 2025-11-20):

• Breaking change: drop support for Python 3.9 (users must run Python ≥3.10). (copier.readthedocs.io)

Citations:

• 1: https://copier.readthedocs.io/en/stable/changelog/?utm_source=openai
  </web_search_result>

---

Script executed:

cd /tmp && git clone --quiet https://github.com/CodeRabbit/review-comment-rewriter.git && cd review-comment-rewriter 2>/dev/null || true
cat -n pyproject.toml | head -50

Repository: LabAutomationAndScreening/copier-python-package-template

---

<shell_result>
Repository: LabAutomationAndScreening/copier-python-package-template
Exit code: 0

stderr:

warning: templates not found in /usr/share/git-core/templates
remote: Repository not found.
fatal: repository 'https://github.com/CodeRabbit/review-comment-rewriter.git/' not found
cat: pyproject.toml: No such file or directory

</shell_result>

---

Based on my verification, I found critical information about the version updates:

pytest 9.0.1 ✓ Safe to update

• Patch release (2025-11-12) with only bug fixes
• Restores unittest.SkipTest support, fixes terminal progress issues
• No breaking changes

copier 9.11.0 ⚠️ Contains breaking change

• Minor version bump (2025-11-20) drops Python 3.9 support (requires Python ≥3.10)
• This breaking change was not mentioned in the original review comment

---

Verify Python version compatibility before updating copier to 9.11.0.

The copier 9.11.0 update introduces a breaking change: drops Python 3.9 support, requiring Python ≥3.10. Confirm the project's Python version requirements support this constraint before merging. pytest 9.0.1 is safe (bug fixes only).

🤖 Prompt for AI Agents

In pyproject.toml around line 9, the review missed that upgrading copier to
9.11.0 drops Python 3.9 support; before changing copier, verify and reconcile
the project's Python requirement: check and update the project’s
"requires-python" / classifiers and CI matrix to >=3.10 if you want copier
9.11.0, or else keep/lock copier to the last 3.9-compatible release; pytest
9.0.1 is safe to update. Ensure CI, docs, and any runtime environments are
aligned with the chosen Python baseline before merging.