Merge branch 'main' of https://github.com/Ouranosinc/xclim into speed…

…-up-quantile

.flake8

@@ -6,9 +6,6 @@ exclude =
 	.eggs,
 	tests
 ignore =
-	AZ100,
-	AZ200,
-	AZ300,
 	C,
 	D,
 	E,

.github/workflows/add-to-project.yml

@@ -24,7 +24,15 @@ jobs:
           allowed-endpoints: >
             api.github.com:443
 
-      - uses: actions/add-to-project@9bfe908f2eaa7ba10340b31e314148fcfe6a2458 # v1.0.1
+      - name: Generate App Token
+        id: token_generator
+        uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2
+        with:
+          app-id: ${{ secrets.OURANOS_HELPER_BOT_ID }}
+          private-key: ${{ secrets.OURANOS_HELPER_BOT_KEY }}
+
+      - name: Add Issue to xclim Project
+        uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
         with:
           project-url: https://github.com/orgs/Ouranosinc/projects/6
-          github-token: ${{ secrets.ADD_TO_PROJECT_TOKEN }}
+          github-token: ${{ steps.token_generator.outputs.token }}

.github/workflows/bump-version.yml

@@ -9,6 +9,7 @@ on:
       - .github/*/*.md
       - .github/*/*.yml
       - CHANGES.rst
+      - CI/*.txt
       - Makefile
       - docs/*/*.ipynb
       - docs/*/*.py
@@ -19,7 +20,6 @@ on:
       - environment.yml
       - pylintrc
       - pyproject.toml
-      - requirements_upstream.txt
       - tox.ini
       - xclim/__init__.py
 
@@ -40,29 +40,37 @@ jobs:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
+            api.github.com:443
             files.pythonhosted.org:443
             github.com:443
             pypi.org:443
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Generate App Token
+        id: token_generator
+        uses: actions/create-github-app-token@ad38cffc07bac6e3857755914c4c88bfd2db4da4 # v1.10.2
         with:
-          persist-credentials: false
-      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+          app-id: ${{ secrets.OURANOS_HELPER_BOT_ID }}
+          private-key: ${{ secrets.OURANOS_HELPER_BOT_KEY }}
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          token: ${{ steps.token_generator.outputs.token }}
+      - name: Set up Python3
+        uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: "3.x"
       - name: Config Commit Bot
         run: |
-          git config --local user.email "bumpversion[bot]@ouranos.ca"
-          git config --local user.name "bumpversion[bot]"
+          git config --local user.email "ouranos-helper-[email protected]"
+          git config --local user.name "ouranos-helper-bot"
       - name: Current Version
         run: |
           CURRENT_VERSION="$(grep -E '__version__'  xclim/__init__.py | cut -d ' ' -f3)"
           echo "current_version=${CURRENT_VERSION}"
           echo "CURRENT_VERSION=${CURRENT_VERSION}" >> $GITHUB_ENV
-      - name: Install bump-my-version
+      - name: Install CI libraries
         run: |
-          python -m pip install bump-my-version==0.21.0
+          python -m pip install -r CI/requirements_ci.txt
       - name: Conditional Bump
-        id: bump
         run: |
           if [[ ${{ env.CURRENT_VERSION }} =~ -dev(\.\d+)? ]]; then
             echo "Development version (ends in 'dev(\.\d+)?'), bumping 'build' version"
@@ -75,8 +83,7 @@ jobs:
           echo "new_version=${NEW_VERSION}"
           echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV
       - name: Push Changes
-        uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df
+        uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0
         with:
           force: false
-          github_token: ${{ secrets.BUMP_VERSION_TOKEN }}
           branch: ${{ github.ref }}

.github/workflows/cache-cleaner.yml

@@ -22,7 +22,7 @@ jobs:
             github.com:443
             objects.githubusercontent.com:443
 
-      - name: Check out code
+      - name: Checkout Repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Cleanup

.github/workflows/codeql-analysis.yml → .github/workflows/codeql.yml

@@ -6,15 +6,15 @@ on:
       - main
     paths-ignore:
       - CHANGES.rst
+      - CI/*.txt
       - Makefile
       - pyproject.toml
-      - requirements_upstream.txt
       - tox.ini
       - xclim/__init__.py
-      - docs/**.ipynb
-      - docs/**.py
-      - docs/**.rst
-      - .github/**.yml
+      - docs/*/*.ipynb
+      - docs/*/*.py
+      - docs/*/*.rst
+      - .github/*/*.yml
       - .pre-commit-config.yaml
   schedule:
     - cron: '30 23 * * 5'
@@ -48,7 +48,7 @@ jobs:
             objects.githubusercontent.com:443
             pypi.org:443
             uploads.github.com:443
-      - name: Checkout repository
+      - name: Checkout Repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL

.github/workflows/dependency-review.yml

@@ -4,7 +4,7 @@
 #
 # Source repository: https://github.com/actions/dependency-review-action
 # Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
-name: 'Dependency Review'
+name: Dependency Review
 on:
   pull_request:
 
@@ -25,8 +25,8 @@ jobs:
             api.github.com:443
             github.com:443
 
-      - name: 'Checkout Repository'
+      - name: Checkout Repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
-      - name: 'Dependency Review'
+      - name: Dependency Review
         uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3

.github/workflows/first-pull-request.yml

@@ -24,7 +24,8 @@ jobs:
           allowed-endpoints: >
             api.github.com:443
 
-      - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
+      - name: Welcome New Contributor
+        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
         with:
           script: |
             // Get a list of all issues created by the PR opener

.github/workflows/label-on-approval.yml

@@ -62,14 +62,14 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443
-      - name: Find comment
+      - name: Find Comment
         uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0
         id: fc
         with:
           issue-number: ${{ github.event.pull_request.number }}
           comment-author: 'github-actions[bot]'
           body-includes: This Pull Request is coming from a fork and must be manually tagged `approved` in order to perform additional testing.
-      - name: Create comment
+      - name: Create Comment
         if: |
           (steps.fc.outputs.comment-id == '') &&
           (!contains(github.event.pull_request.labels.*.name, 'approved')) &&
@@ -82,7 +82,7 @@ jobs:
             > **Warning**
             > This Pull Request is coming from a fork and must be manually tagged `approved` in order to perform additional testing.
           edit-mode: replace
-      - name: Update comment
+      - name: Update Comment
         if: |
           contains(github.event.pull_request.labels.*.name, 'approved')
         uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0

.github/workflows/label.yml

@@ -36,6 +36,7 @@ jobs:
           allowed-endpoints: >
             api.github.com:443
 
-      - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
+      - name: Labeler
+        uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
         with:
           repo-token: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/main.yml

@@ -52,14 +52,15 @@ jobs:
             files.pythonhosted.org:443
             github.com:443
             pypi.org:443
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Python${{ matrix.python-version }}
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: ${{ matrix.python-version }}
-      - name: Install pip, pylint, and tox
+      - name: Install CI libraries
         run: |
-          python -m pip install flit==3.9 pip==24.0 pylint==3.1 tox==4.15
+          python -m pip install -r CI/requirements_ci.txt
       - name: Run pylint
         run: |
           python -m pylint --rcfile=.pylintrc.toml --disable=import-error --exit-zero xclim
@@ -91,14 +92,15 @@ jobs:
             github.com:443
             pypi.org:443
             raw.githubusercontent.com:443
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Python${{ matrix.python-version }}
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: ${{ matrix.python-version }}
-      - name: Install tox
+      - name: Install CI libraries
         run: |
-          python -m pip install flit==3.9 pip==24.0 tox==4.15
+          python -m pip install -r CI/requirements_ci.txt
       - name: Test with tox
         run: |
           python -m tox -e ${{ matrix.tox-env }}
@@ -179,9 +181,9 @@ jobs:
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: ${{ matrix.python-version }}
-      - name: Install tox
+      - name: Install CI libraries
         run: |
-          python -m pip install flit==3.9 pip==24.0 tox==4.15 tox-gh==1.3.1
+          python -m pip install -r CI/requirements_ci.txt
       - name: Test with tox
         run: |
           python -m tox -e ${{ matrix.tox-env }} -- ${{ matrix.markers }}
@@ -223,7 +225,8 @@ jobs:
             pypi.org:443
             raw.githubusercontent.com:443
             repo.anaconda.com:443
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Setup Conda (Micromamba) with Python${{ matrix.python-version }}
         uses: mamba-org/setup-micromamba@f8b8a1e23a26f60a44c853292711bacfd3eac822 # v1.9.0
         with:
@@ -277,9 +280,16 @@ jobs:
     runs-on: ubuntu-latest
     container: python:3-slim
     steps:
-      - name: Coveralls Finished
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          sparse-checkout: |
+            CI/requirements_ci.txt
+      - name: Install CI libraries
+        run: |
+          python -m pip install -r CI/requirements_ci.txt
+      - name: Coveralls finished
         run: |
-          python -m pip install --upgrade coveralls==4.0
           python -m coveralls --finish
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/publish-mastodon.yml

@@ -34,7 +34,7 @@ jobs:
             fosstodon.org:443
             github.com:443
 
-      - name: Checkout
+      - name: Checkout Repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Current Version
@@ -80,7 +80,7 @@ jobs:
 
       - name: Send toot to Mastodon
         if: ${{ github.event.inputs.dry-run != 'true' }} || ${{ github.event_name == 'release' }}
-        uses: cbrgm/mastodon-github-action@b02016b6090558f6787e0adee133218dd078f629 # v2.1.3
+        uses: cbrgm/mastodon-github-action@002afc29f492d060eecaa944798085e1673254c7 # v2.1.4
         with:
           url: ${{ secrets.MASTODON_URL }}
           access-token: ${{ secrets.MASTODON_ACCESS_TOKEN }}

.github/workflows/publish-pypi.yml

@@ -27,14 +27,15 @@ jobs:
             github.com:443
             pypi.org:443
             upload.pypi.org:443
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Checkout Repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Python3
         uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
         with:
           python-version: "3.x"
-      - name: Install packaging libraries
+      - name: Install CI libraries
         run: |
-          python -m pip install flit==3.9.0
+          python -m pip install -r CI/requirements_ci.txt
       - name: Build a binary wheel and a source tarball
         run: |
           python -m flit build

.github/workflows/scorecard.yml

@@ -34,12 +34,12 @@ jobs:
         with:
           egress-policy: audit
 
-      - name: "Checkout code"
+      - name: Checkout Repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
         with:
           persist-credentials: false
 
-      - name: "Run analysis"
+      - name: Run Analysis
         uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534
         with:
           results_file: results.sarif
@@ -58,15 +58,15 @@ jobs:
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
-      - name: "Upload artifact"
+      - name: Upload Artifact
         uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
+      - name: Upload to code-scanning
         uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118  # 3.23.0
         with:
           sarif_file: results.sarif