chore: sync infrastructure files with template

.github/renovate.json5

@@ -38,7 +38,8 @@
     {
       matchManagers: ["poetry", "pip_requirements"],
       matchDepTypes: ["python"],
-      enabled: false,
+      allowedVersions: "<=3.13",
+      enabled: true,
     },
     {
       description: "Auto merge non-major updates",

.github/workflows/rigging_pr_description.yaml

@@ -0,0 +1,54 @@
+---
+name: Update PR Description with Rigging
+on:
+  pull_request:
+    types: [opened]
+
+jobs:
+  update-description:
+    name: Update PR Description with Rigging
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          fetch-depth: 0 # full history for proper diffing
+
+      - name: Set up Python
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: "3.14"
+
+      - name: Install uv
+        run: |
+          python -m pip install --upgrade pip
+          pip install uv
+
+      - name: Generate PR Description
+        id: description
+        env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+        run: |
+          DESCRIPTION="$(uv run --no-project .hooks/generate_pr_description.py --base-ref "origin/${{ github.base_ref }}" --exclude "./*.lock")"
+          {
+            echo "description<<EOF"
+            echo "${DESCRIPTION}"
+            echo "EOF"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Update PR Description
+        uses: nefrob/pr-description@4dcc9f3ad5ec06b2a197c5f8f93db5e69d2fdca7 # v1.2.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          content: |
+
+            ---
+
+            ## Generated Summary:
+
+            ${{ steps.description.outputs.description }}
+
+            This summary was generated with ❤️ by [rigging](https://rigging.dreadnode.io/)

.github/workflows/template-sync.yaml

@@ -1,34 +1,58 @@
 ---
-name: Template Sync
+name: Template Sync Dispatcher
 on:
-  repository_dispatch:
+  workflow_run:
+    workflows: ["Pre-Commit"]
     types:
-      - template-sync
+      - completed
+    branches:
+      - main
 
   # checkov:skip=CKV_GHA_7: "Workflow dispatch inputs are required for manual debugging and configuration"
   workflow_dispatch:
-    inputs:
-      dryRun:
-        description: Dry Run
-        default: "false"
-        required: false
-      logLevel:
-        description: Log Level
-        default: "debug"
-        required: false
 
 permissions:
-  contents: write
-  pull-requests: write
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  contents: read
 
 jobs:
-  template-sync:
-    name: Template Sync
+  check-changes:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    outputs:
+      should_dispatch: ${{ steps.filter.outputs.templates }}
+    steps:
+      - name: Checkout triggering commit
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        with:
+          ref: ${{ github.event.workflow_run.head_sha || github.ref }}
+
+      - name: Check if template files changed
+        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
+        id: filter
+        with:
+          filters: |
+            templates:
+              - '.github/**'
+              - '.hooks/**'
+              - '.pre-commit-config.yaml'
+              - '.mdlrc'
+              - '.editorconfig'
+              - 'Taskfile.yaml'
+              - '.task/**'
+
+  dispatch-to-targets:
+    needs: check-changes
     runs-on: ubuntu-latest
+    if: needs.check-changes.outputs.should_dispatch == 'true'
+    strategy:
+      matrix:
+        repo:
+          - ares
+          - platform
+          - sast-agent
+          - dreadnode-server
+          - dreadnode-sdk
+          - rigging
     steps:
       - name: Generate Token
         uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
@@ -38,30 +62,12 @@ jobs:
           private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
           owner: "${{ github.repository_owner }}"
 
-      - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-        with:
-          token: "${{ steps.app-token.outputs.token }}"
-
-      - name: Template Sync
-        uses: AndreasAugustin/actions-template-sync@v2
-        with:
-          source_gh_token: ${{ steps.app-token.outputs.token }}
-          target_gh_token: ${{ steps.app-token.outputs.token }}
-          git_user_name: github-actions[bot]
-          git_user_email: github-actions[bot]@users.noreply.github.com
-          pr_title: "chore: sync infrastructure files with template"
-          pr_labels: sync,template
-          pr_body: |
-            🤖 A new version of the python template files is available.
-
-            This PR was automatically created to sync the following:
-            - GitHub Actions workflows
-            - Pre-commit hooks and configs
-            - Task definitions
-            - Editor configs and linter rules
-
-            Please review the changes carefully before merging.
-          source_repo_path: dreadnode/python-template
-          steps: "prechecks,pull,commit,push,pr"
-          upstream_branch: main
+      - name: Dispatch to ${{ matrix.repo }}
+        run: |
+          gh api repos/dreadnode/${{ matrix.repo }}/dispatches \
+            -X POST \
+            -H "Accept: application/vnd.github+json" \
+            -f event_type="template-sync" \
+            -f client_payload[ref]="${{ github.event.workflow_run.head_sha }}"
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}

.github/workflows/tests.yaml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.10", "3.11", "3.12", "3.13"]
+        python-version: ["3.9", "3.10", "3.11"]
 
     steps:
       - name: Set up git repository
@@ -45,7 +45,7 @@ jobs:
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install pytest pytest-cov pytest-asyncio ruff
+          pip install pytest pytest-cov ruff
           pip install -e .
 
       - name: Lint with ruff
@@ -55,12 +55,4 @@ jobs:
 
       - name: Run tests with coverage
         run: |
-          pytest --cov=src --cov-report=xml --cov-report=term-missing || [ $? -eq 5 ] # Allow workflow to pass when no tests exist
-
-      - name: Upload coverage report
-        if: github.ref == 'refs/heads/main' && github.event_name == 'push' && matrix.python-version == '3.12'
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-        with:
-          name: coverage-report
-          path: coverage.xml
-          retention-days: 1
+          pytest --cov=src --cov-report=term-missing || [ $? -eq 5 ] # Allow workflow to pass when no tests exist

.gitignore

@@ -1,12 +1,5 @@
 # Testing code
 notebooks/
-test-alerts/
-
-# Project-specific ignores
-TODO
-.tool-versions
-/reports/
-/logs/
 
 # Custom parquet storage
 *.parquet

.pre-commit-config.yaml

@@ -31,7 +31,7 @@ repos:
     rev: v2.4.1
     hooks:
       - id: codespell
-        entry: codespell -q 3 -f --skip=".git,.github,README.md" --ignore-words-list="astroid,braket,unstall"
+        entry: codespell -q 3 -f --skip=".git,.github,README.md" --ignore-words-list="astroid"
 
   - repo: https://github.com/RodrigoGonzalez/check-mkdocs
     rev: v1.2.0
@@ -93,7 +93,6 @@ repos:
     rev: v1.19.1
     hooks:
       - id: mypy
-        exclude: ^tests/
         additional_dependencies:
           - "types-PyYAML"
           - "types-requests"

CHANGELOG.md

@@ -10,14 +10,16 @@ and this project adheres to
 
 ### Added
 
-- Initial release of Ares autonomous SOC investigation agent
-- MITRE ATT&CK Navigator question engine
-- Pyramid of Pain Climber question engine
-- Integration with Grafana, Loki, and Prometheus
-- Four-stage investigation workflow (Triage, Causation, Lateral Movement,
-  Synthesis)
-- Markdown report generation
-- Parallel query execution
-- Dreadnode Agent SDK integration
+- Modern Python project template with batteries included
+- pyproject.toml configuration
+- Testing setup with pytest
+- Code quality tools (Black, Ruff, mypy)
+- Pre-commit hooks configuration
+- GitHub Actions workflows
+- Documentation template with MkDocs
+- Security policy template
+- CODEOWNERS template
+- Taskfile for common commands
+- VSCode workspace configuration
 
-[Unreleased]: https://github.com/dreadnode/ares/compare/v0.0.0...HEAD
+[Unreleased]: https://github.com/dreadnode/python-template/compare/v0.0.0...HEAD

docs/contributing.md

@@ -8,8 +8,8 @@ This guide will help you get started with contributing effectively.
 1. Fork the repository and clone your fork:
 
    ```bash
-   gh repo clone dreadnode/ares
-   cd ares
+   gh repo clone dreadnode/python-template
+   cd python-template
    ```
 
 1. Set up your development environment with your preferred package manager:
@@ -58,7 +58,8 @@ task types   # Type checking with mypy
 task test    # Run tests with pytest
 ```
 
-The pre-commit hooks will automatically run most checks when you commit changes.
+The pre-commit hooks will automatically run most checks when you commit
+changes.
 
 ### Documentation