Copier template for modern Python packages.
| Tool | Role |
|---|---|
| uv | dependency management, virtual environments |
| hatchling + hatch-vcs | build backend; version from git tags |
| commitizen | Conventional Commits enforcement; auto bump on merge |
| ruff | linting + formatting |
| mypy | static type checking |
| pytest + pytest-cov | testing with coverage |
| gitleaks | secret scanning |
uv tool install copier
copier copy gh:larsrollik/templatepy my-new-project
cd my-new-project
git init && git add -A && git commit -m "chore: initial commit from templatepy"
uv sync --extra dev
uv run pre-commit install --hook-type pre-commit --hook-type commit-msgcd my-existing-project && copier updatefeature branch → PR → CI gate (lint + test + secrets) must pass
merge blocked until green
↓
merge to main (rebase)
↓
bump.yml fires: cz bump → tag vX.Y.Z
↓
release.yml fires on tag:
→ GitHub release (wheel + sdist attached)
→ PyPI via OIDC trusted publishing (no stored token)
→ Zenodo webhook (if enabled)
Uses OIDC trusted publishing — no API token stored in GitHub secrets.
- pypi.org → project → Settings → Publishing → Add trusted publisher
- Owner:
<github-user>, Repository:<repo>, Workflow:release.yml - Done — the workflow handles authentication automatically.
Repo settings → Branches → Add rule for main:
- ✅ Require status checks:
CIjob - ✅ Require branches to be up to date
- ✅ Require linear history
For the auto-bump workflow to push the bump commit back to main:
- ✅ Allow specified actors to bypass → add
github-actions[bot]
uv run mkdocs serveDeploy to GitHub Pages on push to main via docs.yml (automatic).