Prepare Buscar for pip and conda packaging

.github/dependabot.yml

@@ -0,0 +1,40 @@
+# GitHub Dependabot configuration
+# Note: this configuration controls Dependabot version updates. Dependabot security
+# updates are configured separately in the repository security settings.
+# See:
+# https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates
+
+version: 2
+updates:
+  # GitHub Actions workflow dependencies under .github/workflows.
+  # See:
+  # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for GitHub Actions updates every week.
+      interval: "weekly"
+
+  # Python project dependencies managed by uv.
+  # Dependabot's uv ecosystem updates uv.lock for projects using uv.
+  # See:
+  # https://docs.github.com/en/code-security/dependabot/ecosystems-supported-by-dependabot/supported-ecosystems-and-repositories
+  - package-ecosystem: "uv"
+    directory: "/"
+    schedule:
+      # Check for project dependency updates every month.
+      interval: "monthly"
+    groups:
+      python-packages:
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+
+  # Pre-commit hook revisions in .pre-commit-config.yaml.
+  - package-ecosystem: "pre-commit"
+    directory: "/"
+    schedule:
+      # Check for pre-commit hook updates every week.
+      interval: "weekly"

.github/workflows/ci.yml

@@ -0,0 +1,93 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6.0.2
+
+      - name: Run pre-commit (required)
+        uses: pre-commit/action@v3.0.1
+        with:
+          extra_args: --all-files --show-diff-on-failure
+
+  test:
+    needs: pre-commit
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+        python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v8.1.0
+
+      - name: Install dependencies
+        run: uv sync --group dev --frozen
+
+      - name: Run tests with coverage (Ubuntu 3.12)
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+        run: uv run --frozen pytest --cov=buscar --cov-report=term-missing --cov-report=xml --cov-report=html
+
+      - name: Upload coverage artifact
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+        uses: actions/upload-artifact@v7.0.1
+        with:
+          name: coverage-xml
+          path: coverage.xml
+
+      - name: Upload HTML coverage artifact
+        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '3.12'
+        uses: actions/upload-artifact@v7.0.1
+        with:
+          name: coverage-html
+          path: htmlcov
+
+      - name: Run tests
+        if: matrix.os != 'ubuntu-latest' || matrix.python-version != '3.12'
+        run: uv run --frozen pytest
+
+  build:
+    needs: test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6.0.2
+
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version: "3.12"
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v8.1.0
+
+      - name: Install dependencies
+        run: uv sync --group dev --frozen
+
+      - name: Build package
+        run: uv build
+
+      - name: Validate wheel import
+        shell: bash
+        run: |
+          uv pip install --force-reinstall dist/*.whl
+          uv run --frozen python -c "import buscar; print(buscar.__name__)"

.github/workflows/publish.yml

@@ -0,0 +1,64 @@
+name: Publish
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6.0.2
+
+      - name: Set up Python
+        uses: actions/setup-python@v6.2.0
+        with:
+          python-version: "3.12"
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v8.1.0
+
+      - name: Install dependencies
+        run: uv sync --group dev --frozen
+
+      - name: Build package
+        run: uv build
+
+      - name: Validate wheel import
+        shell: bash
+        run: |
+          uv pip install --force-reinstall dist/*.whl
+          uv run --frozen python -c "import buscar; print(buscar.__name__)"
+
+      # Jobs run on separate runners, so pass the validated distributions to
+      # the publish job as an artifact instead of rebuilding them there.
+      - name: Upload package distributions
+        uses: actions/upload-artifact@v7.0.1
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  pypi-publish:
+    name: Upload release to PyPI
+    needs: build
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/buscar
+    # Required for PyPI Trusted Publishing. No API token or password is stored
+    # in GitHub; PyPI verifies this workflow run through OpenID Connect.
+    permissions:
+      id-token: write
+
+    steps:
+      # Retrieve the exact distributions built and validated by the build job.
+      - name: Download package distributions
+        uses: actions/download-artifact@v8.0.1
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      - name: Publish package distributions to PyPI
+        uses: pypa/gh-action-pypi-publish@v1.13.0

.gitignore

@@ -166,6 +166,8 @@ data/
 
 # ignoring prototype files
 _*
+!**/__init__.py
+!**/__main__.py
 
 # ignoring results files as they are generated when running the notebooks
 # also to prevent storing large datasets
@@ -179,3 +181,9 @@ results/
 
 # ignore ruff catch
 .ruff_cache/
+
+# ignore for now
+recipe/metal.yaml
+
+#ignore prototype files
+_*

.pre-commit-config.yaml

@@ -7,6 +7,7 @@ repos:
     rev: v6.0.0
     hooks:
     -   id: check-yaml
+        exclude: ^recipe/meta\.yaml$
     -   id: check-json
     -   id: check-merge-conflict
     -   id: check-added-large-files

CONTRIBUTING.md

@@ -0,0 +1,93 @@
+# Contributing
+
+Thanks for your interest in improving Buscar. Contributions that fix bugs, improve
+documentation, add tests, or make the package easier to install and maintain are
+welcome.
+
+## Development Setup
+
+Buscar uses [uv](https://docs.astral.sh/uv/) for environment and package
+management.
+
+```bash
+git clone https://github.com/WayScience/buscar.git
+cd buscar
+uv sync --frozen --group dev
+```
+
+Install the pre-commit hooks before making changes:
+
+```bash
+uv tool install pre-commit
+pre-commit install
+```
+
+## Checks
+
+Run the test suite:
+
+```bash
+uv run --frozen pytest
+```
+
+Run tests with coverage:
+
+```bash
+uv run --frozen pytest --cov=buscar --cov-report=term-missing --cov-report=xml --cov-report=html
+```
+
+The coverage run creates `coverage.xml` and an `htmlcov/` directory. CI uploads
+these files from the Ubuntu Python 3.12 test job so maintainers can download the
+machine-readable coverage report or inspect the browsable HTML coverage report
+when reviewing pull requests.
+
+Run linting and formatting checks:
+
+```bash
+pre-commit run --all-files
+```
+
+Build the package:
+
+```bash
+uv build
+uv run --frozen twine check dist/*
+```
+
+## Pull Requests
+
+Before opening a pull request:
+
+- Keep changes focused on one bug fix, feature, or documentation update.
+- Add or update tests when behavior changes.
+- Update documentation when user-facing behavior changes.
+- Run `uv run --frozen pytest` and `pre-commit run --all-files`.
+- Make sure generated files and large local artifacts are not committed.
+
+CI runs pre-commit checks, the test matrix across supported Python versions, and
+package build validation.
+
+Dependabot checks GitHub Actions and pre-commit hooks weekly, and uv-managed
+Python dependencies monthly. Review dependency update pull requests like any
+other change and make sure CI passes before merging.
+
+## Releases
+
+Releases are published to PyPI through PyPI Trusted Publishing from the GitHub
+Actions workflow. Maintainers should create a GitHub release only after the PyPI
+project has a trusted publisher configured for this repository, the `ci.yml`
+workflow, and the `pypi` GitHub environment.
+
+## Reporting Issues
+
+When reporting a bug, include:
+
+- The Buscar version or commit you are using.
+- Your Python version and operating system.
+- A minimal example or traceback that reproduces the issue.
+- Any relevant input data shape, schema, or metadata column names.
+
+## License
+
+By contributing, you agree that your contribution will be licensed under the
+BSD 3-Clause license used by this project.

LICENSE

@@ -0,0 +1,28 @@
+BSD 3-Clause License
+
+Copyright (c) 2026 Erik Serrano
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.