Release PR for 2026-04-28 07:03

.github/workflows/auto-pr-description.yml

@@ -28,7 +28,7 @@ jobs:
           api_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Force overwrite PR title and body
-        uses: actions/github-script@v8
+        uses: actions/github-script@v9
         env:
           PR_BODY: ${{ steps.gen.outputs.pull_request_description }}
         with:

.github/workflows/semantic.yaml

@@ -0,0 +1,121 @@
+---
+name: Semantic
+
+"on":
+  pull_request:
+    branches:
+      - main
+  push:
+    branches:
+      - main
+      - release
+
+jobs:
+  rebase:
+    name: "Rebase"
+    runs-on: ubuntu-latest
+    # Runs when: push to main with commit message starting with "chore(release):"
+    if: >-
+      github.event_name == 'push' &&
+      github.ref == 'refs/heads/main' &&
+      startsWith(github.event.head_commit.message, 'chore(release):')
+    concurrency:
+      group: push-rebase-main
+      cancel-in-progress: true
+    permissions:
+      pull-requests: write
+      contents: write
+    steps:
+      - name: "Rebase all non-draft non-dependencies pull requests"
+        uses: peter-evans/rebase@v4.0.0
+        with:
+          base: main
+          exclude-drafts: true
+          exclude-labels: dependencies
+
+  validate:
+    name: "Validate"
+    runs-on: ubuntu-latest
+    # Runs when: pull_request targeting main
+    if: github.event_name == 'pull_request'
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Semantic release dry run
+        run: |
+          docker run --rm \
+            --user 1001 \
+            -v ${{ github.workspace }}:/workspace \
+            -w /workspace \
+            ghcr.io/disafronov/semantic-release:latest \
+            --dry-run
+
+  release:
+    name: "Release"
+    runs-on: ubuntu-latest
+    # Runs when: push to release OR push to main (excluding "chore(release):" commits)
+    if: >-
+      github.event_name == 'push' && (
+        github.ref == 'refs/heads/release' ||
+        (github.ref == 'refs/heads/main' && !startsWith(github.event.head_commit.message, 'chore(release):'))
+      )
+    permissions:
+      contents: write
+      pull-requests: write
+    concurrency:
+      group: semantic-release
+      cancel-in-progress: false
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.SEMANTIC_RELEASE_TOKEN || secrets.GITHUB_TOKEN }}
+
+      - name: Semantic release
+        run: |
+          docker run --rm \
+            --user 1001 \
+            -v ${{ github.workspace }}:/workspace \
+            -w /workspace \
+            -e GITHUB_TOKEN=${{ secrets.SEMANTIC_RELEASE_TOKEN || secrets.GITHUB_TOKEN }} \
+            -e CI=true \
+            ghcr.io/disafronov/semantic-release:latest
+
+      - name: Sync release to main
+        # Runs when: release job ran on release branch
+        if: success() && github.ref == 'refs/heads/release'
+        run: |
+          git config user.name "Release Bot"
+          git config user.email "noreply@github.com"
+
+          # Fetch latest state after semantic-release pushed commits
+          # This ensures we get all commits that semantic-release created
+          git fetch origin
+
+          # Check if main is already up to date with release
+          if git diff --quiet origin/main origin/release; then
+            echo "main is already up to date with release"
+            exit 0
+          fi
+
+          # Check if main is ancestor of release (can fast-forward)
+          if git merge-base --is-ancestor origin/main origin/release; then
+            echo "Fast-forwarding main to release"
+            git checkout -B main origin/main
+            git merge --ff-only origin/release
+            git push origin main
+          else
+            echo "Rebasing main onto release (force-with-lease required)"
+            git checkout -B main origin/main
+            git rebase origin/release
+            # Use --force-with-lease for safety: only push if remote hasn't changed
+            git push --force-with-lease origin main
+          fi
+        env:
+          GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN || secrets.GITHUB_TOKEN }}

CHANGELOG.md

@@ -1,3 +1,5 @@
+## [0.4.1-rc.1](https://github.com/disafronov/python-logging-objects-with-schema/compare/v0.4.0...v0.4.1-rc.1) (2026-04-28)
+
 ## [0.4.0](https://github.com/disafronov/python-logging-objects-with-schema/compare/v0.3.1...v0.4.0) (2025-12-10)
 
 ### Features

README.md

@@ -341,3 +341,5 @@ All keys are merged together - they are not replaced, only supplemented.
   keys are used, maintaining 100% backward compatibility
 - `None` and empty `set()` are semantically equivalent for `forbidden_keys` -
   both mean "no additional forbidden keys" and produce the same result
+
+<!--placeholder -->

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "uv_build"
 
 [project]
 name = "logging-objects-with-schema"
-version = "0.4.0"
+version = "0.4.1rc1"
 description = "Proxy logging wrapper that validates extra fields against a JSON schema."
 readme = "README.md"
 requires-python = ">=3.10"

tests/test_integration.py

@@ -216,8 +216,15 @@ def test_schema_file_permission_error_terminates_application(
     )
 
     schema_file = tmp_path / _SCHEMA_FILE_NAME
+    # type: ignore[attr-defined] - schema_loader.Path is an alias for pathlib.Path.
+    # Mypy doesn't always correctly resolve attribute access through module aliases,
+    # even though the open method exists on pathlib.Path.
     original_open = schema_loader.Path.open  # type: ignore[attr-defined]
 
+    # type: ignore[override] - This function replaces Path.open in tests but uses
+    # *args, **kwargs instead of the exact original method signature for flexibility.
+    # Mypy considers this a signature mismatch when overriding, but it's acceptable
+    # for test mocks.
     def fake_open(self, *args, **kwargs):  # type: ignore[override]
         if self == schema_file:
             raise PermissionError("permission denied")