refactor: update libsansmic cpp code

.github/workflows/codeql.yml

@@ -66,7 +66,7 @@ jobs:
           uploads.github.com:443
 
     - name: Checkout repository
-      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL

.github/workflows/continuous-integration.yml

@@ -22,7 +22,7 @@ jobs:
       matrix:
         version: ["3.9", "3.10", "3.11", "3.12"]
         os: [windows-latest, macOS-13, macOS-latest, ubuntu-latest]
-    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@951ebbd277e18b0a5b88a4e67535e262bc59f979
+    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@7952e59342a8c8d1c8ad833121049bac58277167
     with:
       version: ${{ matrix.version }}
       os: ${{ matrix.os }}

.github/workflows/continuous-release.yml

@@ -3,7 +3,7 @@
 name: Check release
 
 on:
-  pull_request:
+  pull_request_target:
 
 permissions:
   contents: read
@@ -14,8 +14,8 @@ jobs:
     concurrency: release
 
     permissions:
-      id-token: write
       pull-requests: write
+      id-token: write
 
     steps:
     - name: Setup | Harden Runner
@@ -24,7 +24,7 @@ jobs:
         egress-policy: audit
 
     - name: Setup | Checkout Repository at workflow sha
-      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         fetch-depth: 0
         ref: ${{ github.sha }}
@@ -36,7 +36,7 @@ jobs:
     - name: Action | Semantic Version
       id: check
       # Adjust tag with desired version if applicable.
-      uses: python-semantic-release/python-semantic-release@657118d28ae4a74d8a387bedf5db2bb7bac0cb33 # v9.11.1
+      uses: python-semantic-release/python-semantic-release@c1bcfdbb994243ac7cf419365d5894d6bfb2950e # v9.12.0
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         build: false
@@ -46,12 +46,16 @@ jobs:
         tag: false
         vcs_release: false
 
-    - name: Action | Comment on PR with new version
-      run: |
+    - run: |
         echo "## The results of python-semantic-release are below." | tee -a "$GITHUB_STEP_SUMMARY"
         echo "* released: ${{ steps.check.outputs.released }}" | tee -a "$GITHUB_STEP_SUMMARY"
         echo "* is_prerelease: ${{ steps.check.outputs.is_prerelease }}" | tee -a "$GITHUB_STEP_SUMMARY"
         echo "* version: ${{ steps.check.outputs.version }}" | tee -a "$GITHUB_STEP_SUMMARY"
         echo "* tag: ${{ steps.check.outputs.tag }}" | tee -a "$GITHUB_STEP_SUMMARY"
-        # echo "The release number should be ${{ steps.check.outputs.version }}" >> release.md
-        gh pr comment ${{ github.event.pull_request.number }} --body "This PR should include a release: ${{ steps.check.outputs.released }}\n"
+
+    - name: Action | Comment on PR with new version
+      if: ${{ steps.check.outputs.released == 'true' }}
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        gh pr comment ${{ github.event.pull_request.number }} --body "This PR will induce a release as v${{ steps.check.outputs.version }}\n"

.github/workflows/continuous-testing.yml

@@ -14,7 +14,7 @@ permissions:
 
 jobs:
   quick-test:
-    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@951ebbd277e18b0a5b88a4e67535e262bc59f979
+    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@7952e59342a8c8d1c8ad833121049bac58277167
     with:
       version: "3.12"
       os: ubuntu-latest

.github/workflows/dependency-review.yml

@@ -22,6 +22,6 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@a6993e2c61fd5dc440b409aa1d6904921c5e1894 # v4.3.5
+        uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0

.github/workflows/gh-pages.yml

@@ -36,7 +36,7 @@ jobs:
         with:
           egress-policy: audit
 
-      - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
 
@@ -47,7 +47,7 @@ jobs:
           git branch
           git remote -v
 
-      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version: '3.12'
 

.github/workflows/pytest-workflow.yml

@@ -42,10 +42,10 @@ jobs:
             uploader.codecov.io:443
 
       - name: Check out the commit
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Set up Python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version: ${{ inputs.version }}
 

.github/workflows/release.yml

@@ -27,12 +27,12 @@ jobs:
 
     steps:
       - name: Setup | Install python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+        uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
           python-version: '3.12'
 
       - name: Setup | Checkout Code
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup | Install Dependencies
         run: |
@@ -77,7 +77,7 @@ jobs:
           egress-policy: audit
 
       - name: Setup | Checkout Code
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Action | Build Wheels
         uses: pypa/cibuildwheel@7940a4c0e76eb2030e473a5f864f291f63ee879b # v2.21.0
@@ -99,7 +99,7 @@ jobs:
         egress-policy: audit
 
     - name: Setup | Checkout Code
-      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         fetch-depth: 0  # Optional, use if you use setuptools_scm
         submodules: true  # Optional, use if you have submodules
@@ -195,18 +195,10 @@ jobs:
         path: dist
         merge-multiple: true
 
-    - name: Setup | Download the standalone executable
-      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-      with:
-        pattern: sansmic-*-standalone-win_amd64
-        path: dist
-        merge-multiple: true
-
     - name: Action | Sign the dists with Sigstore
       uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
       with:
         inputs: >-
-          ./dist/*.zip
           ./dist/*.tar.gz
           ./dist/*.whl
 
@@ -230,3 +222,38 @@ jobs:
         gh release upload
         '${{ github.ref_name }}' dist/**
         --repo '${{ github.repository }}'
+
+  release-standalone:
+    needs:
+      - github-release
+      - build_executable
+    name: >-
+      Sign the standalone with Sigstore and upload to GitHub Release
+    runs-on: ubuntu-latest
+    if: ${{ startsWith(github.ref, 'refs/tags/') && github.repository == 'sandialabs/sansmic' }}
+    steps:
+      - name: Setup | Download the standalone executable
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          pattern: sansmic-*-standalone-win_amd64
+          path: dist/
+          merge-multiple: false
+
+      - name: Zip up dist directory
+        run: |
+          cd dist
+          zip ../sansmic-${{ env.sansmic_version }}-standalone-win_amd64.zip *
+
+      - name: Action | Sign the dists with Sigstore
+        uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
+        with:
+          inputs: >-
+            ./sansmic-${{ env.sansmic_version }}-standalone-win_amd64.zip
+
+      - name: Action | Upload artifact signatures to GitHub Release
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+        run: >-
+          gh release upload
+          '${{ github.ref_name }}' sansmic-${{ env.sansmic_version }}-standalone-win_amd64.zip
+          --repo '${{ github.repository }}'

.github/workflows/scorecard.yml

@@ -50,7 +50,7 @@ jobs:
             www.bestpractices.dev:443
 
       - name: "Checkout code"
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 

.github/workflows/semantic-release.yml

@@ -26,7 +26,7 @@ jobs:
         egress-policy: audit
 
     - name: Setup | Checkout Repository at workflow sha
-      uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         fetch-depth: 0
         ref: ${{ github.sha }}

.github/workflows/test-linux.yml

@@ -16,7 +16,7 @@ jobs:
       fail-fast: false
       matrix:
         version: ["3.9", "3.10", "3.11", "3.12"]
-    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@951ebbd277e18b0a5b88a4e67535e262bc59f979
+    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@7952e59342a8c8d1c8ad833121049bac58277167
     with:
       version: ${{ matrix.version }}
       os: ubuntu-latest

.github/workflows/test-macOS_arm.yml

@@ -16,7 +16,7 @@ jobs:
       fail-fast: false
       matrix:
         version: ["3.9", "3.10", "3.11", "3.12"]
-    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@951ebbd277e18b0a5b88a4e67535e262bc59f979
+    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@7952e59342a8c8d1c8ad833121049bac58277167
     with:
       version: ${{ matrix.version }}
       os: macOS-latest

.github/workflows/test-macOS_intel.yml

@@ -16,7 +16,7 @@ jobs:
       fail-fast: false
       matrix:
         version: ["3.9", "3.10", "3.11", "3.12"]
-    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@951ebbd277e18b0a5b88a4e67535e262bc59f979
+    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@7952e59342a8c8d1c8ad833121049bac58277167
     with:
       version: ${{ matrix.version }}
       os: macOS-13

.github/workflows/test-windows.yml

@@ -16,7 +16,7 @@ jobs:
       fail-fast: false
       matrix:
         version: ["3.9", "3.10", "3.11", "3.12"]
-    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@951ebbd277e18b0a5b88a4e67535e262bc59f979
+    uses: sandialabs/sansmic/.github/workflows/pytest-workflow.yml@7952e59342a8c8d1c8ad833121049bac58277167
     with:
       version: ${{ matrix.version }}
       os: windows-latest

pyproject.toml

@@ -98,10 +98,15 @@ match = "(main|master|staging)"
 prerelease_token = "rc"
 prerelease = false
 
+[tool.semantic_release.branches.merge]
+match = "[0-9]+/merge"
+prerelease_token = "rc"
+prerelease = false
+
 [tool.semantic_release.changelog]
 template_dir = "templates"
 changelog_file = "CHANGELOG.md"
-exclude_commit_patterns = ["build", "ci", "chore", "^Bump", "release"]
+exclude_commit_patterns = ["build", "ci", "chore", "^Bump", "release", "^Merge branch"]
 
 [tool.semantic_release.changelog.environment]
 block_start_string = "{%"