diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 0ffc101a3f235..0000000000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1 +0,0 @@ -github: [tiangolo] diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml index 01a0824449973..318c3c2fb0138 100644 --- a/.github/workflows/add-to-project.yml +++ b/.github/workflows/add-to-project.yml @@ -14,7 +14,7 @@ jobs: name: Add to project runs-on: ubuntu-latest steps: - - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 + - uses: actions/add-to-project@5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd # v2.0.0 with: project-url: https://github.com/orgs/fastapi/projects/2 github-token: ${{ secrets.PROJECTS_TOKEN }} # zizmor: ignore[secrets-outside-env] diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index 288a6237a6a78..f30ea3bef921a 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -34,14 +34,13 @@ jobs: - docs_src/** - pyproject.toml - uv.lock - - mkdocs.yml - - mkdocs.env.yml - .github/workflows/build-docs.yml - .github/workflows/deploy-docs.yml - - scripts/mkdocs_hooks.py + - scripts/docs.py langs: needs: - changes + if: ${{ needs.changes.outputs.docs == 'true' }} runs-on: ubuntu-latest outputs: langs: ${{ steps.show-langs.outputs.langs }} @@ -54,7 +53,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true @@ -90,7 +89,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true @@ -103,21 +102,28 @@ jobs: run: uv run ./scripts/docs.py update-languages - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 with: - key: mkdocs-cards-${{ matrix.lang }}-${{ github.ref }} - path: docs/${{ matrix.lang }}/.cache + key: zensical-${{ matrix.lang }}-${{ github.ref }} + path: site_zensical_src/${{ matrix.lang }}/.cache - name: Build Docs run: | # zizmor: ignore[template-injection] - comes from trusted source uv run ./scripts/docs.py build-lang ${{ matrix.lang }} - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: docs-site-${{ matrix.lang }} - path: ./site/** + # English owns root static assets. Translated pages reference /img, /css, + # and /js, so omit duplicated language-local copies from artifacts. + path: | + ./site/** + !./site/${{ matrix.lang }}/img/** + !./site/${{ matrix.lang }}/css/** + !./site/${{ matrix.lang }}/js/** include-hidden-files: true # https://github.com/marketplace/actions/alls-green#why docs-all-green: # This job does nothing and is only used for the branch protection if: always() needs: + - langs - build-docs runs-on: ubuntu-latest steps: @@ -125,4 +131,4 @@ jobs: uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2 with: jobs: ${{ toJSON(needs) }} - allowed-skips: build-docs + allowed-skips: langs, build-docs diff --git a/.github/workflows/contributors.yml b/.github/workflows/contributors.yml index 785ecea9397c2..17649a653d9ad 100644 --- a/.github/workflows/contributors.yml +++ b/.github/workflows/contributors.yml @@ -31,7 +31,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml index 3c65db23a0aae..be1d93b305a79 100644 --- a/.github/workflows/deploy-docs.yml +++ b/.github/workflows/deploy-docs.yml @@ -29,7 +29,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: false @@ -60,7 +60,7 @@ jobs: env: PROJECT_NAME: fastapitiangolo BRANCH: ${{ ( github.event.workflow_run.head_repository.full_name == github.repository && github.event.workflow_run.head_branch == 'master' && 'main' ) || ( github.event.workflow_run.head_sha ) }} - uses: cloudflare/wrangler-action@9acf94ace14e7dc412b076f2c5c20b8ce93c79cd # v3.15.0 + uses: cloudflare/wrangler-action@ebbaa1584979971c8614a24965b4405ff95890e0 # v4.0.0 with: apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} # zizmor: ignore[secrets-outside-env] accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} # zizmor: ignore[secrets-outside-env] diff --git a/.github/workflows/guard-dependencies.yml b/.github/workflows/guard-dependencies.yml new file mode 100644 index 0000000000000..c3f97c37525a6 --- /dev/null +++ b/.github/workflows/guard-dependencies.yml @@ -0,0 +1,52 @@ +name: Guard Dependencies + +on: + pull_request_target: # zizmor: ignore[dangerous-triggers] -- This workflow only reads context.payload metadata, never checks out PR code + branches: [master] + paths: + - pyproject.toml + - uv.lock + +permissions: + contents: read + issues: write + pull-requests: write + +jobs: + check-author: + runs-on: ubuntu-latest + steps: + - name: Check if author is org member or allowed bot + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + with: + script: | + const pr = context.payload.pull_request; + const author = pr.user.login; + const assoc = pr.author_association; + + const botAllowlist = new Set(['dependabot[bot]']); + const orgAuthorAssociations = new Set(['MEMBER', 'OWNER']); + + const allowed = + botAllowlist.has(author) || + (assoc != null && orgAuthorAssociations.has(assoc)); + + if (!allowed) { + await github.rest.issues.createComment({ + owner: context.repo.owner, + repo: context.repo.repo, + issue_number: context.payload.pull_request.number, + body: `This PR modifies dependency files (\`pyproject.toml\` or \`uv.lock\`), which is restricted to members of the **${context.repo.owner}** organization on GitHub.\n\nIf you need a dependency change, please [open a discussion](https://github.com/${context.repo.owner}/${context.repo.repo}/discussions/new) describing what you need and why.\n\nClosing this PR automatically.` + }); + + await github.rest.pulls.update({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: context.payload.pull_request.number, + state: 'closed' + }); + + core.setFailed('Dependency changes are restricted to organization members.'); + } else { + console.log(`Author ${author} (author_association=${assoc}) is allowed to make dependency changes.`); + } diff --git a/.github/workflows/label-approved.yml b/.github/workflows/label-approved.yml index 1f27809368baa..e8ad87439c934 100644 --- a/.github/workflows/label-approved.yml +++ b/.github/workflows/label-approved.yml @@ -26,7 +26,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 58c6892375c62..2072a3f0b9124 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -18,7 +18,7 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/labeler@634933edcd8ababfe52f92936142cc22ac488b1b # v6.0.1 + - uses: actions/labeler@f27b608878404679385c85cfa523b85ccb86e213 # v6.1.0 if: ${{ github.event.action != 'labeled' && github.event.action != 'unlabeled' }} - run: echo "Done adding labels" # Run this after labeler applied labels diff --git a/.github/workflows/notify-translations.yml b/.github/workflows/notify-translations.yml index 07d4e0bdfb45d..9b8c6d7f1e60d 100644 --- a/.github/workflows/notify-translations.yml +++ b/.github/workflows/notify-translations.yml @@ -37,7 +37,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true diff --git a/.github/workflows/people.yml b/.github/workflows/people.yml index 51e2188cc44f0..d3baec1d06ed3 100644 --- a/.github/workflows/people.yml +++ b/.github/workflows/people.yml @@ -31,7 +31,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 5b0be38011fd6..5e358e8f27c48 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -46,7 +46,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" cache-dependency-glob: | diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2695854dca4d2..32d6ea4f98659 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -26,7 +26,7 @@ jobs: with: python-version-file: ".python-version" - name: Install uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" - name: Build distribution diff --git a/.github/workflows/smokeshow.yml b/.github/workflows/smokeshow.yml index 46f2610180d3d..c177b7390b06a 100644 --- a/.github/workflows/smokeshow.yml +++ b/.github/workflows/smokeshow.yml @@ -25,7 +25,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" cache-dependency-glob: | diff --git a/.github/workflows/sponsors.yml b/.github/workflows/sponsors.yml index ef72a68248bbe..b1ab7f11d8b74 100644 --- a/.github/workflows/sponsors.yml +++ b/.github/workflows/sponsors.yml @@ -31,7 +31,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 36cf5a2877a25..7380cb75e97d1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -111,7 +111,7 @@ jobs: with: python-version: ${{ matrix.python-version }} - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true @@ -168,7 +168,7 @@ jobs: with: python-version: "3.13" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true @@ -178,7 +178,7 @@ jobs: - name: Install Dependencies run: uv sync --no-dev --group tests --extra all - name: CodSpeed benchmarks - uses: CodSpeedHQ/action@1c8ae4843586d3ba879736b7f6b7b0c990757fab # v4.12.1 + uses: CodSpeedHQ/action@658a901452bb54c799643e060733b7afe9121b8d # v4.14.0 with: mode: simulation run: uv run --no-sync pytest tests/benchmarks --codspeed @@ -199,7 +199,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true diff --git a/.github/workflows/topic-repos.yml b/.github/workflows/topic-repos.yml index 0f40b7b3d6019..69bfdaff9dd3a 100644 --- a/.github/workflows/topic-repos.yml +++ b/.github/workflows/topic-repos.yml @@ -26,7 +26,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" enable-cache: true diff --git a/.github/workflows/translate.yml b/.github/workflows/translate.yml index ed21881cd9ceb..87023623ed0d7 100644 --- a/.github/workflows/translate.yml +++ b/.github/workflows/translate.yml @@ -58,7 +58,7 @@ jobs: with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" cache-dependency-glob: | @@ -79,6 +79,8 @@ jobs: if: github.repository_owner == 'fastapi' needs: langs runs-on: ubuntu-latest + permissions: + contents: write strategy: matrix: lang: ${{ fromJson(needs.langs.outputs.langs) }} @@ -91,13 +93,13 @@ jobs: - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - persist-credentials: false + persist-credentials: true # Required for `git push` in `translate.py` - name: Set up Python uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version-file: ".python-version" - name: Setup uv - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: version: "0.11.4" cache-dependency-glob: | diff --git a/.gitignore b/.gitignore index 243cdb93a560f..2c0d859ad7da1 100644 --- a/.gitignore +++ b/.gitignore @@ -7,6 +7,7 @@ __pycache__ htmlcov dist site +site_zensical_src .coverage* coverage.xml .netlify diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7913c813acc4e..d304b78e8c417 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -14,6 +14,12 @@ repos: - id: end-of-file-fixer - id: trailing-whitespace + - repo: https://github.com/crate-ci/typos + rev: bbaefadf97b0ec5fdc942684b647f1a6ab250274 # v1.46.0 + hooks: + - id: typos + args: [--force-exclude] + - repo: local hooks: - id: local-ruff-check diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 7b94527252b67..0000000000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1 +0,0 @@ -Please read the [Development - Contributing](https://fastapi.tiangolo.com/contributing/) guidelines in the documentation site. diff --git a/README.md b/README.md index 9ed338a1bb9f2..eb0368762b770 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ The key features are: -### Gold and Silver Sponsors +### Gold Sponsors @@ -61,12 +61,16 @@ The key features are: + +### Silver Sponsors + + @@ -74,6 +78,10 @@ The key features are: ## Opinions + + +
+ "_[...] I'm using **FastAPI** a ton these days. [...] I'm actually planning to use it for all of my team's **ML services at Microsoft**. Some of them are getting integrated into the core **Windows** product and some **Office** products._"
Kabir Khan - Microsoft (ref)
@@ -92,37 +100,25 @@ The key features are: --- -"_I’m over the moon excited about **FastAPI**. It’s so fun!_" - -
Brian Okken - [Python Bytes](https://pythonbytes.fm/episodes/show/123/time-to-right-the-py-wrongs?time_in_sec=855) podcast host (ref)
- ---- - -"_Honestly, what you've built looks super solid and polished. In many ways, it's what I wanted **Hug** to be - it's really inspiring to see someone build that._" +"_If anyone is looking to build a production Python API, I would highly recommend **FastAPI**. It is **beautifully designed**, **simple to use** and **highly scalable**, it has become a **key component** in our API first development strategy and is driving many automations and services such as our Virtual TAC Engineer._" -
Timothy Crosley - [Hug](https://github.com/hugapi/hug) creator (ref)
+
Deon Pillsbury - Cisco (ref)
--- -"_If you're looking to learn one **modern framework** for building REST APIs, check out **FastAPI** [...] It's fast, easy to use and easy to learn [...]_" - -"_We've switched over to **FastAPI** for our **APIs** [...] I think you'll like it [...]_" - -
Ines Montani - Matthew Honnibal - [Explosion AI](https://explosion.ai) founders - [spaCy](https://spacy.io) creators (ref) - (ref)
- ---- +
-"_If anyone is looking to build a production Python API, I would highly recommend **FastAPI**. It is **beautifully designed**, **simple to use** and **highly scalable**, it has become a **key component** in our API first development strategy and is driving many automations and services such as our Virtual TAC Engineer._" +## FastAPI Conf -
Deon Pillsbury - Cisco (ref)
+[**FastAPI Conf '26**](https://fastapiconf.com) is happening on **October 28, 2026** in **Amsterdam, NL**. All about FastAPI, right from the source. 🎤 ---- +FastAPI Conf '26 - October 28, 2026 - Amsterdam, NL ## FastAPI mini documentary There's a [FastAPI mini documentary](https://www.youtube.com/watch?v=mpR8ngthqiE) released at the end of 2025, you can watch it online: -FastAPI Mini Documentary +FastAPI Mini Documentary ## **Typer**, the FastAPI of CLIs diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 87e87e0ca1c71..0000000000000 --- a/SECURITY.md +++ /dev/null @@ -1,31 +0,0 @@ -# Security Policy - -Security is very important for FastAPI and its community. 🔒 - -Learn more about it below. 👇 - -## Versions - -The latest version of FastAPI is supported. - -You are encouraged to [write tests](https://fastapi.tiangolo.com/tutorial/testing/) for your application and update your FastAPI version frequently after ensuring that your tests are passing. This way you will benefit from the latest features, bug fixes, and **security fixes**. - -You can learn more about [FastAPI versions and how to pin and upgrade them](https://fastapi.tiangolo.com/deployment/versions/) for your project in the docs. - -## Reporting a Vulnerability - -If you think you found a vulnerability, and even if you are not sure about it, please report it right away by sending an email to: security@tiangolo.com. Please try to be as explicit as possible, describing all the steps and example code to reproduce the security issue. - -I (the author, [@tiangolo](https://x.com/tiangolo)) will review it thoroughly and get back to you. - -## Public Discussions - -Please restrain from publicly discussing a potential security vulnerability. 🙊 - -It's better to discuss privately and try to find a solution first, to limit the potential impact as much as possible. - ---- - -Thanks for your help! - -The FastAPI community and I thank you for that. 🙇 diff --git a/docs/de/docs/advanced/generate-clients.md b/docs/de/docs/advanced/generate-clients.md index 12ba4072c4fc7..4eab5bcb6f0f4 100644 --- a/docs/de/docs/advanced/generate-clients.md +++ b/docs/de/docs/advanced/generate-clients.md @@ -30,7 +30,6 @@ Ihr Sponsoring zeigt auch ein starkes Engagement für die FastAPI-**Community** Zum Beispiel könnten Sie ausprobieren: -* [Speakeasy](https://speakeasy.com/editor?utm_source=fastapi+repo&utm_medium=github+sponsorship) * [Stainless](https://www.stainless.com/?utm_source=fastapi&utm_medium=referral) * [liblab](https://developers.liblab.com/tutorials/sdk-for-fastapi?utm_source=fastapi) diff --git a/docs/de/docs/index.md b/docs/de/docs/index.md index d2c2829591961..d557554a12182 100644 --- a/docs/de/docs/index.md +++ b/docs/de/docs/index.md @@ -1,3 +1,8 @@ +--- +include_yaml: + sponsors: data/sponsors.yml +--- + # FastAPI { #fastapi }