diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 53837c5895..7dafb8de1e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -4,6 +4,9 @@ Changelog v35.1.0 (unreleased) -------------------- +- Replace the ``setup.py``/``setup.cfg`` by ``pyproject.toml`` file. + https://github.com/aboutcode-org/scancode.io/issues/1608 + - Add a ``--fail-on-vulnerabilities`` option in ``check-compliance`` management command. When this option is enabled, the command will exit with a non-zero status if known vulnerabilities are detected in discovered packages and dependencies. diff --git a/Dockerfile b/Dockerfile index e624b113f9..5c42c68592 100644 --- a/Dockerfile +++ b/Dockerfile @@ -87,7 +87,7 @@ RUN mkdir -p /var/$APP_NAME/static/ \ && mkdir -p /var/$APP_NAME/workspace/ # Install the dependencies before the codebase COPY for proper Docker layer caching -COPY --chown=$APP_USER:$APP_USER setup.cfg setup.py $APP_DIR/ +COPY --chown=$APP_USER:$APP_USER pyproject.toml $APP_DIR/ RUN pip install --no-cache-dir . # Copy the codebase and set the proper permissions for the APP_USER diff --git a/Makefile b/Makefile index 256ad39829..3b79155884 100644 --- a/Makefile +++ b/Makefile @@ -143,10 +143,6 @@ docs: rm -rf docs/_build/ @${ACTIVATE} sphinx-build docs/ docs/_build/ -bump: - @echo "-> Bump the version" - @${ACTIVATE} bumpver update --no-fetch --patch - docker-images: @echo "-> Build Docker services" docker compose build @@ -163,4 +159,4 @@ offline-package: docker-images @mkdir -p dist/ @tar -cf dist/scancodeio-offline-package-`git describe --tags`.tar build/ -.PHONY: virtualenv conf dev envfile install doc8 check valid check-deploy clean migrate upgrade postgresdb sqlitedb backupdb run run-docker-dev test fasttest docs bump docker-images offline-package +.PHONY: virtualenv conf dev envfile install doc8 check valid check-deploy clean migrate upgrade postgresdb sqlitedb backupdb run run-docker-dev test fasttest docs docker-images offline-package diff --git a/RELEASE.md b/RELEASE.md index 580738d987..5a3eebe990 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -4,7 +4,7 @@ - Create a new `release-x.x.x` branch - Update the version in: - - `setup.cfg` (2 entries) + - `pyproject.toml` - `scancodeio/__init__.py` - `CHANGELOG.rst` (set date) - Commit and push this branch @@ -24,7 +24,7 @@ ``` cd scancode.io source .venv/bin/activate -pip install build +python -m pip install build python -m build --sdist --wheel --outdir dist/ . ``` diff --git a/docs/introduction.rst b/docs/introduction.rst index 2e178bb9a3..051903f5d3 100644 --- a/docs/introduction.rst +++ b/docs/introduction.rst @@ -91,8 +91,8 @@ The **Django framework** is leveraged for many aspects of ScanCode.io: .. note:: Multiple applications from the Django eco-system are also included, - see the `setup.cfg `_ file - for an exhaustive list of dependencies. + see the `pyproject.toml `_ + file for an exhaustive list of dependencies. The second essential part of ScanCode.io is the **ScanCode Toolkit**, which is used for archives extraction and as the scanning engine. diff --git a/docs/rest-api.rst b/docs/rest-api.rst index 7525803edc..1e6dfe5701 100644 --- a/docs/rest-api.rst +++ b/docs/rest-api.rst @@ -533,7 +533,7 @@ File content This displays the content of a ``project`` file resource provided using the ``?path=`` argument. -``GET /api/projects/d4ed9405-5568-45ad-99f6-782a9b82d1d2/file_content/?path=setup.py`` +``GET /api/projects/d4ed9405-5568-45ad-99f6-782a9b82d1d2/file_content/?path=filename.ext`` .. code-block:: json diff --git a/pyproject.toml b/pyproject.toml index bf554ee536..3838d25742 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,3 +1,156 @@ +[build-system] +requires = ["setuptools"] +build-backend = "setuptools.build_meta" + +[project] +name = "scancodeio" +version = "35.0.0" +description = "Automate software composition analysis pipelines" +readme = "README.rst" +requires-python = ">=3.10,<3.14" +license = "Apache-2.0" +license-files = ["LICENSE", "NOTICE", "scan.NOTICE"] +authors = [ + { name = "nexB Inc.", email = "info@aboutcode.org" } +] +keywords = [ + "open source", "scan", "license", "package", "dependency", + "copyright", "filetype", "author", "extract", "licensing", + "scancode", "scanpipe", "docker", "rootfs", "vm", + "virtual machine", "pipeline", "code analysis", "container" +] +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Intended Audience :: Information Technology", + "Intended Audience :: Legal Industry", + "Programming Language :: Python", + "Programming Language :: Python :: 3 :: Only", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", + "Topic :: Utilities" +] +dependencies = [ + "importlib-metadata==8.7.0", + "setuptools==80.9.0", + # Django related + "Django==5.1.11", + "django-environ==0.12.0", + "django-crispy-forms==2.4", + "crispy-bootstrap3==2024.1", + "django-filter==25.1", + "djangorestframework==3.16.0", + "django-taggit==6.1.0", + # Database + "psycopg[binary]==3.2.9", + # wait_for_database Django management command + "django-probes==1.7.0", + # Task queue + "rq==2.4.0", + "django-rq==3.0.1", + "redis==6.2.0", + # WSGI server + "gunicorn==23.0.0", + # Docker + "container-inspector==33.0.0", + # ScanCode-toolkit + "scancode-toolkit[packages]==32.4.0", + "extractcode[full]==31.0.0", + "commoncode==32.3.0", + "Beautifulsoup4[chardet]==4.13.4", + "packageurl-python==0.17.1", + # FetchCode + "fetchcode-container==1.2.3.210512; sys_platform == 'linux'", + # Inspectors + "elf-inspector==0.0.3", + "go-inspector==0.5.0", + "rust-inspector==0.1.0", + "binary-inspector==0.1.2", + "python-inspector==0.14.0", + "source-inspector==0.7.0; sys_platform != 'darwin' and platform_machine != 'arm64'", + "aboutcode-toolkit==11.1.1", + # Utilities + "XlsxWriter==3.2.5", + "openpyxl==3.1.5", + "requests==2.32.4", + "GitPython==3.1.44", + # Profiling + "pyinstrument==5.0.2", + # CycloneDX + "cyclonedx-python-lib==10.2.0", + "jsonschema==4.24.0", + # MatchCode-toolkit + "matchcode-toolkit==7.2.2", + # Univers + "univers==31.0.0", + # Markdown + "markdown-it-py==3.0.0", + "bleach==6.2.0", + # Antivirus + "clamd==1.0.2", + # FederatedCode + "aboutcode.hashid==0.2.0", + # AboutCode pipeline + "aboutcode.pipeline==0.2.1", + "scipy==1.15.3" +] + +[project.optional-dependencies] +dev = [ + # Validation + "ruff==0.12.0", + "doc8==2.0.0", + # Debug + "django-debug-toolbar==5.2.0", + # Documentation + "Sphinx==8.1.3", + "sphinx-rtd-theme==3.0.2", + "sphinx-rtd-dark-mode==1.3.0", + "sphinxcontrib-django==2.5", +] +android_analysis = [ + "android_inspector==0.0.1" +] + +[project.urls] +Homepage = "https://github.com/aboutcode-org/scancode.io" +Documentation = "https://scancodeio.readthedocs.io/" +Repository = "https://github.com/aboutcode-org/scancode.io.git" +Issues = "https://github.com/aboutcode-org/scancode.io/issues" +Changelog = "https://github.com/aboutcode-org/scancode.io/blob/main/CHANGELOG.rst" + +[project.scripts] +scanpipe = "scancodeio:command_line" +run = "scancodeio:combined_run" + +[project.entry-points."scancodeio_pipelines"] +analyze_docker_image = "scanpipe.pipelines.analyze_docker:Docker" +analyze_root_filesystem_or_vm_image = "scanpipe.pipelines.analyze_root_filesystem:RootFS" +analyze_windows_docker_image = "scanpipe.pipelines.analyze_docker_windows:DockerWindows" +collect_strings_gettext = "scanpipe.pipelines.collect_strings_gettext:CollectStringsGettext" +collect_symbols_ctags = "scanpipe.pipelines.collect_symbols_ctags:CollectSymbolsCtags" +collect_symbols_pygments = "scanpipe.pipelines.collect_symbols_pygments:CollectSymbolsPygments" +collect_symbols_tree_sitter = "scanpipe.pipelines.collect_symbols_tree_sitter:CollectSymbolsTreeSitter" +enrich_with_purldb = "scanpipe.pipelines.enrich_with_purldb:EnrichWithPurlDB" +find_vulnerabilities = "scanpipe.pipelines.find_vulnerabilities:FindVulnerabilities" +inspect_elf_binaries = "scanpipe.pipelines.inspect_elf_binaries:InspectELFBinaries" +inspect_packages = "scanpipe.pipelines.inspect_packages:InspectPackages" +load_inventory = "scanpipe.pipelines.load_inventory:LoadInventory" +load_sbom = "scanpipe.pipelines.load_sbom:LoadSBOM" +map_deploy_to_develop = "scanpipe.pipelines.deploy_to_develop:DeployToDevelop" +match_to_matchcode = "scanpipe.pipelines.match_to_matchcode:MatchToMatchCode" +populate_purldb = "scanpipe.pipelines.populate_purldb:PopulatePurlDB" +publish_to_federatedcode = "scanpipe.pipelines.publish_to_federatedcode:PublishToFederatedCode" +resolve_dependencies = "scanpipe.pipelines.resolve_dependencies:ResolveDependencies" +scan_codebase = "scanpipe.pipelines.scan_codebase:ScanCodebase" +scan_for_virus = "scanpipe.pipelines.scan_for_virus:ScanForVirus" +scan_single_package = "scanpipe.pipelines.scan_single_package:ScanSinglePackage" + +[tool.setuptools.packages.find] +where = ["."] + [tool.ruff] line-length = 88 extend-exclude = ["migrations", "var"] diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index b4f8a4dad2..0000000000 --- a/setup.cfg +++ /dev/null @@ -1,170 +0,0 @@ -[metadata] -name = scancodeio -version = 35.0.0 -license = Apache-2.0 -description = Automate software composition analysis pipelines -long_description = file:README.rst -author = nexB Inc. -author_email = info@aboutcode.org -url = https://github.com/aboutcode-org/scancode.io -classifiers = - Development Status :: 5 - Production/Stable - Intended Audience :: Developers - Intended Audience :: Information Technology - Intended Audience :: Legal Industry - Programming Language :: Python - Programming Language :: Python :: 3 :: Only - Programming Language :: Python :: 3.10 - Programming Language :: Python :: 3.11 - Programming Language :: Python :: 3.12 - Programming Language :: Python :: 3.13 - Topic :: Utilities -keywords = - open source - scan - license - package - dependency - copyright - filetype - author - extract - licensing - scancode - scanpipe - docker - rootfs - vm - virtual machine - pipeline - code analysis - container -license_files = - LICENSE - NOTICE - scan.NOTICE - -[options] -python_requires = >=3.10 -packages = find: -include_package_data = true -zip_safe = false -install_requires = - importlib-metadata==8.7.0 - setuptools==80.9.0 - # Django related - Django==5.1.11 - django-environ==0.12.0 - django-crispy-forms==2.4 - crispy-bootstrap3==2024.1 - django-filter==25.1 - djangorestframework==3.16.0 - django-taggit==6.1.0 - # Database - psycopg[binary]==3.2.9 - # wait_for_database Django management command - django-probes==1.7.0 - # Task queue - rq==2.4.0 - django-rq==3.0.1 - redis==6.2.0 - # WSGI server - gunicorn==23.0.0 - # Docker - container-inspector==33.0.0 - # ScanCode-toolkit - scancode-toolkit[packages]==32.4.0 - extractcode[full]==31.0.0 - commoncode==32.3.0 - Beautifulsoup4[chardet]==4.13.4 - packageurl-python==0.17.1 - # FetchCode - fetchcode-container==1.2.3.210512; sys_platform == "linux" - # Inspectors - elf-inspector==0.0.3 - go-inspector==0.5.0 - rust-inspector==0.1.0 - binary-inspector==0.1.2 - python-inspector==0.14.0 - source-inspector==0.7.0; sys_platform != "darwin" and platform_machine != "arm64" - aboutcode-toolkit==11.1.1 - # Utilities - XlsxWriter==3.2.5 - openpyxl==3.1.5 - requests==2.32.4 - GitPython==3.1.44 - # Profiling - pyinstrument==5.0.2 - # CycloneDX - cyclonedx-python-lib==10.2.0 - jsonschema==4.24.0 - # MatchCode-toolkit - matchcode-toolkit==7.2.2 - # Univers - univers==31.0.0 - # Markdown - markdown-it-py==3.0.0 - bleach==6.2.0 - # Antivirus - clamd==1.0.2 - # FederatedCode - aboutcode.hashid==0.2.0 - # AboutCode pipeline - aboutcode.pipeline==0.2.1 - scipy==1.15.3 - -[options.extras_require] -dev = - # Validation - ruff==0.12.0 - doc8==2.0.0 - # Debug - django-debug-toolbar==5.2.0 - # Documentation - Sphinx==8.1.3 - sphinx-rtd-theme==3.0.2 - sphinx-rtd-dark-mode==1.3.0 - sphinxcontrib-django==2.5 - # Release - bumpver==2024.1130 - -android_analysis = - android_inspector==0.0.1 - -[options.entry_points] -console_scripts = - scanpipe = scancodeio:command_line - run = scancodeio:combined_run - -scancodeio_pipelines = - analyze_docker_image = scanpipe.pipelines.analyze_docker:Docker - analyze_root_filesystem_or_vm_image = scanpipe.pipelines.analyze_root_filesystem:RootFS - analyze_windows_docker_image = scanpipe.pipelines.analyze_docker_windows:DockerWindows - collect_strings_gettext = scanpipe.pipelines.collect_strings_gettext:CollectStringsGettext - collect_symbols_ctags = scanpipe.pipelines.collect_symbols_ctags:CollectSymbolsCtags - collect_symbols_pygments = scanpipe.pipelines.collect_symbols_pygments:CollectSymbolsPygments - collect_symbols_tree_sitter = scanpipe.pipelines.collect_symbols_tree_sitter:CollectSymbolsTreeSitter - enrich_with_purldb = scanpipe.pipelines.enrich_with_purldb:EnrichWithPurlDB - find_vulnerabilities = scanpipe.pipelines.find_vulnerabilities:FindVulnerabilities - inspect_elf_binaries = scanpipe.pipelines.inspect_elf_binaries:InspectELFBinaries - inspect_packages = scanpipe.pipelines.inspect_packages:InspectPackages - load_inventory = scanpipe.pipelines.load_inventory:LoadInventory - load_sbom = scanpipe.pipelines.load_sbom:LoadSBOM - map_deploy_to_develop = scanpipe.pipelines.deploy_to_develop:DeployToDevelop - match_to_matchcode = scanpipe.pipelines.match_to_matchcode:MatchToMatchCode - populate_purldb = scanpipe.pipelines.populate_purldb:PopulatePurlDB - publish_to_federatedcode = scanpipe.pipelines.publish_to_federatedcode:PublishToFederatedCode - resolve_dependencies = scanpipe.pipelines.resolve_dependencies:ResolveDependencies - scan_codebase = scanpipe.pipelines.scan_codebase:ScanCodebase - scan_for_virus = scanpipe.pipelines.scan_for_virus:ScanForVirus - scan_single_package = scanpipe.pipelines.scan_single_package:ScanSinglePackage - -[bumpver] -version_pattern = "MAJOR.MINOR.PATCH" -current_version = "35.0.0" - -[bumpver:file_patterns] -setup.cfg = - version = {version} - current_version = "{version}" -scancodeio/__init__.py = {version} diff --git a/setup.py b/setup.py deleted file mode 100755 index 888493c23c..0000000000 --- a/setup.py +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env python - -# SPDX-License-Identifier: Apache-2.0 -# -# http://nexb.com and https://github.com/aboutcode-org/scancode.io -# The ScanCode.io software is licensed under the Apache License version 2.0. -# Data generated with ScanCode.io is provided as-is without warranties. -# ScanCode is a trademark of nexB Inc. -# -# You may not use this software except in compliance with the License. -# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0 -# Unless required by applicable law or agreed to in writing, software distributed -# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR -# CONDITIONS OF ANY KIND, either express or implied. See the License for the -# specific language governing permissions and limitations under the License. -# -# Data Generated with ScanCode.io is provided on an "AS IS" BASIS, WITHOUT WARRANTIES -# OR CONDITIONS OF ANY KIND, either express or implied. No content created from -# ScanCode.io should be considered or used as legal advice. Consult an Attorney -# for any legal advice. -# -# ScanCode.io is a free software code scanning tool from nexB Inc. and others. -# Visit https://github.com/aboutcode-org/scancode.io for support and download. - -import setuptools - -if __name__ == "__main__": - setuptools.setup()