build(deps-dev): switch from poetry to uv (#46)

* build(deps): switch from poetry to uv

* docs: add multiple markdown files for repo

* style(precommit): update config

* ci(github): update CI jobs

* ci(github): fix build

* ci(github): revert license notice removal

* ci(mypy): update setup

* style(github): fix lint

Author: frgfm

.github/CODEOWNERS

@@ -0,0 +1,8 @@
+# This is a comment.
+# Each line is a file pattern followed by one or more owners.
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @global-owner1 and @global-owner2 will be requested for
+# review when someone opens a pull request.
+*       @frgfm

.github/SECURITY.md

@@ -0,0 +1,5 @@
+# Reporting security issues
+
+If you believe you have found a security vulnerability in Quack API, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
+
+Please report security issues using https://github.com/frgfm/validate-python-headers/security/advisories/new

.github/dependabot.yml

@@ -5,17 +5,21 @@
 
 version: 2
 updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "daily"
-      time: "06:00"
-      timezone: "Europe/Paris"
-    reviewers:
-      - "frgfm"
-    assignees:
-      - "frgfm"
     allow:
       - dependency-name: "ruff"
       - dependency-name: "mypy"
       - dependency-name: "pre-commit"
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-name: "ghcr.io/astral-sh/uv"

.github/verify_deps_sync.py

@@ -0,0 +1,77 @@
+# Copyright (C) 2024, François-Guillaume Fernandez.
+
+# This program is licensed under the Apache License 2.0.
+# See LICENSE or go to <https://www.apache.org/licenses/LICENSE-2.0> for full license details.
+
+import re
+import tomllib
+from pathlib import Path
+
+import yaml
+
+DOCKERFILE_PATH = "./Dockerfile"
+PRECOMMIT_PATH = ".pre-commit-config.yaml"
+PYPROJECT_PATH = "./pyproject.toml"
+
+
+def main():
+    # Retrieve & parse all deps files
+    deps_dict = {"uv": [], "ruff": [], "mypy": []}
+    # UV: Dockerfile, precommit, .github
+    # Parse Dockerfile
+    with Path(DOCKERFILE_PATH).open("r") as f:
+        dockerfile = f.read()
+    uv_version = re.search(r"ghcr\.io/astral-sh/uv:(\d+\.\d+\.\d+)", dockerfile)
+    if uv_version:
+        deps_dict["uv"] = [{"file": DOCKERFILE_PATH, "version": uv_version.group(1)}]
+
+    # Parse precommit
+    with Path(PRECOMMIT_PATH).open("r") as f:
+        precommit = yaml.safe_load(f)
+
+    for repo in precommit["repos"]:
+        if repo["repo"] == "https://github.com/astral-sh/uv-pre-commit":
+            deps_dict["uv"].append({"file": PRECOMMIT_PATH, "version": repo["rev"].lstrip("v")})
+        elif repo["repo"] == "https://github.com/charliermarsh/ruff-pre-commit":
+            deps_dict["ruff"] = [{"file": PRECOMMIT_PATH, "version": repo["rev"].lstrip("v")}]
+
+    # Parse pyproject.toml
+    with Path(PYPROJECT_PATH).open("rb") as f:
+        pyproject = tomllib.load(f)
+
+    dev_deps = pyproject["tool"]["uv"]["dev-dependencies"]
+    for dep in dev_deps:
+        if dep.startswith("ruff=="):
+            deps_dict["ruff"].append({"file": PYPROJECT_PATH, "version": dep.split("==")[1]})
+        elif dep.startswith("mypy=="):
+            deps_dict["mypy"] = [{"file": PYPROJECT_PATH, "version": dep.split("==")[1]}]
+
+    # Parse github/workflows/...
+    for workflow_file in Path(".github/workflows").glob("*.yml"):
+        with workflow_file.open("r") as f:
+            workflow = yaml.safe_load(f)
+            if "env" in workflow and "UV_VERSION" in workflow["env"]:
+                deps_dict["uv"].append({
+                    "file": str(workflow_file),
+                    "version": workflow["env"]["UV_VERSION"].lstrip("v"),
+                })
+
+    # Assert all deps are in sync
+    troubles = []
+    for dep, versions in deps_dict.items():
+        versions_ = {v["version"] for v in versions}
+        if len(versions_) != 1:
+            inv_dict = {v: set() for v in versions_}
+            for version in versions:
+                inv_dict[version["version"]].add(version["file"])
+            troubles.extend([
+                f"{dep}:",
+                "\n".join(f"- '{v}': {', '.join(files)}" for v, files in inv_dict.items()),
+            ])
+
+    if len(troubles) > 0:
+        raise AssertionError("Some dependencies are out of sync:\n\n" + "\n".join(troubles))
+
+
+if __name__ == "__main__":
+    main()

.github/workflows/builds.yml .github/workflows/build.yml.github/workflows/builds.yml renamed to .github/workflows/build.yml

@@ -1,11 +1,15 @@
-name: builds
+name: build
 
 on:
   push:
     branches: main
   pull_request:
     branches: main
 
+env:
+  PYTHON_VERSION: "3.11"
+  UV_VERSION: "0.5.7"
+
 jobs:
   build:
     runs-on: ${{ matrix.os }}
@@ -15,4 +19,7 @@ jobs:
         os: [ubuntu-latest]
     steps:
       - uses: actions/checkout@v4
-      - run: docker build . -t header-validator:latest
+      - uses: astral-sh/setup-uv@v4
+        with:
+          version: ${{ env.UV_VERSION }}
+      - run: make build

.github/workflows/pr-title.yml .github/workflows/pr-edited.yml.github/workflows/pr-title.yml renamed to .github/workflows/pr-edited.yml

@@ -1,4 +1,4 @@
-name: pr-title
+name: pr-edited
 
 on:
   pull_request_target:
@@ -7,7 +7,7 @@ on:
     types: [opened, reopened, edited, synchronize]
 
 jobs:
-  lint:
+  lint-pr-title:
     runs-on: ubuntu-latest
     steps:
       - uses: amannn/action-semantic-pull-request@v5

.github/workflows/push.yml

@@ -0,0 +1,32 @@
+name: push
+on:
+  push:
+    branches: main
+
+env:
+  UV_VERSION: "0.5.7"
+  BACKEND_IMAGE: validate-python-headers
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v4
+        with:
+          version: ${{ env.UV_VERSION }}
+      - name: Build docker image
+        run: make build
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Push to GitHub container registry
+        run: |
+          docker tag openapm/backend:latest ghcr.io/${{ github.repository_owner }}/${{ env.BACKEND_IMAGE }}:latest
+          docker push ghcr.io/${{ github.repository_owner }}/${{ env.BACKEND_IMAGE }}:latest

.github/workflows/style.yml

@@ -6,109 +6,60 @@ on:
   pull_request:
     branches: main
 
+env:
+  PYTHON_VERSION: "3.11"
+  UV_VERSION: "0.5.7"
+
 jobs:
   ruff:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-        python: [3.9]
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python }}
+          python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
-      - uses: abatilo/actions-poetry@v3
+      - uses: astral-sh/setup-uv@v4
         with:
-          poetry-version: "1.8.2"
-      - name: Resolve dependencies
-        run: poetry export -f requirements.txt --without-hashes --only quality --output requirements.txt
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade uv
-          uv pip install --system -r requirements.txt
+          version: ${{ env.UV_VERSION }}
       - name: Run ruff
         run: |
+          make install-quality
           ruff --version
-          ruff check --diff .
+          make lint-check
 
   mypy:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-        python: [3.9]
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python }}
+          python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
-      - uses: abatilo/actions-poetry@v3
+      - uses: astral-sh/setup-uv@v4
         with:
-          poetry-version: "1.8.2"
-      - name: Resolve dependencies
-        run: poetry export -f requirements.txt --without-hashes --with quality --output requirements.txt
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade uv
-          uv pip install --system -r requirements.txt
+          version: ${{ env.UV_VERSION }}
       - name: Run mypy
         run: |
+          make install-quality
           mypy --version
-          mypy
-
-  ruff-format:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-        python: [3.9]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python }}
-          architecture: x64
-      - uses: abatilo/actions-poetry@v3
-        with:
-          poetry-version: "1.8.2"
-      - name: Resolve dependencies
-        run: poetry export -f requirements.txt --without-hashes --only quality --output requirements.txt
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade uv
-          uv pip install --system -r requirements.txt
-      - name: Run ruff
-        run: |
-          ruff --version
-          ruff format --check --diff .
+          make typing-check
 
   precommit-hooks:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest]
-        python: [3.9]
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
-          python-version: ${{ matrix.python }}
+          python-version: ${{ env.PYTHON_VERSION }}
           architecture: x64
-      - uses: abatilo/actions-poetry@v3
+      - uses: astral-sh/setup-uv@v4
         with:
-          poetry-version: "1.8.2"
-      - name: Resolve dependencies
-        run: poetry export -f requirements.txt --without-hashes --only quality --output requirements.txt
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade uv
-          uv pip install --system -r requirements.txt
+          version: ${{ env.UV_VERSION }}
       - name: Run pre-commit hooks
         run: |
+          make install-quality
           git checkout -b temp
           pre-commit install
           pre-commit --version
-          pre-commit run --all-files
+          make precommit

.github/workflows/tests.yml

@@ -6,17 +6,47 @@ on:
   pull_request:
     branches: main
 
+env:
+  PYTHON_VERSION: "3.11"
+  UV_VERSION: "0.5.7"
+
 jobs:
   run-action:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest]
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - run: docker build . -t header-validator:latest
       - name: Run action
         run: |
           docker run --workdir /github/workspace -v "/home/runner/work/validate-python-headers/validate-python-headers":"/github/workspace" header-validator:latest 'François-Guillaume Fernandez' 2022 Apache-2.0 src/ __init__.py .github/ ''
           docker run --workdir /github/workspace -v "/home/runner/work/validate-python-headers/validate-python-headers":"/github/workspace" header-validator:latest 'François-Guillaume Fernandez' 2022 '' src/ __init__.py .github/ .github/license-notice.txt
+  deps-sync:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+          architecture: x64
+      - uses: astral-sh/setup-uv@v4
+        with:
+          version: ${{ env.UV_VERSION }}
+      - name: Run dependency sync checker
+        run: |
+          uv pip install --system PyYAML
+          make deps-check
+
+  headers:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: Check the headers
+        uses: frgfm/validate-python-headers@main
+        with:
+          license: 'Apache-2.0'
+          owner: 'François-Guillaume Fernandez'
+          starting-year: 2022
+          folders: 'src'
+          ignore-files: 'version.py,__init__.py'

.github/workflows/pull_requests.yml .github/workflows/triage.yml.github/workflows/pull_requests.yml renamed to .github/workflows/triage.yml

@@ -1,11 +1,11 @@
-name: pull_requests
+name: triage
 
 on:
   pull_request:
     branches: main
 
 jobs:
-  triage:
+  autolabel:
     permissions:
       contents: read
       pull-requests: write