Merge pull request #913 from sir-gon/feature/pipenv

[BUGFIX] sonarcloud: Omitting "--only-binary :all:" can lead to the execution of setup scripts. Make sure it is safe here.

Author: sir-gon

.github/workflows/python-coverage.yml

@@ -15,12 +15,7 @@ env:
 jobs:
   coverage:
     name: "Python CI Coverage"
-    strategy:
-      fail-fast: false
-      matrix:
-        os: ["ubuntu-24.04"]
-        python: ["3.14"]
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
@@ -30,30 +25,41 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@master
         with:
-          python-version: ${{ matrix.python }}
+          python-version: 3.14
+
+      - name: Install tooling
+        run: >
+          sudo apt install pipenv
+
+      - name: Tooling check
+        run: |
+          python3 --version
+          pipenv --version
+          make --version
 
       - name: Install
         run: |
-          pip3 install -r requirements.txt
+          # Use the lockfile to install deterministic, audited dependencies
+          pipenv sync --dev
 
       - name: Test an coverage collect
         run: >
-          python3 -m coverage run -m pytest --verbose
+          pipenv run coverage run -m pytest --verbose
           -o log_cli=true
           --log-cli-level=INFO
           src/
 
       - name: Coverage Report
         run: |
-          python3 -m coverage report
+          pipenv run coverage report
 
       - name: Coverage lcov (codecov)
         run: |
-          python3 -m coverage lcov -o coverage/lcov.info
+          pipenv run coverage lcov -o coverage/lcov.info
 
       - name: Coverage xml (sonarcloud)
         run: |
-          python3 -m coverage xml -o coverage/coverage.xml
+          pipenv run coverage xml -o coverage/coverage.xml
 
       - name: Upload coverage artifact
         uses: actions/upload-artifact@v7

.github/workflows/python-lint.yml

@@ -26,26 +26,52 @@ jobs:
         with:
           python-version: ${{ matrix.python }}
 
+      - name: Install tooling on Ubuntu
+        if: runner.os == 'Linux'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y pipenv
+        shell: bash
+
+      - name: Install tooling on macOS
+        if: runner.os == 'macOS'
+        run: |
+          brew install pipenv
+        shell: bash
+
+      - name: Install tooling on Windows
+        if: runner.os == 'Windows'
+        run: |
+          python -m pip install --user pipenv==2026.6.1
+        shell: pwsh
+
+      - name: Tooling check
+        run: |
+          python3 --version
+          pipenv --version
+          make --version
+
       - name: Install
         run: |
-          pip3 install -r requirements.txt
+          # Use the lockfile to install deterministic, audited dependencies
+          pipenv sync --dev
 
       - name: Lint (pylint)
         run: |
-          pylint --verbose --recursive yes src/
+          pipenv run pylint --verbose --recursive yes src/
 
       - name: Lint (flake8)
         run: |
-          python3 -m flake8 --verbose src/
+          pipenv run flake8 --verbose src/
 
       - name: Lint (pyright) static type checker
         run: |
-          python3 -m pyright --verbose src/
+          pipenv run pyright --verbose src/
 
       - name: Styling (pycodestyle)
         run: |
-          python3 -m pycodestyle --statistics src/
+          pipenv run pycodestyle --statistics src/
 
       - name: Styling (autopep8)
         run: |
-          python3 -m autopep8  --diff --recursive --exit-code --verbose .
+          pipenv run autopep8  --diff --recursive --exit-code --verbose .

.github/workflows/python-test.yml

@@ -29,17 +29,43 @@ jobs:
         with:
           python-version: ${{ matrix.python }}
 
+      - name: Install tooling on Ubuntu
+        if: runner.os == 'Linux'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y pipenv
+        shell: bash
+
+      - name: Install tooling on macOS
+        if: runner.os == 'macOS'
+        run: |
+          brew install pipenv
+        shell: bash
+
+      - name: Install tooling on Windows
+        if: runner.os == 'Windows'
+        run: |
+          python -m pip install --user pipenv==2026.6.1
+        shell: pwsh
+
+      - name: Tooling check
+        run: |
+          python3 --version
+          pipenv --version
+          make --version
+
       - name: Install
         run: |
-          pip3 install -r requirements.txt
+          # Use the lockfile to install deterministic, audited dependencies
+          pipenv sync --dev
 
       - name: Test
         run: >
-          coverage run -m pytest --verbose
+          pipenv run coverage run -m pytest --verbose
           -o log_cli=true
           --log-cli-level=INFO
           src/
 
       - name: Coverage
         run: |
-          coverage report
+          pipenv run coverage report

.github/workflows/yamllint.yml

@@ -17,8 +17,17 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: 3.14
+
+      - name: Install pipenv
+        run: >
+          sudo apt install pipenv
       - name: Install yamllint
-        run: pip install yamllint
+        run: >
+          pipenv sync --dev
 
       - name: Lint YAML files
         run: >

Dockerfile

@@ -13,11 +13,15 @@ RUN  apk add --update --no-cache make \
 FROM init AS base
 
 ENV WORKDIR=/app
+ENV LANG=C.UTF-8
 WORKDIR ${WORKDIR}
 
 COPY ./Makefile ${WORKDIR}/
-COPY ./requirements.txt ${WORKDIR}/
-RUN make dependencies
+COPY Pipfile ${WORKDIR}/
+COPY Pipfile.lock ${WORKDIR}/
+
+RUN python -m pip install --no-cache-dir --root-user-action=ignore pipenv==2026.6.1
+RUN pipenv sync --dev --python=$(which python)
 
 ###############################################################################
 FROM base AS lint

Makefile

@@ -27,7 +27,7 @@ BRUTEFORCE :=$(shell echo '${BRUTEFORCE}'| tr '[:lower:]' '[:upper:]'| tr -d '[:
 .EXPORT_ALL_VARIABLES: # (2)
 
 RUNTIME_TOOL=python3
-PACKAGE_TOOL=pip3
+PACKAGE_TOOL=pipenv
 
 # DOCKER
 BUILDKIT_PROGRESS=plain
@@ -36,11 +36,10 @@ DOCKER_COMPOSE=docker compose
 help: list
 	@echo ""
 	@echo "Note: create and activate the environment in your local shell type (example):"
-	@echo "   python3 -m venv ./.venv"
-	@echo "   source .venv/bin/activate"
+	@echo "   pipenv install --dev"
+	@echo "   pipenv shell"
 	@echo "See: "
-	@echo "   https://docs.python.org/3/library/venv.html#creating-virtual-environments"
-	@echo "   https://docs.python.org/3/library/venv.html#how-venvs-work"
+	@echo "   https://pipenv.pypa.io/en/latest/"
 
 list:
 	@LC_ALL=C $(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$'
@@ -65,20 +64,20 @@ dependencies:
 	@echo "################################################################################"
 	@echo "## Dependencies: ###############################################################"
 	@echo "################################################################################"
-	${PACKAGE_TOOL} install -r requirements.txt
+	${PACKAGE_TOOL} install --dev
 	@echo "################################################################################"
 
 outdated:
-	${PACKAGE_TOOL} list --outdated
+	${PACKAGE_TOOL} update --outdated
 
 update:
-	${PACKAGE_TOOL} freeze > requirements.txt
+	${PACKAGE_TOOL} lock --requirements > requirements.txt
 
 upgrade:
-	${PACKAGE_TOOL} list --outdated | cut -f1 -d' ' | tr " " "\n" | awk '{if(NR>=3)print}' | cut -d' ' -f1 | xargs -n1 pip3 install -U
+	${PACKAGE_TOOL} update --dev
 
 clean:
-	${PACKAGE_TOOL} freeze > unins ; ${PACKAGE_TOOL} uninstall -y -r unins ; rm unins
+	${PACKAGE_TOOL} --rm || true
 	rm -f .coverage
 	rm -fr .pytest_cache
 	rm -fr htmlcov
@@ -113,37 +112,37 @@ format/json:
 	prettier --write ./src/**/*.json
 
 format/sources:
-	${RUNTIME_TOOL} -m autopep8 --in-place --recursive --aggressive --aggressive --verbose src/
+	${PACKAGE_TOOL} run autopep8 --in-place --recursive --aggressive --aggressive --verbose src/
 
 format: format/sources format/json
 
 ## Static code analysis
 test/static: dependencies
-	${RUNTIME_TOOL} -m pylint --verbose --recursive yes src/
-	${RUNTIME_TOOL} -m flake8 --verbose src/
-	${RUNTIME_TOOL} -m pyright --verbose src/
+	${PACKAGE_TOOL} run pylint --verbose --recursive yes src/
+	${PACKAGE_TOOL} run flake8 --verbose src/
+	${PACKAGE_TOOL} run pyright --verbose src/
 
 test/styling: dependencies
-	${RUNTIME_TOOL} -m pycodestyle --statistics src/
-	${RUNTIME_TOOL} -m autopep8  --diff --recursive --exit-code --verbose .
+	${PACKAGE_TOOL} run pycodestyle --statistics src/
+	${PACKAGE_TOOL} run autopep8  --diff --recursive --exit-code --verbose .
 
 ## Unit tests and coverage
 test: env dependencies
-	${RUNTIME_TOOL} -m coverage run -m \
+	${PACKAGE_TOOL} run coverage run -m \
 		pytest --verbose \
 		-o log_cli=true \
 		--log-cli-level=${LOG_LEVEL} \
 		--full-trace src/
-	${RUNTIME_TOOL} -m coverage report
+	${PACKAGE_TOOL} run coverage report
 
 coverage: test
-	${RUNTIME_TOOL} -m coverage lcov -o coverage/lcov.info
+	${PACKAGE_TOOL} run coverage lcov -o coverage/lcov.info
 
 coverage/xml: test
-	${RUNTIME_TOOL} -m coverage xml -o coverage/coverage.xml
+	${PACKAGE_TOOL} run coverage xml -o coverage/coverage.xml
 
 coverage/html: test
-	${RUNTIME_TOOL} -m coverage html
+	${PACKAGE_TOOL} run coverage html
 	open htmlcov/index.html
 
 ## Docker Compose commands

Pipfile

@@ -0,0 +1,38 @@
+[[source]]
+url = "https://pypi.org/simple"
+verify_ssl = true
+name = "pypi"
+
+[packages]
+
+[dev-packages]
+yamllint = "==1.32.0"
+astroid = "==4.0.3"
+attrs = "==26.1.0"
+autopep8 = "==2.3.2"
+coverage = "==7.13.5"
+dill = "==0.4.1"
+exceptiongroup = "==1.3.1"
+flake8 = "==7.3.0"
+iniconfig = "==2.3.0"
+isort = "==8.0.1"
+lazy-object-proxy = "==1.12.0"
+mccabe = "==0.7.0"
+nodeenv = "==1.10.0"
+packaging = "==26.2"
+platformdirs = "==4.9.6"
+pluggy = "==1.6.0"
+pycodestyle = "==2.14.0"
+pyflakes = "==3.4.0"
+pylint = "==4.0.5"
+pyright = "==1.1.409"
+pytest = "==9.0.3"
+pytest-cov = "==7.1.0"
+tomli = "==2.4.1"
+tomlkit = "==0.14.0"
+typing-extensions = "==4.15.0"
+wrapt = "==2.1.2"
+zipp = ">=3.23.1"
+
+[requires]
+python_version = "3"