chore: convert to uv

Vulnetix · Dec 8, 2024 · 6a10277 · 6a10277
1 parent 85fac02
commit 6a10277
Show file tree

Hide file tree

Showing 12 changed files with 628 additions and 62,598 deletions.
diff --git a/.coverage b/.coverage
diff --git a/.gitignore b/.gitignore
@@ -5,3 +5,7 @@ dist/
 __pycache__/
 **/*.pyc
 **/.DS_Store
+ssvc.cdx.json
+osv.sarif.json
+semgrep.sarif.json
+src/ssvc.egg-info/
diff --git a/.python-version b/.python-version
@@ -0,0 +1 @@
+3.13
diff --git a/Makefile b/Makefile
@@ -15,39 +15,33 @@ clean: ## Cleanup tmp files
 	@find . -type f -name '*.DS_Store' -delete 2>/dev/null
 
 setup: ## FOR DOCO ONLY - Run these one at a time, do not call this target directly
-	uv venv --python $(which python3.12)
+	uv python install
+	uv venv
 	source .venv/bin/activate	
-	uv pip install -U pip
+	uv sync
+	uv build
+	uv pip install dist/ssvc-1.0.10-py3-none-any.whl
+	uv pip install "."
 
-install: ## poetry install and create poetry.lock
-	poetry install --no-root
-	poetry self add poetry-plugin-up
-
-update: ## poetry update poetry.lock
-	git submodule update
-	poetry self update
-	poetry up
+update: ## update and lock
+	uv lock -U
 
 test: clean ## pytest with coverage
 	coverage run -m pytest --nf
 	coverage report -m --fail-under=100
 	coverage-badge -f -o coverage.svg
 
-publish: clean update ## upload to pypi.org
-	poetry publish --build
-	git commit -a -s -m 'feat: v$(shell poetry version -s)'
-	git tag --force v$(shell poetry version -s)
+publish: clean ## upload to pypi.org
+	uv build
+	uv publish
+	git commit -a -s -m 'feat: $(shell uv tree -q | head -1 | awk '{print $2}')'
+	git tag --force $(shell uv tree -q | head -1 | awk '{print $2}')
 	git push
 	git push --tags --force
 
-sarif: clean update ## generate SARIF from Semgrep for this project
+sarif: clean ## generate SARIF from Semgrep for this project
 	osv-scanner --format sarif --call-analysis=all -r . | jq >osv.sarif.json
 	semgrep $(SEMGREP_ARGS) $(SEMGREP_RULES) | jq >semgrep.sarif.json
 
-lockfile: ## generate pip lockfile for this project
-	uv pip compile --generate-hashes -o requirements.txt --all-extras --upgrade pyproject.toml
-
-sbom: lockfile ## generate CycloneDX for this project
-	pip-audit -r requirements.txt -f cyclonedx-json --require-hashes | jq > sbom.cdx.json
-	rm requirements.txt
-	cyclonedx convert --input-file sbom.cdx.json --output-file sbom.spdx.json
+sbom: ## generate CycloneDX for this project
+	uvx pip-audit -f cyclonedx-json | jq > ssvc.cdx.json
diff --git a/osv.sarif.json b/osv.sarif.json
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,27 +1,24 @@
-[tool.poetry]
+[project]
 name = "ssvc"
-version = "1.0.10"
+version = "1.0.11"
 description = "A Python implementation of the Stakeholder-Specific Vulnerability Categorization framework."
-authors = ["Christopher Langton <chris@langton.cloud>"]
+authors = [{name = "Christopher Langton", email = "chris@vulnetix.app"}]
 readme = "PYPI.md"
+requires-python = ">=3.11"
+dependencies = [
+]
+license = {file = "LICENSE"}
 
-[tool.poetry.dependencies]
-python = "^3.11"
+[project.optional-dependencies]
+test = [
+    "pytest-cov>=6.0.0",
+    "pytest>=8.3.4",
+    "coverage-badge>=1.1.2",
+]
+sec = [
+    "pip-audit>=2.7.3",
+]
 
-[tool.poetry.group.dev.dependencies]
-setuptools = ">=69.5.1,<75.0.0"
-uv = ">=0.2.4,<0.5.0"
-isort = "^5.13.2"
-pytest = "^8.3.2"
-pytest-cov = "^5.0.0"
-coverage-badge = "^1.1.2"
-ruff = ">=0.4.5,<0.7.0"
-pip-audit = "^2.7.3"
-poetry = "^1.8.3"
-
-[build-system]
-requires = ["poetry-core>=1.0.0"]
-build-backend = "poetry.core.masonry.api"
-
-[tool.poetry.urls]
-"Repository" = "https://github.com/chrisdlangton/python-ssvc.git"
+[project.urls]
+Homepage = "https://www.vulnetix.com"
+Repository = "https://github.com/vulnetix/python-ssvc.git"
diff --git a/requirements-dev.txt b/requirements-dev.txt
diff --git a/sbom.cdx.json b/sbom.cdx.json
diff --git a/sbom.spdx.json b/sbom.spdx.json