PEP 621: Migrate from setup.{py, cfg} to pyproject.toml #914
Conversation
cc81b4a to
8745a65
Compare
|
@webknjaz, your review would be greatly appreciated, esp. on the PyPI release bits. |
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
There was a problem hiding this comment.
Pull Request Overview
This PR migrates project configuration from setup.py and setup.cfg to a PEP 621–compliant pyproject.toml and updates CI workflows accordingly.
- Remove legacy
setup.pyandsetup.cfg - Introduce
pyproject.tomlwith build-system and project metadata - Adjust GitHub Actions workflows to install extras and reference matrix variables
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| setup.py | Legacy setup script removed |
| setup.cfg | Legacy configuration removed |
| pyproject.toml | New PEP 621 configuration for build-system and project metadata |
| .github/workflows/python-build.yml | Updated COVERALLS_FLAG_NAME reference |
| .github/workflows/lint_python.yml | Changed editable install to include selected extras |
Comments suppressed due to low confidence (2)
.github/workflows/python-build.yml:29
- The workflow references
matrix.pythonbut the strategy matrix key is namedpython-version. It should use${{ matrix.python-version }}to match the defined matrix.
COVERALLS_FLAG_NAME: ${{ matrix.python }}
| ] | ||
| optional-dependencies.rsa = [ "cryptography>=3" ] | ||
| optional-dependencies.signals = [ "blinker>=1.4" ] | ||
| optional-dependencies.signedtoken = [ "cryptography>=3", "pyjwt>=2,<3" ] |
There was a problem hiding this comment.
I think you can use recursive refs like
| optional-dependencies.signedtoken = [ "cryptography>=3", "pyjwt>=2,<3" ] | |
| optional-dependencies.signedtoken = [ ". [rsa]", "PyJWT >=2, <3" ] |
(but please test to make sure)
There was a problem hiding this comment.
Let's revisit that in a separate PR. I find it to be unintuitive.
There was a problem hiding this comment.
It belongs in this PR as the previous implementation used a common source for these, and now it's disconnected. I believe that such a PR shouldn't include a behavior change.
There was a problem hiding this comment.
Your reformulation says to me we are going to install . (this whole project) and then rsa (which is an unintuitive alias for cryptography), and then PyJWT. Putting the . in there means that we are disabling any use of --group-only.
There was a problem hiding this comment.
Agree - recursive deps seems more prone to error and harder to read & understand. Let's keep cryptography in both groups.
| @@ -15,8 +15,7 @@ jobs: | |||
| - run: pip install codespell mypy pytest ruff safety | |||
There was a problem hiding this comment.
Wonder why these aren't in the dependency groups. They could probably be moved into a linters group.
Additionally, that pip install at the top doesn't need to install setuptools or wheel at all. Replace it with a pip install 'pip >= 25.1' # for dependency group support
There was a problem hiding this comment.
I would move codespell, ruff, and safety into pre-commit or pipx run them.
I see little value in moving them to a separate file from the file in which they are run.
Safety should probably be dropped.
There was a problem hiding this comment.
But since you're already moving some of the deps to groups, move the rest.
There was a problem hiding this comment.
Let's keep that task until those are shif-lefted into a pre-commit, or if integrated into tox; or also wait until #916 is progressing.
https://setuptools.pypa.io/en/latest/userguide/pyproject_config.html
Migrate
setup.pytosetup.cfgusing setuptools-py2cfg plus manual modifications. Then migratesetup.cfgtopyproject.tomlusing ini2toml to do the file conversion and running pyproject-fmt and then validate-pyproject to validate the results.Codespell and mypy settings (in GitHub Action) and tox.ini could also be migrated.