Switch to uv and nox

.devcontainer/devcontainer-lock.json

@@ -0,0 +1,9 @@
+{
+    "features": {
+      "ghcr.io/devcontainers/features/python:1.7.0": {
+        "version": "1.7.0",
+        "resolved": "ghcr.io/devcontainers/features/python@sha256:8452f39db0852420728c9f7503dd94b3fc71aa558b5e7c8f6f9ce6687e494ae3",
+        "integrity": "sha256:8452f39db0852420728c9f7503dd94b3fc71aa558b5e7c8f6f9ce6687e494ae3"
+      }
+    }
+  }

.github/dependabot.yaml

@@ -1,5 +1,10 @@
 version: 2
 updates:
+  - package-ecosystem: "devcontainers"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

.github/workflows/dependency-review.yaml

@@ -1,4 +1,4 @@
-name: "Dependency Review"
+name: Dependency Review
 
 on:
   pull_request:
@@ -11,10 +11,10 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: "Checkout Repository"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Checkout Repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: "Dependency Review"
-        uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # v4.0.0
+      - name: Dependency Review
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
         with:
-          config-file: darbiadev/.github/.github/dependency-review-config.yaml@main
+          config-file: impressdesigns/.github/.github/dependency-review-config.yaml@main

.github/workflows/python-ci.yaml

@@ -1,4 +1,4 @@
-name: "Python CI"
+name: Python CI
 
 on:
   push:
@@ -19,7 +19,7 @@ jobs:
     strategy:
       matrix:
         os: [ ubuntu-latest ]
-        python-version: [ "3.8", "3.9", "3.10", "3.11" ]
+        python-version: [ "3.9", "3.10", "3.11" ]
 
     uses: darbiadev/.github/.github/workflows/python-test.yaml@ea97d99e1520c46080c4c9032a69552e491474ac # v13.0.0
     with:

.github/workflows/python-pypi-publish.yaml

@@ -1,49 +1,52 @@
-name: "Publish Python 🐍 distributions 📦 to PyPI"
+name: Publish Python 🐍 distributions 📦 to PyPI
 
 on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
   release:
-    types: [published]
+    types:
+      - published
 
 jobs:
-  build-publish:
-    name: "Build and publish Python 🐍 distributions 📦 to PyPI"
+  build:
+    name: Build distribution 📦
     runs-on: ubuntu-latest
     permissions:
+      attestations: write
       id-token: write
 
     steps:
-      - name: "Checkout repository"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: "Set up Python 3.x"
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+      - name: Build and inspect Python 🐍 package 📦
+        uses: hynek/build-and-inspect-python-package@73aea398b9c8de9ea9e4464c6b13cb8b1f3d6294 # v2.9.0
         with:
-          python-version: "3.x"
-          cache: "pip"
-          cache-dependency-path: "pyproject.toml"
+          attest-build-provenance-github: ${{ github.event.action == 'published' }}
 
-      - name: "Install pypa/build"
-        run: >-
-          python -m
-          pip install
-          build
-          --user
-
-      - name: "Build a binary wheel and a source tarball"
-        run: >-
-          python -m
-          build
-          --outdir dist/
-
-      - name: "Upload packages"
-        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
-        with:
-          name: packages
-          path: dist
+  publish-to-pypi:
+    name: Publish Python 🐍 distribution 📦 to PyPI
+    needs: build
+    if: ${{ github.event.action == 'published' }}
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/project/darbiadev-ups/${{ github.ref_name }}
+    permissions:
+      id-token: write
 
-      - name: "Publish distribution 📦 to PyPI"
-        uses: pypa/gh-action-pypi-publish@2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf # v1.8.11
-        with:
-          skip-existing: true
-          verbose: true
+    steps:
+    - name: Download dists
+      uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      with:
+        name: Packages
+        path: dist/
+
+    - name: Publish distribution 📦 to PyPI
+      uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3
+      with:
           print-hash: true

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.5.0
+    rev: v5.0.0
     hooks:
       - id: check-case-conflict
       - id: check-merge-conflict
@@ -12,3 +12,17 @@ repos:
       - id: mixed-line-ending
         args: [ --fix=lf ]
       - id: end-of-file-fixer
+        exclude: .devcontainer/devcontainer-lock.json
+
+  - repo: https://github.com/astral-sh/uv-pre-commit
+    rev: 0.5.14
+    hooks:
+      - id: uv-lock
+      - id: uv-export
+        args:
+          - --frozen
+          - --no-emit-project
+          - --all-extras
+          - --all-groups
+          - --output-file=requirements-dependabot.txt
+        files: pyproject.toml|uv.lock

noxfile.py

@@ -0,0 +1,52 @@
+"""Noxfile."""
+
+import shutil
+from pathlib import Path
+
+import nox
+
+nox.options.default_venv_backend = "none"
+nox.options.sessions = ["lints"]
+
+
+CLEANABLE_TARGETS = [
+    "./dist",
+    "./build",
+    "./.nox",
+    "./.coverage",
+    "./.coverage.*",
+    "./coverage.json",
+    "./**/.mypy_cache",
+    "./**/.pytest_cache",
+    "./**/__pycache__",
+    "./**/*.pyc",
+    "./**/*.pyo",
+]
+
+
+@nox.session
+def tests(session: nox.Session) -> None:
+    """Run tests."""
+    session.run("pytest")
+
+
+@nox.session
+def lints(session: nox.Session) -> None:
+    """Run lints."""
+    session.run("pre-commit", "run", "--all-files")
+    session.run("ruff", "format", ".")
+    session.run("ruff", "check", "--fix", ".")
+    session.run("mypy", "--strict", "src/")
+
+
+@nox.session
+def clean(_: nox.Session) -> None:
+    """Clean cache, .pyc, .pyo, and test/build artifact files from project."""
+    count = 0
+    for searchpath in CLEANABLE_TARGETS:
+        for filepath in Path().glob(searchpath):
+            if filepath.is_dir():
+                shutil.rmtree(filepath)
+            else:
+                filepath.unlink()
+            count += 1