build: modernize python stack

.envrc

@@ -0,0 +1,4 @@
+has nix && use flake
+watch_file *.nix
+dotenv_if_exists .env # You can create a .env file with your env vars for this project. You can also use .secrets if you are using act. See the line below.
+dotenv_if_exists .secrets # Used by [act](https://nektosact.com/) to load secrets into the pipelines

.github/workflows/ci-master-scheduled.yml

@@ -22,33 +22,21 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - uses: actions/setup-python@v4
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
         with:
-          python-version: ${{ matrix.python_version }}
-
-      - name: Install Poetry
-        run: python -m pip install poetry poetry-dynamic-versioning
+          enable-cache: true
+          cache-dependency-glob: "uv.lock"
 
-      - uses: actions/cache@v3
-        name: Cache Poetry dependencies
+      - uses: actions/setup-python@v5
         with:
-          path: |
-            ~/.cache
-            ~/.local/share/virtualenvs/
-          key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
-          restore-keys: |
-            ${{ runner.os }}-poetry-
-
-      - name: Get dependencies
-        run: poetry install
+          python-version: ${{ matrix.python_version }}
 
       - name: Lint
-        continue-on-error: true
-        run: |
-          # stop the build if there are Python syntax errors or undefined names
-          poetry run flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
-          # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
-          poetry run flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+        uses: astral-sh/ruff-action@v3
+
+      - name: Check format
+        run: ruff format --check
 
       - name: Travis Test - Start agent
         id: start_agent
@@ -61,7 +49,7 @@ jobs:
 
       - name: Travis Test - Install dependencies
         run: |
-          poetry build
+          uv build
           python -m pip install $(find dist -iname "*.whl" | head -1)
 
       - name: Travis Test - Secure APIs
@@ -75,7 +63,7 @@ jobs:
           SDC_SECURE_TOKEN: ${{ secrets.STAGING_SECURE_API_TOKEN }}
           SDC_MONITOR_URL: "https://app-staging.sysdigcloud.com"
           SDC_SECURE_URL: "https://secure-staging.sysdig.com"
-        run: poetry run mamba -f documentation
+        run: uv run mamba -f documentation
 
       - name: Travis Test - Stop agent
         run: ./test/stop_agent.sh

.github/workflows/ci-pull-request.yml

@@ -25,40 +25,29 @@ jobs:
     steps:
     - uses: actions/checkout@v4
 
-    - uses: actions/setup-python@v4
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
       with:
-        python-version: ${{ matrix.python_version }}
-
-    - name: Install Poetry
-      run: python -m pip install poetry poetry-dynamic-versioning
+        enable-cache: true
+        cache-dependency-glob: "uv.lock"
 
-    - uses: actions/cache@v3
-      name: Cache Poetry dependencies
+    - uses: actions/setup-python@v5
       with:
-        path: |
-          ~/.cache
-          ~/.local/share/virtualenvs/
-        key: ${{ runner.os }}-poetry-${{ hashFiles('**/poetry.lock') }}
-        restore-keys: |
-          ${{ runner.os }}-poetry-
-
-    - name: Get dependencies
-      run: poetry install
+        python-version: ${{ matrix.python_version }}
 
     - name: Lint
-      run: |
-        # stop the build if there are Python syntax errors or undefined names
-        poetry run flake8
-        # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
-        poetry run flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
+      uses: astral-sh/ruff-action@v3
+
+    - name: Check format
+      run: ruff format --check
 
     - name: Test in staging
       env:
         SDC_MONITOR_TOKEN: ${{ secrets.STAGING_MONITOR_API_TOKEN }}
         SDC_SECURE_TOKEN: ${{ secrets.STAGING_SECURE_API_TOKEN }}
         SDC_MONITOR_URL: "https://app-staging.sysdigcloud.com"
         SDC_SECURE_URL: "https://secure-staging.sysdig.com"
-      run: poetry run mamba -f documentation -t integration
+      run: uv run mamba -f documentation -t integration
 
   test-release:
     runs-on: ubuntu-latest
@@ -81,14 +70,12 @@ jobs:
         run: git-chglog -c .github/git-chglog/config.yml -o RELEASE_CHANGELOG.md $(git describe --tags $(git rev-list --tags --max-count=1))
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: 3.8
+          python-version: "3.10"
 
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install poetry poetry-dynamic-versioning
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
 
       - name: Build
-        run: poetry build
+        run: uv build

.github/workflows/codeql-analysis.yml

@@ -43,7 +43,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

.github/workflows/release.yml

@@ -47,15 +47,19 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Set up Python
-        uses: actions/setup-python@v4
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
         with:
-          python-version: 3.8
+          enable-cache: true
+          cache-dependency-glob: "uv.lock"
 
-      - name: Install dependencies
-        run: |
-          python -m pip install --upgrade pip
-          pip install poetry poetry-dynamic-versioning
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.10"
 
-      - name: Build and publish
-        run: poetry publish --build -u ${{ secrets.PYPI_USER }} -p ${{ secrets.PYPI_PASSWORD }}
+      - name: Build
+        run: uv build
+
+      - name: Publish
+        run: uv publish -u ${{ secrets.PYPI_USER }} -p ${{ secrets.PYPI_PASSWORD }}

.gitignore

@@ -61,6 +61,8 @@ venv/
 
 # Direnv
 .envrc
+.direnv/
+.secrets
 
 # IntelliJ projects
 .idea/

.pre-commit-config.yaml

@@ -0,0 +1,15 @@
+repos:
+- repo: https://github.com/astral-sh/ruff-pre-commit
+  rev: v0.11.8
+  hooks:
+    # Run the linter.
+    - id: ruff
+      args: [ --fix ]
+    # Run the formatter.
+    - id: ruff-format
+
+- repo: https://github.com/rhysd/actionlint
+  rev: v1.7.7
+  hooks:
+    - id: actionlint
+

Makefile

@@ -2,15 +2,15 @@
 
 .PHONY: test
 test:
-	poetry run mamba -f documentation
+	uv run mamba -f documentation
 
 .coverage:
-	poetry run coverage run $(shell poetry run which mamba) -f documentation || true
+	uv run coverage run $(shell uv run which mamba) -f documentation || true
 
 cover: .coverage
-	poetry run coverage report --include 'sdcclient/*'
+	uv run coverage report --include 'sdcclient/*'
 
 .PHONY: cover-html
 cover-html: .coverage
-	poetry run coverage html -d coverage --include 'sdcclient/*'
+	uv run coverage html -d coverage --include 'sdcclient/*'
 

README.md

@@ -18,11 +18,11 @@ Installation
 
 #### Manual (development only)
 
-This method requires [Poetry](https://python-poetry.org/) installed
+This method requires [uv](https://docs.astral.sh/uv/) installed
 
     git clone https://github.com/sysdiglabs/sysdig-sdk-python.git
     cd python-sdc-client
-    poetry install
+    uv build
 
 Quick start
 -----------