Upgrade to python 3.12

.github/workflows/code_coverage.yml

@@ -45,17 +45,16 @@ jobs:
     ##############
     # Python tests
     ##############
-    - name: Setup Python 3.11
+    - name: Setup Python 3.12
       uses: actions/setup-python@v4
       with:
-        python-version: '3.11'
+        python-version: '3.12'
 
     - name: Install Dependencies (Python)
       run: |
         python3 -m pip install --upgrade pip
         pip install -r requirements.txt
-        pip install -r requirements-dev.txt
-        pip install .
+        pip install .[dev]
 
     - name: Create CA symlink to use RH's certifi on ubuntu-latest
       run: |

.github/workflows/pip_audit.yml

@@ -10,15 +10,17 @@ on:
       - .github/workflows/pip_audit.yml
       - ansible_ai_connect/**
       - pyproject.toml
-      - requirements*.txt
+      - uv.lock
+      - requirements.txt
   pull_request:
     branches:
       - main
     paths:
       - .github/workflows/pip_audit.yml
       - ansible_ai_connect/**
       - pyproject.toml
-      - requirements*.txt
+      - uv.lock
+      - requirements.txt
 permissions:
   contents: read
 
@@ -30,12 +32,13 @@ jobs:
       - name: Set up Python ${{ matrix.python-version }}
         uses: actions/setup-python@v4
         with:
-          python-version: 3.11
+          python-version: 3.12
       - name: install
         run: |
           python -m venv env/
           source env/bin/activate
-          python -m pip install . -rrequirements.txt
+          python -m pip install -r requirements.txt
+          python -m pip install -e .
           # See: https://github.com/advisories/GHSA-r9hx-vwmv-q579
           pip install --upgrade setuptools
       - name: Create CA symlink to use RH's certifi on ubuntu-latest

.github/workflows/pre-commit.yml

@@ -30,12 +30,12 @@ jobs:
       - name: Set up python3
         uses: actions/setup-python@v4
         with:
-          python-version: '3.11'
+          python-version: '3.12'
 
       - name: Install dependencies
         run: |
           python -m pip install --upgrade pip
-          pip install pre-commit
+          pip install .[dev]
 
       - name: Run pre-commit
         uses: pre-commit/action@v3.0.0

.github/workflows/pyright.yml

@@ -15,10 +15,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - name: Setup Python 3.11
+    - name: Setup Python 3.12
       uses: actions/setup-python@v4
       with:
-        python-version: '3.11'
+        python-version: '3.12'
     - name: install
       run: |
         pip install pyright django boto3 requests prometheus_client backoff django_prometheus langchain langchain-ollama django-health-check aiohttp ansible-lint ansible_anonymizer

.github/workflows/security_report.yml

@@ -11,13 +11,12 @@ jobs:
 
       - uses: actions/setup-python@v4
         with:
-          python-version: '3.11'
+          python-version: '3.12'
       - uses: snyk/actions/setup@master
       - name: Install dependencies
         run: |
           python3 -m pip install --upgrade pip
           pip install -r requirements.txt
-          pip install -r requirements-dev.txt
           pip install .
 
       - name: Monitor project and report vulnerabilities

.github/workflows/uv_export.yml

@@ -0,0 +1,40 @@
+name: wisdom-service - uv-export
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - ansible_ai_connect/**
+      - pyproject.toml
+      - uv.lock
+      - requirements.txt
+      - Makefile
+  pull_request:
+    branches:
+      - main
+    paths:
+      - ansible_ai_connect/**
+      - pyproject.toml
+      - uv.lock
+      - requirements.txt
+      - Makefile
+permissions:
+  contents: read
+
+jobs:
+  selftest:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.12
+    - name: Install uv
+      uses: astral-sh/setup-uv@v4
+    - name: Compile requirements
+      run: |
+        uv lock
+        uv export --format requirements-txt --no-hashes --no-emit-project -o requirements.txt
+        git diff --exit-code -- uv.lock requirements.txt

Makefile

@@ -97,24 +97,13 @@ update-openapi-schema:
 docker-compose-clean:
 	${COMPOSE_RUNTIME} -f ${PWD}/tools/docker-compose/compose.yaml down
 
-.PHONY: pip-compile-x86_64
-pip-compile-x86_64:
-	${CONTAINER_RUNTIME} run --arch amd64 --os linux \
+.PHONY: export
+export:
+	${CONTAINER_RUNTIME} run --os linux \
 		--volume $(PWD):/var/www/wisdom:Z \
 		--workdir /var/www/wisdom \
 		registry.access.redhat.com/ubi9/ubi:latest \
-		/var/www/wisdom/tools/scripts/pip-compile.sh
-
-.PHONY: pip-compile-aarch64
-pip-compile-aarch64:
-	${CONTAINER_RUNTIME} run --arch arm64 --os linux \
-		--volume $(PWD):/var/www/wisdom:Z \
-		--workdir /var/www/wisdom \
-		registry.access.redhat.com/ubi9/ubi:latest \
-		/var/www/wisdom/tools/scripts/pip-compile.sh
-
-.PHONY: pip-compile
-pip-compile: pip-compile-x86_64 pip-compile-aarch64
+		/var/www/wisdom/tools/scripts/uv-export.sh
 
 # DEPRECATED: Please use create-superuser-containerized instead
 docker-create-superuser: create-superuser-containerized DEPRECATED

README.md

@@ -175,7 +175,7 @@ Pre-commit should be used before pushing a new PR.
 To use pre-commit, you need to first install the pre-commit package and its dependencies by running:
 
 ```bash
-pip install -r requirements-dev.txt
+pip install .
 ```
 
 To install pre-commit into your git hooks and run the checks on every commit, run the following each time you clone this
@@ -193,62 +193,44 @@ pre-commit autoupdate && pre-commit run -a
 
 ## Updating the Python dependencies
 
-We are now using pip-compile in order to manage our Python
-dependencies for the x86_64 and ARM64/AArch64 architectures.
+We use [uv](https://github.com/astral-sh/uv) to manage Python dependencies,
+following the same approach as [ansible-chatbot-stack](https://github.com/ansible/ansible-chatbot-stack).
+All dependencies are defined in `pyproject.toml`.
 
-In order to generate requirements.txt files for both architectures,
-you must use a multi-arch capable virtual machine emulator (like QEMU)
-and enable multi-arch support.
-
-To enable multi-arch support, run the instructions for your container
-engine and emulator from this table:
-
-<table>
-<tr>
-<td>Container Engine</td>
-<td>Emulator</td>
-<td>Instructions</td>
-</tr>
-<tr>
-<td>podman</td>
-<td>QEMU</td>
-<td>
+To update the pinned dependencies, run:
 
 ```bash
-podman machine ssh
-sudo rpm-ostree install qemu-user-static
-sudo systemctl reboot
+make export
 ```
 
-</td>
-</tr>
-</table>
-
-The specification of what packages we need now live in the
-requirements.in and requirements-dev.in files. Use your preferred
-editor to make the needed changes in those files, then run
+This will spin up a container and run the equivalent of:
 
 ```bash
-make pip-compile
+uv lock
+uv export --format requirements-txt --no-hashes -o requirements.txt
 ```
 
-This will spin up a container and run the equivalent of these commands
-to generate the updated files:
+This generates:
+- `uv.lock` - The lock file with exact pinned versions (commit this file)
+- `requirements.txt` - Exported for pip compatibility
 
-```bash
-pip-compile requirements.in
-pip-compile requirements-dev.in
-```
+### Security constraints
+
+Security-pinned transitive dependencies are defined in the `[tool.uv]`
+section of `pyproject.toml` using `constraint-dependencies`. These constraints
+are automatically applied when running `uv lock`.
 
-These commands will produce fully populated and pinned requirements.txt and
-requirements-dev.txt files, containing all of the dependencies of
-our dependencies involved. Due to differences in architecture and
-version of Python between developers' machines, we do not recommend
-running the pip-compile commands directly.
+### Development dependencies
 
-### Use of `pyproject.toml`
+Development dependencies (testing, linting, etc.) are defined as optional
+dependencies in `pyproject.toml` under `[project.optional-dependencies]`.
+Install them with:
 
-`pyproject.toml` contains the dependencies used by downstream builds. Changes to any of the top level dependencies in `requirements.in` must there also be reflected in `pyproject.toml` too. See [PEP-518](https://peps.python.org/pep-0518/) for details.
+```bash
+pip install .[dev]
+# or with uv:
+uv pip install -e .[dev]
+```
 
 # Using the VS Code extension
 
@@ -456,8 +438,7 @@ have backend services (Postgres, Prometheus and Grafana) running.
 is one handy way for that requirement.
 
 For getting the unit test code coverage,
-install the `coverage` module, which is included
-in `requirements-dev.txt` with the instructions in the
+install the `coverage` module with the instructions in the
 [Using pre-commit](#using-pre-commit) section.
 
 ### Use make

ansible_ai_connect/ansible_lint/tests/test_lintpostprocessing.py

@@ -38,7 +38,7 @@
   tasks:
     - name: Hello Message
       debug:
-        msg: Hello World!
+        msg: "Hello World!"
 """
 
 

docs/pycharm-setup.md

@@ -10,7 +10,7 @@ apply them to other environments, e.g. VSCode + MacOS with minor modifications.
 
 The instructions presented here were tested using
 - PyCharm 2024.1.4 (Community Edition),
-- Python 3.11.9,
+- Python 3.12.0,
 - Fedora Linux 40 (Workstation Edition), and
 - HP Victus Gaming Laptop 16