pyseto/Taskfile.yml at main · dajiaji/pyseto · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# Taskfile.yml
version: '3'

vars:
  # 2-day delay (security verification window)
  EXCLUDE_NEWER_DAYS: 2
  EXCLUDE_NEWER: "{{.EXCLUDE_NEWER_DAYS}} days"

tasks:
  uv:add:
    desc: "Add package (with {{.EXCLUDE_NEWER_DAYS}}-day delay)"
    cmds:
      - echo "Excluding packages newer than {{.EXCLUDE_NEWER}}"
      - uv add --exclude-newer "{{.EXCLUDE_NEWER}}" --no-build --no-install-project {{.CLI_ARGS}}
      - task: uv:export-requirements

  uv:lock:
    desc: "Lock dependencies (with {{.EXCLUDE_NEWER_DAYS}}-day delay)"
    cmds:
      - echo "Excluding packages newer than {{.EXCLUDE_NEWER}}"
      - uv lock --exclude-newer "{{.EXCLUDE_NEWER}}" --no-build
      - task: uv:export-requirements

  uv:lock:upgrade:
    desc: "Upgrade all dependencies (with {{.EXCLUDE_NEWER_DAYS}}-day delay)"
    cmds:
      - echo "Excluding packages newer than {{.EXCLUDE_NEWER}}"
      - uv lock --upgrade --exclude-newer "{{.EXCLUDE_NEWER}}" --no-build
      - task: uv:export-requirements

  uv:export-requirements:
    desc: "Export uv.lock to requirements-txt for scanners"
    cmds:
      - echo "Excluding packages newer than {{.EXCLUDE_NEWER}}"
      - uv export --format requirements.txt --all-groups --locked --no-hashes --no-editable --no-emit-project --exclude-newer "{{.EXCLUDE_NEWER}}" -o requirements.txt

  uv:sync:
    desc: "Sync environment without building sdists"
    cmds:
      - uv sync --frozen --all-groups --no-build --no-install-project

  uv:run:
    desc: "Run command via uv with locked, time-delayed dependencies (e.g., task uv:run -- python app.py)"
    cmds:
      - uv run --no-sync {{.CLI_ARGS}}

  uv:tool:install:
    desc: "Install a uv tool without building sdists (e.g., task uv:tool:install -- ruff)"
    cmds:
      - uv tool install --no-build {{.CLI_ARGS}}

  uv:dev:
    desc: "Set up development environment"
    cmds:
      - uv sync --frozen --all-groups --no-build
      - uv run pre-commit install

  uv:licenses:
    desc: "Export requirements.txt and run a license check"
    cmds:
      - uv export --format requirements-txt --without-hashes --all-groups -o requirements.txt
      - uv run pip-licenses

  uv:security:
    desc: "Run security scan"
    cmds:
      - uv run pip-audit
      - trivy fs --severity HIGH,CRITICAL .