Skip to content

chore: modernize Python tooling#141

Open
albedo-c wants to merge 1 commit intom-lab:mainfrom
albedo-c:chore/modernize-python-tooling
Open

chore: modernize Python tooling#141
albedo-c wants to merge 1 commit intom-lab:mainfrom
albedo-c:chore/modernize-python-tooling

Conversation

@albedo-c
Copy link

@albedo-c albedo-c commented Mar 2, 2026
edited by robertodauria
Loading

Summary

This PR comprehensively modernizes the project's Python tooling to use current best practices:

Python Version Upgrade

  • From: Python 3.6+ (EOL since Oct 2024)
  • To: Python 3.11+ minimum (3.14 recommended)
  • Added .python-version file pinning to 3.14

Packaging Migration

  • Migrated from Poetry (pyproject.toml with [tool.poetry]) to PEP 621 ([project] table)
  • Removed poetry.lock in favor of uv.lock
  • All dependencies updated to latest compatible versions

Linting & Formatting

  • Replaced black, flake8, isort, pyupgrade with ruff (single tool)
  • Added comprehensive [tool.ruff] configuration in pyproject.toml
  • Ran ruff format on entire codebase

Package Manager

  • Switched to uv for fast dependency resolution and virtual environment management
  • Added uv.lock to .gitignore (per PEP 668)

Dockerfile Modernization

  • Multi-stage build (builder, Go builder, runtime)
  • Base image: python:3.14-slim-bookworm (was python:3.7-bullseye)
  • Non-root user (appuser)
  • Uses uv for dependency installation in container

Dependency Updates

  • Updated protobuf to 7.34.0 (was 6.33.5)
  • Added setuptools (required for build)

Compatibility Fixes

  • Replaced deprecated pkg_resources with importlib.metadata (setuptools 82+ removed pkg_resources)

Removed Legacy Files

  • .travis.yml (replaced by GitHub Actions - to be added)
  • Dockerfile.template
  • poetry.lock

Security Audits

  • pip-audit: No vulnerabilities found
  • bandit: Issues documented (mostly intentional subprocess calls for external tools)

Testing

  • All 4 tests pass
  • CLI entry points work: murakami, murakami-convert, murakami-upload

Why These Changes

  1. Python 3.6 is EOL: No longer receives security patches since Oct 2024
  2. PEP 621 is the standard: Modern Python packaging using pyproject.toml
  3. uv is 10-100x faster than pip for dependency resolution
  4. ruff is 10-100x faster than black/flake8 combined
  5. Multi-stage Docker reduces image size and attack surface
  6. Non-root container follows security best practices

Breaking Changes

  • Minimum Python version is now 3.11 (was 3.6)
  • Users must use uv sync instead of poetry install
  • CLI now requires uv run murakami or installation via uv pip install .

Notes for Reviewers

  • The ruff ignore list includes intentional patterns (subprocess calls to external tools like ndt5, ndt7, ooniprobe)
  • Some bandit warnings about SSH host key verification are intentional (AutoAddPolicy for SCP exporters)
  • The Dockerfile maintains all system dependencies from the original

This change is Reviewable

@albedo-c
chore: modernize Python tooling
ae302fc 
- Migrate from Poetry to PEP 621 pyproject.toml with uv
- Upgrade Python version from 3.6 to 3.11 minimum (3.14 recommended)
- Replace black/flake8/isort with ruff (linter + formatter)
- Modernize Dockerfile: multi-stage build, slim-bookworm, non-root
- Replace pkg_resources with importlib.metadata (setuptools 82+ compatibility)
- Update dependencies to latest versions
- Add .python-version file
- Add .dockerignore file
- Remove legacy CI (.travis.yml) and Dockerfile.template
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@albedo-c