Skip to content

chore(deps): migrate from Poetry to Rye for dependency management#93

Merged
mldangelo merged 15 commits intomainfrom
feat/migrate-poetry-to-rye
Jun 19, 2025
Merged

chore(deps): migrate from Poetry to Rye for dependency management#93
mldangelo merged 15 commits intomainfrom
feat/migrate-poetry-to-rye

Conversation

@mldangelo
Copy link
Member

@mldangelo mldangelo commented Jun 17, 2025

Summary

Migrates the project from Poetry to Rye for dependency management and build tooling.

Changes Made

Build System Migration

  • Replaced Poetry with Rye: Updated pyproject.toml to use Rye configuration
  • Removed poetry.lock: No longer needed with Rye's lockfile system
  • Updated CI/CD: GitHub Actions workflow now uses Rye instead of Poetry

Dependency Management

  • Preserved all existing dependencies: Core and optional dependencies maintained
  • Added new optional dependencies:
    • joblib>=1.0.0 for Joblib scanner support
    • Updated all extra to include new dependencies
  • Enhanced dev dependencies: Added dill>=0.4.0 for testing

Documentation Updates

  • README.md: Updated installation and development instructions to use Rye
  • CLAUDE.md: Updated development commands to use Rye syntax
  • CI/CD examples: Updated to show Rye usage patterns

New Features Merged

  • Joblib Scanner: Security scanning for .joblib files
  • NumPy Scanner: Security scanning for .npy/.npz files
  • Enhanced Security: Additional detection capabilities

Benefits

  • Faster dependency resolution: Rye provides faster dependency installation
  • Better Python version management: Simplified Python version pinning
  • Modern tooling: Uses latest Python packaging standards
  • Maintained compatibility: All existing functionality preserved

Testing

  • All existing tests continue to pass
  • CI/CD pipeline updated and functional
  • Docker builds remain compatible

Breaking Changes

None - this is purely a build system migration that doesn't affect end users.

Migration Notes

For developers:

  • Use rye sync --features all instead of poetry install
  • Use rye run <command> instead of poetry run <command>
  • Use rye build instead of poetry build

mldangelo added 7 commits June 15, 2025 01:33
@mldangelo
feat: migrate from Poetry to Rye for dependency management
6bfee2e 
- Replace Poetry with Rye for faster, standards-compliant dependency management

- Convert pyproject.toml to PEP 621 standard format with Hatchling backend

- Update all documentation (README, CLAUDE.md) with Rye commands

- Replace setup-poetry.sh with setup-rye.sh interactive script

- Update GitHub Actions workflow to use Rye instead of Poetry

- Update all Dockerfiles for Rye-based builds

- Add comprehensive migration guides and documentation

- Remove poetry.lock, add Rye-specific .gitignore entries

- Preserve all functionality: same CLI, dependencies, and optional features

BREAKING CHANGE: Development workflow now requires Rye instead of Poetry

Migration guide available in MIGRATION_GUIDE.md
@mldangelo
chore: clean up obsolete files after Poetry to Rye migration
a78bd5b 
- Remove setup-poetry.sh (replaced by setup-rye.sh)

- Remove setup.cfg (flake8 config replaced by Ruff)

- Remove llm_context.txt (dev documentation)

- Clean up cache and build directories
@mldangelo
fix: correct Docker configuration for Rye best practices
6656e0e 
- Remove incorrect 'rye install' usage in containers

- Use requirements.lock + pip install approach (Rye recommended)

- Add comprehensive .dockerignore file

- Simplify Dockerfiles for faster, smaller builds

- Update migration guide with correct Docker usage

The previous Docker setup was using 'rye install' which is incorrect for containers.

Now following official Rye documentation for containerization.
@mldangelo
feat: add comprehensive testing and Docker CI workflows
2969c93 
- Add Docker build and publish workflow (.github/workflows/docker.yml)

- Build multi-arch images (linux/amd64, linux/arm64) for GitHub Container Registry

- Support multiple Docker variants (base, full, tensorflow)

- Add Docker testing to existing CI workflow

- Create comprehensive test script (test_migration.sh)

- Update README with Docker usage and testing instructions

New features:

- Automated Docker builds on push/release

- Multi-platform container support

- Comprehensive testing including Docker builds

- GitHub Container Registry integration

- Full validation script for migration
@mldangelo
refactor: remove redundant setup-rye.sh script
e24a270 
- Delete setup-rye.sh script (87 lines removed)

- Update documentation to use standard 'rye sync --features all' command

- Simplify setup process for modern Python developers

- Update MIGRATION_GUIDE.md, CLAUDE.md, and MIGRATION_SUMMARY.md

The interactive setup script was redundant since:

- Modern developers expect standard package manager commands

- README already provides comprehensive installation instructions

- test_migration.sh covers all validation needs

- Reduces maintenance overhead
@mldangelo
Merge main into feat/migrate-poetry-to-rye - resolved conflicts prese…
6d80341 
…rving Rye config
@mldangelo
Merge main into feat/migrate-poetry-to-rye - add Joblib and NumPy sca…
0ba1168 
…nners while preserving Rye config
cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]
cursor bot reviewed Jun 19, 2025
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: Docker Build Fails Due to Incorrect Dependency Installation Order

The Dockerfiles (Dockerfile.full, Dockerfile.tensorflow) attempt to install dependencies from requirements.lock (line 7) before copying the application source code (line 10). This causes the Docker build to fail because requirements.lock includes an editable install (-e file:.) that requires the source code to be present. Additionally, a subsequent pip install command (line 13) attempts to install the application again with specific extras, which is redundant and could lead to conflicts.

Dockerfile.tensorflow#L4-L13

modelaudit/Dockerfile.tensorflow

Lines 4 to 13 in baac873

# Copy requirements lock file and install dependencies
COPY requirements.lock ./
RUN pip install --no-cache-dir -r requirements.lock
# Copy source code
COPY . .
# Install the application with TensorFlow extras using pip
RUN pip install --no-cache-dir .[tensorflow]

Dockerfile.full#L5-L13

modelaudit/Dockerfile.full

Lines 5 to 13 in baac873

# Copy requirements lock file and install all dependencies
COPY requirements.lock ./
RUN pip install --no-cache-dir -r requirements.lock
# Copy source code
COPY . .
# Install the application with all extras using pip
RUN pip install --no-cache-dir .[all]

Fix in Cursor

Bug: Editable Install Fails Before Source Code

The Dockerfile attempts to install dependencies from requirements.lock before copying the source code. Since requirements.lock contains an editable install entry (-e file:.), pip fails because the project's source code (e.g., pyproject.toml) is not yet present in the current directory to perform the editable installation.

Dockerfile.full#L4-L13

modelaudit/Dockerfile.full

Lines 4 to 13 in baac873

# Copy requirements lock file and install all dependencies
COPY requirements.lock ./
RUN pip install --no-cache-dir -r requirements.lock
# Copy source code
COPY . .
# Install the application with all extras using pip
RUN pip install --no-cache-dir .[all]

Fix in Cursor

Was this report helpful? Give feedback by reacting with 👍 or 👎

@mldangelo mldangelo merged commit d3423a6 into main Jun 19, 2025
9 checks passed
@mldangelo mldangelo deleted the feat/migrate-poetry-to-rye branch June 19, 2025 05:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@cursor cursor[bot] cursor[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mldangelo