Skip to content

refactor(build): migrate from setup.py to pyproject.toml#260

Merged
soimkim merged 2 commits intomainfrom
bump
Mar 19, 2026
Merged

refactor(build): migrate from setup.py to pyproject.toml#260
soimkim merged 2 commits intomainfrom
bump

Conversation

@soimkim
Copy link
Contributor

@soimkim soimkim commented Mar 19, 2026
edited
Loading

Description

  • Chores
    • Modernized packaging to a pyproject-based build system and declared supported Python versions (>=3.10).
    • Updated CI/CD release workflow to use contemporary build and publish commands.

@soimkim soimkim self-assigned this Mar 19, 2026
@soimkim soimkim added the chore [PR/Issue] Refactoring, maintenance the code label Mar 19, 2026
@coderabbitai
Copy link

coderabbitai bot commented Mar 19, 2026
edited
Loading

Warning

Rate limit exceeded

@soimkim has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 19 minutes and 36 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 771cf8d0-92fe-44a1-bcf8-7d21f98cf776

📥 Commits

Reviewing files that changed from the base of the PR and between adc12ac and 71dde54.

📒 Files selected for processing (1)
  • pyproject.toml
📝 Walkthrough

Walkthrough

The project transitions from setup.py/requirements.txt packaging to a pyproject.toml-based configuration. Version-bump automation is replaced by sed-based in-place edits. The release workflow is updated to use python -m build and twine; related tooling/config files were removed or adjusted.

Changes

Cohort / File(s) Summary
Package Build Configuration
pyproject.toml, setup.py, requirements.txt, MANIFEST.in		 Added pyproject.toml with project metadata, dependencies, package discovery and console entry points; removed setup.py and requirements.txt; removed requirements.txt from MANIFEST.in.
Version Management & Release Automation
.bumpversion.cfg, .github/workflows/publish-release.yml, .reuse/dep5		 Removed bumpversion config and its reuse mapping; updated GH Actions release workflow to perform sed-based version edits on pyproject.toml, stage pyproject.toml with the changelog, and switch packaging step to python -m build + twine upload.

Sequence Diagram(s)

sequenceDiagram
    actor Developer
    participant GH as GitHub Actions
    participant Repo as Repository (pyproject.toml)
    participant Builder as python -m build
    participant Twine as twine / PyPI

    Developer->>GH: push release tag / trigger workflow
    GH->>Repo: checkout code
    GH->>Repo: sed update version in pyproject.toml
    GH->>Repo: git add/commit pyproject.toml + CHANGELOG.md
    GH->>Builder: run python -m build -> produces dist/*
    GH->>Twine: run twine upload dist/* -> publish to PyPI
    Twine-->>GH: upload result
    GH-->>Developer: workflow completes (success/failure)
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: migrating the project's build configuration from setup.py to pyproject.toml, which is the primary focus of all modifications.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch bump
📝 Coding Plan
  • Generate coding plan for human review comments

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 19, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
pyproject.toml (1)

23-30: Move setuptools and wheel from runtime to build-only dependencies.

These packages are already declared in [build-system].requires (line 5) but are redundantly included in [project].dependencies (lines 27 and 33). No runtime imports of either package were found in the codebase. Remove them from runtime dependencies to reduce resolver conflicts and installation surface.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@pyproject.toml` around lines 23 - 30, Remove the redundant runtime entries
for "setuptools" and "wheel" from the [project].dependencies list in
pyproject.toml (they are already declared under [build-system].requires); edit
the dependencies array to delete the "setuptools<=80.10.2" and "wheel>=0.38.1"
items so they remain build-only and not installed at runtime.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pyproject.toml`:
- Around line 45-47: The console script entry "run_scancode" points to a
non-existent main() in fosslight_source.run_scancode; update the entry point or
add a wrapper: either change pyproject.toml's project.scripts mapping from
"fosslight_source.run_scancode:main" to "fosslight_source.run_scancode:run_scan"
or implement a module-level main() in src/fosslight_source/run_scancode.py that
calls the existing run_scan(...) function (preserving expected CLI signature and
exit codes).

---

Nitpick comments:
In `@pyproject.toml`:
- Around line 23-30: Remove the redundant runtime entries for "setuptools" and
"wheel" from the [project].dependencies list in pyproject.toml (they are already
declared under [build-system].requires); edit the dependencies array to delete
the "setuptools<=80.10.2" and "wheel>=0.38.1" items so they remain build-only
and not installed at runtime.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a2a20213-a206-4bd3-be1e-6a1f2a06f29a

📥 Commits

Reviewing files that changed from the base of the PR and between 3182b07 and 127d2a4.

📒 Files selected for processing (7)
  • .bumpversion.cfg
  • .github/workflows/publish-release.yml
  • .reuse/dep5
  • MANIFEST.in
  • pyproject.toml
  • requirements.txt
  • setup.py
💤 Files with no reviewable changes (5)
  • MANIFEST.in
  • requirements.txt
  • .reuse/dep5
  • .bumpversion.cfg
  • setup.py

@soimkim @coderabbitai
Update pyproject.toml
71dde54 
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@soimkim soimkim merged commit 045a34c into main Mar 19, 2026
6 of 7 checks passed
@soimkim soimkim deleted the bump branch March 19, 2026 06:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

@soimkim soimkim

Labels

chore [PR/Issue] Refactoring, maintenance the code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@soimkim