aboutcode-org
diff --git a/‎.github/workflows/docs-ci.yml
Lines changed: 4 additions & 6 deletions b/‎.github/workflows/docs-ci.yml
Lines changed: 4 additions & 6 deletions
diff --git a/‎.github/workflows/pypi-release.yml
Lines changed: 41 additions & 51 deletions b/‎.github/workflows/pypi-release.yml
Lines changed: 41 additions & 51 deletions
diff --git a/‎.pre-commit-config.yaml
Lines changed: 30 additions & 0 deletions b/‎.pre-commit-config.yaml
Lines changed: 30 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 153 additions & 0 deletions b/‎README.md
Lines changed: 153 additions & 0 deletions
@@ -15,13 +15,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v3
 
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
+      - name: Setup uv
+        uses: astral-sh/setup-uv@22695119d769bdb6f7032ad67b9bca0ef8c4a174 # v5.4.0
         with:
-          python-version: ${{ matrix.python-version }}
-
-      - name: Give permission to run scripts
-        run: chmod +x ./docs/scripts/doc8_style_check.sh
+          enable-cache: true
+          pyproject-file: "pyproject.toml"
 
       - name: Install Dependencies
         run:  pip install -e .[docs]
 
@@ -1,83 +1,73 @@
-name: Create library release archives, create a GH release and publish PyPI wheel and sdist on tag in main branch
-
-
-# This is executed automatically on a tag in the main branch
-
-# Summary of the steps:
-# - build wheels and sdist
-# - upload wheels and sdist to PyPI
-# - create gh-release and upload wheels and dists there
-# TODO: smoke test wheels and sdist
-# TODO: add changelog to release text body
-
-# WARNING: this is designed only for packages building as pure Python wheels
+name: Buld and Publish
 
 on:
   workflow_dispatch:
+  pull_request:
   push:
     tags:
-      - "v*.*.*"
+      - "v*"
 
 jobs:
-  build-pypi-distribs:
-    name: Build and publish library to PyPI
-    runs-on: ubuntu-20.04
+  build_and_upload:
+    name: Build and Upload Archive
+    runs-on: ubuntu-24.04
 
     steps:
       - uses: actions/checkout@v4
-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: 3.9
-
-      - name: Install pypa/build
-        run: python -m pip install build --user
 
-      - name: Build a binary wheel and a source tarball
-        run: python -m build --sdist --wheel --outdir dist/
-
-      - name: Upload built archives
-        uses: actions/upload-artifact@v4
+      - name: Install uv
+        uses: astral-sh/setup-uv@22695119d769bdb6f7032ad67b9bca0ef8c4a174 # v5.4.0
+        with:
+          enable-cache: true
+          pyproject-file: "pyproject.toml"
+
+      - name: Build 📦 package
+        run: |
+          uv sync
+          uv build
+        shell: bash
+
+      - name: Upload artifacts
+        if: github.event_name == 'push'
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
         with:
           name: pypi_archives
-          path: dist/*
-
+          path: dist/python_inspector-*-py3-none-any.whl
+          overwrite: true
 
   create-gh-release:
     name: Create GH release
-    needs:
-      - build-pypi-distribs
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
+    needs: build_and_upload
 
     steps:
       - name: Download built archives
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # 4.2.1
         with:
           name: pypi_archives
           path: dist
 
       - name: Create GH release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # 2.2.1
         with:
           draft: true
           files: dist/*
 
-
   create-pypi-release:
     name: Create PyPI release
-    needs:
-      - create-gh-release
-    runs-on: ubuntu-20.04
-
+    needs: create-gh-release
+    runs-on: ubuntu-24.04
     steps:
-      - name: Download built archives
-        uses: actions/download-artifact@v4
-        with:
-          name: pypi_archives
-          path: dist
-
-      - name: Publish to PyPI
-        if: startsWith(github.ref, 'refs/tags')
-        uses: pypa/gh-action-pypi-publish@release/v1
+      - name: Install uv
+        if: github.event_name == 'push'
+        uses: astral-sh/setup-uv@22695119d769bdb6f7032ad67b9bca0ef8c4a174 # v5.4.0
         with:
-          password: ${{ secrets.PYPI_API_TOKEN }}
+          enable-cache: true
+          pyproject-file: "pyproject.toml"
+
+      - name: Publish
+        if: github.event_name == 'push'
+        env:
+          UV_PUBLISH_TOKEN: ${{ secrets.PYPI_API_TOKEN }}
+        run: |
+          uv publish dist/*
@@ -0,0 +1,30 @@
+default_language_version:
+  python: python3.9
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: check-yaml
+      - id: check-added-large-files
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.15.0
+    hooks:
+      - id: mypy
+        additional_dependencies:
+          - pydantic
+          - types-PyYaml==6.0.12.12
+          - types-toml
+          - types-requests
+        args: [--config, pyproject.toml]
+
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: "v0.11.2"
+    hooks:
+      - id: ruff
+
+  - repo: https://github.com/astral-sh/uv-pre-commit
+    # uv version.
+    rev: 0.6.10
+    hooks:
+      - id: uv-lock
@@ -0,0 +1,153 @@
+python-inspector - inspect Python packages dependencies and metadata
+=====================================================================
+
+Copyright (c) nexB Inc. and others.
+SPDX-License-Identifier: Apache-2.0
+Homepage: https://github.com/aboutcode-org/python-inspector and https://www.aboutcode.org/
+
+``python-inspector`` is a collection of utilities to:
+
+- resolve PyPI packages dependencies
+
+- parse various requirements.txt files and setup.py files as input
+  for resolving dependencies.
+
+- parse additionally various manifests and packages files such as
+  Pipfile, pyproject.toml, poetry.lock and setup.cfg and legacy and
+  current metadata file formats for eggs, wheels and sdist. These
+  have not been wired with the command line yet.
+
+- query PyPI JSON and simple APIs for package information
+
+It grew out of ScanCode toolkit to find and analyze PyPI archives and
+installed Python packages and their files.
+
+The goal of python-inspector is to be a comprehensive library
+that can handle every style of Python package layouts, manifests and lockfiles.
+
+Developing
+----------
+
+- [Install Astral Uv](https://docs.astral.sh/uv/getting-started/installation/). For convenience:
+
+  - Isolated: `pipx install uv`
+  - Regular: `pip install uv`
+
+- (Optional) Configure pre-commit for commit linter checks:
+
+```bash
+   pre-commit install
+   pre-commit install --hook-type commit-msg
+```
+
+- Run from development. A virtual .venv will be created if you not have one
+
+```bash
+uv run python-inspector --help
+```
+
+Testing
+--------
+
+- Run the tests. Tests have a special dependency group with their requirements for text exclusively:
+
+```bash
+uv sync --group=test
+uv pytest -vvs
+```
+
+- These are live tests to regenrate the tests with updated data run::
+
+```bash
+uv sync
+PYINSP_REGEN_TEST_FIXTURES=yes uv run pytest -vvs
+```
+
+Documentation
+-------------
+
+```bash
+uv sync --all-groups
+hatch run validate-docs
+```
+
+Usage
+--------
+
+- Install with pip:
+
+  ```bash
+  pip install git+https://github.com/aboutcode-org/python-inspector
+  ```
+
+- Run the command line utility with::
+
+```bash
+python-inspector --help
+```
+
+Its companion libraries are:
+
+- ``pip-requirements-parser``, a mostly correct pip requirements parsing
+  library extracted from pip.
+
+- ``pkginfo2``, a safer fork of pkginfo to parse various installed and extracted
+  package layouts and their metadata files.
+
+- ``dparse2``, a safer fork of dparse to parse various package manifests
+
+- ``resolvelib``, the library used by pip for dependency resolution
+
+- ``packaging``, the official Python packaging utility library to process
+  versions, specifiers, markers  and other packaging data formats.
+
+- ``importlib_metadata``, the official Python utility library to process
+  installed site-packages and their metadata formats.
+
+- ``packageurl-python`` to use Package URL to reference Python packages
+
+Acknowledgements, Funding, Support and Sponsoring
+--------------------------------------------------------
+
+This project is funded, supported and sponsored by:
+
+- Generous support and contributions from users like you!
+- the European Commission NGI programme
+- the NLnet Foundation
+- the Swiss State Secretariat for Education, Research and Innovation (SERI)
+- Google, including the Google Summer of Code and the Google Seasons of Doc programmes
+- Mercedes-Benz Group
+- Microsoft and Microsoft Azure
+- AboutCode ASBL
+- nexB Inc.
+- Cariad SE
+
+<p align="left">
+  <a href="http://ec.europa.eu/index_en.htm" target="_blank"><img src="https://ngi.eu/wp-content/uploads/sites/77/2017/10/bandiera_stelle.png" height="40" alt="Europa logo"></a>
+  &nbsp;&nbsp;&nbsp;
+  <a href="https://commission.europa.eu/about-european-commission/departments-and-executive-agencies/communications-networks-content-and-technology_en" target="_blank"><img src="https://commission.europa.eu/themes/contrib/oe_theme/dist/ec/images/logo/positive/logo-ec--en.svg" height="40" alt="EC DG Connect logo"></a>
+</p>
+
+<p align="left">
+  <a href="https://ngi.eu35" target="_blank"><img src="https://ngi.eu/wp-content/uploads/thegem-logos/logo_8269bc6efcf731d34b6385775d76511d_1x.png" height="50" alt="NGI logo"></a>
+  &nbsp;&nbsp;&nbsp;
+  <a href="https://nlnet.nl" target="_blank"><img src="https://nlnet.nl/logo/banner.png" height="50" alt="NLnet foundation logo"></a>
+</p>
+
+<p align="left">
+  <a href="https://aboutcode.org/" target="_blank"><img src="https://aboutcode.org/wp-content/uploads/2023/10/AboutCode.svg" height="30" alt="AboutCode logo"></a>
+  &nbsp;&nbsp;&nbsp;
+  <a href="https://nexb.com" target="_blank"><img src="https://nexb.com/wp-content/uploads/2022/04/nexB.svg" height="30" alt="nexB logo"></a>
+</p>
+
+This project was funded through the NGI0 Discovery Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825322.
+
+<p align="left">
+  <a href="https://nlnet.nl/project/vulnerabilitydatabase/" target="_blank"><img src="https://nlnet.nl/image/logos/NGI0Discovery_tag.svg" height="40" alt="NGI Discovery logo"></a>
+</p>
+
+This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.
+
+<p align="left">
+  <a href="https://nlnet.nl/project/Back2source-next/" target="_blank"><img src="https://nlnet.nl/image/logos/NGI0_tag.svg" height="40" alt="NGI Zero Core Logo"></a>
+</p>