Replace the setup.py/setup.cfg by pyproject.toml #1608 (#1709)

tdruez · web-flow · commit b414680bc18f · 2025-07-02T10:58:30.000+04:00
Signed-off-by: tdruez &lt;tdruez@nexb.com&gt;
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -4,6 +4,9 @@ Changelog
 v35.1.0 (unreleased)
 --------------------
 
+- Replace the ``setup.py``/``setup.cfg`` by ``pyproject.toml`` file.
+  https://github.com/aboutcode-org/scancode.io/issues/1608
+
 - Add a ``--fail-on-vulnerabilities`` option in ``check-compliance`` management command.
   When this option is enabled, the command will exit with a non-zero status if known
   vulnerabilities are detected in discovered packages and dependencies.
diff --git a/Dockerfile b/Dockerfile
@@ -87,7 +87,7 @@ RUN mkdir -p /var/$APP_NAME/static/ \
  && mkdir -p /var/$APP_NAME/workspace/
 
 # Install the dependencies before the codebase COPY for proper Docker layer caching
-COPY --chown=$APP_USER:$APP_USER setup.cfg setup.py $APP_DIR/
+COPY --chown=$APP_USER:$APP_USER pyproject.toml $APP_DIR/
 RUN pip install --no-cache-dir .
 
 # Copy the codebase and set the proper permissions for the APP_USER
diff --git a/Makefile b/Makefile
@@ -143,10 +143,6 @@ docs:
 	rm -rf docs/_build/
 	@${ACTIVATE} sphinx-build docs/ docs/_build/
 
-bump:
-	@echo "-> Bump the version"
-	@${ACTIVATE} bumpver update --no-fetch --patch
-
 docker-images:
 	@echo "-> Build Docker services"
 	docker compose build
@@ -163,4 +159,4 @@ offline-package: docker-images
 	@mkdir -p dist/
 	@tar -cf dist/scancodeio-offline-package-`git describe --tags`.tar build/
 
-.PHONY: virtualenv conf dev envfile install doc8 check valid check-deploy clean migrate upgrade postgresdb sqlitedb backupdb run run-docker-dev test fasttest docs bump docker-images offline-package
+.PHONY: virtualenv conf dev envfile install doc8 check valid check-deploy clean migrate upgrade postgresdb sqlitedb backupdb run run-docker-dev test fasttest docs docker-images offline-package
diff --git a/RELEASE.md b/RELEASE.md
@@ -4,7 +4,7 @@
 
 - Create a new `release-x.x.x` branch
 - Update the version in:
-  - `setup.cfg` (2 entries)
+  - `pyproject.toml`
   - `scancodeio/__init__.py`
   - `CHANGELOG.rst` (set date)
 - Commit and push this branch
@@ -24,7 +24,7 @@
 ```
 cd scancode.io
 source .venv/bin/activate
-pip install build
+python -m pip install build
 python -m build --sdist --wheel --outdir dist/ .
 ```
 
diff --git a/docs/introduction.rst b/docs/introduction.rst
@@ -91,8 +91,8 @@ The **Django framework** is leveraged for many aspects of ScanCode.io:
 
 .. note::
     Multiple applications from the Django eco-system are also included,
-    see the `setup.cfg <https://github.com/aboutcode-org/scancode.io/blob/main/setup.cfg>`_ file
-    for an exhaustive list of dependencies.
+    see the `pyproject.toml <https://github.com/aboutcode-org/scancode.io/blob/main/pyproject.toml>`_
+    file for an exhaustive list of dependencies.
 
 The second essential part of ScanCode.io is the **ScanCode Toolkit**, which is used
 for archives extraction and as the scanning engine.
diff --git a/docs/rest-api.rst b/docs/rest-api.rst
@@ -533,7 +533,7 @@ File content
 This displays the content of a ``project`` file resource provided using the
 ``?path=<resource_path>`` argument.
 
-``GET /api/projects/d4ed9405-5568-45ad-99f6-782a9b82d1d2/file_content/?path=setup.py``
+``GET /api/projects/d4ed9405-5568-45ad-99f6-782a9b82d1d2/file_content/?path=filename.ext``
 
 .. code-block:: json
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,3 +1,156 @@
+[build-system]
+requires = ["setuptools"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "scancodeio"
+version = "35.0.0"
+description = "Automate software composition analysis pipelines"
+readme = "README.rst"
+requires-python = ">=3.10,<3.14"
+license = "Apache-2.0"
+license-files = ["LICENSE", "NOTICE", "scan.NOTICE"]
+authors = [
+    { name = "nexB Inc.", email = "info@aboutcode.org" }
+]
+keywords = [
+    "open source", "scan", "license", "package", "dependency",
+    "copyright", "filetype", "author", "extract", "licensing",
+    "scancode", "scanpipe", "docker", "rootfs", "vm",
+    "virtual machine", "pipeline", "code analysis", "container"
+]
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Intended Audience :: Developers",
+    "Intended Audience :: Information Technology",
+    "Intended Audience :: Legal Industry",
+    "Programming Language :: Python",
+    "Programming Language :: Python :: 3 :: Only",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Topic :: Utilities"
+]
+dependencies = [
+  "importlib-metadata==8.7.0",
+  "setuptools==80.9.0",
+  # Django related
+  "Django==5.1.11",
+  "django-environ==0.12.0",
+  "django-crispy-forms==2.4",
+  "crispy-bootstrap3==2024.1",
+  "django-filter==25.1",
+  "djangorestframework==3.16.0",
+  "django-taggit==6.1.0",
+  # Database
+  "psycopg[binary]==3.2.9",
+  # wait_for_database Django management command
+  "django-probes==1.7.0",
+  # Task queue
+  "rq==2.4.0",
+  "django-rq==3.0.1",
+  "redis==6.2.0",
+  # WSGI server
+  "gunicorn==23.0.0",
+  # Docker
+  "container-inspector==33.0.0",
+  # ScanCode-toolkit
+  "scancode-toolkit[packages]==32.4.0",
+  "extractcode[full]==31.0.0",
+  "commoncode==32.3.0",
+  "Beautifulsoup4[chardet]==4.13.4",
+  "packageurl-python==0.17.1",
+  # FetchCode
+  "fetchcode-container==1.2.3.210512; sys_platform == 'linux'",
+  # Inspectors
+  "elf-inspector==0.0.3",
+  "go-inspector==0.5.0",
+  "rust-inspector==0.1.0",
+  "binary-inspector==0.1.2",
+  "python-inspector==0.14.0",
+  "source-inspector==0.7.0; sys_platform != 'darwin' and platform_machine != 'arm64'",
+  "aboutcode-toolkit==11.1.1",
+  # Utilities
+  "XlsxWriter==3.2.5",
+  "openpyxl==3.1.5",
+  "requests==2.32.4",
+  "GitPython==3.1.44",
+  # Profiling
+  "pyinstrument==5.0.2",
+  # CycloneDX
+  "cyclonedx-python-lib==10.2.0",
+  "jsonschema==4.24.0",
+  # MatchCode-toolkit
+  "matchcode-toolkit==7.2.2",
+  # Univers
+  "univers==31.0.0",
+  # Markdown
+  "markdown-it-py==3.0.0",
+  "bleach==6.2.0",
+  # Antivirus
+  "clamd==1.0.2",
+  # FederatedCode
+  "aboutcode.hashid==0.2.0",
+  # AboutCode pipeline
+  "aboutcode.pipeline==0.2.1",
+  "scipy==1.15.3"
+]
+
+[project.optional-dependencies]
+dev = [
+  # Validation
+  "ruff==0.12.0",
+  "doc8==2.0.0",
+  # Debug
+  "django-debug-toolbar==5.2.0",
+  # Documentation
+  "Sphinx==8.1.3",
+  "sphinx-rtd-theme==3.0.2",
+  "sphinx-rtd-dark-mode==1.3.0",
+  "sphinxcontrib-django==2.5",
+]
+android_analysis = [
+  "android_inspector==0.0.1"
+]
+
+[project.urls]
+Homepage = "https://github.com/aboutcode-org/scancode.io"
+Documentation = "https://scancodeio.readthedocs.io/"
+Repository = "https://github.com/aboutcode-org/scancode.io.git"
+Issues = "https://github.com/aboutcode-org/scancode.io/issues"
+Changelog = "https://github.com/aboutcode-org/scancode.io/blob/main/CHANGELOG.rst"
+
+[project.scripts]
+scanpipe = "scancodeio:command_line"
+run = "scancodeio:combined_run"
+
+[project.entry-points."scancodeio_pipelines"]
+analyze_docker_image = "scanpipe.pipelines.analyze_docker:Docker"
+analyze_root_filesystem_or_vm_image = "scanpipe.pipelines.analyze_root_filesystem:RootFS"
+analyze_windows_docker_image = "scanpipe.pipelines.analyze_docker_windows:DockerWindows"
+collect_strings_gettext = "scanpipe.pipelines.collect_strings_gettext:CollectStringsGettext"
+collect_symbols_ctags = "scanpipe.pipelines.collect_symbols_ctags:CollectSymbolsCtags"
+collect_symbols_pygments = "scanpipe.pipelines.collect_symbols_pygments:CollectSymbolsPygments"
+collect_symbols_tree_sitter = "scanpipe.pipelines.collect_symbols_tree_sitter:CollectSymbolsTreeSitter"
+enrich_with_purldb = "scanpipe.pipelines.enrich_with_purldb:EnrichWithPurlDB"
+find_vulnerabilities = "scanpipe.pipelines.find_vulnerabilities:FindVulnerabilities"
+inspect_elf_binaries = "scanpipe.pipelines.inspect_elf_binaries:InspectELFBinaries"
+inspect_packages = "scanpipe.pipelines.inspect_packages:InspectPackages"
+load_inventory = "scanpipe.pipelines.load_inventory:LoadInventory"
+load_sbom = "scanpipe.pipelines.load_sbom:LoadSBOM"
+map_deploy_to_develop = "scanpipe.pipelines.deploy_to_develop:DeployToDevelop"
+match_to_matchcode = "scanpipe.pipelines.match_to_matchcode:MatchToMatchCode"
+populate_purldb = "scanpipe.pipelines.populate_purldb:PopulatePurlDB"
+publish_to_federatedcode = "scanpipe.pipelines.publish_to_federatedcode:PublishToFederatedCode"
+resolve_dependencies = "scanpipe.pipelines.resolve_dependencies:ResolveDependencies"
+scan_codebase = "scanpipe.pipelines.scan_codebase:ScanCodebase"
+scan_for_virus = "scanpipe.pipelines.scan_for_virus:ScanForVirus"
+scan_single_package = "scanpipe.pipelines.scan_single_package:ScanSinglePackage"
+
+[tool.setuptools.packages.find]
+where = ["."]
+
 [tool.ruff]
 line-length = 88
 extend-exclude = ["migrations", "var"]
diff --git a/setup.cfg b/setup.cfg
diff --git a/setup.py b/setup.py
