From 2e273aff7cd27318679517f8ce013864732c6a4b Mon Sep 17 00:00:00 2001
From: Jan Kowalleck <jan.kowalleck@gmail.com>
Date: Tue, 8 Jul 2025 18:58:42 +0200
Subject: [PATCH 1/2] chore: dependency tests in CI/CT

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
---
 .github/workflows/python.yml  | 24 ++++++++++++++++++++++++
 .github/workflows/release.yml | 23 +++++++++++++++++++++++
 pyproject.toml                |  4 ++++
 tox.ini                       |  6 ++++++
 4 files changed, 57 insertions(+)

diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml
index ea07c7f3..5d77350a 100644
--- a/.github/workflows/python.yml
+++ b/.github/workflows/python.yml
@@ -50,6 +50,30 @@ jobs:
       - name: Run tox
         run: poetry run tox run -e pyupgrade -s false
 
+  deptry:
+    name: test dependencies
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - name: Setup Python Environment
+        # see https://github.com/actions/setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
+          architecture: 'x64'
+      - name: Install poetry
+        # see https://github.com/marketplace/actions/setup-poetry
+        uses: Gr1N/setup-poetry@v9
+        with:
+          poetry-version: ${{ env.POETRY_VERSION }}
+      - name: Install dependencies
+        run: poetry install --no-root
+      - name: Run tox
+        run: poetry run tox run -e deptry -s false
+
   coding-standards:
     name: Linting & CodingStandards
     runs-on: ubuntu-latest
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b0548b3e..0de3c4b3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -64,9 +64,32 @@ jobs:
       - name: Run tox
         run: poetry run tox run -e py -s false
 
+  deptry:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - name: Setup Python Environment
+        # see https://github.com/actions/setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
+          architecture: 'x64'
+      - name: Install poetry
+        # see https://github.com/marketplace/actions/setup-poetry
+        uses: Gr1N/setup-poetry@v9
+        with:
+          poetry-version: ${{ env.POETRY_VERSION }}
+      - name: Install dependencies
+        run: poetry install --no-root
+      - name: Run tox
+        run: poetry run tox run -e deptry -s false
+
   release:
     needs:
       - quicktest
+      - deptry
     # https://github.community/t/how-do-i-specify-job-dependency-running-in-another-workflow/16482
     # limit this to being run on regular commits, not the commits that semantic-release will create
     # but also allow manual workflow dispatch
diff --git a/pyproject.toml b/pyproject.toml
index 118000fb..350377d4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -101,6 +101,7 @@ tox = "4.27.0"
 xmldiff = "2.7.0"
 bandit = "1.8.5"
 pyupgrade = "3.20.0"
+deptry = "^0.23.0"
 
 [tool.semantic_release]
 # see https://python-semantic-release.readthedocs.io/en/latest/configuration.html
@@ -148,3 +149,6 @@ prerelease_token = "alpha"
 match = "(\\d+\\.0\\.0-(dev|rc)|dev/\\d+\\.0\\.0)"
 prerelease = true
 prerelease_token = "rc"
+
+[tool.deptry]
+extend_exclude = ["docs", "examples", "package_aliases", "tools"]
diff --git a/tox.ini b/tox.ini
index 20b36023..d2e0b47f 100644
--- a/tox.ini
+++ b/tox.ini
@@ -10,6 +10,7 @@ envlist =
     mypy-{current,lowest}
     py{313,312,311,310,39}-{allExtras,noExtras}
     bandit
+    deptry
 skip_missing_interpreters = True
 usedevelop = False
 download = False
@@ -44,6 +45,11 @@ commands =
 commands =
     poetry run bandit -c bandit.yml -v -r cyclonedx tests examples tools
 
+[testenv:deptry]
+# config is in `pyproject.toml`
+command =
+    poetry run deptry -v .
+
 [testenv:pyupgrade]
 allowlist_externals = poetry, sh
 commands = sh -c "\

From 424f679736d33b6932b8a1a00402bfeb32a40eb7 Mon Sep 17 00:00:00 2001
From: Jan Kowalleck <jan.kowalleck@gmail.com>
Date: Tue, 8 Jul 2025 19:02:48 +0200
Subject: [PATCH 2/2] wip

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 350377d4..523bc7c4 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -101,7 +101,7 @@ tox = "4.27.0"
 xmldiff = "2.7.0"
 bandit = "1.8.5"
 pyupgrade = "3.20.0"
-deptry = "^0.23.0"
+deptry = "0.23.0"
 
 [tool.semantic_release]
 # see https://python-semantic-release.readthedocs.io/en/latest/configuration.html