simpler-grants-gov/api/pyproject.toml at main · HHS/simpler-grants-gov · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
[tool.poetry]
name = "simpler-grants-gov-api"
version = "0.1.0"
description = "Back end API for simpler.grants.gov"
packages = [{ include = "src" }]
authors = ["Nava Engineering <engineering@navapbc.com>"]
include = ["newrelic.ini"]

[tool.poetry.dependencies]
# See /documentation/api/package-depedency-management.md#Upgrading Python
# for details on upgrading your Python version
python = "~3.14"
SQLAlchemy = { version = "^2.0.21", extras = ["mypy"] }
alembic = "^1.12.0"
python-dotenv = "^1.0.0"
pydantic = "^2.4.2"
botocore = "^1.31.62"
boto3 = "^1.28.62"
smart-open = "^7.0.0"
pytz = "^2023.3.post1"
APIFlask = "^2.1.0"
marshmallow-dataclass = { extras = ["enum", "union"], version = "^8.5.8" }
marshmallow = "^3.20.1"
gunicorn = "^23.0.0"
psycopg = { extras = ["binary"], version = "^3.1.19" }
pydantic-settings = "^2.0.3"
flask-cors = "^6.0.0"
opensearch-py = "^2.5.0"
pyjwt = { extras = ["crypto"], version = "^2.9.0" }
newrelic = "11.5.0"
jinja2 = ">=3.1.5"
tenacity = "^8.0"
jsonschema = { extras = ["format-nongpl"], version = "^4.23.0" }
pandas = "^2.0.3"
pandas-stubs = "^2.0.2.230605"
xlrd = "^2.0.1"
defusedxml = "^0.7.1"
xmltodict = "^1.0.0"
lxml = "^6.0.0"
xmlschema = "^3.4.0"
docraptor = "^3.0.0"
jsonpath-ng = "^1.7.0"
prettytable = "^3.16.0"
common-grants-sdk = "~0.5.0"
PyYAML = "^6.0.3"
jsonref = "^1.1.0"
pydantic-core = "2.41.5"
urllib3 = "^2.6.3"
python-statemachine = "^3.0.0"
beautifulsoup4 = "^4.14.3"

[tool.poetry.group.dev.dependencies]
black = "^24.0.0"
isort = "^5.12.0"
mypy = "^1.8.0"
moto = { extras = ["s3"], version = "^5.0.0" }
types-pytz = "^2023.3.1.1"
coverage = "^7.3.2"
Faker = "^28.0.0"
factory-boy = "^3.3.0"
bandit = "^1.7.5"
pytest = "^8.0.0"
requests-mock = "^1.12.1"
types-pyyaml = "^6.0.12.11"
setuptools = "^75.0.0"
pydot = "3.0.4"
sadisplay = "0.4.9"
ruff = "^0.15.0"
debugpy = "^1.8.1"
freezegun = "^1.5.0"
types-requests = "^2.31"
graphviz = "^0.20.3"
eralchemy = "^1.5.0"


[build-system]
requires = ["poetry-core>=1.0.0"]
build-backend = "poetry.core.masonry.api"

[tool.poetry.scripts]
db-migrate = "src.db.migrations.run:up"
db-migrate-down = "src.db.migrations.run:down"
db-migrate-down-all = "src.db.migrations.run:downall"
db-seed-local = "tests.lib.seed_local_db:seed_local_db"
create-erds = "bin.create_erds:main"
create-workflow-diagrams = "bin.create_workflow_diagrams:main"
setup-postgres-db = "src.db.migrations.setup_local_postgres_db:setup_local_postgres_db"
setup-localstack = "bin.setup_localstack:main"
dat-to-jsonschema = "src.form_schema.dat_to_jsonschema_cli:main"
validate-simpler-endpoints = "tests.validate_legacy_soap_api.validate_soap_endpoints:validate_simpler_endpoints"

[tool.black]
line-length = 100

[tool.isort]
multi_line_output = 3
include_trailing_comma = true
force_grid_wrap = 0
use_parentheses = true
line_length = 100

[tool.ruff]
line-length = 100
# Some rules are considered preview-only, this allows them
# assuming we enabled them below
preview = true


target-version = "py314"

[tool.ruff.lint]
# See: https://docs.astral.sh/ruff/rules/ for all possible rules
select = ["B", "C", "E", "F", "W", "B9", "UP", "RUF", "PT"]
ignore = [
    # too many leading '#' for block comment, we can format our comments however we want
    "E266",
    # Ignore line-too-long errors, assume the formatter handles that appropriately
    "E501",
    # Ignore rules regarding unecessary list / generator usage which complains about [e for e in MyEnum] #
    "C4",
    # Ignore rule that flags functions with many branches - sometimes we just have a lot of
    # business rules that make sense to aggregate in one place.
    "C901",
    # Ruff suggests not doing .encode("utf-8") and leaving utf-8 (the default out),
    # but nothing wrong with being explicit and clear
    "UP012",
    # Ruff suggests using datetime.UTC over datetime.timezone.utc - but other timezones
    # would need to be specified the latter way, seems odd to intentionally be inconsistent
    "UP017",
    # Ruff suggests using f-strings over .format - this one is a good recommendation
    # we just have a few too many to refactor at this time.
    "UP031",
    # Ruff doesn't like array concatenation like [1, 2, 3] + [4, 5, 6], but it's intuitive where used.
    "RUF005",
    # Ruff doesn't like str() in f-strings, but instead
    # recommends conversion flags (eg. f"{a!r}") which is less well known
    "RUF010",
    # Ruff thinks our SQLAlchemy models and factories have ClassVars
    # but those classes don't use those variables in the problematic way it wants to avoid
    "RUF012",
    # Ruff wants __all__ sorted, not against it, but we'd want our
    # formatter to handle that first to avoid it being tedious work
    "RUF022",
    # Ruff doesn't like when you use variables with _ prefixes in functions
    # saying to avoid shadowing other params to do my_var_, but while
    # that follows PEP8 formatting, it's not generally what I've seen
    "RUF052",
    # Ruff doesn't want any code in __init__ files, but some of our
    # libraries and patterns need a very small amount of code configured
    # in these files.
    "RUF067",
]

# These are characters we are allowing to be confusing
# for RUF001 which recommends not using certain characters
# that look like each other.
# https://docs.astral.sh/ruff/rules/ambiguous-unicode-character-string/#ambiguous-unicode-character-string-ruf001
allowed-confusables = [
    # endash (not a regular dash) - we need this in our email formatting
    "–",
    # right quotation mark (not a simple "'") - used in email formatting
    "’"
]

[tool.ruff.lint.per-file-ignores]
# These are rules that are excluded from just our unit tests
# but still run for the rest of our code.
"tests/*" = [
    # Ruff suggests changing how iterables are merged, but it complicates test setup
    "RUF005",
    # Ruff wants to avoid "arg: int = None" - we shouldn't do this
    # but our tests are only partially typed
    "RUF013",
    # Ruff suggests making any match statement in pytest.raises
    # a proper regex pattern, but we just use it for finding strings in most cases
    "RUF043",
    # Ruff doesn't like "x, y = get_tuple()" and not using one of the values
    # but the value might be used by a developer doing debugging
    "RUF059",
    # Ruff recommends the first parameter of a parametrized test be a tuple
    # We have a lot of tests that don't do that, can circle back to this later
    "PT006",
    # Ruff recommends having pytest.raises() be a specific error
    # but sometimes we just want to verify an error was raised at all
    "PT011",
    # Ruff recommends not doing "assert x == 1 and y == 2" in tests
    # but the few places we do this are kept simple and help better organize complex scenarios
    "PT018"
]


[tool.mypy]
# https://mypy.readthedocs.io/en/stable/config_file.html
color_output = true
error_summary = true
pretty = true
show_error_codes = true
show_column_numbers = true
show_error_context = true

namespace_packages = true
ignore_missing_imports = true
warn_unused_configs = true

check_untyped_defs = true
disallow_incomplete_defs = true
disallow_untyped_defs = true
no_implicit_optional = true
strict_equality = true
warn_no_return = true
warn_redundant_casts = true
warn_unreachable = true
warn_unused_ignores = true

plugins = ["pydantic.mypy"]

[tool.bandit]
# Ignore audit logging test file since test audit logging requires a lot of operations that trigger bandit warnings
exclude_dirs = ["./tests/src/logging/test_audit.py"]

[[tool.mypy.overrides]]
# Migrations are generated without "-> None"
# for the returns. Rather than require manually
# fixing this for every migration generated,
# disable the check for that folder.
module = "src.db.migrations.versions.*"
disallow_untyped_defs = false

[tool.pytest.ini_options]
# Ignore deprecation warnings in library code.
# When a library has addressed its deprecation issues and we've updated the
# library, we can remove the ignore filter for that library.
filterwarnings = [
  "ignore::DeprecationWarning:botocore.*",
]

markers = [
  "audit: mark a test as a security audit log test, to be run isolated from other tests",
  "xml_validation: mark a test as an XML generation/validation test, to be run isolated from other tests",
  "sf424: mark a test as SF-424 form specific",
]

[tool.coverage.run]
omit = [
  # Decodelog is only used for formatting logs locally
  "src/logging/decodelog.py",
  # app_config only runs via the gunicorn script which doens't happen locally
  "src/app_config.py",
  # Migrations aren't run in tests
  "src/db/migrations/**",
]

[tool.coverage.report]
fail_under = 80

exclude_lines = [
  # Exclude abstract & overloaad methods from
  # code coverage reports as they won't ever directly run
  "@abc.abstractmethod",
  "@abstractmethod",
  "@typing.overload",
]