Replace make, dotenv, honcho with mise

**Breaking change:** To migrate from an existing local `.env`, add
`[env]` to the top of the file and rename it to `mise.local.toml`.

`mise` can be used to simplify our existing dev setup by replacing other
dependencies.

Running the project is now two commands:

```sh
mise install
mise dev
```

`mise dev` will automatically re-run bundler scripts, build scripts,
only when relevant files change, as the tasks specify relevant `sources`
and `outputs`. This was previously accomplished using a `sentinel` file
which is no longer necessary. (Technical detail: mise automatically
creates sentinels in `~/.mise` as necessary)

`mise tasks` lists available tasks:

```sh
$ mise tasks
Name            Description
build           Build all assets
build:css       Build CSS from SCSS
build:favicons  Copy NHS UK frontend favicons
build:js        Build JavaScript bundles
bundle          Install all dependencies
ci              Run CI checks in parallel
clean           Clean build artifacts and dependencies
dev             Start development servers
dev:flask       Run Flask development server
dev:js          Watch and build JS files
dev:scss        Watch and build SCSS files
docker          Build and run Docker container
docker:build    Build Docker image
docker:run      Run Docker container
gitleaks        Detect secrets with gitleaks
lint            Run code linting
lint:fix        Run code linting with autofix
npm:install     Install Node.js dependencies
test            Run all tests
test:coverage   Run tests with coverage reporting
uv:sync         Sync Python dependencies with uv
```

Notable cool new tasks: `mise ci` which runs all the CI checks in
parallel.

Local dev-only environment variables are now declared via `mise.local.toml`.

**Breaking change:** To migrate from an existing local `.env`, add
`[env]` to the top of the file and rename it to `mise.local.toml`.

```sh
$ mise env
set -gx CLIENT_ID deadbabe
set -gx CLIENT_SECRET cafebabe
set -gx DOCKER_IMAGE 'mavis-reporting:latest'
set -gx FLASK_APP 'mavis.reporting:create_app'
set -gx FLASK_ENV development
set -gx HOST_PORT 4001
set -gx MAVIS_ROOT_URL 'http://localhost:4000/'
set -gx PATH '/Users/...'
set -gx PYTHONPYCACHEPREFIX tmp/pycache
set -gx SECRET_KEY deadbeef
set -gx SESSION_TTL_SECONDS 600
```

- Removal of `.tool-versions` in favour of declaring them in `mise.toml`
- `mise clean` now thoroughly cleans ~everything
- New `tmp` folder, and `__PYCACHE__` bytecode directories will spawn
  there instead of polluting `./mavis/`. This is a quality of life
  improvement when using tools like `tree`

Author: tvararu

.env.example

@@ -12,7 +12,7 @@ jobs:
       - uses: jdx/mise-action@v3
         with:
           cache: true
-      - run: gitleaks detect --verbose --redact
+      - run: mise gitleaks
 
   pytest:
     runs-on: ubuntu-latest
@@ -23,7 +23,7 @@ jobs:
           cache: true
       - env:
           SECRET_KEY: "${{ secrets.SECRET_KEY_FOR_TESTS }}"
-        run: make test
+        run: mise test
 
   ruff:
     runs-on: ubuntu-latest
@@ -32,7 +32,7 @@ jobs:
       - uses: jdx/mise-action@v3
         with:
           cache: true
-      - run: make lint
+      - run: mise lint
 
   coverage:
     needs: [pytest]
@@ -49,7 +49,7 @@ jobs:
       - env:
           SECRET_KEY: "${{ secrets.SECRET_KEY_FOR_TESTS }}"
           COVERAGE_THRESHOLD: 80
-        run: make test-coverage
+        run: mise test:coverage
       - uses: actions/upload-artifact@v4
         id: upload-html-report-artifact-step
         if: always()

.github/workflows/ci.yml

@@ -8,6 +8,8 @@
 # Please, add your custom content below!
 .DS_Store
 .env
+mise.local.toml
+mise.*.local.toml
 .venv/
 __pycache__/
 .ruff_cache/
@@ -22,9 +24,11 @@ mavis/reporting/static/js/*
 mavis/reporting/static/favicons/*
 !mavis/reporting/static/favicons/.keep
 
-sentinel
-
 .coverage
 htmlcov
 coverage.svg
 coverage.xml
+
+.pytest_cache
+tmp
+!tmp/.keep

.gitignore

@@ -2,7 +2,7 @@ FROM python:3.13.7-alpine AS builder
 
 WORKDIR /app
 
-ADD package.json package-lock.json pyproject.toml uv.lock Makefile /app/
+ADD package.json package-lock.json pyproject.toml uv.lock /app/
 
 RUN apk add build-base libffi-dev npm bash curl
 
@@ -18,7 +18,9 @@ FROM builder
 
 WORKDIR /app
 
-RUN make build-assets
+RUN mkdir -p mavis/reporting/static/favicons && \
+    cp -r node_modules/nhsuk-frontend/dist/nhsuk/assets/images/* mavis/reporting/static/favicons/ && \
+    npm run build:scss && npm run build:js
 
 RUN addgroup --gid 1000 app
 RUN adduser app -h /app -u 1000 -G app -DH

.tool-versions

@@ -2,97 +2,52 @@
 
 A Flask-based web application for the commissioner reporting component of Mavis.
 
-## Prerequisites
-
-- Mise
-- Make
-
 ## Installation
 
-1. **Install Mise**
-
-   Please see the main Mavis repository for [how to install mise](https://github.com/nhsuk/manage-vaccinations-in-schools?tab=readme-ov-file#mise).
-
-   Once mise is installed, run the following command to install the project dependencies:
-
-   ```bash
-   mise install
-   ```
-
-2. **Install project dependencies**
-
-   This will install the project dependencies using uv and NPM.
-
-   Note that the uv virtual environment will be created in the `.venv` directory to allow IDEs to use the correct Python interpreter.
-
-   ```bash
-   make install
-   ```
-
-3. **Create an environment file**
-
-   Create a `.env` file in the root of the project following the example provided in `.env.example`.
-
-4. **Run the application in development mode**
-
-   ```bash
-   make dev
-   ```
-
-   The application will be available at <http://localhost:5001>.
-   You will need a version of Mavis running which supports the OAuth 2.0 token authentication method - please see [Runtime Dependencies](#runtime-dependencies)  below for details.
-
-## Linting
+Please see the main Mavis repository for [how to install
+mise](https://github.com/nhsuk/manage-vaccinations-in-schools?tab=readme-ov-file#mise).
 
-We use Ruff to lint the code. To run the linter, run the following command:
-
-```bash
-make lint
+```sh
+mise install                               # Install dev tools
+cp mise.local.toml.example mise.local.toml # Fill in shared secrets
+mise dev                                   # Run dev server
+mise ci                                    # Run CI tests
 ```
 
-To run the linter with autofix, run the following command:
-
-```bash
-make lint-fix
-```
-
-To configure VSCode or variants thereof to use Ruff in your IDE, install the Ruff extension and it should be used automatically.
-
-## Building & Running a Docker container
+The application will be available at <http://localhost:4001>.
 
-The application can be built and run via Docker, to support deployment to AWS.
-By default, the docker container listens on port 5000, but as Mac OS typically has an existing system application (Control Center) listening on port 5000, we use Docker's port mapping to map port 5001 on the host (your laptop) to 5000 on the container.
+You will need a version of Mavis running which supports the OAuth 2.0 token
+authentication method - please see [Runtime Dependencies](#runtime-dependencies)
+below for details.
 
-### Build
+## Other tasks
 
-`make build-docker`
-
-This will build a container image tagged with `mavis/reporting:latest`, which will listen on port 5000. To use a different tag, supply the `DOCKER_IMAGE` environment variable (e.g. `DOCKER_IMAGE=reporting-component:spike-11 make build-docker`)
-
-Note that it will not push the image to any repository - you must do that manually if you want to.
-
-### Run
-
-`make run-docker`
+```sh
+mise tasks # See all available tasks
+mise env   # See all available environment variables
+```
 
-This will run the container image tagged with `mavis/reporting:latest` and listen on the host port 5000.
-To use a different tag, supply the `DOCKER_IMAGE` environment variable .
-To map a different host port (for instance if you have something else running on port 5000) supply the `HOST_PORT` environment variable
+### Docker
 
-Example:
+To build and run the app in a Docker container, mimicking the production
+environment:
 
-`DOCKER_IMAGE=reporting-component:spike-11 HOST_PORT=5001 make run-docker` will run the container image tagged with `reporting-component:spike-11` and map port 5001 on the host to port 5000 on the container.
+```sh
+mise docker
+```
 
-You could then access the running app with <http://localhost:5001> on your browser.
+Different environment variables can be overwritten in `mise.local.toml`.
 
 ### Gunicorn arguments
 
-Additional parameters to the `gunicorn` executable (for instance, the number of workers) can be passed through with the `GUNICORN_CMD_ARGS` environment variable.
+Additional parameters to the `gunicorn` executable (for instance, the number of
+workers) can be passed through with the `GUNICORN_CMD_ARGS` environment
+variable.
 
 Example:
 
 ```bash
-% HOST_PORT=5555 GUNICORN_CMD_ARGS="--workers=5" make run-docker
+% HOST_PORT=5555 GUNICORN_CMD_ARGS="--workers=5" mise docker:run
 docker run --rm -p 5555:5000 -e GUNICORN_CMD_ARGS=--workers=5 mavis-reporting:latest
 [2025-07-17 10:32:01 +0000] [1] [INFO] Starting gunicorn 23.0.0
 [2025-07-17 10:32:01 +0000] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
@@ -106,12 +61,19 @@ docker run --rm -p 5555:5000 -e GUNICORN_CMD_ARGS=--workers=5 mavis-reporting:la
 
 ## Runtime dependencies
 
-This application authenticates with the main Mavis application using the [OAuth 2.0 Authorization Code flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1).
+This application authenticates with the main Mavis application using the [OAuth
+2.0 Authorization Code
+flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1).
 
 To do this, it requires:
 
-1. A copy of the main Mavis app must be running and available at the URL given in the `MAVIS_ROOT_URL` env var
+1. A copy of the main Mavis app must be running and available at the URL given
+   in the `MAVIS_ROOT_URL` env var
 2. That copy of Mavis must:
    - have the `reporting_api` feature flag enabled
-   - have a value for `Settings.reporting_api.client_app.client_id` (..which can also be set via the `MAVIS__REPORTING_API__CLIENT_APP__CLIENT_ID` environment variable) which matches this application's `CLIENT_ID` value
-   - have a value for `Settings.reporting_api.client_app.secret` (..which can also be set via the `MAVIS__REPORTING_API__CLIENT_APP__SECRET` environment variable) which matches this application's `CLIENT_SECRET` value
+   - have a value for `Settings.reporting_api.client_app.client_id` (..which can
+     also be set via the `MAVIS__REPORTING_API__CLIENT_APP__CLIENT_ID`
+     environment variable) which matches this application's `CLIENT_ID` value
+   - have a value for `Settings.reporting_api.client_app.secret` (..which can
+     also be set via the `MAVIS__REPORTING_API__CLIENT_APP__SECRET` environment
+     variable) which matches this application's `CLIENT_SECRET` value

Dockerfile

@@ -1,7 +1,4 @@
 import os
-from dotenv import load_dotenv
-
-load_dotenv()
 
 
 def str2bool(v):

Makefile

@@ -0,0 +1,16 @@
+# Local development environment variables
+# Copy this file to mise.local.toml and customize the values
+# mise.local.toml should NOT be committed to version control
+
+[env]
+FLASK_APP = "mavis.reporting:create_app"
+SECRET_KEY = "(some random hex string)"
+CLIENT_ID = "(some random hex string)"
+CLIENT_SECRET = "(some random hex string)"
+
+# Optional overrides for local development
+# FLASK_ENV = "development"                    # Already set in mise.toml
+# MAVIS_ROOT_URL = "http://localhost:4000/"    # Already set in mise.toml
+# SESSION_TTL_SECONDS = "600"                  # Already set in mise.toml
+# ROOT_URL = ""                                # Only needed in production
+# FAKE_LOGIN_ENABLED = "true"                  # Uncomment to bypass OAuth