Merge pull request #108 from RedHatProductSecurity/update-dev-setup

Upgrade dev setup and publishing to use uv

Author: mprpic

.gitignore

@@ -106,3 +106,6 @@ dmypy.json
 
 # Editors
 .idea/
+
+# uv
+uv.lock

MANIFEST.in

@@ -13,6 +13,9 @@ A library and a command line interface for the CVE Services API.
 
 ### Linux, MacOS, Windows
 
+
+#### pip
+
 ```bash
 python3 -m pip install --user cvelib
 ```
@@ -32,6 +35,20 @@ To resolve this error, add the file path for where your `cve.exe` file resides (
 `C:\Users\<username>\AppData\Roaming\Python\Python39\Scripts`) to your `PATH` variable. You can
 edit your environment variables by searching *Edit the system environment variables* from the Start menu.
 
+#### uv
+
+To run the `cve` command using [uvx](https://docs.astral.sh/uv/guides/tools/), execute:
+
+```
+uvx --from cvelib cve --help
+```
+
+or to install it, execute:
+
+```
+uv tool install cvelib
+```
+
 ### Podman/Docker
 
 You can fetch a specific version of the `cvelib` library installed in a container image at
@@ -241,61 +258,66 @@ For more information, see the individual methods defined in the
 
 ## Development Setup
 
+[uv](https://github.com/astral-sh/uv) is the recommended tool for local development:
+
+```bash
+git clone https://github.com/RedHatProductSecurity/cvelib.git && cd cvelib
+uv sync --dev
+```
+
+The `uv sync --dev` command will:
+- Create a virtual environment in `.venv/`
+- Install the project in editable mode
+- Install all development dependencies (test, dev groups)
+
+To run all of the below commands without `uv run`, activate the virtual environment:
+
 ```bash
-git clone https://github.com/RedHatProductSecurity/cvelib.git
-cd cvelib
-python3 -m venv venv
-source venv/bin/activate
-pip install --upgrade pip
-pip install -e .
-pip install tox
-# If you want to use any of the dev dependencies outside of Tox, you can install them all with:
-pip install -e .[dev]
+source .venv/bin/activate
 ```
 
 To enable command autocompletion when using a virtual environment, add the line noted in `Command Autocompletion`
-above to your `venv/bin/activate` file, for example:
+above to your virtual environment's activate file:
 
 ```bash
-echo 'eval "$(_CVE_COMPLETE=bash_source cve)"' >> venv/bin/activate
+echo 'eval "$(_CVE_COMPLETE=bash_source cve)"' >> .venv/bin/activate
 ```
 
 This project uses [ruff formatter](https://docs.astral.sh/ruff/formatter/) for code formatting.
 To reformat the entire code base after you make any changes, run:
 
 ```bash
-ruff format .
+uv run ruff format .
 ```
 
 To sort all imports using [ruff's import sorting](https://docs.astral.sh/ruff/rules/#isort-i), run:
 
 ```bash
-ruff check --select I --fix .
+uv run ruff check --select I --fix .
 ```
 
 Running tests and linters:
 
 ```bash
 # Run all tests and format/lint checks (also run as a Github action)
-tox
+uv run tox
 # Run lint check only
-tox -e ruff-lint
+uv run tox -e ruff-lint
 # Run format check only
-tox -e ruff-format
+uv run tox -e ruff-format
 # Run tests using a specific version of Python
-tox -e py313
+uv run tox -e py313
 # Run a single test using a specific version of Python
-tox -e py313 -- tests/test_cli.py::test_cve_show
+uv run tox -e py313 -- tests/test_cli.py::test_cve_show
 ```
 
 Any changes in the commands, their options, or help texts must be reflected in the generated man pages. To refresh
 them, run:
 
 ```bash
-pip install click-man
-click-man cve
+uv run click-man cve
 # OR
-tox -e manpages
+uv run tox -e manpages
 ```
 
 ---

README.md

@@ -1,3 +1,72 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "cvelib"
+dynamic = ["version"]
+description = "A library and command line interface for the CVE Project services."
+readme = "README.md"
+license = "MIT"
+authors = [
+    { name = "Red Hat Product Security", email = "secalert@redhat.com" }
+]
+classifiers = [
+    "Topic :: Security",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+]
+requires-python = ">=3.9"
+dependencies = [
+    "click>=7.1.2",
+    "requests>=2.32.0",
+    "jsonschema>=4.7.2",
+]
+
+[project.optional-dependencies]
+test = [
+    "pytest",
+]
+dev = [
+    "pytest",
+    "ruff",
+    "click-man",
+    "mypy",
+    "tox",
+    "types-click",
+    "types-requests",
+    "types-jsonschema",
+]
+
+[project.scripts]
+cve = "cvelib.cli:cli"
+
+[project.urls]
+Homepage = "https://github.com/RedHatProductSecurity/cvelib"
+Repository = "https://github.com/RedHatProductSecurity/cvelib"
+
+[tool.hatch.version]
+path = "cvelib/__init__.py"
+
+[tool.hatch.build.targets.sdist]
+include = [
+    "/cvelib",
+    "/man",
+    "/tests",
+    "LICENSE",
+    "README.md",
+    "CHANGELOG.md",
+    "SECURITY.md",
+]
+
+[tool.hatch.build.targets.wheel]
+packages = ["cvelib"]
+
 [tool.ruff]
 line-length = 100
 
@@ -11,11 +80,3 @@ warn_unused_configs = true
 warn_unreachable = true
 warn_no_return = true
 warn_unused_ignores = true
-
-[build-system]
-requires = [
-  "setuptools >= 40.9.0",
-  "wheel",
-  "collective.checkdocs",
-]
-build-backend = "setuptools.build_meta"