chore: move to packaging with pyproject.toml

[rhamzeh]

Original PR: openfga/sdk-generator#550

Description

What problem is being solved?

How is it being solved?

What changes are made to solve it?

References

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

• Chores

  • CI updated to use uv for install, lint, build, and test, streamlining the pipeline.
  • Coverage upload remains unchanged.

• Build

  • Packaging modernized by removing legacy setup script and relying on standard project metadata.
  • Generator configuration updated to ignore non-source artifacts.

• Dependencies

  • Reduced declared runtime and test dependencies, potentially lowering install footprint.

• Bug Fixes

  • Corrected static analysis exclusions to avoid scanning generated model code.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

CI workflow switches to uv for installs, lint, build, and tests. Packaging and dependency files are removed/trimmed (setup.py deleted; requirements and test-requirements pruned/removed). OpenAPI generator ignore/manifests updated to exclude packaging files. Static analysis exclusions corrected in pyproject.toml.

Changes

Cohort / File(s)	Summary of Changes
CI workflow (uv migration) .github/workflows/main.yaml	Replaced pip-based steps with uv: install via pip install uv, run lint/format/build with uv, run tests via uv run pytest with coverage, and invoke ruff via uv. Removed caching of requirements files.
OpenAPI generator config .openapi-generator-ignore, .openapi-generator/FILES	Added setup.py, requirements.txt, and test-requirements.txt to ignore list; removed the same from generator FILES manifest. No code generation logic changes.
Packaging and dependencies setup.py, requirements.txt, test-requirements.txt	Deleted setup.py. Removed multiple dependencies from requirements.txt (aiohttp, python-dateutil, setuptools, build, urllib3, opentelemetry-api). Deleted contents of test-requirements.txt.
Static analysis config pyproject.toml	Fixed exclusions for Ruff/MyPy to openfga_sdk/models (corrected path).

Sequence Diagram(s)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: move to packaging with pyproject.toml" accurately and concisely captures the primary change in the PR — migrating packaging to pyproject.toml (evidenced by deletion of setup.py and updates to pyproject.toml and related workflow files) — and is appropriately scoped and readable for repository history. It avoids noise and clearly signals the intent of the changeset to reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/packaging

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	backports-asyncio-runner@​1.2.0

View full report

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.70%. Comparing base (89a39d1) to head (382d028).

❌ Your project status has failed because the head coverage (70.70%) is below the target coverage (80.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #220   +/-   ##
=======================================
  Coverage   70.70%   70.70%           
=======================================
  Files         134      134           
  Lines       10881    10881           
=======================================
  Hits         7693     7693           
  Misses       3188     3188           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

pyproject.toml (1)

139-148: Replace unsupported "packages" with "files" in [tool.mypy]

mypy does not use a top-level packages key in pyproject.toml; set files = ["openfga_sdk"] so mypy explicitly checks the package. exclude accepts either a single regex string or an array — the current list form is valid, so changing it is optional.
File: pyproject.toml (lines 139–148)

.github/workflows/main.yaml (1)

64-96: Publish job still uses legacy setup.py and test-requirements; switch to pyproject+uv (hatchling backend).

This path will fail after removing setup.py/test-requirements.txt. Build with uv or python -m build, then publish.

   publish:
@@
       - name: Set up Python
         uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
         with:
           python-version: "3.10"
-          cache: "pip"
-          cache-dependency-path: |
-            **/pyproject.toml
-            **/requirements*.txt
-            **/test-requirements*.txt
+          cache: "pip"
+          cache-dependency-path: |
+            **/pyproject.toml
@@
-      - name: Install dependencies
-        run: pip install -r test-requirements.txt --upgrade pip
+      - name: Install build tool
+        run: pip install uv
@@
-      - name: Build package
-        run: |
-          pip install setuptools wheel
-          python setup.py sdist bdist_wheel
+      - name: Build package
+        run: |
+          export UV_LINK_MODE=copy
+          uv build

Optionally add a uvx twine check dist/* step before publish for validation.

🧹 Nitpick comments (4)

pyproject.toml (3)

13-13: Versioning source-of-truth: ensure tag/version alignment or switch to dynamic SCM versioning.

If releases are triggered by tags like vX.Y.Z (see workflow), project.version = "0.9.5" must be kept in sync with tags. Consider dynamic = ["version"] with hatch-vcs or set version via environment to avoid drift.

Proposed change:

 [project]
 name = "openfga-sdk"
-version = "0.9.5"
+dynamic = ["version"]
@@
 [build-system]
-requires = ["hatchling"]
+requires = ["hatchling", "hatch-vcs"]
 build-backend = "hatchling.build"
+
+[tool.hatch.version]
+source = "vcs"

---

36-36: PEP 621 license field: prefer file/text table over bare string.

Some build backends expect license = { file = "LICENSE" } or { text = "Apache-2.0" }. Using a plain string isn’t universally supported.

-requires-python=">=3.10"
-license="Apache-2.0"
+requires-python = ">=3.10"
+license = { file = "LICENSE" }

---

128-135: CI threshold mismatch with Codecov target.

Tests use --cov-fail-under=60 while Codecov’s project target is 80%, causing confusing mixed signals. Align thresholds (recommend 80).

.github/workflows/main.yaml (1)

31-38: Cache dependency path can drop requirements globs in all jobs.

They’re removed repo-wide; keeping them is harmless but noisy.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 89a39d1 and 2ed92f5.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (7)

• .github/workflows/main.yaml (1 hunks)
• .openapi-generator-ignore (1 hunks)
• .openapi-generator/FILES (0 hunks)
• pyproject.toml (2 hunks)
• requirements.txt (0 hunks)
• setup.py (0 hunks)
• test-requirements.txt (0 hunks)

💤 Files with no reviewable changes (4)

• requirements.txt
• .openapi-generator/FILES
• setup.py
• test-requirements.txt

🔇 Additional comments (3)

pyproject.toml (2)

47-55: Add pytest to dev group; verify dev-tool pins

File: pyproject.toml (lines 47-55)

 [dependency-groups]
 dev = [
   "griffe>=0.41.2",
   "mock>=5.1.0",
+  "pytest>=8",
   "pytest-asyncio>=0.25",
   "pytest-cov>=5",
   "ruff>=0.9",
   "mypy>=1.14.1",
 ]

• CI must install the dev dependency-group so uv run pytest can find pytest.
• Verification failed in the sandbox: 'uv' CLI remained unavailable after install (uv: command not found); cannot confirm pytest-asyncio>=0.25, ruff>=0.9, mypy>=1.14.1 are resolvable on PyPI — run the provided verification locally or relax pins if any package/version is unavailable.

---

37-42: CI: inject the matrix urllib3 version into uv-run (don’t rely on a global pip install).

uv creates an isolated virtualenv for uv run and won’t pick up a globally pip-installed urllib3 — pass the matrix value into uv with --with so the test environment actually uses the matrixed urllib3. (github.com)

-            uv run pytest --cov-report term-missing --cov=openfga_sdk --cov-fail-under=60 test/ && \
+            uv run --with "urllib3==${{ matrix.urllib3-version }}" \
+              pytest --cov-report term-missing --cov=openfga_sdk --cov-fail-under=80 test/ && \

Also remove the global pip install "urllib3==..." from the workflow (it installs outside uv’s venv and won’t affect uv run).

.openapi-generator-ignore (1)

18-20: LGTM: generator now ignores legacy packaging manifests.

Ignoring setup.py/requirements files prevents regeneration from the SDK generator, which aligns with pyproject-only packaging.

[rhamzeh]

This PR is equivalent to: #193