Update cookiecutter

.ci/gen_certs.py

@@ -6,8 +6,8 @@
 # ///
 
 import argparse
-import os
 import sys
+from pathlib import Path
 
 import trustme
 
@@ -17,43 +17,41 @@ def main() -> None:
     parser.add_argument(
         "-d",
         "--dir",
-        default=os.getcwd(),
+        default=".",
         help="Directory where certificates and keys are written to. Defaults to cwd.",
     )
 
     args = parser.parse_args(sys.argv[1:])
-    cert_dir = args.dir
+    cert_dir = Path(args.dir)
 
-    if not os.path.isdir(cert_dir):
+    if not cert_dir.is_dir():
         raise ValueError(f"--dir={cert_dir} is not a directory")
 
     key_type = trustme.KeyType["ECDSA"]
 
     # Generate the CA certificate
     ca = trustme.CA(key_type=key_type)
     # Write the certificate the client should trust
-    ca_cert_path = os.path.join(cert_dir, "ca.pem")
+    ca_cert_path = cert_dir / "ca.pem"
     ca.cert_pem.write_to_path(path=ca_cert_path)
 
     # Generate the server certificate
     server_cert = ca.issue_cert("localhost", "127.0.0.1", "::1", key_type=key_type)
     # Write the certificate and private key the server should use
-    server_key_path = os.path.join(cert_dir, "server.key")
-    server_cert_path = os.path.join(cert_dir, "server.pem")
+    server_key_path = cert_dir / "server.key"
+    server_cert_path = cert_dir / "server.pem"
     server_cert.private_key_pem.write_to_path(path=server_key_path)
-    with open(server_cert_path, mode="w") as f:
-        f.truncate()
+    server_cert_path.write_text("")
     for blob in server_cert.cert_chain_pems:
         blob.write_to_path(path=server_cert_path, append=True)
 
     # Generate the client certificate
     client_cert = ca.issue_cert("admin@example.com", common_name="admin", key_type=key_type)
     # Write the certificate and private key the client should use
-    client_key_path = os.path.join(cert_dir, "client.key")
-    client_cert_path = os.path.join(cert_dir, "client.pem")
+    client_key_path = cert_dir / "client.key"
+    client_cert_path = cert_dir / "client.pem"
     client_cert.private_key_pem.write_to_path(path=client_key_path)
-    with open(client_cert_path, mode="w") as f:
-        f.truncate()
+    client_cert_path.write_text("")
     for blob in client_cert.cert_chain_pems:
         blob.write_to_path(path=client_cert_path, append=True)
 

.ci/scripts/collect_changes.py

@@ -1,22 +1,22 @@
 #!/bin/env python3
 # /// script
-# requires-python = ">=3.11"
+# requires-python = ">=3.13"
 # dependencies = [
 #     "gitpython>=3.1.46,<3.2.0",
 #     "packaging>=25.0,<25.1",
 # ]
 # ///
 
 import itertools
-import os
 import re
+from pathlib import Path
 
 import tomllib
 from git import GitCommandError, Repo
 from packaging.version import parse as parse_version
 
 # Read Towncrier settings
-with open("pyproject.toml", "rb") as fp:
+with Path("pyproject.toml").open("rb") as fp:
     tc_settings = tomllib.load(fp)["tool"]["towncrier"]
 
 CHANGELOG_FILE = tc_settings.get("filename", "NEWS.rst")
@@ -74,14 +74,13 @@ def split_changelog(changelog):
 
 
 def main():
-    repo = Repo(os.getcwd())
+    repo = Repo(Path.cwd())
     remote = repo.remotes[0]
     branches = [ref for ref in remote.refs if re.match(r"^([0-9]+)\.([0-9]+)$", ref.remote_head)]
     branches.sort(key=lambda ref: parse_version(ref.remote_head), reverse=True)
     branches = [ref.name for ref in branches]
 
-    with open(CHANGELOG_FILE, "r") as f:
-        main_changelog = f.read()
+    main_changelog = Path(CHANGELOG_FILE).read_text()
     preamble, main_changes = split_changelog(main_changelog)
     old_length = len(main_changes)
 
@@ -103,10 +102,9 @@ def main():
     new_length = len(main_changes)
     if old_length < new_length:
         print(f"{new_length - old_length} new versions have been added.")
-        with open(CHANGELOG_FILE, "w") as fp:
+        with Path(CHANGELOG_FILE).open("w") as fp:
             fp.write(preamble)
-            for change in main_changes:
-                fp.write(change[1])
+            fp.writelines(change[1] for change in main_changes)
 
         repo.git.commit("-m", "Update Changelog", CHANGELOG_FILE)
 

.ci/scripts/pr_labels.py

@@ -19,7 +19,7 @@
 def main():
     assert len(sys.argv) == 3
 
-    with open("pyproject.toml", "rb") as fp:
+    with Path("pyproject.toml").open("rb") as fp:
         PYPROJECT_TOML = tomllib.load(fp)
     BLOCKING_REGEX = re.compile(r"DRAFT|WIP|NO\s*MERGE|DO\s*NOT\s*MERGE|EXPERIMENT")
     ISSUE_REGEX = re.compile(r"(?:fixes|closes)[\s:]+#(\d+)")

.ci/scripts/validate_commit_message.py

@@ -12,9 +12,8 @@
 from pathlib import Path
 
 import tomllib
-from github import Github
 
-with open("pyproject.toml", "rb") as fp:
+with Path("pyproject.toml").open("rb") as fp:
     PYPROJECT_TOML = tomllib.load(fp)
 KEYWORDS = ["fixes", "closes"]
 BLOCKING_REGEX = [
@@ -33,22 +32,24 @@
 if NOISSUE_MARKER in message:
     sys.exit("Do not add '[noissue]' in the commit message.")
 
-if any((re.match(pattern, message) for pattern in BLOCKING_REGEX)):
+if any(re.match(pattern, message) for pattern in BLOCKING_REGEX):
     sys.exit("This PR is not ready for consumption.")
 
-g = Github(os.environ.get("GITHUB_TOKEN"))
-repo = g.get_repo("pulp/pulp-cli-maven")
 
+def check_status(issue: str) -> None:
+    from github import Github
+
+    g = Github(os.environ.get("GITHUB_TOKEN"))
+    repo = g.get_repo("pulp/pulp-cli-maven")
 
-def check_status(issue):
     gi = repo.get_issue(int(issue))
     if gi.pull_request:
         sys.exit(f"Error: issue #{issue} is a pull request.")
     if gi.closed_at:
         sys.exit(f"Error: issue #{issue} is closed.")
 
 
-def check_changelog(issue):
+def check_changelog(issue: str) -> None:
     matches = list(Path("CHANGES").rglob(f"{issue}.*"))
 
     if len(matches) < 1:
@@ -58,7 +59,7 @@ def check_changelog(issue):
             sys.exit(f"Invalid extension for changelog entry '{match}'.")
 
 
-print("Checking commit message for {sha}.".format(sha=sha[0:7]))
+print(f"Checking commit message for {sha[0:7]}.")
 
 # validate the issue attached to the commit
 issue_regex = r"(?:{keywords})[\s:]+#(\d+)".format(keywords=("|").join(KEYWORDS))
@@ -72,4 +73,4 @@ def check_changelog(issue):
             check_status(issue)
             check_changelog(issue)
 
-print("Commit message for {sha} passed.".format(sha=sha[0:7]))
+print(f"Commit message for {sha[0:7]} passed.")

.github/workflows/build.yml

@@ -8,30 +8,27 @@ jobs:
   build:
     runs-on: "ubuntu-latest"
     steps:
-      - uses: "actions/checkout@v6"
-      - uses: "actions/cache@v5"
-        with:
-          path: "~/.cache/pip"
-          key: "${{ runner.os }}-pip-${{ hashFiles('**/*requirements.txt', '**/*constraints.lock', '**/setup.py', '**/pyproject.toml') }}"
-          restore-keys: |
-            ${{ runner.os }}-pip-
-
+      - name: "Checkout"
+        uses: "actions/checkout@v6"
       - name: "Set up Python"
         uses: "actions/setup-python@v6"
         with:
           python-version: "3.14"
-      - name: "Install python dependencies"
-        run: |
-          pip install build setuptools wheel
+          allow-prereleases: true
+      - name: "Install uv"
+        uses: "astral-sh/setup-uv@v7"
+        with:
+          enable-cache: true
       - name: "Build wheels"
         run: |
           make build
+          touch .root
       - name: "Upload wheels"
         uses: "actions/upload-artifact@v6"
         with:
           name: "pulp_cli_packages"
           path: |
-            pulp-glue-maven/dist/
+            .root
             dist/
           if-no-files-found: "error"
           retention-days: 5

.github/workflows/codeql.yml

@@ -17,7 +17,7 @@ jobs:
       security-events: "write"
 
     steps:
-      - name: "Checkout repository"
+      - name: "Checkout"
         uses: "actions/checkout@v6"
       - name: "Initialize CodeQL"
         uses: "github/codeql-action/init@v4"

.github/workflows/collect_changes.yml

@@ -8,21 +8,26 @@ jobs:
   collect-changes:
     runs-on: "ubuntu-latest"
     steps:
-      - uses: "actions/checkout@v6"
+      - name: "Checkout"
+        uses: "actions/checkout@v6"
         with:
-          ref: "main"
           fetch-depth: 0
-      - uses: "actions/setup-python@v6"
+      - name: "Set up Python"
+        uses: "actions/setup-python@v6"
         with:
-          python-version: "3.x"
+          python-version: "3.14"
+          allow-prereleases: true
+      - name: "Install uv"
+        uses: "astral-sh/setup-uv@v7"
+        with:
+          enable-cache: true
       - name: "Setup git"
         run: |
           git config user.name pulpbot
           git config user.email pulp-infra@redhat.com
       - name: "Collect changes"
         run: |
-          pip install GitPython packaging
-          python3 .ci/scripts/collect_changes.py
+          uv run --script .ci/scripts/collect_changes.py
       - name: "Create Pull Request"
         uses: "peter-evans/create-pull-request@v8"
         id: "create_pr"