Modernize setup with uv and just

cookiecutter.json

@@ -12,27 +12,21 @@
   "version": "0.1",
   "copyright_year": "{% now 'utc', '%Y' %}",
   "license": [
-    "MIT",
-    // "Apache-2.0",
-    // "BSD-3-Clause",
-    // "GPL-3.0-or-later",
-    // "LGPL-3.0-or-later",
+    "MIT"
   ],
   "development_status": [
-    // "Development Status :: 1 - Planning",
-    // "Development Status :: 2 - Pre-Alpha",
-    // "Development Status :: 3 - Alpha",
-    "Development Status :: 4 - Beta",
-    // "Development Status :: 5 - Production/Stable",
-    // "Development Status :: 6 - Mature",
-    // "Development Status :: 7 - Inactive"
+    "Development Status :: 4 - Beta"
   ],
-  "minimum_python": "3.13.0",
+  "minimum_python": "3.13",
   "with_django": "0",
   "with_flask": "0",
   "with_fastapi": "0",
   "with_cyclopts": "1",
   "with_postgres": "0",
   "support_rtd": "0",
-  "__package_name_snake_case": "{{ cookiecutter.package_name|slugify(separator='_') }}"
-}
+  "__package_name_snake_case": "{{ cookiecutter.package_name|slugify(separator='_') }}",
+  "_copy_without_render": [
+    "justfile",
+    ".just/*.justfile"
+  ]
+}

{{cookiecutter.project_name}}/.claude/CLAUDE.md

@@ -0,0 +1,35 @@
+
+# Python Package Management with uv
+
+Use uv exclusively for Python package management in this project.
+
+## Package Management Commands
+
+- All Python dependencies **must be installed, synchronized, and locked** using uv
+- Never use pip, pip-tools, poetry, or conda directly for dependency management
+
+Use these commands:
+
+- Install dependencies: `uv add <package>`
+- Remove dependencies: `uv remove <package>`
+- Sync dependencies: `uv sync`
+
+## Running Python Code
+
+- Run a Python script with `uv run <script-name>.py`
+- Run Python tools like Pytest with `uv run pytest` or `uv run ruff`
+- Launch a Python repl with `uv run python`
+
+## Managing Scripts with PEP 723 Inline Metadata
+
+- Run a Python script with inline metadata (dependencies defined at the top of the file) with: `uv run script.py`
+- You can add or remove dependencies manually from the `dependencies =` section at the top of the script, or
+- Or using uv CLI:
+    - `uv add package-name --script script.py`
+    - `uv remove package-name --script script.py`
+
+
+
+# References
+- https://pydevtools.com/handbook/how-to/how-to-configure-claude-code-to-use-uv/
+

{{cookiecutter.project_name}}/.env.template

@@ -30,17 +30,15 @@
 #     >> alias source-env='set -a && source .env && set +a'
 
 PROJECT_NAME='{{cookiecutter.package_name}}'
-BASE_DIR="__CWD__"
-IPYTHONDIR="__CWD__/etc/ipython"
-PYTHONSTARTUP="__CWD__/etc/pythonstartup.py"
+BASE_DIR='__CWD__'
+IPYTHONDIR='__CWD__/etc/ipython'
+PYTHONSTARTUP='__CWD__/etc/pythonstartup.py'
 
 # caching
-CACHE_DIR="__CWD__/var/cache/"
-BLACK_CACHE_DIR="__CWD__/var/cache/black"
-IPYTHON_CACHE_DIR="__CWD__/var/cache/ipython"
-MYPY_CACHE_DIR="__CWD__/var/cache/mypy"
-PRE_COMMIT_HOME="__CWD__/var/cache/pre-commit"
-PYLINTHOME="__CWD__/var/cache/pylint"
+CACHE_DIR='__CWD__/var/cache/'
+IPYTHON_CACHE_DIR='__CWD__/var/cache/ipython'
+PRE_COMMIT_HOME='__CWD__/var/cache/pre-commit'
+PYLINTHOME='__CWD__/var/cache/pylint'
 
 # debugging
 # used by python-interpreter, cfr. https://docs.python.org/3/using/cmdline.html#environment-variables
@@ -51,16 +49,19 @@ PYTHONBREAKPOINT='ipdb.set_trace'
 # show headers in urllib3-http-connections
 DEBUGLEVEL_HTTPCONNECTION='1'
 
+# generated sercrets key
+APP_SECRET_KEY='__APP_SECRET_KEY__'
+
 # tmp
-TMP="__CWD__/var/tmp"
-TMPDIR="__CWD__/var/tmp"
-TEMP="__CWD__/var/tmp"
+TMP='__CWD__/var/tmp'
+TMPDIR='__CWD__/var/tmp'
+TEMP='__CWD__/var/tmp'
 
 # libranet-logging - etc/logging.yaml
 # Supported values for logging, from lowest to highest priority:
 # LOGLEVEL_XXX: NOTSET|TRACE|DEBUG|INFO|WARNING|ERROR
-LOGGING_YML_FILE="__CWD__/etc/logging.yaml"
-LOG_DIR="__CWD__/var/log"
+LOGGING_YML_FILE='__CWD__/etc/logging.yaml'
+LOG_DIR='__CWD__/var/log'
 PYTHON_CONSOLE_FORMATTER='console_color'
 LOGLEVEL_ROOT='NOTSET'
 LOGLEVEL_ASYNCIO='NOTSET'
@@ -81,7 +82,7 @@ LOGLEVEL_URLLIB3='NOTSET'
 LOGLEVEL_URLLIB3_CONNECTIONPOOL='NOTSET'
 LOGLEVEL_URLLIB3_UTIL_RETRY='NOTSET'
 PYTHONASYNCIODDEBUG='1'
-LOG_HANDLERS="console|debug_file|info_file|warning_file|error_file"
+LOG_HANDLERS='console|debug_file|info_file|warning_file|error_file'
 PYTHON_ENABLE_LOGGING_TREE=0
 
 

{{cookiecutter.project_name}}/.github/dependabot.yml

@@ -1,21 +1,32 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
 version: 2
+
 updates:
-  - package-ecosystem: github-actions
-    directory: "/"
-    schedule:
-      interval: weekly
-  - package-ecosystem: pip
-    directory: "/.github/workflows"
-    schedule:
-      interval: weekly
-  - package-ecosystem: pip
-    directory: "/docs"
-    schedule:
-      interval: weekly
-  - package-ecosystem: pip
-    directory: "/"
-    schedule:
-      interval: weekly
-    versioning-strategy: lockfile-only
-    allow:
-      - dependency-type: "all"
+
+    # supported ecosystems:
+    # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-
+
+    # update for GitHub Actions
+    - package-ecosystem: github-actions
+      directory: "/"  # will search .github/workflows
+      labels:
+          - "dependencies"
+          - "github_actions"
+      open-pull-requests-limit: 9
+      schedule:
+          interval: "weekly"
+
+    # update uv.lock file
+    - package-ecosystem: "uv"
+      directory: "/"
+      labels:
+          - "dependencies"
+          - "python"
+          - "uv"
+      open-pull-requests-limit: 9
+      schedule:
+          interval: "monthly"

{{cookiecutter.project_name}}/.github/funding.yaml

@@ -3,4 +3,4 @@
 #  - https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/displaying-a-sponsor-button-in-your-repository
 #  - https://docs.github.com/en/sponsors/getting-started-with-github-sponsors/about-github-sponsors
 
-github: [{ { cookiecutter.github_user } }]
+github: [{{cookiecutter.github_user}}]

{{cookiecutter.project_name}}/.github/workflows/dependabot-auto-merge.yaml

@@ -0,0 +1,44 @@
+
+# Security references:
+#  - https://securitylab.github.com/resources/github-actions-preventing-pwn-requests
+#  - https://securitylab.github.com/resources/github-actions-untrusted-input
+#  - https://securitylab.github.com/resources/github-actions-building-blocks
+#  - https://securitylab.github.com/resources/github-actions-new-patterns-and-mitigations
+
+
+name: Auto Merge Dependabot
+
+on:
+  pull_request:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-merge:
+
+    runs-on: ubuntu-latest
+
+    timeout-minutes: 5
+
+    # Only run for Dependabot PRs - security: prevent running on PRs from forks or other actors
+    if: github.actor == 'dependabot[bot]'
+
+    steps:
+
+      # repo: https://github.com/actions/checkout
+      # releases: https://github.com/actions/checkout/tags
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1 released on 02-12-2025
+
+      # repo: https://github.com/fastify/github-action-merge-dependabot
+      # releases: https://github.com/fastify/github-action-merge-dependabot/tags
+      # The action waits for required status checks by default
+      - uses: fastify/github-action-merge-dependabot@1b2ed42db8f9d81a46bac83adedfc03eb5149dff  # v3.11.2 released on 03-10-2025
+        with:
+            # github-token: {% raw %}${{ secrets.TOKEN_AUTOMERGE }}{% endraw %}
+            # Using built-in GITHUB_TOKEN for better security (auto-scoped, auto-expires)
+            # Falls back to TOKEN_AUTOMERGE if GITHUB_TOKEN lacks permissions
+            github-token: {% raw %}${{ secrets.GITHUB_TOKEN }}{% endraw %}
+            merge-method: squash  # merge|squash|rebase
+            target: minor

{{cookiecutter.project_name}}/.github/workflows/linting.yaml

@@ -1,7 +1,33 @@
+# linting - Github Actions
+#
+# Security references:
+#  - https://securitylab.github.com/resources/github-actions-preventing-pwn-requests
+#  - https://securitylab.github.com/resources/github-actions-untrusted-input
+#  - https://securitylab.github.com/resources/github-actions-building-blocks
+#  - https://securitylab.github.com/resources/github-actions-new-patterns-and-mitigations
+#
+# Used actions:
+#   - actions/checkout
+#     repo: https://github.com/actions/checkout
+#     releases: https://github.com/actions/checkout/tags
+#
+#   - astral-sh/setup-uv: set up uv environment
+#     repo: https://github.com/astral-sh/setup-uv
+#     releases: https://github.com/astral-sh/setup-uv/tags
+#     https://docs.astral.sh/uv/guides/integration/github/
+
+
 name: Linting
 
+concurrency:
+    # see https://docs.github.com/en/actions/using-jobs/using-concurrency
+    # cancel-in-progress: {% raw %}${{ github.event_name == 'pull_request' }}{% endraw %}
+    group: {% raw %}${{ github.workflow }}-${{ github.ref }}{% endraw %}
+
 env:
-    POETRY_VERSION: "1.4.0"
+    # Pin uv version for reproducible builds
+    # https://github.com/astral-sh/uv/releases
+    UV_VERSION: "0.9.26"  # released on 2026-01-15
 
 on:
     pull_request:
@@ -14,51 +40,61 @@ permissions:
     contents: read
 
 jobs:
+    # see https://docs.astral.sh/uv/guides/integration/github/
     run-tests:
         name: Python linters
         runs-on: ubuntu-latest
         timeout-minutes: 5
-
+        strategy:
+            matrix:
+                python-version:
+                    - "3.14"
+                    - "3.13"
+                    - "3.12"
+                    - "3.11"
+                    - "3.10"
+                    - "3.9"
+                    - "3.8"
         steps:
-            - uses: actions/checkout@v3
-              with:
-                  persist-credentials: false
-                  fetch-depth: 0
-
-            - name: Set up Python 3.11
-              uses: actions/setup-python@v4
-              with:
-                  python-version: "3.11"
-
-            - name: Set up Poetry
-              run: |
-                  pip install poetry==${{"{{"}} env.POETRY_VERSION{{"}}"}}
-
-            - name: Install
-              run: |
-                  make install
-
-            - name: Flake8
-              run: |
-                  make flake8
-
-            - name: Ruff
-              run: |
-                  make ruff-check
-
-            - name: Pylint
-              run: |
-                  make pylint
-
-            - name: Mypy
-              run: |
-                  make mypy
-
-            - name: Pyroma
-              run: |
-                  make pyroma
-
-            - name: Check poetry
-              run: |
-                  make poetry-check
-                  make poetry-lock-check
+
+        # repo: https://github.com/actions/checkout
+        # releases: https://github.com/actions/checkout/tags
+        - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # v6.0.1 released on 02-12-2025
+          with:
+              persist-credentials: false
+              fetch-depth: 0
+
+        - name: Remove sitecustomize.py
+          run: |
+              sudo rm -f /usr/lib/python3.*/sitecustomize.py
+              sudo rm -f /etc/python3.*/sitecustomize.py
+
+        # repo: https://github.com/astral-sh/setup-uv
+        # releases: https://github.com/astral-sh/setup-uv/tags
+        # docs: https://docs.astral.sh/uv/guides/integration/github
+        - name: Install pinned version of uv
+          uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b  # v7.2.0 released on 2026-01-06
+          with:
+              python-version: {% raw %}${{ matrix.python-version }}{% endraw %}
+              version: {% raw %}${{ env.UV_VERSION }}{% endraw %}
+              enable-cache: true
+              cache-dependency-glob: "uv.lock"
+              prune-cache: true
+
+        - name: Set up Python {% raw %}${{ matrix.python-version }}{% endraw %}
+          run: uv python install {% raw %}${{ matrix.python-version }}{% endraw %}
+
+        - name: Install the project
+          run: uv sync --all-groups
+
+        - name: Pre-commit
+          run: uv run pre-commit run --all-files
+
+        # - name: Ruff check
+        #   run: uv run ruff check src tests
+
+        # - name: Pylint
+        #   run: uv run pylint src
+
+        - name: Pyroma
+          run: uv run pyroma .