build(deps-dev): switch to UV and TY (#358)

* build(deps): switch to uv and ty

* build(conda): remove conda

* style: fix lint

* style: add proper IDE tooling

* ci(github): update all workflows

* docs(readme): update readme

* docs(installation): remove conda

* style: fix format

* test(pyproject): fix test paths

* style: fix lint & format

* ci(github): update venv activation

* ci(github): update venv config

* ci(github): update python versions

* ci(docs): update torch backend for documentation builds

* fix(methods): fix extra_repr spelling

* build(deps-dev): bump ty

* ci(github): fix UV torch backend

* style(activation): fix typing

* build(deps-test): bump pytest version

* ci(github): fix coverage report upload

* ci(github): remove windows builds

* ci(github): update codecov upload

Author: frgfm

.conda/meta.yaml

@@ -1,5 +1,8 @@
 blank_issues_enabled: true
 contact_links:
+  - name: Documentation
+    url: https://frgfm.github.io/torch-cam/
+    about: Please consult the documentation before creating an issue.
   - name: Usage questions
     url: https://github.com/frgfm/torch-cam/discussions
     about: Ask questions and discuss with other TorchCAM community members

.github/ISSUE_TEMPLATE/bug_report.yml renamed to .github/ISSUE_TEMPLATE/1_bug_report.yml

@@ -0,0 +1,5 @@
+# Reporting security issues
+
+If you believe you have found a security vulnerability in TorchCAM, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.
+
+Please report security issues using https://github.com/frgfm/torch-cam/security/advisories/new

.github/ISSUE_TEMPLATE/feature_request.yml renamed to .github/ISSUE_TEMPLATE/2_feature_request.yml

@@ -9,12 +9,10 @@
 Run it with `python collect_env.py`.
 """
 
-from __future__ import absolute_import, division, print_function, unicode_literals
-
 import locale
 import os
 import re
-import subprocess  # noqa S404
+import subprocess  # noqa: S404
 import sys
 from pathlib import Path
 from typing import NamedTuple
@@ -120,7 +118,7 @@ def get_cudnn_version(run_lambda):
         cudnn_cmd = 'ldconfig -p | grep libcudnn | rev | cut -d" " -f1 | rev'
     rc, out, _ = run_lambda(cudnn_cmd)
     # find will return 1 if there are permission errors or if not found
-    if len(out) == 0 or rc not in (1, 0):
+    if len(out) == 0 or rc not in {1, 0}:
         lib = os.environ.get("CUDNN_LIBRARY")
         if lib is not None and Path(lib).is_file():
             return os.path.realpath(lib)
@@ -137,7 +135,7 @@ def get_cudnn_version(run_lambda):
     if len(files) == 1:
         return files[0]
     result = "\n".join(files)
-    return "Probably one of the following:\n{}".format(result)
+    return f"Probably one of the following:\n{result}"
 
 
 def get_nvidia_smi():
@@ -151,7 +149,7 @@ def get_nvidia_smi():
         smis = [new_path, legacy_path]
         for candidate_smi in smis:
             if Path(candidate_smi).exists():
-                smi = '"{}"'.format(candidate_smi)
+                smi = f'"{candidate_smi}"'
                 break
     return smi
 
@@ -187,14 +185,14 @@ def check_release_file(run_lambda):
 def get_os(run_lambda):
     platform = get_platform()
 
-    if platform in ("win32", "cygwin"):
+    if platform in {"win32", "cygwin"}:
         return get_windows_version(run_lambda)
 
     if platform == "darwin":
         version = get_mac_version(run_lambda)
         if version is None:
             return None
-        return "Mac OSX {}".format(version)
+        return f"Mac OSX {version}"
 
     if platform == "linux":
         # Ubuntu/Debian based
@@ -271,7 +269,7 @@ def replace_bools(dct, true="Yes", false="No"):
     def maybe_start_on_next_line(string):
         # If `string` is multiline, prepend a \n to it.
         if string is not None and len(string.split("\n")) > 1:
-            return "\n{}\n".format(string)
+            return f"\n{string}\n"
         return string
 
     mutable_dict = envinfo._asdict()

.github/ISSUE_TEMPLATE/config.yml

@@ -8,12 +8,16 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "daily"
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "daily"
     allow:
+      # Safe updates
       - dependency-name: "ruff"
-      - dependency-name: "mypy"
+      - dependency-name: "ty"
       - dependency-name: "pre-commit"
+      - dependency-name: "pytest"
+      - dependency-name: "pytest-cov"
+      - dependency-name: "pytest-pretty"

.github/SECURITY.md

@@ -3,75 +3,115 @@
 # This program is licensed under the Apache License 2.0.
 # See LICENSE or go to <https://www.apache.org/licenses/LICENSE-2.0> for full license details.
 
-from pathlib import Path
 
+# /// script
+# requires-python = ">=3.11"
+# dependencies = [
+#     "pyyaml>=6.0",
+# ]
+# ///
+
+import logging
+import re
+import sys
 import tomllib
+from pathlib import Path
+
 import yaml
 
-PRECOMMIT_PATH = ".pre-commit-config.yaml"
-PYPROJECT_PATH = "pyproject.toml"
+DOCKERFILES = []
+PRECOMMIT_CONFIG = ".pre-commit-config.yaml"
+PYPROJECTS = ["./pyproject.toml"]
+
+logger = logging.getLogger(__name__)
+logger.setLevel(logging.DEBUG)
+stream_handler = logging.StreamHandler(sys.stdout)
+log_formatter = logging.Formatter("%(levelname)s:     %(message)s")
+stream_handler.setFormatter(log_formatter)
+logger.addHandler(stream_handler)
+
 
+def parse_dep_str(dep_str: str) -> dict[str, str]:
+    # No version specified
+    if all(dep_str.find(char) == -1 for char in ("<", ">", "=")):
+        version_idx = len(dep_str)
+    else:
+        version_idx = min(idx for idx in (dep_str.find(char) for char in ("<", ">", "=")) if idx != -1)
+    pkg_idx = dep_str.find("[")
+    extra_idx = dep_str.find("]")
+    return {
+        "pkg": dep_str[: pkg_idx if pkg_idx != -1 else version_idx],
+        "version": dep_str[version_idx:],
+        "extras": [] if extra_idx == -1 else dep_str[pkg_idx + 1 : extra_idx].split(","),
+    }
 
-def main():
+
+def main():  # noqa: PLR0912
     # Retrieve & parse all deps files
-    deps_dict = {}
-    # UV: Dockerfile, precommit, .github
+    deps_dict = {
+        "uv": [],
+        "ruff": [],
+        "ty": [],
+        "pre-commit": [],
+    }
+    # Parse dockerfiles
+    for dockerfile in DOCKERFILES:
+        dockerfile_content_ = Path(dockerfile).read_text(encoding="utf-8")
+        uv_version = re.search(r"ghcr\.io/astral-sh/uv:(\d+\.\d+\.\d+)", dockerfile_content_).group(1)  # ty: ignore[possibly-unbound-attribute]
+        deps_dict["uv"].append({"file": dockerfile, "version": f"=={uv_version}"})
     # Parse precommit
-    with Path(PRECOMMIT_PATH).open("r") as f:
+    with Path(PRECOMMIT_CONFIG).open("r", encoding="utf-8") as f:
         precommit = yaml.safe_load(f)
-
     for repo in precommit["repos"]:
         if repo["repo"] == "https://github.com/astral-sh/uv-pre-commit":
-            if "uv" not in deps_dict:
-                deps_dict["uv"] = []
-            deps_dict["uv"].append({"file": PRECOMMIT_PATH, "version": repo["rev"].lstrip("v")})
+            deps_dict["uv"].append({"file": PRECOMMIT_CONFIG, "version": f"=={repo['rev'].lstrip('v')}"})
         elif repo["repo"] == "https://github.com/charliermarsh/ruff-pre-commit":
-            if "ruff" not in deps_dict:
-                deps_dict["ruff"] = []
-            deps_dict["ruff"].append({"file": PRECOMMIT_PATH, "version": repo["rev"].lstrip("v")})
-
+            deps_dict["ruff"].append({"file": PRECOMMIT_CONFIG, "version": f"=={repo['rev'].lstrip('v')}"})
     # Parse pyproject.toml
-    with Path(PYPROJECT_PATH).open("rb") as f:
-        pyproject = tomllib.load(f)
-
-    dev_deps = pyproject["project"]["optional-dependencies"]["quality"]
-    for dep in dev_deps:
-        if dep.startswith("ruff=="):
-            if "ruff" not in deps_dict:
-                deps_dict["ruff"] = []
-            deps_dict["ruff"].append({"file": PYPROJECT_PATH, "version": dep.split("==")[1]})
-        elif dep.startswith("mypy=="):
-            if "mypy" not in deps_dict:
-                deps_dict["mypy"] = []
-            deps_dict["mypy"].append({"file": PYPROJECT_PATH, "version": dep.split("==")[1]})
+    for pyproject_path in PYPROJECTS:
+        with Path(pyproject_path).open("rb") as f:
+            pyproject = tomllib.load(f)
+
+        # Parse dependencies
+        core_deps = [parse_dep_str(dep) for dep in pyproject["project"]["dependencies"]]
+        core_deps = {dep["pkg"]: dep for dep in core_deps}
+        for dep in deps_dict:  # noqa: PLC0206
+            if dep in core_deps:
+                deps_dict[dep].append({"file": pyproject_path, "version": core_deps[dep]["version"]})
+
+        # Parse optional dependencies
+        quality_deps = [parse_dep_str(dep) for dep in pyproject["project"]["optional-dependencies"]["quality"]]
+        quality_deps = {dep["pkg"]: dep for dep in quality_deps}
+        for dep in deps_dict:  # noqa: PLC0206
+            if dep in quality_deps:
+                deps_dict[dep].append({"file": pyproject_path, "version": quality_deps[dep]["version"]})
 
     # Parse github/workflows/...
     for workflow_file in Path(".github/workflows").glob("*.yml"):
         with workflow_file.open("r") as f:
             workflow = yaml.safe_load(f)
             if "env" in workflow and "UV_VERSION" in workflow["env"]:
-                if "uv" not in deps_dict:
-                    deps_dict["uv"] = []
                 deps_dict["uv"].append({
                     "file": str(workflow_file),
-                    "version": workflow["env"]["UV_VERSION"].lstrip("v"),
+                    "version": f"=={workflow['env']['UV_VERSION'].lstrip('v')}",
                 })
 
     # Assert all deps are in sync
     troubles = []
     for dep, versions in deps_dict.items():
         versions_ = {v["version"] for v in versions}
-        if len(versions_) != 1:
+        if len(versions_) > 1:
             inv_dict = {v: set() for v in versions_}
             for version in versions:
                 inv_dict[version["version"]].add(version["file"])
             troubles.extend([
-                f"{dep}:",
+                f"\033[31m{dep}\033[0m:",
                 "\n".join(f"- '{v}': {', '.join(files)}" for v, files in inv_dict.items()),
             ])
 
     if len(troubles) > 0:
         raise AssertionError("Some dependencies are out of sync:\n\n" + "\n".join(troubles))
+    logger.info("\033[32mAll dependencies are in sync!\033[0m")
 
 
 if __name__ == "__main__":

.github/collect_env.py

@@ -12,7 +12,8 @@
 with no labeling responsibility, so we don't want to bother them.
 """
 
-from typing import Any, Set, Tuple
+from argparse import ArgumentDefaultsHelpFormatter, ArgumentParser
+from typing import Any
 
 import requests
 
@@ -54,7 +55,7 @@ def query_repo(cmd: str, *, accept) -> Any:
     return response.json()
 
 
-def get_pr_merger_and_labels(pr_number: int) -> Tuple[str, Set[str]]:
+def get_pr_merger_and_labels(pr_number: int) -> tuple[str, set[str]]:
     # See https://docs.github.com/en/rest/reference/pulls#get-a-pull-request
     data = query_repo(f"pulls/{pr_number}", accept="application/vnd.github.v3+json")
     merger = data.get("merged_by", {}).get("login")
@@ -70,11 +71,9 @@ def main(args):
 
 
 def parse_args():
-    import argparse
-
-    parser = argparse.ArgumentParser(
+    parser = ArgumentParser(
         description="PR label checker",
-        formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+        formatter_class=ArgumentDefaultsHelpFormatter,
     )
 
     parser.add_argument("pr", type=int, help="PR number")