use uv instead of pip

[slashburygin]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @slashburygin, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly refactors the project's core infrastructure by transitioning to uv for dependency management and adopting pyproject.toml for build system configuration. These changes aim to modernize the development workflow, improve dependency resolution speed, and centralize project settings. Additionally, the integration of ruff and mypy enhances code quality checks, while minor formatting adjustments contribute to better code maintainability.

Highlights

• Dependency Management Migration: The project's dependency management has been migrated from traditional pip and requirements.txt to uv and pyproject.toml, streamlining the installation and environment setup process.
• Build System Consolidation: Project metadata, dependencies, and build configurations previously spread across setup.cfg, setup.py, and requirements.txt are now consolidated into a single pyproject.toml file, adhering to modern Python packaging standards.
• Code Quality Tooling Update: The tox.ini configuration has been updated to replace black with ruff for code formatting and linting, and mypy has been integrated for static type checking, enhancing code quality and consistency.
• Code Readability Improvements: Numerous Python files across the codebase have undergone minor formatting adjustments, primarily reducing line lengths in function calls and string literals to improve overall code readability.

Changelog

• README.md
  • Updated installation and environment setup instructions to use uv and tox-uv.
  • Removed old pip install commands and related setup steps.
• genesis_devtools/backup/backup.py
  • Reformatted conditional statements and function calls for improved readability.
• genesis_devtools/backup/base.py
  • Reformatted conditional statements for improved readability.
• genesis_devtools/backup/local.py
  • Removed an empty line in class definition.
  • Reformatted function calls for improved readability.
• genesis_devtools/backup/qcow.py
  • Removed an empty line in class definition.
  • Reformatted a function call for improved readability.
• genesis_devtools/backup/s3.py
  • Removed an empty line in class definition.
  • Reformatted a function call for improved readability.
• genesis_devtools/builder/init.py
  • Modified the import statement for dependency to use an alias.
• genesis_devtools/builder/base.py
  • Reformatted class method signatures and list comprehensions for improved readability.
• genesis_devtools/builder/builder.py
  • Reformatted path joining and function calls for improved readability.
• genesis_devtools/builder/dependency.py
  • Reformatted path joining, function calls, and error messages for improved readability.
• genesis_devtools/builder/packer.py
  • Reformatted string literals and function calls for subprocess execution for improved readability.
• genesis_devtools/clients/iam.py
  • Reformatted path joining and error messages for improved readability.
• genesis_devtools/cmd/cli.py
  • Reformatted command decorators, help messages, and error messages for improved readability.
  • Changed an f-string to a regular string in an error message.
• genesis_devtools/infra/driver/libvirt.py
  • Reformatted function signatures and error messages for improved readability.
• genesis_devtools/infra/libvirt/libvirt.py
  • Reformatted subprocess calls and string literals for improved readability.
• genesis_devtools/repo/base.py
  • Reformatted abstract method signature for pull.
• genesis_devtools/repo/fs.py
  • Reformatted file copying and path construction for improved readability.
• genesis_devtools/repo/nginx.py
  • Removed unused imports (tempfile, shutil).
  • Reformatted string literals and error messages for improved readability.
• genesis_devtools/repo/utils.py
  • Removed unused imports (os, json, shutil).
• genesis_devtools/stand/models.py
  • Reformatted list comprehensions in from_spec method for improved readability.
• genesis_devtools/tests/unit/test_builder.py
  • Removed an empty line in class definition.
• genesis_devtools/tests/unit/test_cmd_backup.py
  • Removed an empty line in class definition.
  • Reformatted function calls for improved readability.
• genesis_devtools/tests/unit/test_dependency.py
  • Removed unused imports (tempfile, pytest).
  • Reformatted assertions and function calls for improved readability.
• genesis_devtools/tests/unit/test_packer.py
  • Removed an empty line in class definition.
• genesis_devtools/utils.py
  • Reformatted error messages and return statements for improved readability.
• pyproject.toml
  • Added a new file to define project metadata, dependencies, build system, and tool configurations (ruff, mypy, coverage).
• requirements.txt
  • Removed the file, as dependencies are now managed in pyproject.toml.
• setup.cfg
  • Removed the file, as project metadata is now managed in pyproject.toml.
• setup.py
  • Removed the file, as the build system is now managed in pyproject.toml.
• test-requirements.txt
  • Removed the file, as test dependencies are now managed in pyproject.toml.
• tox.ini
  • Updated envlist to include Python 3.11.
  • Replaced black with ruff and added mypy environments.
  • Configured uv-venv-lock-runner and extras for dependency management.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/tests.yml

Activity

• The pull request was created by slashburygin.
• The changes primarily focus on refactoring the project's build and dependency management system.
• No specific reviewer comments or interactions are available in the provided context.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request migrates the project from pip and setup.py to uv and pyproject.toml for dependency management and packaging. This is a positive change that modernizes the project structure. The changes also include widespread code formatting adjustments, likely from ruff format, which improve consistency. I've identified several configuration issues in the new pyproject.toml and tox.ini files, which appear to be copy-paste errors referencing a different project (genesis_core instead of genesis_devtools). Addressing these is crucial for ensuring the build, test, and packaging processes function correctly.

[slashburygin]

/gemini review

[gemini-code-assist]

Code Review

This pull request migrates the project from pip to uv, modernizes the build configuration using pyproject.toml, and transitions to tox-uv and ruff for improved development workflow and linting. However, it introduces several critical Command Injection vulnerabilities in the libvirt.py module due to unsafe subprocess calls with shell=True and unsanitized user input, allowing for arbitrary command execution with root privileges. It is highly recommended to refactor these subprocess calls to use a list of arguments and disable shell execution. Furthermore, there are critical and high-severity issues in the pyproject.toml configuration, such as misplaced runtime dependencies, an incompatible setuptools version for Python 3.8, and missing essential package data files. Minor type hint and localization issues also require addressing.

[slashburygin]

/gemini review

[gemini-code-assist]

Code Review

This pull request successfully migrates the project to use uv and pyproject.toml, which is a positive step towards modernizing build and dependency management. However, several critical security concerns have been identified, including command injection vulnerabilities in the libvirt.py module and a path traversal risk in the filesystem repository driver. These issues stem from the use of subprocess with shell=True and direct string interpolation of variables without proper sanitization, potentially allowing arbitrary command execution, even when considering existing privilege levels. Furthermore, the pyproject.toml configuration contains critical and high-severity issues, such as the dependencies section being incorrectly placed outside the [project] table, violating PEP 621 and potentially breaking standard installation tools. There is also a significant inconsistency between the claimed Python 3.8 support and the use of modern type hinting features, which will cause runtime errors on older Python versions. Finally, some redundant configuration and opportunities for improved resource utilization in tests were noted.