Background
Per org policy, the reusable CI workflows in ByronWilliamsCPA/.github/.github/workflows/python-*.yml are uv-only. The Poetry repos in the fleet are being migrated to uv as a coordinated workstream, after which the broken workflows on this repo will pass.
The trigger for this issue is ByronWilliamsCPA/.github PR #156 which makes python-compatibility.yml explicitly reject Poetry repos with an actionable error rather than silently muddling through.
What's currently broken on this repo
Once PR #156 lands on BWCPA/.github main, this repo's Python Compatibility workflow will fail fast with:
::error::This repo uses Poetry. The python-compatibility.yml reusable workflow is uv-only by org policy. Convert this repo to uv before re-enabling Python compatibility testing.
Additional workflows likely to be affected by future uv-only enforcement: python-sbom.yml, python-security-analysis.yml, python-ci.yml, etc. Migrating to uv now avoids needing to chase each workflow as it gets hardened.
Migration steps
- Convert
pyproject.toml: replace the [tool.poetry] and [tool.poetry.dependencies] sections with a PEP 621 [project] table. Dependencies become a flat list under dependencies = [...] and [project.optional-dependencies] for extras.
- Switch build backend if needed:
[build-system] requires = ["hatchling"] and build-backend = "hatchling.build" are typical for uv. Drop the Poetry build-backend.
- Remove
poetry.lock from the repo.
- Run
uv sync to generate uv.lock. Commit both pyproject.toml and uv.lock.
- Update
renovate.json: change enabledManagers from ["poetry", "github-actions"] to ["pep621", "github-actions"]. The poetry Renovate manager doesn't understand PEP 621 pyproject.toml; this is the same fix being applied in Phase 3C for the previously-misconfigured uv repos.
- Update any local dev docs / Makefiles / CONTRIBUTING.md that reference
poetry install / poetry run. Replace with uv sync / uv run.
- Verify CI: after merge, confirm
Python Compatibility and any other previously-failing workflows turn green on this repo.
Acceptance criteria
References
ByronWilliamsCPA/.github PR #156: the workflow change that surfaces this issueByronWilliamsCPA/.claude audit: docs/audits/cve-scan-coverage-2026-05-25.md (CI Repair Sprint section)- uv docs on PEP 621 migration: https://docs.astral.sh/uv/concepts/projects/
Why this matters
Renovate has been silently producing zero Python dependency PRs for this repo since the enabledManagers: ["poetry"] declaration was added (Renovate's poetry manager looks for [tool.poetry], which only catches projects still on Poetry; once a project moves to PEP 621, the pep621 manager is required). Fleet-wide audit identified this as the BLOCKED_BY_CONFIG bucket; converting to uv resolves both the Renovate gap and the upcoming CI gates.
Background
Per org policy, the reusable CI workflows in
ByronWilliamsCPA/.github/.github/workflows/python-*.ymlare uv-only. The Poetry repos in the fleet are being migrated to uv as a coordinated workstream, after which the broken workflows on this repo will pass.The trigger for this issue is
ByronWilliamsCPA/.githubPR #156 which makespython-compatibility.ymlexplicitly reject Poetry repos with an actionable error rather than silently muddling through.What's currently broken on this repo
Once PR #156 lands on
BWCPA/.githubmain, this repo'sPython Compatibilityworkflow will fail fast with:Additional workflows likely to be affected by future uv-only enforcement:
python-sbom.yml,python-security-analysis.yml,python-ci.yml, etc. Migrating to uv now avoids needing to chase each workflow as it gets hardened.Migration steps
pyproject.toml: replace the[tool.poetry]and[tool.poetry.dependencies]sections with a PEP 621[project]table. Dependencies become a flat list underdependencies = [...]and[project.optional-dependencies]for extras.[build-system] requires = ["hatchling"]andbuild-backend = "hatchling.build"are typical for uv. Drop the Poetry build-backend.poetry.lockfrom the repo.uv syncto generateuv.lock. Commit bothpyproject.tomlanduv.lock.renovate.json: changeenabledManagersfrom["poetry", "github-actions"]to["pep621", "github-actions"]. ThepoetryRenovate manager doesn't understand PEP 621 pyproject.toml; this is the same fix being applied in Phase 3C for the previously-misconfigured uv repos.poetry install/poetry run. Replace withuv sync/uv run.Python Compatibilityand any other previously-failing workflows turn green on this repo.Acceptance criteria
pyproject.tomluses PEP 621[project]table (no[tool.poetry])poetry.lockdeleted,uv.lockcommittedrenovate.jsonenabledManagersincludespep621, notpoetryPython Compatibilityworkflow on main is green (or removed if not applicable)Dependency & Standards Validationand any other required gates still passuvnotpoetryReferences
ByronWilliamsCPA/.githubPR #156: the workflow change that surfaces this issueByronWilliamsCPA/.claudeaudit:docs/audits/cve-scan-coverage-2026-05-25.md(CI Repair Sprint section)Why this matters
Renovate has been silently producing zero Python dependency PRs for this repo since the
enabledManagers: ["poetry"]declaration was added (Renovate'spoetrymanager looks for[tool.poetry], which only catches projects still on Poetry; once a project moves to PEP 621, thepep621manager is required). Fleet-wide audit identified this as the BLOCKED_BY_CONFIG bucket; converting to uv resolves both the Renovate gap and the upcoming CI gates.