niklasrosenstein / slap Goto Github PK

View Code? Open in Web Editor NEW

21.0 3.0 11.0 11.05 MB

Slap is a CLI to assist in the process for developing and releasing Python packages.

Home Page: https://niklasrosenstein.github.io/slap/

License: Other

Python 100.00%

python release-automation app cli python-poetry flit setuptools

slap's Introduction

Slap

Slap is a command-line tool to simplify common workflows in the development of Python projects independent of the PEP 517 build backend being used, capable of managing single- and multi-project repositories.

Installation

I recommend installing Slap using Pipx. (Requires Python 3.10 or higher)

$ pipx install slap-cli

Note: Currently Slap relies on an alpha version of poetry-core (^1.1.0a6). If you install it into the same environment as Poetry itself, you may also need to use an alpha version of Poetry (e.g. 1.2.0a2).

If you use Slap in GitHub Actions, try one of the actions provided by Slap directly:

NiklasRosenstein/slap@gha/install/v1

NiklasRosenstein/slap@gha/changelog/update/v1

Documentation

You can find the documentation for Slap here: https://niklasrosenstein.github.io/slap/

Check out the Getting started guide.

Feature Matrix

Feature	Poetry	Documentation
Manage structured changelog entries	❌	slap changelog
Show project details	❌	slap info
Build and publish to PyPI using Twine	✅ (single project only)	slap publish
Create a new release (bump version numbersr)	❌ (sub-par support)	slap release
Run a command configured in `pyproject.toml`	❌	slap run
Run tests configured in `pyproject.toml`	❌	slap test
Manage Python virtualenv's	✅ (but out-of-worktree)	slap venv
Generate a dependencies report	❌	slap report dependencies
Project dependencies lock file	✅	❌

Feature / Build backend	Flit	Poetry	Setuptools	Documentation
Add dependency	✅	✅	❌	slap add
Sanity check project configuration		✅		slap check
Bootstrap project files		✅		slap init
Install projects using Pip or uv	✅	✅	✅	slap install
Symlink projects (editable installs)	✅	✅	✅	slap link
Bump interdependencies in mono-repository	✅ (not tested regularly)	✅	✅ (partial)	slap release

Legend: ✅ explicitly supported, ❌ explicitly not supported, (blank) not relevant or currently not supported

Issues / Suggestions / Contributions

Slap is currently very opinionated by the fact that I built it as my personal workflow tool, but I welcome suggestions and contributions, and I am hopeful it will be useful to a wider audience than myself.

Please report any issues you encounter via GitHub Issues. Feel free to use the GitHub Discussions forum to ask questions or make suggestions on new features (e.g. if you would like a new build backend to be supported?). Lastly, feel free to submit pull requests to the GitHub Repository.

FAQ

Why "Slap"?

Finding a good, catchy name that also types easily in the terminal and is not already widely used isn't easy, ok?

What makes this different to the Poetry CLI?

Some people might find this similar to tools like Poetry, and while there is some overlap in functionality, Slap is not a build backend and is more targeted towards library development. In fact, most of my projects use Poetry as the build backend but I never even once interact with the Poetry CLI throughout the lifetime of the project.

The most notable differences to Poetry are

Supports mono-repositories (i.e. multiple related Python projects in the same repository), to the extent that it bumps version numbers of project inter-dependencies and installs your projects in topological order
Supports development installs independent of the build backend (yes; this means you can install Poetry packages in editable mode even though the Poetry backend right now does not support editable installs)
Slap's version bump command (slap release) updates the version not just in your pyproject.toml but also the __version__ in your source code as well as in related projects (see mono-repositories above) and any additional references you can configure via Regex patterns
Does not automagically create a virtual environment for you when instal your project(s); instead, it errors when you try to install into a non-virtual Python environment and gives you an easy-to-use tool to create and activate virtual environments (and allowing multiple environments per project as well as global environments)
Uses Pip to install your project(s), unlike Poetry which comes with its own dependency resolver and package installer (which I personally have been having a lot of issues with in the past).
Does not have a concept of lock files

How can I use the shiny new `uv` installer with Slap?

You can configure Slap to use uv to create virtual environments:

$ slap config --venv-type uv

When Slap detects a virtual environment that was created with uv (note: actually, create with uv by Slap itself), it will use uv to install packages into the virtual environment. Alternatively, you can pass the --installer uv option to slap install.

slap's People

Contributors

Stargazers

Watchers

Forkers

ndejong mulugruntz trendingtechnology pombredanne shahriyardx hatzav-ox jonhoo alexwaldenmaier-hs alexespencer qsantos mcintel

slap's Issues

add `--extras,-E` option to `slam install`

LICENSE.txt is produced with additional carriage returns on Windows

On Windows, the generated LICENSE.txt contains additional carriage returns. The below is the diff after running shut pkg update on Windows. The original LICENSE.txt had CRLF line endings.

niklas@RAZER-BLADE-15:~/git/shut  > python -c 'print(open("LICENSE.txt", "rb").read(20))'
b'The MIT License\r\r\n\r\r'

I think this may be because when I check out the Shut repository on Windows, line endings are checked out as CRLF into the worktree. When we use pkg_resources.resource_string() to load the MIT license template, it loads the file without universal newlines, so it contains CRLF, which we then write to a file with universal newlines enabled.

`slap add --upgrade` can show inconsistent version warning

What is also surprising is that although the newer version got installed by the first run already, but Slap still finds the old version to write into pyproject.toml.

$ slap add slap.core.cli --upgrade
(venv-aware) a virtual environment is already activated (/Users/niklas.rosenstein/Library/Caches/pypoetry/virtualenvs/my-package-FPuO3UBk-py3.10)
Installing PypiDependency(name='slap.core.cli', version=VersionSpec(''), source=None, extras=None, python=None, markers=None, hashes=None)
ERROR: pip's dependency resolver does not currently take into account all the packages that are installed. This behaviour is the source of the following dependency conflicts.
my-package 0.1.0 requires slap.core.cli<0.2.0,>=0.1.3, but you have slap-core-cli 0.2.0 which is incompatible.
Adding PypiDependency(name='slap.core.cli', version=VersionSpec('^0.1.3'), source=None, extras=None, python=None, markers=None, hashes=None)

$ slap add slap.core.cli --upgrade
(venv-aware) a virtual environment is already activated (/Users/niklas.rosenstein/Library/Caches/pypoetry/virtualenvs/my-package-FPuO3UBk-py3.10)
Installing PypiDependency(name='slap.core.cli', version=VersionSpec(''), source=None, extras=None, python=None, markers=None, hashes=None)
Adding PypiDependency(name='slap.core.cli', version=VersionSpec('^0.2.0'), source=None, extras=None, python=None, markers=None, hashes=None)

Recursive install monorepo inter dependencies with "shut pkg install"

Currently if you have three packages in a mono repo A, B and C and the dependency is C -> B -> A, shut pkg install does not discover the transitive inter dependency on package A and does not pass it to pip for installation.

Support setuptools "project_urls" in package.yml

Execute test drivers in parallel

Having multiple independent test drivers could be run in parallel to improve response rate. Parallelism should be disabled when stdout capture is disabled.

Prevent publish if managed files are outdated

Shut should prevent a publish step if the managed files are outdated. shut pkg update must be run beforehand.

Support pytest xfail

I have a parametrized test with marks=[pytest.mark.xfail] where I expect it to fail.

However, I get an exception when running shut pkg test --no-capture:

Traceback (most recent call last):
  File "/.../bin/shut", line 8, in <module>
    sys.exit(shut())
  File "/.../lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/.../lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/.../lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/.../lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/.../lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/.../lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/.../lib/python3.9/site-packages/shut/commands/pkg/test.py", line 153, in test
    test_run = test_package(package, isolate, keep_test_env, capture)
  File "/.../lib/python3.9/site-packages/shut/commands/pkg/test.py", line 70, in test_package
    return package.test_driver.test_package(package, runtime, capture)
  File "/.../lib/python3.9/site-packages/shut/test/pytest.py", line 126, in test_package
    test_run = load_report_file(self.report_file)
  File "/.../lib/python3.9/site-packages/shut/test/pytest.py", line 81, in load_report_file
    test_status = {'passed': TestStatus.PASSED, 'failed': TestStatus.FAILED, 'skipped': TestStatus.SKIPPED}[test['outcome']]
KeyError: 'xfailed'

Indeed, only passed, failed and skipped are acknowledged. Whereas xfailed and xpassed are not.

Documentation: https://docs.pytest.org/en/6.2.x/example/parametrize.html

"shut mono bump --snapshot" must not bump inter-dependencies

The shut {pkg,mono} bump --snapshot option was designed to be able to test publishing to package registries that support the version format, for example Artifactory (PyPI Warehouse does not support it).

Python setuptools in general also does not support the snapshot version format. However currently when bumping a single-versioned mono repository with package interdependencies using shut mono bump --snapshot, the inter dependencies get their version replaced with the snapshot version which ends up as an invalid package definition.

This is because shut.model.requirements.Requirement uses the packaging.Version class, and that class does not support the snapshot format.

Ideally Setuptools would start supporting snapshot versions, but until then we must not bump package inter dependencies when using the bump --snapshot option.

The following is OK because setuptools is silent about the weird version:

 setuptools.setup(
   name = 'mypackage',
-  version = '2.0.0',
+  version = '2.0.0+12.gcf23267+12.gcf23267',
   author = None,
   author_email = None,

But requirements may not use it

 requirements:
   - python ^2.7|^3.5
-  - myotherpackage ^2.0.0
+  - myotherpackage ^2.0.0+12.gcf23267

Support code coverage in pytest driver

`slap publish` should prevent publishing if there are commits since the current version's tags

Currently you can run shut pkg publish or shut mono publish whenever you want. That means even if you created some commits after the last version bump, you can build and publish package(s). Shut should prevent that from happening by checking if we're sitting on the tag of the version that is supposed to be published and there are no changes in the worktree.

Warn on invalid keys in package.yaml

`slap changelog add` should include the issue IDs in the commit message

That way, GitHub or GitLab for example will ensure that a reference of the commit is in turn added to the issue.

Loading project dependencies is a step that can be avoided for most Slap commands

The project dependencies are loaded with every invocation of Slap right now because of how Project._get_projects() already orders the project list topologically. Most Slap commands don't care about the order (like slap release, etc.) and we can skip loading the dependencies if we instead create a separate API to retrieve the projects in topological order explicitly.

GitHub install action should accept a version range as argument

Currently, the NiklasRosenstein/slap@gha/install/v1 has a version argument but it can only be * or an exact version, not a range like >=1.4.5.

`shut mono status` does not respect `$.release.single-version`

$ cat monorepo.yml 
version: 1.1.1
name: docspec
author: Niklas Rosenstein <[email protected]>
url: https://github.com/NiklasRosenstein/docspec
license: MIT
release:
  single-version: true
publish:
  pypi:
    credentials:
      username: __token__
      password: $PYPI_TOKEN
      test_username: __token__
      test_password: $TEST_PYPI_TOKEN
$ shut mono status
       docspec: tag "[email protected]" not found
docspec-python: tag "[email protected]" not found

Autodetect lowercase license/readme files

Notice when readme_file or license_file point outside project directory

The project root is the Git worktree root. When any files referenced in the config point outside the root, that should be an error.

Background: I accidentally created a LICENSE.txt via shut pkg update outside of my project root after moving a package and it's package.yml to the project root, and that packge config referenced license_file: ../LICENSE.txt

Cannot run "pip install" without develop mode on package that inherits monorepo license

$ pip install ./docspec
Processing ./docspec
    ERROR: Command errored out with exit status 1:
     command: /home/niklas/git/github/docspec/.venv/bin/python3 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-req-build-a9u4wbl1/setup.py'"'"'; __file__='"'"'/tmp/pip-req-build-a9u4wbl1/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-req-build-a9u4wbl1/pip-egg-info
         cwd: /tmp/pip-req-build-a9u4wbl1/
    Complete output (7 lines):
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-req-build-a9u4wbl1/setup.py", line 26, in <module>
        _tempcopy('../LICENSE.txt', 'LICENSE.txt')
      File "/tmp/pip-req-build-a9u4wbl1/setup.py", line 19, in _tempcopy
        raise RuntimeError(msg)
    RuntimeError: "LICENSE.txt" does not exist, and cannot copy it from "../LICENSE.txt" either
    ----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

That is because Pip copies the build context into a separate temporary directory from which the parent mono repository cannot be accessed.

A workaround may be to only require the LICENSE.txt file to exist on setup.py invokations where the command contains either dist (e.g. sdist) or build, and otherwise issue a warning in the _tempcopy() function rendered into the setup.py.

Validate `MANIFEST.in` content (each line matches at least one file) in `shut pkg checks`

Lines that don't have any effect in MANIFEST.in do not cause an error or easily surface-able warning when building the package. The Shut package checks should validate that each line in the manifest serves a purpose. Lines that do not may be a mistake that needs to be corrected by the user.

`slap install` and `slap add` should check `~/.netrc` and ask for missing credentials to store them there

On a side note, it would be nice if we could always use the keyring module but it requires that we install keyring into every environment that we interact with.

`slap publish` should use the `build` module

The build builds the distribution in an isolated environment, which Slap currently does not.

Upgrading a dependency with `slap add` will have Pip complaining if the upgraded version is not compatible with the requirement listed in the project

Installing your project with Pip will register its requirements in the .dist-info (also when linking, where it might instead be in .egg-info, but it doesn't matter). When you then try to upgrade a dependency, for example with slap add my-dependency^0.4.0 --upgrade, and the current declaration of the dependency is incompatible, for example my-dependency = "^0.3.0", then Pip will install it but you will get a warning that it is incompatible with your own project's installation.

We could work around this by temporarily un-installing your project from the Python environment, and then installing it again. Doing that however might be very slow. If the project is linked with slap link or slap install --link, then it could be fast because we just uninstall and then re-link it.

Maybe we should have slap add do that if the project is linked, and then add a notice if the project is not linked but hard-installed that you should prefer to work with a linked install of your project.

add `slap changelog summary` command to summarize changes between two revisions

This could be used to automatically create commits after adding multiple changelogs in one commit.

$ slap changelog summary origin/develop  # Could be the remote tracking branch by default
deprecation - Deprecated `this`
feature - Added `that`

$ slap changelog summary origin/develop --commit
[develop 8055e15] 1 deprecation, 1 feature -- Deprecated `this`
 2 files changed, 6 insertions(+), 2 deletions(-)

Implement a release plugin to rename the unreleased changelog

shut versions 0.10.x may not have required `data` folder in package

shut versions 0.10.x may not have required data folder in package

version 0.9.0

user@computer:~/project$ 
user@computer:~/project$ shut --version
shut, version 0.9.0
user@computer:~/project$ shut pkg checks

  ✔️   classifiers
  ✔️   license
  ✔️   namespace files
  ✔️   package-author
  ✔️   package-url
  ✔️   package-version
  ✔️   readme
  ✔️   up to date

ran 8 checks for package project in 0.011s
user@computer:~/project$

version 0.10.3

user@computer:~/project$ shut --version
shut, version 0.10.3
user@computer:~/project$ shut pkg checks
/usr/lib/python3/dist-packages/apport/report.py:13: DeprecationWarning: the imp module is deprecated in favour of importlib; see the module's documentation for alternative uses
  import fnmatch, glob, traceback, errno, sys, atexit, locale, imp, stat
Traceback (most recent call last):
  File "/home/user/.local/bin/shut", line 8, in <module>
    sys.exit(shut())
  File "/home/user/.local/lib/python3.8/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/home/user/.local/lib/python3.8/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/home/user/.local/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/user/.local/lib/python3.8/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/user/.local/lib/python3.8/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/user/.local/lib/python3.8/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/home/user/.local/lib/python3.8/site-packages/shut/commands/pkg/checks.py", line 80, in checks
    sys.exit(check_package(package, warnings_as_errors))
  File "/home/user/.local/lib/python3.8/site-packages/shut/commands/pkg/checks.py", line 61, in check_package
    checks = get_package_checks(package)
  File "/home/user/.local/lib/python3.8/site-packages/shut/commands/pkg/checks.py", line 44, in get_package_checks
    checks = list(get_checks(package))
  File "/home/user/.local/lib/python3.8/site-packages/shut/checkers/base.py", line 125, in get_checks
    yield from checker().get_checks(obj)
  File "/home/user/.local/lib/python3.8/site-packages/shut/checkers/base.py", line 101, in get_checks
    for index, result in enumerate(value(subject)):
  File "/home/user/.local/lib/python3.8/site-packages/shut/checkers/package.py", line 137, in _check_up_to_date
    files = get_files(package)
  File "/home/user/.local/lib/python3.8/site-packages/shut/renderers/core.py", line 78, in get_files
    renderer().get_files(files, obj)
  File "/home/user/.local/lib/python3.8/site-packages/shut/renderers/license.py", line 81, in get_files
    get_license_template(model.license)
  File "/home/user/.local/lib/python3.8/site-packages/shut/renderers/license.py", line 34, in get_license_template
    return resource_string('shut', f'data/license_templates/{license_name}.txt').decode('utf-8')
  File "/home/user/.local/lib/python3.8/site-packages/pkg_resources/__init__.py", line 1155, in resource_string
    return get_provider(package_or_requirement).get_resource_string(
  File "/home/user/.local/lib/python3.8/site-packages/pkg_resources/__init__.py", line 1401, in get_resource_string
    return self._get(self._fn(self.module_path, resource_name))
  File "/home/user/.local/lib/python3.8/site-packages/pkg_resources/__init__.py", line 1626, in _get
    with open(path, 'rb') as stream:
FileNotFoundError: [Errno 2] No such file or directory: '/home/user/.local/lib/python3.8/site-packages/shut/data/license_templates/MIT.txt'
user@computer:~/project$ 
user@computer:~/project$ ls -al /home/user/.local/lib/python3.8/site-packages/shut
total 68
drwxrwxr-x  16 user user 4096 Nov 30 13:29 .
drwx------ 137 user user 4096 Nov 30 13:29 ..
drwxrwxr-x   3 user user 4096 Nov 30 13:29 builders
drwxrwxr-x   3 user user 4096 Nov 30 13:29 changelog
drwxrwxr-x   3 user user 4096 Nov 30 13:29 checkers
drwxrwxr-x   7 user user 4096 Nov 30 13:29 commands
-rw-rw-r--   1 user user 1205 Nov 30 13:29 __init__.py
drwxrwxr-x   3 user user 4096 Nov 30 13:29 lifecycle
drwxrwxr-x   3 user user 4096 Nov 30 13:29 lint
drwxrwxr-x   3 user user 4096 Nov 30 13:29 model
drwxrwxr-x   3 user user 4096 Nov 30 13:29 publish
drwxrwxr-x   3 user user 4096 Nov 30 13:29 publishers
drwxrwxr-x   2 user user 4096 Nov 30 13:29 __pycache__
-rw-rw-r--   1 user user    0 Nov 30 13:29 py.typed
drwxrwxr-x   3 user user 4096 Nov 30 13:29 renderers
drwxrwxr-x   3 user user 4096 Nov 30 13:29 test
drwxrwxr-x   5 user user 4096 Nov 30 13:29 utils
drwxrwxr-x   3 user user 4096 Nov 30 13:29 vcs
user@computer:~/project$ 
user@computer:~/project$ which shut
/home/user/.local/bin/shut
user@computer:~/project$

"shut mono bump" with inter dependencies does not update package requirements in setup.py

Running shut mono bump on a monorepo with package inter dependencies makes you end up in a state where the requirements in the package setup.py files do not contain the updated inter dependency.

`slap install` should install into the active virtualenv (according to `.venv/.state`) if no virtualenv is currently active

`slap release` should not allow using `--tag` or `--push` if branch is not up to date

If a git pull is needed, using shut pkg bump --tag --push will fail, but with the tag still pushed. Alternatively (or additionally), we could try pushing the current branch first, and only then create the tag and push it.

`slap changelog` should include package changelogs for mono repositories

Running shut changelog in a mono repository should include the unreleased changelog of the mono repository packages. When using the -a, --all option, the changelogs from the packages should be combined.

Requesting the changelog for a specific version should only include the packages if single versioning is enabled.

Copy of license file from parent folder in sdist doesn't work

In a mono repository, a package can inherit the license file of the repo by temporarily copying it into the package folder during setup.py. This doesn't work anymore. Looking at databind.core==1.1.3's setup.py, I can see

_tempcopy('../../LICENSE.txt', 'LICENSE.txt')

I belive that is one ../ too many.

Add check for validity of package_data config

I.e. if no files match, we should show a warning as it gets swallowed in shut pkg build or shut pkg publish.

`slap publish` and `slap release` should prevent you from running in a project only when it is part of a mono repository

Otherwise it can lead to partially release/publish projects.

`slap changelog update-pr` can't push the changes back to the repository if the Pull Request is coming from a forked repository

The GitHub runner doesn't get an environment variable that tells us what the fork repository is
We might not even have write permission on the forked repository from the GitHub runner anyway?

`slap add` does not check if the installed version satisfies the new constraint

Say you already have nr.util 0.8.10 installed. Running slap add nr.util^0.8.11 will just update your dependencies configuration, but it won't actually upgrade the dependency in your environment.

"shut mono bump" has duplicate version refs

Example:

$ shut mono bump --dry 0.1.0  -f

bumping 13 version reference(s)
  monorepo.yml: 0.1.0 → 0.1.0
  spam-bot/package.yaml: 0.1.0 → 0.1.0
  spam-bot/setup.py: 0.1.0 → 0.1.0
  spam-bot/src/spam_bot/__init__.py: 0.1.0 → 0.1.0
  spam-bot-predicate-comments/package.yml: 0.1.0 → 0.1.0
  spam-bot-predicate-comments/setup.py: 0.1.0 → 0.1.0
  spam-bot-predicate-comments/src/predicate_comments/__init__.py: 0.1.0 → 0.1.0
  spam-bot/package.yaml: 0.1.0 → 0.1.0
  spam-bot/setup.py: 0.1.0 → 0.1.0
  spam-bot/src/spam_bot/__init__.py: 0.1.0 → 0.1.0
  spam-bot-predicate-comments/package.yml: 0.1.0 → 0.1.0
  spam-bot-predicate-comments/setup.py: 0.1.0 → 0.1.0
  spam-bot-predicate-comments/src/predicate_comments/__init__.py: 0.1.0 → 0.1.0

Add GitLab plugin for `slap changelog update-pr`

Support Poetry's table-format for dependency definition

Poetry dependencies can be defined like

[tool.poetry.dependencies]
package1 = "^0.1.0"
package2 = { version = "^0.1.0" }

And currently, we only support the first format.

The second format comes with the additional complexity of support different types of dependencies, sources (PyPI indices) and marking dependencies as optional.

Add support for "contributors" and "pull_request" fields in changelog entries

This would be very useful to enhance the output of the changelog and to compile a list of contributors to a project.

When adding a changelog with shut changelog --add, it should automatically fill the contributors field with the current user.

Furthermore, we could add a shut changelog --check-added $BASE $HEAD command which would be useful for CI checks to assert hat a changelog entry is generated, and also (optionally) that the pull requests URL is set (correctly).

No module named setuptools when using "shut pkg install" in venv on Windows

OS: Windows 10
Shell: Git-for-Windows Bash
Python: CPython 3.9.5

Error description

When in a venv, using shut pkg install results in the error below. According to the command that Pip is trying to run, it seems to be using the global Python installation as opposed to the one from the venv.

(.venv) niklas@RAZER-BLADE-15:~/git/toolship/toolship-core  > where python
C:\Users\niklas\git\toolship\.venv\Scripts\python.exe
C:\Users\niklas\AppData\Local\Programs\Python\Python39\python.exe
(.venv) niklas@RAZER-BLADE-15:~/git/toolship/toolship-core  > shut pkg install --dry

  ⚠️   license: not specified
  ⚠️   package-url: missing

python -m pip install -e 'C:\Users\niklas\git\toolship\toolship-core'
(.venv) niklas@RAZER-BLADE-15:~/git/toolship/toolship-core  > shut pkg install

  ⚠️   license: not specified
  ⚠️   package-url: missing

Obtaining file:///C:/Users/niklas/git/toolship/toolship-core
    ERROR: Command errored out with exit status 1:
     command: 'C:\Users\niklas\AppData\Local\Programs\Python\Python39\python.exe' -c 'import io, os, sys, setuptools, tokenize; sys.argv[0] = '"'"'C:\\Users\\niklas\\git\\toolship\\toolship-core\\setup.py'"'"'; __file__='"'"'C:\\Users\\niklas\\git\\toolship\\toolship-core\\setup.py'"'"';f = getattr(tokenize, '"'"'open'"'"', open)(__file__) if os.path.exists(__file__) else io.StringIO('"'"'from setuptools import setup; setup()'"'"');code = f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base 'C:\Users\niklas\AppData\Local\Temp\pip-pip-egg-info-ky83fvg4'
         cwd: C:\Users\niklas\git\toolship\toolship-core\
    Complete output (3 lines):
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
    ModuleNotFoundError: No module named 'setuptools'
WARNING: Discarding file:///C:/Users/niklas/git/toolship/toolship-core. Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.
WARNING: You are using pip version 21.1.1; however, version 21.2.3 is available.
You should consider upgrading via the 'C:\Users\niklas\AppData\Local\Programs\Python\Python39\python.exe -m pip install --upgrade pip' command.

It works when making sure Shut uses pip instead of python -m pip. 🤷

(.venv) niklas@RAZER-BLADE-15:~/git/toolship/toolship-core  > PIP=pip shut pkg install --dry

  ⚠️   license: not specified
  ⚠️   package-url: missing

pip install -e 'C:\Users\niklas\git\toolship\toolship-core'
(.venv) niklas@RAZER-BLADE-15:~/git/toolship/toolship-core  > PIP=pip shut pkg install

  ⚠️   license: not specified
  ⚠️   package-url: missing

Obtaining file:///C:/Users/niklas/git/toolship/toolship-core
Requirement already satisfied: pynput<2.0.0,>=1.7.3 in c:\users\niklas\git\toolship\.venv\lib\site-packages (from toolship-core==0.0.0) (1.7.3)
Requirement already satisfied: six in c:\users\niklas\git\toolship\.venv\lib\site-packages (from pynput<2.0.0,>=1.7.3->toolship-core==0.0.0) (1.16.0)
Installing collected packages: toolship-core
  Attempting uninstall: toolship-core
    Found existing installation: toolship-core 0.0.0
    Uninstalling toolship-core-0.0.0:
      Successfully uninstalled toolship-core-0.0.0
  Running setup.py develop for toolship-core
Successfully installed toolship-core-0.0.0
WARNING: You are using pip version 21.1.1; however, version 21.2.3 is available.
You should consider upgrading via the 'c:\users\niklas\git\toolship\.venv\scripts\python.exe -m pip install --upgrade pip' command.

Add a static check to discover unused or missing dependencies and minimum required Python version based on stdlib/syntax features

Shut renders unnecessary "command" variable into setup.py which is only needed for install hooks

We only need this line if the package config uses install hooks:

command = sys.argv[1] if len(sys.argv) >= 2 else None

But Shut currently renders it always.

Prevent publish if current commit is not tagged

Shut should prevent publishing a package if the current commit is not tagged with the correct version or if there are any changes in the Git working tree.

Main Git branch cannot be identified in GitHub Actions when using the `github-actions` template

Using git branch -r --points-to refs/remotes/origin/HEAD fails in GitHub actions, even when doing git fetch beforehand. Maybe it's only supported in newer Git versions that are not available in Actions (yet)? An alternative could be to only use this method when the action does not yet exist, and otherwise load the action to look up what branch is configured in the action thus far.

Run shut pkg checks
error: malformed object name 'refs/remotes/origin/HEAD'
Traceback (most recent call last):
[...]
  File "/opt/hostedtoolcache/Python/3.9.6/x64/lib/python3.9/subprocess.py", line 424, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
  File "/opt/hostedtoolcache/Python/3.9.6/x64/lib/python3.9/subprocess.py", line 528, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['git', 'branch', '-r', '--points-at', 'refs/remotes/origin/HEAD']' returned non-zero exit status 129

`slap release` should comment on the GitHub issues in the changelog

Make shut as a module

Shut cannot be run as python -m shut or coverage run -m shut pkg test

When doing so:

$> python -m shut
/...bin/python: No module named shut.__main__; 'shut' is a package and cannot be directly executed
$> coverage run -m shut pkg test --no-capture
No module named shut.__main__; 'shut' is a package and cannot be directly executed

This is an example of a __main__.py file (from pytest)

https://github.com/pytest-dev/pytest/blob/main/src/pytest/__main__.py

"""The pytest entry point."""
import pytest

if __name__ == "__main__":    
    raise SystemExit(pytest.console_main())

`standard file not found` when using lowercase or non-standard readme file in setuptools build

If you use readme.md, setuptools will complain that no README.{,rst,txt,md} file was found. The setup file we render passes the readme file content to setuptools.setup(), so not sure why this is an issue for setuptools.

Support conda setup in GitHub Actions template for pacakges supporting older Python versions than Shut's minimum requirements

Example here: https://github.com/NiklasRosenstein/myo-python/blob/8e87eef9a1fd343e591bbeb37fe807064bd93b7f/.github/workflows/python.yml