added a pyproject.toml

[Omswastik-11]

User description

Type of change

• Refactor
• New feature
• Bug fix
• Optimization

Description

<-- Provide a brief description of the changes made in this PR. -->

Related Tickets & Documents

If no related issue, please create one and start the converasation on wants of

• Related Issue #:
• Closes [ENH] Tooling: Adopt pyproject.toml  #1113

Documentation

• Is documentation needed for this update?

If checked, a documentation PR must be created and merged in the website repository.

Related Documentation PR (if applicable)

<-- Add the link to the corresponding documentation PR in the website repository -->

Checklist before requesting a review

[ ] Ensure the changes and proposed solution have been discussed in the relevant issue and have received acknowledgment from the community or maintainers. See contributing guidelines
See testing your changes and run on any Kubernetes or OpenShift cluster to validate your changes

• I have performed a self-review of my code by running krkn and specific scenario
• If it is a core feature, I have added thorough unit tests with above 80% coverage

REQUIRED:
Description of combination of tests performed and output of run

python run_kraken.py
...
<---insert test results output--->

OR

python -m coverage run -a -m unittest discover -s tests -v
...
<---insert test results output--->

---

PR Type

Enhancement

---

Description

• Migrate project configuration from setup.py to modern pyproject.toml

• Define build system with setuptools and wheel backend

• Consolidate all project metadata and dependencies in single file

• Include comprehensive package data configuration for YAML, JSON, and template files

---

Diagram Walkthrough

flowchart LR
  A["setup.py"] -- "migrate to" --> B["pyproject.toml"]
  B --> C["Build System Config"]
  B --> D["Project Metadata"]
  B --> E["Dependencies List"]
  B --> F["Package Data"]

Loading

File Walkthrough

Relevant files

Configuration changes

pyproject.toml Add comprehensive pyproject.toml configuration file            pyproject.toml Created new pyproject.toml file with PEP 517/518 compliant build system configuration Defined project metadata including name, version, description, authors, and license Listed 57 project dependencies with pinned versions for reproducible builds Configured setuptools to include krkn and tests packages with wildcard data files (YAML, JSON, templates, shell scripts) +69/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🟡	🎫 #1113 🟢 Add a top-level pyproject.toml adopting a PEP 517 build backend with a proper [build-system] section. 🔴 Add [project] metadata including name, version, description, requires-python, dependencies, and entry points. Update CI and developer documentation to build/install via python -m build / pip install . and validate pip install -e .. Add a short migration checklist and tests to verify packaging and installation on supported Python versions (>=3.9). ⚪ Keep setup.cfg only as a transitional fallback if needed, gradually moving settings into pyproject.toml. Optionally add [tool.*] sections to centralize tool configuration over time (e.g., mypy, black).
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
High-level	✅ Separate runtime and development package configurations Suggestion Impact: The commit removes pytest and coverage from main [project].dependencies, adds them under [project.optional-dependencies].test, and updates setuptools packages to stop installing "tests" (packages now only includes "krkn"). It also removes other dev/build deps (setuptools, wheel) from runtime deps. code diff: @@ -26,8 +26,6 @@ "azure-mgmt-compute==30.5.0", "azure-mgmt-network==27.0.0", "itsdangerous==2.0.1", - "coverage==7.6.12", - "datetime==5.4", "docker>=6.0,<7.0", "gitpython==3.1.41", "google-auth==2.37.0", @@ -44,26 +42,29 @@ "paramiko==3.4.0", "pyVmomi==8.0.2.0.1", "pyfiglet==1.0.2", - "pytest==8.0.0", "python-ipmi==0.5.4", "python-openstackclient==6.5.0", "requests<2.32", "requests-unixsocket>=0.4.0", "service_identity==24.1.0", "PyYAML==6.0.1", - "setuptools==78.1.1", "werkzeug==3.1.4", - "wheel==0.42.0", "zope.interface==5.4.0", "cryptography>=42.0.4", "protobuf>=4.25.8", +] + +[project.optional-dependencies] +test = [ + "coverage==7.6.12", + "pytest==8.0.0", ] [project.urls] Homepage = "https://github.com/krkn-chaos/krkn" [tool.setuptools] -packages = ["krkn", "tests"] +packages = ["krkn"] The suggestion recommends separating development dependencies like pytest into [project.optional-dependencies] and removing the tests directory from the list of installable packages in [tool.setuptools.packages]. Examples: pyproject.toml [19-60] dependencies = [ "aliyun-python-sdk-core==2.13.36", "aliyun-python-sdk-ecs==4.24.25", "arcaflow-plugin-sdk==0.14.0", "boto3==1.28.61", "azure-identity==1.16.1", "azure-keyvault==4.2.0", "azure-mgmt-compute==30.5.0", "azure-mgmt-network==27.0.0", "itsdangerous==2.0.1", ... (clipped 32 lines) pyproject.toml [66] packages = ["krkn", "tests"] Solution Walkthrough: Before: # pyproject.toml [project] dependencies = [ "boto3==1.28.61", # ... "coverage==7.6.12", # ... "pytest==8.0.0", # ... ] [tool.setuptools] packages = ["krkn", "tests"] After: # pyproject.toml [project] dependencies = [ "boto3==1.28.61", # ... (runtime dependencies only) ] [project.optional-dependencies] test = [ "coverage==7.6.12", "pytest==8.0.0", ] [tool.setuptools] packages = ["krkn"] Suggestion importance[1-10]: 9 __ Why: The suggestion correctly identifies that development dependencies like pytest and coverage are mixed with runtime dependencies, and that the tests directory is incorrectly included as a package, which are significant packaging flaws.	High
General	✅ Remove conflicting datetime dependency Suggestion Impact: The commit removed "datetime==5.4" from the project dependencies (and also reorganized dependencies into optional test deps), addressing the suggested conflict. code diff: - "coverage==7.6.12", - "datetime==5.4", "docker>=6.0,<7.0", Remove the datetime dependency from pyproject.toml to avoid conflicts with Python's built-in datetime module. pyproject.toml [30] -"datetime==5.4", + [Suggestion processed] Suggestion importance[1-10]: 8 __ Why: This is a critical correction, as including the third-party datetime package can lead to subtle and hard-to-debug conflicts with the standard library module of the same name.	Medium
	✅ Move build tools out of runtime deps Suggestion Impact: The commit removed `setuptools` and `wheel` from `project.dependencies`, aligning with the suggestion to keep build tools out of runtime dependencies. (It also moved some test-related deps into `project.optional-dependencies`.) code diff: - "setuptools==78.1.1", "werkzeug==3.1.4", - "wheel==0.42.0", "zope.interface==5.4.0", "cryptography>=42.0.4", "protobuf>=4.25.8", +] + +[project.optional-dependencies] +test = [ + "coverage==7.6.12", + "pytest==8.0.0", ] Remove setuptools and wheel from project.dependencies as they are build-time requirements already defined in [build-system].requires. pyproject.toml [54-56] -"setuptools==78.1.1", -"wheel==0.42.0", + [Suggestion processed] Suggestion importance[1-10]: 7 __ Why: This suggestion correctly identifies that setuptools and wheel are build-time, not runtime, dependencies. Removing them from project.dependencies adheres to packaging best practices and cleans up the dependency list.	Medium
Security	Constrain major versions Add upper version bounds for the cryptography and protobuf dependencies to prevent breaking changes from future major releases. pyproject.toml [58-59] -"cryptography>=42.0.4", -"protobuf>=4.25.8", +"cryptography>=42.0.4,<43.0.0", +"protobuf>=4.25.8,<5.0.0", Apply / Chat Suggestion importance[1-10]: 7 __ Why: This suggestion improves build stability by adding upper bounds to dependencies like cryptography and protobuf, preventing automatic updates to new major versions that could introduce breaking changes.	Medium
Possible issue	Update outdated and potentially incompatible dependency Update the itsdangerous dependency from version 2.0.1 to >=2.1.2 to avoid potential compatibility issues with other modern dependencies. pyproject.toml [27-29] "azure-mgmt-network==27.0.0", -"itsdangerous==2.0.1", +"itsdangerous>=2.1.2", "coverage==7.6.12", Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies an outdated dependency (itsdangerous) and proposes an update to prevent potential compatibility issues with newer packages like werkzeug, improving project stability.	Low
Update