Merge pull request #15 from mosquito/migrate-to-uv

Migrate to UV

Author: mosquito

.github/workflows/publish.yml

@@ -13,19 +13,14 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Setup python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-
-      - name: Install poetry
-        run: python -m pip install poetry
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v6
 
       - name: Set version from release tag
-        run: poetry version "${GITHUB_REF_NAME#v}"
+        run: uv version "${GITHUB_REF_NAME#v}"
 
       - name: Build package
-        run: poetry build
+        run: uv build
 
       - uses: actions/upload-artifact@v4
         with:

.github/workflows/pythonpackage.yml

@@ -6,7 +6,27 @@ on:
   pull_request:
     branches: [ master ]
 
+env:
+  FORCE_COLOR: 1
+
 jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v6
+
+      - name: Install dependencies
+        run: uv sync --frozen
+
+      - name: Run ruff check
+        run: uv run ruff check jwt_rsa tests
+
+      - name: Run ruff format check
+        run: uv run ruff format --check jwt_rsa tests
+
   mypy:
     runs-on: ubuntu-latest
     strategy:
@@ -15,23 +35,19 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v6
+
       - name: Setup python3.10
         uses: actions/setup-python@v5
         with:
           python-version: "3.10"
 
-      - name: Install poetry
-        run: python -m pip install poetry
-
       - name: Install dependencies
-        run: poetry install
-        env:
-          FORCE_COLOR: yes
+        run: uv sync --frozen
 
       - name: Run mypy
-        run: poetry run mypy jwt_rsa
-        env:
-          FORCE_COLOR: yes
+        run: uv run mypy jwt_rsa
 
   tests:
     runs-on: ubuntu-latest
@@ -48,20 +64,16 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Setup uv
+        uses: astral-sh/setup-uv@v6
+
       - name: Setup python${{ matrix.python }}
         uses: actions/setup-python@v5
         with:
           python-version: "${{ matrix.python }}"
 
-      - name: Install poetry
-        run: python -m pip install poetry
-
       - name: Install dependencies
-        run: poetry install
-        env:
-          FORCE_COLOR: yes
+        run: uv sync --frozen
 
       - name: Run tests
-        run: poetry run pytest
-        env:
-          FORCE_COLOR: yes
+        run: uv run pytest

CLAUDE.md

@@ -10,26 +10,29 @@ pyjwt-rsa — Python library and CLI for JWT token management with RSA cryptogra
 
 ```bash
 # Install dependencies
-poetry install
+uv sync
 
-# Run all tests (includes coverage + pylama linting)
-poetry run pytest
+# Run all checks (lint + mypy + tests)
+make test
+
+# Run tests only (includes coverage)
+uv run pytest
 
 # Run tests without coverage
-poetry run pytest --no-cov
+uv run pytest --no-cov
 
 # Run a single test file or test
-poetry run pytest tests/test_rsa.py
-poetry run pytest tests/test_rsa.py::test_jwt_token
+uv run pytest tests/test_rsa.py
+uv run pytest tests/test_rsa.py::test_jwt_token
 
 # Type checking (strict mode)
-poetry run mypy jwt_rsa
+uv run mypy jwt_rsa
 
 # Linting
-poetry run pylama jwt_rsa tests
+uv run ruff check jwt_rsa tests
 
 # Build
-poetry build
+uv build
 ```
 
 ## Architecture
@@ -43,6 +46,6 @@ poetry build
 ## Code Quality
 
 - **mypy strict** — all public functions must have full type annotations. Tests have `ignore_errors = true`.
-- **pylama** — pycodestyle + pyflakes + mccabe. Max line length 119. Ignored: E704.
-- **pytest** — `addopts` integrates coverage, doctests, and pylama in a single run.
+- **ruff** — pycodestyle + pyflakes + isort + pyupgrade + flake8-bugbear. Max line length 119. Ignored: E501, E704.
+- **pytest** — `addopts` integrates coverage and doctests in a single run.
 - Python 3.10+ required. CI tests on 3.10–3.13.

Makefile

@@ -0,0 +1,18 @@
+.PHONY: test tests mypy pytest lint format
+
+format:
+	uv run --group dev ruff check --fix jwt_rsa tests
+	uv run --group dev ruff format jwt_rsa tests
+
+lint:
+	uv run --group dev ruff check jwt_rsa tests
+	uv run --group dev ruff format --check jwt_rsa tests
+
+mypy:
+	uv run --group dev mypy jwt_rsa
+
+pytest:
+	uv run --group dev pytest
+
+test: lint mypy pytest
+tests: test

jwt_rsa/__init__.py

@@ -1,11 +1,14 @@
 from .rsa import (
-    RSAJWKPrivateKey, RSAJWKPublicKey, generate_rsa, load_private_key,
-    load_public_key, rsa_to_jwk,
+    RSAJWKPrivateKey,
+    RSAJWKPublicKey,
+    generate_rsa,
+    load_private_key,
+    load_public_key,
+    rsa_to_jwk,
 )
 from .token import JWT, JWTDecoder, JWTSigner
 from .types import RSAPrivateKey, RSAPublicKey
 
-
 __all__ = (
     "JWT",
     "JWTDecoder",

jwt_rsa/cli.py

@@ -5,7 +5,8 @@
 from pathlib import Path
 
 from jwt_rsa.issue import parse_interval
-from . import convert, issue, key_tester, keygen, pubkey, verify, jwks
+
+from . import convert, issue, jwks, key_tester, keygen, pubkey, verify
 from .token import ALGORITHMS
 
 
@@ -14,24 +15,32 @@ class Formatter(argparse.ArgumentDefaultsHelpFormatter, argparse.RawDescriptionH
 
 
 parser = ArgumentParser(formatter_class=Formatter)
+parser.add_argument("-a", "--algorithm", choices=ALGORITHMS, help="Algorithm for JWT keys", default="RS512")
 parser.add_argument(
-    "-a", "--algorithm", choices=ALGORITHMS,
-    help="Algorithm for JWT keys", default="RS512"
-)
-parser.add_argument(
-    "--log-level", choices=["debug", "info", "warning", "error", "critical"],
-    type=lambda x: getattr(logging, x.upper(), logging.INFO), default=logging.INFO,
+    "--log-level",
+    choices=["debug", "info", "warning", "error", "critical"],
+    type=lambda x: getattr(logging, x.upper(), logging.INFO),
+    default=logging.INFO,
 )
 
 subparsers = parser.add_subparsers(dest="command", required=True)
 
 keygen_parser = subparsers.add_parser("keygen", help="Generate a new RSA key pair", formatter_class=Formatter)
 keygen_parser.set_defaults(func=keygen.main)
 keygen_parser.add_argument(
-    "-b", "--bits", dest="bits", type=int, default=2048, choices=[2 ** i for i in range(10, 14)],
+    "-b",
+    "--bits",
+    dest="bits",
+    type=int,
+    default=2048,
+    choices=[2**i for i in range(10, 14)],
 )
 keygen_parser.add_argument(
-    "--kid", dest="kid", type=str, default="", help="Key ID, will be generated if missing",
+    "--kid",
+    dest="kid",
+    type=str,
+    default="",
+    help="Key ID, will be generated if missing",
 )
 keygen_parser.add_argument("-u", "--use", dest="use", type=str, default="sig", choices=["sig", "enc"])
 keygen_parser.add_argument("-o", "--format", choices=["pem", "jwk", "base64"], default="jwk")
@@ -68,23 +77,28 @@ class Formatter(argparse.ArgumentDefaultsHelpFormatter, argparse.RawDescriptionH
     " * 'y' means years\n"
 )
 issue_parser = subparsers.add_parser(
-    "issue",
-    help="Issue a new JWT token\n",
-    description=ISSUE_PARSER_DESCRIPTION,
-    formatter_class=Formatter
+    "issue", help="Issue a new JWT token\n", description=ISSUE_PARSER_DESCRIPTION, formatter_class=Formatter
 )
 issue_parser.add_argument(
-    "-K", "--private-key", required=True,
-    help="Private JWT key", type=Path,
+    "-K",
+    "--private-key",
+    required=True,
+    help="Private JWT key",
+    type=Path,
 )
 issue_parser.add_argument("--expired", help="Token expiration", type=parse_interval, default="+1M")
 issue_parser.add_argument("--nbf", help="Token nbf claim", type=parse_interval, default="-1m")
 issue_parser.add_argument(
-    "-I", "--no-interactive", action="store_false", dest="interactive",
+    "-I",
+    "--no-interactive",
+    action="store_false",
+    dest="interactive",
     help="No interactive mode, do not open editor for claims, just read JSON from stdin",
 )
 issue_parser.add_argument(
-    "-e", "--editor", help="Editor to use in interactive mode",
+    "-e",
+    "--editor",
+    help="Editor to use in interactive mode",
     default=os.getenv("EDITOR", "vim"),
 )
 issue_parser.set_defaults(func=issue.main)
@@ -95,7 +109,10 @@ class Formatter(argparse.ArgumentDefaultsHelpFormatter, argparse.RawDescriptionH
 verify_parser.add_argument("-k", "--public-key", required=False, help="Public key", type=Path)
 verify_parser.add_argument("-V", "--no-verify", action="store_false", help="No verify signature", dest="verify")
 verify_parser.add_argument(
-    "-I", "--no-interactive", action="store_false", dest="interactive",
+    "-I",
+    "--no-interactive",
+    action="store_false",
+    dest="interactive",
     help="Interactive mode or raw read token from stdin",
 )
 verify_parser.set_defaults(func=verify.main)

jwt_rsa/convert.py

@@ -19,9 +19,11 @@ def generate_kid(key: RSAPrivateKey) -> str:
 
 
 def convert(
-    private: RSAPrivateKey, public: RSAPublicKey,
+    private: RSAPrivateKey,
+    public: RSAPublicKey,
     fmt: Literal["pem", "jwk", "base64"],
-    pretty: bool = False, algorithm: AlgorithmType = "RS512",
+    pretty: bool = False,
+    algorithm: AlgorithmType = "RS512",
 ) -> tuple[str, str]:
     if fmt == "pem":
         return (

jwt_rsa/issue.py

@@ -14,7 +14,6 @@
 from .rsa import load_private_key
 from .token import JWT
 
-
 TEMPLATE = """# THIS FILE SUPPORTS COMMENTS AND TRAILING COMMAS
 # Actually it's a Python dictionary that will be evaluated as a JSON object
 # Anyway it supports Python-style single and double quotes, math expressions, etc.
@@ -97,7 +96,7 @@ def main(arguments: SimpleNamespace) -> None:
         load_private_key(arguments.private_key),
         expires=arguments.expired,
         nbf_delta=-arguments.nbf,
-        algorithm=arguments.algorithm
+        algorithm=arguments.algorithm,
     )
 
     whoami = pwd.getpwuid(os.getuid())
@@ -125,7 +124,8 @@ def main(arguments: SimpleNamespace) -> None:
         with NamedTemporaryFile("wt", suffix=".py") as fp:
             if arguments.interactive:
                 fp.write(
-                    TEMPLATE % {
+                    TEMPLATE
+                    % {
                         "exp": arguments.expired,
                         "nbf": arguments.nbf,
                         "preamble": preable,

jwt_rsa/jwks.py

@@ -6,7 +6,7 @@
 from abc import ABC, abstractmethod
 from contextlib import closing
 from functools import lru_cache
-from typing import TypedDict, Any
+from typing import Any, TypedDict
 from urllib.parse import urlparse
 
 from jwt.api_jws import PyJWS
@@ -43,25 +43,25 @@ def parse_jwk(self, jwk: dict[str, Any]) -> dict[str, RSAPublicKey]:
             if loaded_key is None:
                 log.warning("Skipping JWK key: %s", key)
                 continue
-            keys[jwk['kid']] = loaded_key
+            keys[jwk["kid"]] = loaded_key
         return keys
 
     @abstractmethod
     def refresh(self) -> Any:
         raise NotImplementedError()
 
-    @lru_cache(1024)
+    @lru_cache(1024)  # noqa: B019
     def decoder(self, kid: str) -> JWTDecoder:
         if kid not in self.keys:
             raise ValueError(f"Key with kid '{kid}' is unknown")
         return JWTDecoder(key=self.keys[kid])
 
     def decode(self, token: str) -> dict[str, Any]:
         header = self.jws.get_unverified_header(token)
-        if 'kid' not in header:
+        if "kid" not in header:
             raise ValueError("Token does not contain 'kid' header")
 
-        decoder = self.decoder(header['kid'])
+        decoder = self.decoder(header["kid"])
         return decoder.decode(token)
 
 
@@ -74,11 +74,7 @@ def __init__(self, url: str, *, ssl_context: ssl.SSLContext | None = None, **kwa
 
     def refresh(self) -> None:
         url_parts = urlparse(self.url)
-        host, port = (
-            url_parts.netloc.split(":")
-            if ":" in url_parts.netloc
-            else (url_parts.netloc, 443)
-        )
+        host, port = url_parts.netloc.split(":") if ":" in url_parts.netloc else (url_parts.netloc, 443)
         with closing(self.CLIENT_CLASS(host, int(port), context=self.ssl_context)) as client:
             client.request("GET", url_parts.path)
             response = client.getresponse()
@@ -91,6 +87,7 @@ def refresh(self) -> None:
 
 def main(args: argparse.Namespace) -> None:
     from .rsa import rsa_to_jwk
+
     fetcher = HTTPSJWKFetcher(args.url)
     fetcher.refresh()