m1kc · m1kc · May 27, 2025 · May 28, 2025 · May 29, 2025 · May 30, 2025
diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
@@ -0,0 +1,14 @@
+name: Dependency audit
+run-name: Checking dependencies vulnerabilities
+on: [push]
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v4
+      with:
+        python-version: 3.9
+    - run: pip install uv pip-audit-extra
+    - run: uv export --format requirements-txt | pip-audit-extra --fail-level CRITICAL --severity HIGH
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -5,19 +5,13 @@
 ```sh
 pipx install git+https://github.com/m1kc/django-spinproject.git@rc --force
 # pip install --user --upgrade 'git+https://github.com/m1kc/django-spinproject.git@master'
-# poetry add 'git+https://github.com/m1kc/django-spinproject.git@master'
+# uv add 'git+https://github.com/m1kc/django-spinproject.git@master'
 ```
 
 ## Publish a release
 
 1. Bump version in pyproject.toml. Create a commit with message `v1.x.x`;
 2. Create a tag named `v1.x.x` (using gitg), `git push --tags`;
-3. `poetry build`
-4. `poetry publish`
+3. `uv build`
+4. `uv publish --token <private-token> dist/<filenames>`
 5. Write release notes ("Auto-generate" for changelog link, `git log --oneline --graph` to generate commit list).
-
-## Authenticate with PyPI
-
-```sh
-poetry config pypi-token.pypi <private-token>
-```
diff --git a/Makefile b/Makefile
@@ -4,8 +4,8 @@ FOLDER=qqqq
 
 projectenv: project
 	cd ${FOLDER}
-	poetry add django django-environ whitenoise
-	poetry shell
+	uv add django django-environ whitenoise
+	uv run python3
 
 project: clean
 	./django_spinproject/bin/spinproject.py ${FOLDER}

diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@ Opinionated version of `django-admin startproject` that intends to go further an
 * 🔧 **settings.py**: slightly modified to also understand environment variables and `.env` files. This functionality requires the `django-environ` package. Also, app logger is mostly pre-configured for you.
 * 🔑 **Minimal login/logout pages** so you can set this up without reading the guide again.
 * 🔒 **Support for marking PostgreSQL databases as read-only** to prevent accidental modification of critical data.
-* 🧰 `script/bootstrap` and other [scripts to rule them all](https://github.blog/2015-06-30-scripts-to-rule-them-all/) so your fellow developers and maintainers don't ask you how to run this thing. Current versions of these scripts optimized for use with [poetry](https://python-poetry.org/), but you can easily adapt them for any Python package manager.
+* 🧰 `script/bootstrap` and other [scripts to rule them all](https://github.blog/2015-06-30-scripts-to-rule-them-all/) so your fellow developers and maintainers don't ask you how to run this thing. Current versions of these scripts optimized for use with [uv](https://docs.astral.sh/uv), but you can easily adapt them for any Python package manager.
 * 🏗️ **Dockerfile and .dockerignore**: one day your app will go to production, and we've got you covered.
 * 🏛️ **Gitlab CI config**.
 * ⚕️ **Pre-configured linter** so you can find some common problems automagically.

diff --git a/django_spinproject/bin/enhance-dockerfile.py b/django_spinproject/bin/enhance-dockerfile.py
diff --git a/django_spinproject/bin/enhance-dockerignore.py b/django_spinproject/bin/enhance-dockerignore.py