Skip to content

Convert from setuptools to flit-core + check-sdist #1223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sirosen merged 3 commits into from
Dec 29, 2025
Merged

Convert from setuptools to flit-core + check-sdist #1223

sirosen merged 3 commits into from
Dec 29, 2025

Conversation

@sirosen
Copy link
Member

@sirosen sirosen commented Dec 23, 2025

Switching to flit-core moves us to a more modern but very minimal backend (flit-core is considered the simplest production-ready PEP 517 backend and has no dependencies).
This change allows us to establish some tighter control over our build process, but driven by check-sdist, which is configured to verify our includes/excludes.

Although debatable, this change makes the decision to strip out the various testing and linting tools from the builds. (tox.ini, tests/*, etc)
The rationale is that slimmer builds install faster (good) and that redistributors should always be working from the source repo anyway (so that they are not trusting our builds, Trusted Publishing notwithstanding).

Changes:

  • Switch from setuptools to flit-core as a build backend
  • Setup check-sdist config + flit config to control and audit build contents
  • Update the 'twine-check' job to a 'check-package-data' job instead, which runs check-sdist (this could be moved to a separate tox env if preferable)

I hesitated about not including a changelog for this, but for 99% of users the impact is nil.
Therefore, there is no changelog entry. One can be added on request during review.

Not included: this does not yet configure reproducible builds, but flit-core does support this as long as SOURCE_DATE_EPOCH is set. That is intended as a small fast-follow.

@sirosen sirosen added the no-news-is-good-news This change does not require a news file label Dec 23, 2025
kurtmckee
kurtmckee requested changes Dec 24, 2025
View reviewed changes
sirosen and others added 2 commits December 29, 2025 09:48
@sirosen
Convert from setuptools to flit-core + check-sdist
00d147b 
- Switch from setuptools to flit-core as a build backend
- Setup check-sdist to ensure that build contents are well controlled
- Explicitly exclude tests and dev tooling from builds (ensuring we
  build a minimal package; redistributors should use the source repo)
- Update the 'twine-check' job to a 'check-package-data' job instead
@sirosen @kurtmckee
Improve package metadata checks w/ "minimum"
c00d3e5 
- Set the interpreter version for the check-package-data tox env to 3.10
  (3.9 would be ideal but conflicts with some deps)

- Set `--strict` in `twine check`

- Build in the tox envdir and use `recreate = true` to ensure it's always
  a clean build with no cached dependencies

- Implement a "minimum" factor which pins the build backend version
  (`flit-core==3.11`) via a constraints file, which is created
  ephemerally inside of the tox env

Co-authored-by: Kurt McKee <[email protected]>
@sirosen sirosen force-pushed the switch-to-flit-core-and-check-sdist branch from 3017c96 to c00d3e5 Compare December 29, 2025 16:10
@sirosen
Switch from metadata check job to --no-isolation
df2068a 
Rather than using `PIP_CONSTRAINT`, do the builds with `--no-isolation`
to guarantee that we are controlling the environment. Because under
`tox-uv` it is possible to have a test environment where `pip` is not
available, the `PIP_CONSTRAINT` technique is not guaranteed to be
effective.
kurtmckee
kurtmckee reviewed Dec 29, 2025
View reviewed changes
tox.ini
commands = python scripts/ensure_min_python_is_tested.py

[testenv:twine-check]
[testenv:check-package-data{,-minimum}]
Copy link
Member

@kurtmckee kurtmckee Dec 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One thing that occurs to me is that it would be nice for this to be added to the env_list so that it runs locally as well, but my approval for this PR still stands.

@sirosen sirosen merged commit f897f5f into globus:main Dec 29, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kurtmckee kurtmckee kurtmckee approved these changes

@aaschaer aaschaer Awaiting requested review from aaschaer aaschaer is a code owner

@ada-globus ada-globus Awaiting requested review from ada-globus ada-globus is a code owner

@derek-globus derek-globus Awaiting requested review from derek-globus derek-globus is a code owner

@m1yag1 m1yag1 Awaiting requested review from m1yag1 m1yag1 is a code owner

@MaxTueckeGlobus MaxTueckeGlobus Awaiting requested review from MaxTueckeGlobus MaxTueckeGlobus is a code owner

Assignees

No one assigned

Labels

no-news-is-good-news This change does not require a news file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sirosen @kurtmckee