Migrate from socket-sdk-python to socketdev>=3.0.0 and switch to uv (#113)

* Migrate from socket-sdk-python to socketdev>=3.0.0 and switch to uv

- Update pyproject.toml to use socketdev>=3.0.0,<4.0.0 instead of socket-sdk-python
- Replace pip-tools with uv for dependency management
- Update Makefile to use uv commands (uv pip compile, uv pip sync, etc.)
- Update Dockerfile to install socketdev instead of socket-sdk-python
- Update deployment scripts to reference socketdev
- Update README to reflect uv usage
- Regenerate all requirements files with uv
- Add requirements-test.txt file
- Update SOCKET_SDK_PATH references to point to ../socketdev
- Version bump to 2.2.3

* Switch to uv.lock for dependency management

- Replace requirements.txt files with uv.lock
- Update Makefile to use 'uv sync' instead of pip-compile workflow
- Simplify dependency management with 'uv lock' and 'uv sync --all-extras'
- Update test and lint commands to use 'uv run'
- Remove old requirements.txt, requirements-dev.txt, requirements-test.txt files
- Update README documentation to reflect uv.lock workflow
- Version bump to 2.2.4

Author: dacoburn

Dockerfile

@@ -18,5 +18,5 @@ RUN for i in $(seq 1 10); do \
         sleep 30; \
     done && \
     if [ ! -z "$SDK_VERSION" ]; then \
-        pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socket-sdk-python==${SDK_VERSION}; \
+        pip install --index-url ${PIP_INDEX_URL} --extra-index-url ${PIP_EXTRA_INDEX_URL} socketdev==${SDK_VERSION}; \
     fi

Makefile

@@ -1,7 +1,7 @@
-.PHONY: setup compile-deps sync-deps clean test lint init-tools local-dev first-time-setup update-deps dev-setup sync-all first-time-local-setup
+.PHONY: setup sync clean test lint update-lock local-dev first-time-setup dev-setup sync-all first-time-local-setup
 
 # Environment variable for local SDK path (optional)
-SOCKET_SDK_PATH ?= ../socket-sdk-python
+SOCKET_SDK_PATH ?= ../socketdev
 
 # Environment variable to control local development mode
 USE_LOCAL_SDK ?= false
@@ -16,44 +16,37 @@ first-time-local-setup:
 	$(MAKE) clean
 	$(MAKE) USE_LOCAL_SDK=true dev-setup
 
-# Update dependencies after changing pyproject.toml
-update-deps: compile-deps sync-deps
+# Update lock file after changing pyproject.toml
+update-lock:
+	uv lock
 
 # Setup for local development
 dev-setup: clean local-dev setup
 
 # Sync all dependencies after pulling changes
-sync-all: sync-deps
+sync-all: sync
 
 # === Implementation targets ===
 
-# Creates virtual environment and installs pip-tools
-init-tools:
-	python -m venv .venv
-	. .venv/bin/activate && pip install pip-tools
-
 # Installs dependencies needed for local development
-# Currently: socket-sdk-python from test PyPI or local path
-local-dev: init-tools
+# Currently: socketdev from test PyPI or local path
+local-dev:
 ifeq ($(USE_LOCAL_SDK),true)
-	. .venv/bin/activate && pip install -e $(SOCKET_SDK_PATH)
+	uv add --editable $(SOCKET_SDK_PATH)
 endif
 
-# Creates/updates requirements.txt files with locked versions based on pyproject.toml
-compile-deps: local-dev
-	. .venv/bin/activate && pip-compile --output-file=requirements.txt pyproject.toml
-	. .venv/bin/activate && pip-compile --extra=dev --output-file=requirements-dev.txt pyproject.toml
-	. .venv/bin/activate && pip-compile --extra=test --output-file=requirements-test.txt pyproject.toml
-
-# Creates virtual environment and installs dependencies from pyproject.toml
-setup: compile-deps
-	. .venv/bin/activate && pip install -e ".[dev,test]"
+# Creates virtual environment and installs dependencies from uv.lock
+setup: update-lock
+	uv sync --all-extras
+ifeq ($(USE_LOCAL_SDK),true)
+	uv add --editable $(SOCKET_SDK_PATH)
+endif
 
-# Installs exact versions from requirements.txt into your virtual environment
-sync-deps:
-	. .venv/bin/activate && pip-sync requirements.txt requirements-dev.txt requirements-test.txt
+# Installs exact versions from uv.lock into your virtual environment
+sync:
+	uv sync --all-extras
 ifeq ($(USE_LOCAL_SDK),true)
-	. .venv/bin/activate && pip install -e $(SOCKET_SDK_PATH)
+	uv add --editable $(SOCKET_SDK_PATH)
 endif
 
 # Removes virtual environment and cache files
@@ -62,8 +55,8 @@ clean:
 	find . -type d -name "__pycache__" -exec rm -rf {} +
 
 test:
-	pytest
+	uv run pytest
 
 lint:
-	ruff check .
-	ruff format --check .
+	uv run ruff check .
+	uv run ruff format --check .

README.md

@@ -371,9 +371,9 @@ make first-time-setup
 2. Local Development Setup (for SDK development):
 ```bash
 pyenv local 3.11  # Ensure correct Python version
-SOCKET_SDK_PATH=~/path/to/socket-sdk-python make first-time-local-setup
+SOCKET_SDK_PATH=~/path/to/socketdev make first-time-local-setup
 ```
-The default SDK path is `../socket-sdk-python` if not specified.
+The default SDK path is `../socketdev` if not specified.
 
 #### Ongoing Development Tasks
 
@@ -392,25 +392,23 @@ make sync-all
 High-level workflows:
 - `make first-time-setup`: Complete setup using PyPI packages
 - `make first-time-local-setup`: Complete setup for local SDK development
-- `make update-deps`: Update requirements.txt files and sync dependencies
+- `make update-lock`: Update uv.lock file after changing pyproject.toml
 - `make sync-all`: Sync dependencies after pulling changes
 - `make dev-setup`: Setup for local development (included in first-time-local-setup)
 
 Implementation targets:
-- `make init-tools`: Creates virtual environment and installs pip-tools
 - `make local-dev`: Installs dependencies needed for local development
-- `make compile-deps`: Generates requirements.txt files with locked versions
-- `make setup`: Creates virtual environment and installs dependencies
-- `make sync-deps`: Installs exact versions from requirements.txt
+- `make setup`: Creates virtual environment and installs dependencies from uv.lock
+- `make sync`: Installs exact versions from uv.lock
 - `make clean`: Removes virtual environment and cache files
-- `make test`: Runs pytest suite
-- `make lint`: Runs ruff for code formatting and linting
+- `make test`: Runs pytest suite using uv run
+- `make lint`: Runs ruff for code formatting and linting using uv run
 
 ### Environment Variables
 
 #### Core Configuration
 - `SOCKET_SECURITY_API_KEY`: Socket Security API token (alternative to --api-token parameter)
-- `SOCKET_SDK_PATH`: Path to local socket-sdk-python repository (default: ../socket-sdk-python)
+- `SOCKET_SDK_PATH`: Path to local socketdev repository (default: ../socketdev)
 
 #### GitLab Integration
 - `GITLAB_TOKEN`: GitLab API token for GitLab integration (supports both Bearer and PRIVATE-TOKEN authentication)

pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "socketsecurity"
-version = "2.2.2"
+version = "2.2.4"
 requires-python = ">= 3.10"
 license = {"file" = "LICENSE"}
 dependencies = [
@@ -16,7 +16,7 @@ dependencies = [
     'GitPython',
     'packaging',
     'python-dotenv',
-    'socket-sdk-python>=2.1.8,<3'
+    'socketdev>=3.0.0,<4.0.0'
 ]
 readme = "README.md"
 description = "Socket Security CLI for CI/CD"
@@ -45,7 +45,7 @@ test = [
 dev = [
     "ruff>=0.3.0",
     "twine", # for building
-    "pip-tools>=7.4.0",  # for pip-compile
+    "uv>=0.1.0",  # for dependency management
     "pre-commit",
     "hatch"
 ]