Fix #839, move setup.py metadata & config settings into pyproject.toml, & remove requirements.txt
#959
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The modern approach is to put more things into `pyproject.toml`. This moves most things out of `setup.py`, with the exception of the native code extensions parts, and the version number. (Still to do: figure out how to move the version number too.)
mhucka
force-pushed
the
mh-more-pyproject
branch
from
4242c63 to
4823984
Compare
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request modernizes the project's packaging by migrating metadata from setup.py to pyproject.toml in line with PEP 621. The changes are well-executed and correctly move dependencies, project information, and other configurations. My main feedback is to eliminate the duplication of the version string, which is currently present in both pyproject.toml and setup.py. By fetching the version from the distribution metadata within setup.py, you can make pyproject.toml the single source of truth for the version, which improves maintainability and prevents potential inconsistencies.
mhucka
changed the title
setup.py configuration and metadata into pyproject.toml
mhucka
changed the title
setup.py configuration and metadata into pyproject.tomlsetup.py metadata and config into pyproject.toml
pavoljuhas
reviewed
Nov 19, 2025
pavoljuhas
reviewed
Nov 19, 2025
pavoljuhas
reviewed
Nov 19, 2025
Collaborator
pavoljuhas
left a comment
pavoljuhas
left a comment
There was a problem hiding this comment.
LGTM after addressing inline comments.
Have you tested if wheel building - especially with cibuildwheel - works with these changes?
github-actions
bot
added
size: L
mhucka
changed the title
setup.py metadata and config into pyproject.tomlsetup.py metadata & config settings into pyproject.toml, & remove requirements.txt
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
mhucka
force-pushed
the
mh-more-pyproject
branch
from
d93ae26 to
5654152
Compare
This makes use of 2 facilities in setuptools and pip.
1. Take advantage of the `--group` feature of pip for the development
dependencies. Developers can install them with the command
```shell
pip install --group dev
```
This makes files `requirements.txt` and `dev-requirements.txt` no
longer necessary, and also puts all the requirements into one file
for better clarity and maintenance.
2. Take advantage of the feature of `setuptools` and `setuptools_scm`
to get the version number from a file automatically. The setup here
makes it read `__version_`` from `qsimcirq/_version.py`.
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.0.0 to 6.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases">actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v6.1.0</h2> <h2>What's Changed</h2> <h3>Enhancements:</h3> <ul> <li>Add support for <code>pip-install</code> input by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1201">actions/setup-python#1201</a></li> <li>Add graalpy early-access and windows builds by <a href="https://github.com/timfel"><code>@timfel</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/880">actions/setup-python#880</a></li> </ul> <h3>Dependency and Documentation updates:</h3> <ul> <li>Enhanced wording and updated example usage for <code>allow-prereleases</code> by <a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/979">actions/setup-python#979</a></li> <li>Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1139">actions/setup-python#1139</a></li> <li>Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1094">actions/setup-python#1094</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1199">actions/setup-python#1199</a></li> <li>Upgrade requests from 2.32.2 to 2.32.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1130">actions/setup-python#1130</a></li> <li>Upgrade prettier from 3.5.3 to 3.6.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1234">actions/setup-python#1234</a></li> <li>Upgrade <code>@types/node</code> from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1235">actions/setup-python#1235</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/yarikoptic"><code>@yarikoptic</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/979">actions/setup-python#979</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v6...v6.1.0">https://github.com/actions/setup-python/compare/v6...v6.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/83679a892e2d95755f2dac6acb0bfd1e9ac5d548"><code>83679a8</code></a> Bump <code>@types/node</code> from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...</li> <li><a href="https://github.com/actions/setup-python/commit/bfc4944b43a5d84377eca3cf6ab5b7992ba61923"><code>bfc4944</code></a> Bump prettier from 3.5.3 to 3.6.2 (<a href="https://redirect.github.com/actions/setup-python/issues/1234">#1234</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/97aeb3efb8a852c559869050c7fb175b4efcc8cf"><code>97aeb3e</code></a> Bump requests from 2.32.2 to 2.32.4 in /<strong>tests</strong>/data (<a href="https://redirect.github.com/actions/setup-python/issues/1130">#1130</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/443da59188462e2402e2942686db5aa6723f4bed"><code>443da59</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...</li> <li><a href="https://github.com/actions/setup-python/commit/cfd55ca82492758d853442341ad4d8010466803a"><code>cfd55ca</code></a> graalpy: add graalpy early-access and windows builds (<a href="https://redirect.github.com/actions/setup-python/issues/880">#880</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/bba65e51ff35d50c6dbaaacd8a4681db13aa7cb4"><code>bba65e5</code></a> Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (<a href="https://redirect.github.com/actions/setup-python/issues/1094">#1094</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/18566f86b301499665bd3eb1a2247e0849c64fa5"><code>18566f8</code></a> Improve wording and "fix example" (remove 3.13) on testing against pre-releas...</li> <li><a href="https://github.com/actions/setup-python/commit/2e3e4b15a884dc73a63f962bff250a855150a234"><code>2e3e4b1</code></a> Add support for pip-install input (<a href="https://redirect.github.com/actions/setup-python/issues/1201">#1201</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/4267e283df95c05d9f16ece6624106f44613b489"><code>4267e28</code></a> Bump urllib3 from 1.26.19 to 2.5.0 in /<strong>tests</strong>/data and document breaking c...</li> <li>See full diff in <a href="https://github.com/actions/setup-python/compare/e797f83bcb11b83ae66e0230d6156d7c80228e7c...83679a892e2d95755f2dac6acb0bfd1e9ac5d548">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
It turns out that Dependabot uses the same database, so there is little point in running the OSV scanner too.
Changes: - Don't tell it to use full sentences in comments, or it goes overboard when critiquing people's PRs. - Add some guidance for shell scripts. - Add some more points to the overall development approach. - Minor verbiage changes here and there.
This adds the names of custom GitHub runners we've defined for Quantumlib.
…lib#975) Windows CI jobs are a bottleneck right now, so I defined larger GitHub-hosted runners. This adds the new names to the actionlint config file so that they are recognized by actionlint.
Update the commands and instructions to use the new approach.
I run cibuildwheel as a way of testing that everything works, and I forsee writing some instructions around that. It may be time to add it to the development dependencies.
Turns out `setup-python` looks for `pyprojec.toml` automatically.
Its contents are in pyproject.toml now.
Take advantage of setuptools_scm's ability to make dependencies be obtained dynamically.
Move cmake, pybind and numpy here. Also constrain more versions, including of some transitive dependencies, because I'm hitting conflicts on Python < 3.11. Some packages like countourpy were updated in recent times and need Numpy 2+, which leads to conflicts.
Add the `-n auto` flag to pytest in the cibuldwheel configuration
Need to set the working directory before trying to install stuff.
The initial plan to use only group dev didn't work out.
mhucka
force-pushed
the
mh-more-pyproject
branch
from
120874d to
c796145
Compare
Comment on lines
+53
to
+55
| RUN python3 -m pip install --no-cache-dir --upgrade pip && \ | ||
| python3 -m pip install --no-cache-dir -r requirements.txt && \ | ||
| python3 -m pip install --no-cache-dir --group dev |
Check warning
Code scanning / Scorecard
Pinned-Dependencies Medium
Collaborator
Author
Yes. However, I made more changes and now the commit history here on this PR is a mess, so I've redone this PR. The new one is #985. I will close this one now. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This addresses deprecation warnings originating from the use of outdated
setuptoolsfunctions, and takes the opportunity to modernize the management of the version number and the dependencies in accordance with current Python practices (PEP 621, 735).Key changes include:
All declarative package metadata (e.g., name, author, classifiers) has been moved from
setup.pytopyproject.toml. What's left insetup.pyhas been simplified to only contain the logic necessary for building the C++ extensions.The qsim version number is now stored in only on file,
qsimcirq/_version.py, and bothpyproject.tomlandsetup.pyread it from there. In the case ofsetup.py, the use of the deprecatedself.distribution.get_version()has been replaced with the use ofrunpyto read the version number fromqsimcirq/_version.py. (The latter change fixes Fix use of deprecated setuptools functions #839.)Development dependencies are no longer stored as "extras" but rather use the pyproject.toml
[dependency-groups]section introduced in 2024 by PEP 735 and recognized by pip version 25.1+. This means bothrequirements.txtanddev-requirements.txtare gone, and development dependencies are installed usingpyproject.tomldefines the versions of Python for which cibuildwheel builds wheels (in section[tool.cibuildwheel]).