Modernize packaging

[abhiaagarwal]

Description

This migrates the old setuptools-based packaging to instead use the pyproject.toml format, with uv as the package manager and hatchling as the build system. This mainly avoids adding the transitive dependencies of build and setuptools that are currently packaged with the sdk.

Moves CI over to use uv.

References

Closes #192

Review Checklist

• I have clicked on "allow edits by maintainers".
• I have added documentation for new/changed functionality in this PR or in a PR to openfga.dev [Provide a link to any relevant PRs in the references section above]
• The correct base branch is being used, if not main
• I have added tests to validate that the change in functionality is working as expected

Summary by CodeRabbit

• New Features

  • Added comprehensive project metadata, dependency groups, and build configuration to the project configuration file.

• Bug Fixes

  • Corrected a minor path in the type checking configuration.

• Documentation

  • Improved import examples in the README.
  • Updated API documentation to remove the name filter from the list_stores method.

• Refactor

  • Removed support for the name parameter in the list_stores API client methods.

• Chores

  • Migrated dependency and build management to modern standards, removing legacy packaging files and requirements.
  • Updated GitHub Actions workflow to use a new Python environment and dependency management tool.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: abhiaagarwal / name: Abhi Agarwal (69979bf, 278ec03, 7030fe4)

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	backports-asyncio-runner@​1.2.0

View full report

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

[abhiaagarwal]

Marking this as draft to make the upstream changes in sdk-generator, I'll force push on this branch.

[evansims]

Hey @abhiaagarwal 👋 Thanks a lot for contributing this! Now that the upstream Generator changes are merged, would you be up for updating this to bring the repo in sync?

[abhiaagarwal]

@evansims absolutely!

[coderabbitai]

Walkthrough

This change migrates the Python SDK project from legacy packaging and dependency management using setup.py, requirements.txt, and test-requirements.txt to a modern, PEP 621-compliant pyproject.toml configuration. The GitHub Actions workflow is updated to use the uv tool for environment setup, dependency management, and building. Documentation and code are updated to remove support for the name parameter in list_stores methods.

Changes

Cohort / File(s)	Change Summary
Modern packaging migration pyproject.toml, setup.py, requirements.txt, test-requirements.txt	Introduced pyproject.toml with project metadata, dependencies, and build configuration. Removed legacy setup.py, requirements.txt, and test-requirements.txt files.
Workflow modernization .github/workflows/main.yaml	Updated CI to use uv for Python setup, dependency management, and builds, replacing actions/setup-python, pip, and manual build commands.
API parameter removal (async client) openfga_sdk/api/open_fga_api.py	Removed name parameter from list_stores and list_stores_with_http_info methods and their documentation.
API parameter removal (sync client) openfga_sdk/sync/open_fga_api.py	Removed name parameter from list_stores and list_stores_with_http_info methods and their documentation.
Documentation updates docs/OpenFgaApi.md	Updated API documentation and usage examples to remove references to the name parameter for list_stores.
README import simplification README.md	Consolidated import statements in the "List Users" example for clarity.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub Actions
    participant uv
    participant Python Environment

    GitHub Actions->>uv: Setup Python (setup-uv)
    uv->>Python Environment: Create environment, install dependencies (uv sync)
    GitHub Actions->>uv: Run tests/lint/build (uv run, uv build)
    uv->>Python Environment: Execute commands in managed environment

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Assessment against linked issues

Objective	Addressed	Explanation
Migrate from legacy packaging (setup.py, requirements.txt) to modern tooling (pyproject.toml) (#192)	✅
Remove unnecessary dependencies like build and setuptools from runtime requirements (#192)	✅
Use a modern dependency tool (e.g., uv or poetry) for dependency management (#192)	✅

Assessment against linked issues: Out-of-scope changes

Code Change	Explanation
Removal of name parameter from list_stores methods and documentation (openfga_sdk/api/open_fga_api.py, openfga_sdk/sync/open_fga_api.py, docs/OpenFgaApi.md)	Removing the name parameter is unrelated to the packaging modernization objective in #192.
Consolidation of import statements in README example (README.md)	README import simplification is unrelated to packaging modernization.

Possibly related PRs

• chore: update readme import error #202: Updates import paths in the README, which is similar to the README import consolidation in this PR.

Suggested labels

release, documentation

Suggested reviewers

• evansims

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🔭 Outside diff range comments (2)

pyproject.toml (1)

139-144: mypy section contains invalid keys & list-valued exclude

packages is not a recognised mypy config option, and exclude expects a single regex string, not an array. Current config will cause “Unknown configuration option” errors and silently ignore the intended exclude.

-[tool.mypy]
-python_version = "3.10"
-packages = "openfga_sdk"
-exclude = [
-    "openfga_sdk/models",
-]
+[tool.mypy]
+python_version = "3.10"
+# Match anything under openfga_sdk/models
+exclude = "(^|/)openfga_sdk/models/"

openfga_sdk/sync/open_fga_api.py (1)

1308-1316: Update test invocations to remove the name parameter
The name argument was removed from list_stores_with_http_info and now passing it will raise FgaValidationException. Existing tests still call list_stores(name=…), so they must be updated:

• test/sync/open_fga_api_test.py:474
• test/api/open_fga_api_test.py:1892

Please remove (or replace) the name="test-store" argument in these calls and adjust assertions to match the new behavior.

🧹 Nitpick comments (4)

pyproject.toml (2)

37-42: Consider pinning upper bounds for all runtime deps

Only urllib3 has an explicit <3 cap; the other three libraries can introduce breaking API changes in any major release. Adding upper-bound pins (e.g. <4) avoids accidental breakage for your consumers.

---

47-55: [dependency-groups] is hatch-specific – document it

Readers unfamiliar with Hatch will not immediately know how to install the dev group (uv pip install -e . -G dev, hatch env create, etc.). A short comment in this stanza or in CONTRIBUTING/README will prevent onboarding friction.

.github/workflows/main.yaml (1)

70-77: Cache key should include uv.lock / resolved deps

cache-dependency-glob: "**/pyproject.toml" ignores the lock-file generated by uv pip compile.
If uv.lock (or .venv.json) changes but pyproject.toml stays the same, CI may reuse a stale cache.

cache-dependency-glob: |
  **/pyproject.toml
  **/uv.lock

docs/OpenFgaApi.md (1)

643-651: Example call still uses api_instance.api_instance; drop the redundant attribute

The SDK client returned by openfga_sdk.OpenFgaApi(...) already exposes the endpoint methods.
Using api_instance.api_instance.list_stores(...) in the snippet will raise an AttributeError for real code and may confuse users. Update the example to a single api_instance:

-        api_response = await api_instance.api_instance.list_stores(
-            page_size=page_size,
-            continuation_token=continuation_token
-        )
+        api_response = await api_instance.list_stores(
+            page_size=page_size,
+            continuation_token=continuation_token
+        )

(No further issues with the removal of the obsolete name parameter were found.)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d675336 and 69979bf.

⛔ Files ignored due to path filters (1)

• uv.lock is excluded by !**/*.lock

📒 Files selected for processing (9)

• .github/workflows/main.yaml (2 hunks)
• README.md (1 hunks)
• docs/OpenFgaApi.md (1 hunks)
• openfga_sdk/api/open_fga_api.py (1 hunks)
• openfga_sdk/sync/open_fga_api.py (1 hunks)
• pyproject.toml (2 hunks)
• requirements.txt (0 hunks)
• setup.py (0 hunks)
• test-requirements.txt (0 hunks)

💤 Files with no reviewable changes (3)

• requirements.txt
• test-requirements.txt
• setup.py

🔇 Additional comments (1)

openfga_sdk/api/open_fga_api.py (1)

1314-1314: LGTM! Parameter removal properly implemented.

The removal of the name parameter from the all_params list correctly implements the API change described in the PR summary. This change is consistent with the method documentation and aligns with the coordinated updates across async/sync clients.

[abhiaagarwal]

Hmmm, it seems that #202 needs to be updated upstream as well

[evansims]

Thanks @abhiaagarwal! I've got a PR created on the Generator to bring it up-to-date with 202 now.