Migrate to Poetry and Makefile-based workflow

[kyhau]

Replaces tox and requirements files with Poetry for dependency management and a Makefile for task automation. Updates CI/CD to use GitHub Actions with Poetry and Make, adds Python 3.13 support, and drops support for Python 3.9/3.10. Updates Dockerfile, .gitignore, and documentation to reflect the new workflow. Removes legacy files including setup.py, tox.ini, Travis CI, and requirements files.

[amazon-q-developer]

⏳ Code review in progress. Analyzing for code quality issues and best practices. Detailed findings will be posted upon completion.

Using Amazon Q Developer for GitHub

Amazon Q Developer¹ is an AI-powered assistant that integrates directly into your GitHub workflow, enhancing your development process with intelligent features for code development, review, and transformation.

Slash Commands

Command	Description
/q <message>	Chat with the agent to ask questions or request revisions
/q review	Requests an Amazon Q powered code review
/q help	Displays usage information

Features

Agentic Chat
Enables interactive conversation with Amazon Q to ask questions about the pull request or request specific revisions. Use /q <message> in comment threads or the review body to engage with the agent directly.

Code Review
Analyzes pull requests for code quality, potential issues, and security concerns. Provides feedback and suggested fixes. Automatically triggered on new or reopened PRs (can be disabled for AWS registered installations), or manually with /q review slash command in a comment.

Customization

You can create project-specific rules for Amazon Q Developer to follow:

1. Create a .amazonq/rules folder in your project root.
2. Add Markdown files in this folder to define rules (e.g., cdk-rules.md).
3. Write detailed prompts in these files, such as coding standards or best practices.
4. Amazon Q Developer will automatically use these rules when generating code or providing assistance.

Example rule:

All Amazon S3 buckets must have encryption enabled, enforce SSL, and block public access.
All Amazon DynamoDB Streams tables must have encryption enabled.
All Amazon SNS topics must have encryption enabled and enforce SSL.
All Amazon SNS queues must enforce SSL.

Feedback

To provide feedback on Amazon Q Developer, create an issue in the Amazon Q Developer public repository.

For more detailed information, visit the Amazon Q for GitHub documentation.

Footnotes

1. Amazon Q Developer uses generative AI. You may need to verify generated code before using it in your environment. See the AWS Responsible AI Policy. ↩

[kyhau]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
⏩	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.43%. Comparing base (4f21a9f) to head (71ad090).
⚠️ Report is 93 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #252      +/-   ##
==========================================
+ Coverage   78.48%   83.43%   +4.95%     
==========================================
  Files           4        4              
  Lines         158      163       +5     
==========================================
+ Hits          124      136      +12     
+ Misses         34       27       -7     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[amazon-q-developer]

Summary

This PR represents a significant modernization of the project's build and dependency management system. The migration from tox to Poetry with Makefile-based workflows is well-executed and brings several benefits:

✅ Strengths

1. Modern Dependency Management: Poetry provides better dependency resolution and lock file management compared to the previous requirements.txt approach
2. Improved CI/CD: The new GitHub Actions workflow is cleaner and more maintainable than the previous tox-based setup
3. Python Version Updates: Adding Python 3.13 support while dropping EOL versions (3.9, 3.10) is appropriate
4. Developer Experience: The Makefile provides a consistent interface for common development tasks
5. Security Improvements: The datetime modernization fixes deprecation warnings and follows current best practices
6. Docker Optimization: Better layer caching with separate dependency installation steps

🔧 Areas for Improvement

1. Configuration Duplication: The pyproject.toml contains both PEP 517/518 and Poetry configurations, which could lead to maintenance overhead
2. Dependabot Conflicts: Both pip and poetry ecosystems are configured, which might create conflicting updates
3. Documentation Inconsistencies: Some references to old Python versions remain in the documentation
4. Hardcoded Paths: The Dockerfile contains hardcoded Python version paths that could break with updates

📋 Recommendations

• Consider standardizing on either PEP 517/518 or Poetry configuration (not both)
• Review Dependabot configuration to avoid ecosystem conflicts
• Update all documentation to reflect the new supported Python versions
• Use dynamic path resolution in Docker for better maintainability

Overall, this is a solid modernization effort that significantly improves the project's maintainability and developer experience. The changes are well-structured and follow current Python packaging best practices.

[amazon-q-developer]

The pyproject.toml file contains duplicate configuration sections for both PEP 517/518 standards and Poetry. This creates maintenance overhead and potential inconsistencies. Consider choosing one approach for cleaner configuration management.

# Note: Poetry configuration can be removed if using pure PEP 517/518 approach
# Alternatively, if keeping Poetry, consider removing the [project] section above
# and using Poetry's native configuration exclusively

[amazon-q-developer]

The find command with -exec rm -rf {} + can fail if it encounters directories that are being processed. Consider using a safer approach that handles potential race conditions.

Suggested change

	find . -type d -name __pycache__ -exec rm -rf {} +
	find . -type d -name __pycache__ -print0 | xargs -0 rm -rf

[amazon-q-developer]

Consider pinning Poetry to a specific version for reproducible builds and security. The current installation method uses the latest version which could introduce unexpected changes.

Suggested change

	run: pip install poetry
	- name: Install Poetry
	run: pip install poetry==1.8.5

[amazon-q-developer]

The hardcoded Python version path in the copy command creates a maintenance burden and could break if the Python version changes. Consider using a more dynamic approach or environment variable.

Suggested change

	RUN cp sample/styles.css /usr/local/lib/python3.13/site-packages/ssllabsscan/styles.css
	# Copy styles.css to the correct location
	RUN PYTHON_SITE_PACKAGES=$(python -c "import site; print(site.getsitepackages()[0])") && \
	cp sample/styles.css "$PYTHON_SITE_PACKAGES/ssllabsscan/styles.css"

[amazon-q-developer]

Good addition of Poetry ecosystem support to Dependabot! However, consider whether both pip and poetry ecosystems are needed simultaneously, as this might create conflicting dependency updates. Since the project has migrated to Poetry, you may want to remove the pip ecosystem configuration.

[amazon-q-developer]

The documentation mentions Python versions 3.9-3.12 for testing, but the project now only supports Python 3.11+ according to the pyproject.toml. This should be updated to reflect the current supported versions.

Suggested change

	make test-all # Run tests on all Python versions (3.9-3.12)
	make test-all # Run tests on all Python versions (3.11-3.13)