Migrate to Poetry and Makefile-based workflow

.cursor/rules/makefile-workflow.mdc

@@ -0,0 +1,49 @@
+---
+description: Makefile-based development workflow for ssllabs-scan
+globs: ["Makefile", "pyproject.toml", "ssllabsscan/**"]
+alwaysApply: true
+---
+
+# ssllabs-scan Development Workflow
+
+## Build and Test Commands
+Use the Makefile for all build and test operations:
+
+### Build Commands
+- `make build` - Build the Python package
+- `make install-deps` - Install project dependencies
+- `make install-test-deps` - Install test dependencies
+
+### Test Commands
+- `make test` - Run unit tests without coverage
+- `make test-coverage` - Run unit tests with coverage reporting
+- `make yamllint` - Run yamllint on GitHub workflow files
+
+### Development Commands
+- `make clean` - Clean test artifacts, build artifacts and temporary files
+- `make help` - Show all available targets
+
+## Project Structure
+- Main package: `ssllabsscan/`
+- Tests: `ssllabsscan/tests/`
+- CLI entry point: `ssllabs-scan` (defined in pyproject.toml)
+- Configuration: `pyproject.toml`
+
+## Development Workflow
+1. Install dependencies: `make install-deps`
+2. Run tests: `make test` or `make test-coverage`
+3. Build package: `make build`
+4. Run application: `ssllabs-scan` (after installation)
+5. Clean artifacts: `make clean`
+
+## Python Environment
+- Python 3.11+ required (uses Python 3.13 via Poetry)
+- Uses Poetry for Python package management
+- Uses setuptools for building
+- Dependencies managed via pyproject.toml
+- Test dependencies in optional-dependencies.test
+
+## Code Quality
+- Use `make yamllint` for YAML linting
+- Use `make test-coverage` for comprehensive testing
+- Clean up with `make clean` before commits

.github/dependabot.yml

@@ -22,3 +22,15 @@ updates:
       time: "09:00"
       timezone: Australia/Melbourne
     open-pull-requests-limit: 1
+
+  - package-ecosystem: poetry
+    directory: "/"
+    groups:
+      all-dependencies:
+        patterns:
+          - "*"
+    schedule:
+      interval: weekly
+      time: "09:30"
+      timezone: Australia/Melbourne
+    open-pull-requests-limit: 1

.github/linters/.yaml-lint.yml

@@ -0,0 +1,36 @@
+extends: default
+
+rules:
+  # Allow longer lines for GitHub Actions
+  line-length:
+    max: 120
+    level: warning
+
+  # Allow comments
+  comments:
+    min-spaces-from-content: 1
+
+  # Allow trailing spaces in some contexts
+  trailing-spaces:
+    level: warning
+
+  # Allow different indentation for YAML anchors
+  indentation:
+    spaces: 2
+    indent-sequences: true
+    check-multi-line-strings: false
+
+  # Allow truthy values
+  truthy:
+    allowed-values: ['true', 'false', 'on', 'off', 'yes', 'no']
+    check-keys: false
+
+  # Allow document start
+  document-start:
+    present: false
+
+  # Allow empty lines
+  empty-lines:
+    max: 2
+    max-start: 0
+    max-end: 1

.github/workflows/build-and-test.yml

@@ -0,0 +1,60 @@
+name: Build and Test
+
+on:
+  push:
+    paths-ignore:
+      - '**.json'
+      - '**.md'
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  lint:
+    name: Run yamllint on workflows
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: "3.13"
+      - name: Install Poetry
+        run: pip install poetry
+      - name: Install yamllint
+        run: poetry install --only dev
+      - name: Run yamllint
+        run: make yamllint
+
+  build:
+    needs: lint
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.11", "3.12", "3.13"]
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v5
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v6
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: make install-test-deps
+
+      - name: Run tests with coverage
+        run: make test-coverage
+
+      - name: Upload coverage to Codecov
+        if: matrix.python-version == '3.13'
+        uses: codecov/codecov-action@v5
+        with:
+          files: ./coverage.xml
+          flags: unittests
+          name: codecov-umbrella
+          fail_ci_if_error: false
+          token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/codeql-analysis.yml

@@ -3,6 +3,8 @@ name: CodeQL
 on:
   push:
     branches: [main]
+  pull_request:
+    branches: [main]
   schedule:
     - cron: '0 19 * * 5'
 
@@ -14,38 +16,12 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v5
-        with:
-          # We must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head.
-          fetch-depth: 2
-
-      # If this run was triggered by a pull request event, then checkout
-      # the head of the pull request instead of the merge commit.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v4
-        # Override language selection by uncommenting this and choosing your languages
-        # with:
-        #   languages: go, javascript, csharp, python, cpp, java
-
-      # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-      # If this step fails, then you should remove it and run the build manually (see below)
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@v4
-
-      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
-
-      # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-      #    and modify them (or add more) to build your code if your project
-      #    uses a compiled language
-
-      #- run: |
-      #   make bootstrap
-      #   make release
+        with:
+          languages: python
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v4

.github/workflows/dependabot-auto-approve-merge.yml

@@ -23,7 +23,8 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Enable auto-merge for Dependabot PRs
-        # if: ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') && steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
+        # if: ${{contains(steps.metadata.outputs.dependency-names, 'my-dependency') &&
+        #      steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
         run: gh pr merge --auto --merge "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}

.github/workflows/stale-issues.yml

@@ -11,6 +11,8 @@ jobs:
       - uses: actions/stale@v10
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
+          stale-issue-message: >
+            This issue is stale because it has been open 30 days with no activity.
+            Remove stale label or comment or this will be closed in 5 days.
           days-before-stale: 30
           days-before-close: 5