Use modern Python tooling for org automation

.github/workflows/org-inactive-user-management.yml

@@ -12,18 +12,21 @@ jobs:
   org-config-generation-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-python@v5
-        with:
-          python-version: 3.13
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           path: community
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version-file: "community/orgs/pyproject.toml"
+      - uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
       - name: Clean inactive github org users
         id: uds
+        working-directory: ./community/orgs
         run: |
-          python -m pip install --upgrade pip
-          pip install -r community/orgs/requirements.txt
-          python community/orgs/org_user_management.py
+          uv run --no-dev python -m org_management.org_user_management
         env:
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
           INACTIVE_USER_MANAGEMENT_TAG_USERS: ${{ secrets.INACTIVE_USER_MANAGEMENT_TAG_USERS }}

.github/workflows/org-management-check-prs.yml

@@ -10,14 +10,17 @@ jobs:
   org-config-generation-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-python@v5
-        with:
-          python-version: 3.13
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           path: community
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version-file: "community/orgs/pyproject.toml"
+      - uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
       - name: Generate github org configuration
+        working-directory: ./community/orgs
         run: |
-          python -m pip install --upgrade pip
-          pip install -r community/orgs/requirements.txt
-          python community/orgs/org_management.py -o orgs.out.yml -b branchprotection.out.yml
+          uv run --no-dev python -m org_management -o orgs.out.yml -b branchprotection.out.yml

.github/workflows/org-management-ci.yml

@@ -2,30 +2,32 @@ name: 'Org Automation CI'
 on:
   pull_request:
     paths:
-      - 'orgs/*.py'
-      - 'orgs/requirements*'
+      - 'orgs/org_management/*.py'
       - 'orgs/pyproject.toml'
       - '.github/workflows/org-management-ci.yml'
 jobs:
   org-automation-tests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-python@v5
-        with:
-          python-version: 3.13
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           path: community
-      - name: pip install
-        run: |
-          python -m pip install --upgrade pip
-          pip install -r community/orgs/requirements.txt
-          pip install -r community/orgs/requirements-dev.txt
-      - name: flake8 and black
-        run: |
-          cd community/orgs
-          python -m flake8
-      - name: unit tests
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version-file: "community/orgs/pyproject.toml"
+      - uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
+      - name: Install Python dependencies
+        working-directory: ./community/orgs
+        run: uv sync --all-extras --dev --locked
+      - name: Lint Python
+        working-directory: ./community/orgs
         run: |
-          cd community/orgs
-          python -m unittest discover -s .
+          uv run ruff check
+          uv run ruff format --check
+          uv run basedpyright
+      - name: Run Python tests
+        working-directory: ./community/orgs
+        run: uv run -m unittest discover -s .

.github/workflows/org-management.yml

@@ -34,17 +34,20 @@ jobs:
           key: ghproxy-cache-${{ github.run_number }}
           restore-keys: |
             ghproxy-cache-
-      - uses: actions/setup-python@v5
-        with:
-          python-version: 3.13
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           path: community
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version-file: "community/orgs/pyproject.toml"
+      - uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
       - name: Generate github org configuration
+        working-directory: ./community/orgs
         run: |
-          python -m pip install --upgrade pip
-          pip install -r community/orgs/requirements.txt
-          python community/orgs/org_management.py -o orgs.out.yml -b branchprotection.out.yml
+          uv run --no-dev python -m org_management -o orgs.out.yml -b branchprotection.out.yml
       - name: write github private key
         run: |
           echo "${GH_PRIVATE_KEY}" > private_key
@@ -96,17 +99,20 @@ jobs:
           key: ghproxy-cache-${{ github.run_number }}
           restore-keys: |
             ghproxy-cache-
-      - uses: actions/setup-python@v5
-        with:
-          python-version: 3.13
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           path: community
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version-file: "community/orgs/pyproject.toml"
+      - uses: astral-sh/setup-uv@v7
+        with:
+          enable-cache: true
       - name: Generate github org configuration
+        working-directory: ./community/orgs
         run: |
-          python -m pip install --upgrade pip
-          pip install -r community/orgs/requirements.txt
-          python community/orgs/org_management.py -o orgs.out.yml -b branchprotection.out.yml
+          uv run --no-dev python -m org_management -o orgs.out.yml -b branchprotection.out.yml
       - name: write github private key
         run: |
           echo "${GH_PRIVATE_KEY}" > private_key

.gitignore

@@ -1,8 +1,10 @@
 
 toc/elections/2021/private.csv
 /.secrets
-.vscode
 __pycache__
 orgs.out.yml
 branchprotection.out.yml
-/.idea
+/.idea
+.venv
+.ruff_cache
+.DS_Store

.vscode/settings.json

@@ -0,0 +1,21 @@
+{
+    "python.testing.unittestArgs": [
+        "-v",
+        "-s",
+        "./orgs",
+        "-p",
+        "test_*.py"
+    ],
+    "python.testing.pytestEnabled": false,
+    "python.testing.unittestEnabled": true,
+    "python-envs.defaultEnvManager": "ms-python.python:venv",
+    "python-envs.pythonProjects": [
+        {
+            "path": "orgs",
+            "envManager": "ms-python.python:venv",
+            "packageManager": "ms-python.python:pip"
+        }
+    ],
+    "python.analysis.typeCheckingMode": "off",
+    "basedpyright.analysis.configFilePath": "${workspaceFolder}/orgs"
+}

orgs/org_management/__main__.py

@@ -0,0 +1,23 @@
+import argparse
+
+from .org_management import OrgGenerator
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description="CFF Managed Github Orgs Generator")
+    parser.add_argument("-o", "--out", default="orgs.out.yml", help="output file for generated org configuration")
+    parser.add_argument(
+        "-b", "--branchprotection", default="branchprotection.out.yml", help="output file for generated branch protection rules"
+    )
+    args = parser.parse_args()
+
+    print("Generating CFF Managed Github Org configuration.")
+    generator = OrgGenerator()
+    generator.load_from_project()
+    if not generator.validate_repo_ownership():
+        print("ERROR: Repository ownership is invalid. Refer to RFC-0007.")
+        exit(1)
+    generator.generate_org_members()
+    generator.generate_teams()
+    generator.generate_branch_protection()
+    generator.write_org_config(args.out)
+    generator.write_branch_protection(args.branchprotection)