Manage versioning of Poetry tool dependency

The project Python package dependencies are managed by the "Poetry" tool.

Previously, the version of Poetry was not managed in any way.

The GitHub Actions workflows used whichever version of Poetry happened to be installed on the runner machine. This meant
that the GitHub Actions workflows could break at any time through the Poetry installation on the runner machine being
updated to an incompatible version.

The contributors used whichever version of Poetry happened to be installed on their machine. This meant that they might
get different results from that produced by the environment of the GitHub Actions workflows.

The better solution is to take the same approach for managing the Poetry dependency as is done for the project's other
dependencies:

* Install a specific version of Poetry according to a single source of versioning data.
* Use the Dependabot service to get automated update pull requests.

The logical place to define the Poetry package dependency version is in pyproject.toml, as is done for all other Python
package dependencies.

Dependabot has support for two different forms of dependency data in the pyproject.toml file:

* Original Poetry data format, under the `tool.poetry` table
* PEP 621 format data, under the `project` table

Since Poetry can't be used to manage itself (it is instead installed using the "pipx" tool), the obvious approach would
be to define the Poetry dependency via the `project` table in the file. However, this is not possible because if a
`tool.poetry` table is present in pyproject.toml, Dependabot ignores the dependencies data from the `project` table. So
it is necessary to place the data for the Poetry dependency under the `tool.poetry` table of the file. A special
dependencies group is created for this purpose. That group is configured as "optional" so that it won't be installed
redundantly by `poetry install` commands.

Unfortunately pipx doesn't support using pyproject.toml as a dependency configuration file so it is necessary to get the
Poetry version constraint for use in the dependency argument of the `pipx install` command by parsing the project.toml
file.

Author: per1234

.github/workflows/check-python-task.yml

@@ -71,9 +71,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:
@@ -102,9 +99,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

.github/workflows/check-yaml-task.yml

@@ -99,9 +99,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

.github/workflows/spell-check-task.yml

@@ -53,9 +53,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

.github/workflows/test-python-poetry-task.yml

@@ -67,9 +67,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

Taskfile.yml

@@ -827,15 +827,66 @@ tasks:
             -r "{{.STYLELINTRC_SCHEMA_PATH}}" \
             -d "{{.INSTANCE_PATH}}"
 
+  # Print the version constraint for the project's Poetry tool dependency.
+  # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/poetry-task/Taskfile.yml
+  poetry:get-version:
+    cmds:
+      - |
+        if ! which yq &>/dev/null; then
+          echo "yq not found or not in PATH."
+          echo "Please install: https://github.com/mikefarah/yq/#install"
+          exit 1
+        fi
+      - |
+        yq \
+          --input-format toml \
+          --output-format yaml \
+          '.tool.poetry.group.pipx.dependencies.poetry' \
+          < pyproject.toml
+
+  # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/poetry-task/Taskfile.yml
+  poetry:install:
+    desc: Install Poetry
+    run: once
+    vars:
+      POETRY_VERSION:
+        sh: task poetry:get-version
+    cmds:
+      - |
+        if ! which python &>/dev/null; then
+          echo "Python not found or not in PATH."
+          echo "Please install a version of Python meeting the constraint {{.POETRY_VERSION}}:"
+          echo "https://wiki.python.org/moin/BeginnersGuide/Download"
+          exit 1
+        fi
+      - |
+        if ! which pipx &>/dev/null; then
+          echo "pipx not found or not in PATH."
+          echo "Please install: https://pipx.pypa.io/stable/installation/#installing-pipx"
+          exit 1
+        fi
+      - |
+        export PIPX_DEFAULT_PYTHON="$( \
+          task utility:normalize-path \
+            RAW_PATH="$(which python)" \
+        )"
+        pipx install \
+          --force \
+          "poetry=={{.POETRY_VERSION}}"
+
   # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/poetry-task/Taskfile.yml
   poetry:install-deps:
     desc: Install dependencies managed by Poetry
+    deps:
+      - task: poetry:install
     cmds:
       - poetry install --no-root
 
   # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/poetry-task/Taskfile.yml
   poetry:update-deps:
     desc: Update all dependencies managed by Poetry to their newest versions
+    deps:
+      - task: poetry:install
     cmds:
       - poetry update
 

docs/development.md

@@ -10,7 +10,6 @@ The following development tools must be available in your local environment:
   - The **Node.js** version in use is defined by the `engines.node` key of [`package.json`](../package.json).
 - [**Python**](https://wiki.python.org/moin/BeginnersGuide/Download)
   - The **Python** version in use is defined by the `tool.poetry.dependencies.python` key of [`pyproject.toml`](../pyproject.toml).
-- [**Poetry**](https://python-poetry.org/docs/#installation) - Python dependencies management tool
 - [**Task**](https://taskfile.dev/installation/) - task runner tool
 
 ## Building the Project

poetry.lock

@@ -16,6 +16,14 @@ pep8-naming = "^0.15.1"
 pytest = "^8.4.1"
 GitPython = "^3.1.44"
 
+# The dependencies in this group are installed using pipx; NOT Poetry. The use of the `tool.poetry.group` super-table
+# is a hack required in order to be able to manage updates of these dependencies via Dependabot.
+[tool.poetry.group.pipx]
+optional = true
+
+[tool.poetry.group.pipx.dependencies]
+poetry = "2.1.3"
+
 [build-system]
 requires = ["poetry-core>=1.0.0"]
 build-backend = "poetry.core.masonry.api"

pyproject.toml

@@ -2,14 +2,65 @@
 version: "3"
 
 tasks:
+  # Print the version constraint for the project's Poetry tool dependency.
+  # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/poetry-task/Taskfile.yml
+  poetry:get-version:
+    cmds:
+      - |
+        if ! which yq &>/dev/null; then
+          echo "yq not found or not in PATH."
+          echo "Please install: https://github.com/mikefarah/yq/#install"
+          exit 1
+        fi
+      - |
+        yq \
+          --input-format toml \
+          --output-format yaml \
+          '.tool.poetry.group.pipx.dependencies.poetry' \
+          < pyproject.toml
+
+  # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/poetry-task/Taskfile.yml
+  poetry:install:
+    desc: Install Poetry
+    run: once
+    vars:
+      POETRY_VERSION:
+        sh: task poetry:get-version
+    cmds:
+      - |
+        if ! which python &>/dev/null; then
+          echo "Python not found or not in PATH."
+          echo "Please install a version of Python meeting the constraint {{.POETRY_VERSION}}:"
+          echo "https://wiki.python.org/moin/BeginnersGuide/Download"
+          exit 1
+        fi
+      - |
+        if ! which pipx &>/dev/null; then
+          echo "pipx not found or not in PATH."
+          echo "Please install: https://pipx.pypa.io/stable/installation/#installing-pipx"
+          exit 1
+        fi
+      - |
+        export PIPX_DEFAULT_PYTHON="$( \
+          task utility:normalize-path \
+            RAW_PATH="$(which python)" \
+        )"
+        pipx install \
+          --force \
+          "poetry=={{.POETRY_VERSION}}"
+
   # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/poetry-task/Taskfile.yml
   poetry:install-deps:
     desc: Install dependencies managed by Poetry
+    deps:
+      - task: poetry:install
     cmds:
       - poetry install --no-root
 
   # Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/assets/poetry-task/Taskfile.yml
   poetry:update-deps:
     desc: Update all dependencies managed by Poetry to their newest versions
+    deps:
+      - task: poetry:install
     cmds:
       - poetry update

workflow-templates/assets/poetry-task/Taskfile.yml

@@ -7,5 +7,13 @@ build-backend = "poetry.core.masonry.api"
 [tool.poetry]
 package-mode = false
 
+# The dependencies in this group are installed using pipx; NOT Poetry. The use of the `tool.poetry.group` super-table
+# is a hack required in order to be able to manage updates of these dependencies via Dependabot.
+[tool.poetry.group.pipx]
+optional = true
+
+[tool.poetry.group.pipx.dependencies]
+poetry = "2.1.3"
+
 [tool.poetry.dependencies]
 python = "~3.9"

workflow-templates/assets/poetry/pyproject.toml

@@ -67,9 +67,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

workflow-templates/check-mkdocs-task.yml

@@ -28,7 +28,7 @@ The code style defined in `pyproject.toml` and `.flake8` is the official standar
 Add the tool dependencies using this command:
 
 ```
-poetry add --dev "black@^25.1.0" "flake8@^7.2.0" "pep8-naming@^0.15.1"
+task poetry:install && poetry add --dev "black@^25.1.0" "flake8@^7.2.0" "pep8-naming@^0.15.1"
 ```
 
 Commit the resulting changes to the `pyproject.toml` and `poetry.lock` files.

workflow-templates/check-python-task.md

@@ -71,9 +71,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:
@@ -102,9 +99,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

workflow-templates/check-python-task.yml

@@ -30,7 +30,7 @@ The code style defined in this file is the official standardized style to be use
 Add the tool dependency using this command:
 
 ```
-poetry add --dev "yamllint@^1.37.1"
+task poetry:install && poetry add --dev "yamllint@^1.37.1"
 ```
 
 Commit the resulting changes to the `pyproject.toml` and `poetry.lock` files.

workflow-templates/check-yaml-task.md

@@ -99,9 +99,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

workflow-templates/check-yaml-task.yml

@@ -68,11 +68,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

workflow-templates/deploy-cobra-mkdocs-versioned-poetry.yml

@@ -26,7 +26,7 @@ Install the [`deploy-mkdocs-poetry.yml`](deploy-mkdocs-poetry.yml) GitHub Action
 Add the tool dependencies using this command:
 
 ```
-poetry add --dev "mkdocs@^1.3.0" "mkdocs-material@^8.2.11" "mdx_truly_sane_lists@^1.2"
+task poetry:install && poetry add --dev "mkdocs@^1.3.0" "mkdocs-material@^8.2.11" "mdx_truly_sane_lists@^1.2"
 ```
 
 Commit the resulting changes to the `pyproject.toml` and `poetry.lock` files.

workflow-templates/deploy-mkdocs-poetry.md

@@ -38,9 +38,6 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           version: 3.x
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Dependencies
         run: |
           task \

workflow-templates/deploy-mkdocs-poetry.yml

@@ -33,7 +33,7 @@ See the ["Deploy Website" workflow (MkDocs, Poetry) documentation](deploy-mkdocs
 
 1. Run this command:
    ```
-   poetry add --dev "gitpython@^3.1.44" "mike@^1.1.2"
+   task poetry:install && poetry add --dev "gitpython@^3.1.44" "mike@^1.1.2"
    ```
 1. Commit the resulting changes to the `pyproject.toml` and `poetry.lock` files.
 

workflow-templates/deploy-mkdocs-versioned-poetry.md

@@ -65,11 +65,6 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           version: 3.x
 
-      - name: Install Poetry
-        run: |
-          python -m pip install --upgrade pip
-          python -m pip install poetry
-
       - name: Install Dependencies
         run: |
           task \

workflow-templates/deploy-mkdocs-versioned-poetry.yml

@@ -53,9 +53,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

workflow-templates/spell-check-task.yml

@@ -32,7 +32,7 @@ Install the [`test-go-integration-task.yml`](test-go-integration-task.yml) GitHu
 Add the tool dependencies using this command:
 
 ```
-poetry add --dev "pytest@^8.4.1" "invoke@^1.7.0"
+task poetry:install && poetry add --dev "pytest@^8.4.1" "invoke@^1.7.0"
 ```
 
 Commit the resulting changes to the `pyproject.toml` and `poetry.lock` files.

workflow-templates/test-go-integration-task.md

@@ -84,9 +84,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with:

workflow-templates/test-go-integration-task.yml

@@ -30,7 +30,7 @@ Install the [`test-python-poetry-task.yml`](test-python-poetry-task.yml) GitHub
 Add the tool dependency using this command:
 
 ```
-poetry add --dev "pytest@^8.4.1"
+task poetry:install && poetry add --dev "pytest@^8.4.1"
 ```
 
 Commit the resulting changes to the `pyproject.toml` and `poetry.lock` files.

workflow-templates/test-python-poetry-task.md

@@ -67,9 +67,6 @@ jobs:
         with:
           python-version-file: pyproject.toml
 
-      - name: Install Poetry
-        run: pip install poetry
-
       - name: Install Task
         uses: arduino/setup-task@v2
         with: