Comprehensive enhancement of Python cookiecutter template with enterprise-grade features

[Copilot]

This PR transforms the Python cookiecutter template from a basic project generator into a comprehensive, enterprise-grade foundation for Python projects. The enhancement addresses the need for modern tooling, flexible configuration options, and security-first development practices while maintaining backward compatibility.

Key Features Added

Advanced Template Options

The template now supports flexible configuration through expanded cookiecutter options:

• Package managers: Choose between pip (traditional), uv (ultra-fast), or hatch (modern) with optimized configurations
• Typed configuration: Optional Pydantic-based settings with validation, type hints, and IDE support
• Documentation: Optional MkDocs with Material theme and automatic GitHub Pages deployment
• Supply chain security: SBOM generation with CycloneDX/SPDX formats and cryptographic attestation
• Versioning strategies: Manual, setuptools-scm, or hatch-based versioning

Enhanced Security & Observability

• JSON-first logging with request/operation ID tracking using context variables
• Context management for distributed tracing and correlation IDs
• SBOM generation workflow with dependency scanning and vulnerability auditing
• Multi-OS CI/CD testing on Ubuntu and Windows with comprehensive security scanning

Input Validation & Quality Assurance

• Pre-generation validation hook that ensures package names are valid Python identifiers and prevents common mistakes
• Comprehensive test suite covering 6 different template combinations
• Enhanced CI matrix with multi-Python version testing (3.11, 3.12, 3.13)
• Package manager-aware dependency management and security auditing

Professional Documentation

• Auto-generated configuration docs for typed settings with environment variable examples
• CLI usage documentation with comprehensive examples and shell integration
• Release automation with Release Drafter and conventional commits support

Technical Implementation

Backward Compatibility

The enhancement preserves all existing APIs while adding new optional features:

# Existing traditional config still works
from myproject.config import get_config
config = get_config()
value = config.get('app.name')

# New typed config provides additional benefits when enabled
from myproject.settings import get_app_config
app_config = get_app_config()
value = app_config.name  # Type-safe with IDE support

Conditional File Generation

Uses Jinja2 conditionals to generate only necessary files based on selected options:

• Documentation files only generated when docs=y
• Pydantic settings only included when typed_config=y
• SBOM workflow only created when sbom=y
• Package manager-specific configurations in pyproject.toml

Enhanced Logging Architecture

from myproject.logger import LoggingContext, set_request_id

# Request ID tracking
request_id = set_request_id()  # Auto-generates UUID
logger.info("Processing request")  # Automatically includes request_id in JSON output

# Context management for operations
with LoggingContext(request_id="req-123", operation_id="op-456"):
    logger.info("Operation started")  # Includes both IDs

Testing & Validation

The enhancement includes comprehensive testing covering multiple scenarios:

• 6 test combinations validating different feature sets
• Functionality verification ensuring all imports and dependencies work
• Conditional file validation confirming proper file generation/removal
• Package manager compatibility testing across pip, uv, and hatch

Migration Impact

This is a non-breaking change. Existing users can:

1. Continue using the template exactly as before with default options
2. Gradually adopt new features by changing cookiecutter options
3. Migrate to typed configuration incrementally using the compatibility adapter

Usage Examples

Minimal library project:

cookiecutter https://github.com/retr0crypticghost/python-template.git \
  --no-input project_type="library" package_manager="pip" docs="n"

Full-featured CLI application:

cookiecutter https://github.com/retr0crypticghost/python-template.git \
  --no-input project_type="cli-application" package_manager="uv" \
  docs="y" typed_config="y" sbom="y" versioning="setuptools-scm"

This enhancement provides a professional foundation that scales from simple libraries to enterprise applications while maintaining the template's core philosophy of practical, opinionated choices that reduce setup time and improve project quality.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Pull Request Overview

This PR transforms the Python cookiecutter template into an enterprise-grade project generator with advanced features including typed configuration, flexible package management, enhanced observability, and supply chain security.

Key Changes:

• Added optional Pydantic-based typed configuration with validation and IDE support
• Implemented request/operation ID tracking in logging for distributed tracing
• Added support for three package managers (pip, uv, hatch) with optimized configurations
• Introduced SBOM generation, security scanning, and release automation workflows

Reviewed Changes

Copilot reviewed 19 out of 19 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
cookiecutter.json	Added configuration options for package managers, docs, typed config, SBOM, and versioning
hooks/pre_gen_project.py	New validation hook ensuring valid package names and configuration
hooks/post_gen_project.py	Enhanced cleanup logic for conditional feature removal
{{cookiecutter.project_slug}}/src/{{cookiecutter.package_name}}/settings.py	New Pydantic-based typed configuration system
{{cookiecutter.project_slug}}/src/{{cookiecutter.package_name}}/config.py	Added TypedConfigAdapter for backward compatibility
{{cookiecutter.project_slug}}/src/{{cookiecutter.package_name}}/logger.py	Enhanced with request/operation ID context tracking
{{cookiecutter.project_slug}}/tests/test_settings.py	Comprehensive tests for typed configuration
{{cookiecutter.project_slug}}/pyproject.toml	Conditional configuration for package managers and versioning strategies
{{cookiecutter.project_slug}}/.github/workflows/ci.yml	Enhanced with multi-OS testing, security auditing, and package manager support
{{cookiecutter.project_slug}}/.github/workflows/sbom.yml	New workflow for SBOM generation and attestation
{{cookiecutter.project_slug}}/.github/workflows/release-drafter.yml	New workflow for automated release drafting
{{cookiecutter.project_slug}}/.github/workflows/docs.yml	Updated with conditional rendering and package manager support
{{cookiecutter.project_slug}}/docs/configuration.md	Comprehensive configuration documentation
{{cookiecutter.project_slug}}/docs/cli-usage.md	CLI usage guide with examples
test_template.sh	Enhanced test script covering 6 different feature combinations
README.md	Updated with new features and usage examples

Comments suppressed due to low confidence (1)

{{cookiecutter.project_slug}}/.github/workflows/ci.yml:101

• Duplicate Codecov upload steps with conflicting logic. The first upload step (lines 88-94) uses a template variable condition checking for {{ cookiecutter.python_version }}, while the second (lines 96-101) hardcodes Python 3.12. Additionally, the parameter names differ (files vs file). Remove the duplicate step and keep only one with the appropriate condition.

      - name: Upload coverage to Codecov
        if: matrix.os == 'ubuntu-latest' && matrix.python-version == '{{ cookiecutter.python_version }}'
        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673  # v4.5.0
        with:
          files: ./coverage.xml
          fail_ci_if_error: false
          verbose: true

      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673  # v4.5.0
        if: {% raw %}matrix.python-version == '3.12'{% endraw %}
        with:
          file: ./coverage.xml
          fail_ci_if_error: false

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Incorrect setuptools-scm configuration. When using setuptools-scm, the version should be marked as dynamic in the [project] section (line 13 already does this), not retrieved via attr in [tool.setuptools.dynamic]. The [tool.setuptools.dynamic] section at lines 103-104 conflicts with setuptools-scm's automatic version management and should be removed. The [tool.setuptools_scm] configuration is correct.

[Copilot]

Comparison of constants; use 'True' or 'False' instead.

[Copilot]

Comparison of constants; use 'True' or 'False' instead.

Suggested change

	typed_config_enabled = "{{ cookiecutter.typed_config }}" == "y"
	typed_config_enabled = "{{ cookiecutter.typed_config }}".lower() == "y"

[Copilot]

Comparison of constants; use 'True' or 'False' instead.

[Copilot]

Import of 'Path' is not used.

Suggested change

from pathlib import Path