chore: test for missing dependencies

.github/workflows/python.yml

@@ -68,6 +68,30 @@ jobs:
       - name: Run tox
         run: poetry run tox run -e pyupgrade -s false
 
+  deptry:
+    name: test dependencies
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - name: Setup Python Environment
+        # see https://github.com/actions/setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
+          architecture: 'x64'
+      - name: Install poetry
+        # see https://github.com/marketplace/actions/setup-poetry
+        uses: Gr1N/setup-poetry@v9
+        with:
+          poetry-version: ${{ env.POETRY_VERSION }}
+      - name: Install dependencies
+        run: poetry install --no-root
+      - name: Run tox
+        run: poetry run tox run -e deptry -s false
+
   coding-standards:
     name: Linting & Coding Standards
     runs-on: ubuntu-latest

.github/workflows/release.yml

@@ -67,13 +67,38 @@ jobs:
       - name: Run tox
         run: poetry run tox run -e py -s false
 
+  deptry:
+    name: test dependencies
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v4
+      - name: Setup Python Environment
+        # see https://github.com/actions/setup-python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION_DEFAULT }}
+          architecture: 'x64'
+      - name: Install poetry
+        # see https://github.com/marketplace/actions/setup-poetry
+        uses: Gr1N/setup-poetry@v9
+        with:
+          poetry-version: ${{ env.POETRY_VERSION }}
+      - name: Install dependencies
+        run: poetry install --no-root
+      - name: Run tox
+        run: poetry run tox run -e deptry -s false
+
   release-PyPI:
     outputs:
       released: ${{ steps.release.outputs.released }}   # "true" if a release was made, "false" otherwise
       version:  ${{ steps.release.outputs.version  }}   # The newly released version if one was made, otherwise the current version
       tag:      ${{ steps.release.outputs.tag      }}   # The Git tag corresponding to the version output
     needs:
       - quicktest
+      - deptry
     # https://github.community/t/how-do-i-specify-job-dependency-running-in-another-workflow/16482
     # limit this to being run on regular commits, not the commits that semantic-release will create
     # but also allow manual workflow dispatch

pyproject.toml

@@ -95,6 +95,7 @@ bandit = "1.8.5"
 tomli = { version = "^2.0.1", python = "<3.11" }
 tox = "4.27.0"
 pyupgrade = "3.20.0"
+deptry = "0.23.0"
 
 # min version required to be able to install some dependencies
 # see https://github.com/MichaelKim0407/flake8-use-fstring/issues/33
@@ -156,3 +157,7 @@ prerelease_token = "alpha"
 match = "(\\d+\\.0\\.0-(dev|rc)|dev/\\d+\\.0\\.0)"
 prerelease = true
 prerelease_token = "rc"
+
+
+[tool.deptry]
+extend_exclude = ["docs", "package_aliases"]

tox.ini

@@ -10,6 +10,7 @@ envlist =
     mypy-{current,lowest}
     py{313,312,311,310,39}
     bandit
+    deptry
 skip_missing_interpreters = True
 usedevelop = False
 download = False
@@ -47,6 +48,11 @@ skip_install = True
 commands =
     poetry run bandit -c bandit.yml -v -r cyclonedx_py tests
 
+[testenv:deptry]
+# config is in `pyproject.toml`
+command =
+    poetry run deptry -v .
+
 [testenv:pyupgrade]
 allowlist_externals = poetry, sh
 commands = sh -c "\