Skip to content

[CI] Python 3.14#955

Merged
podkidyshev merged 3 commits into
mainfrom
ipod/py-314
Jul 1, 2026
Merged

[CI] Python 3.14#955
podkidyshev merged 3 commits into
mainfrom
ipod/py-314

Conversation

@podkidyshev

Copy link
Copy Markdown
Contributor

Summary

  • Using python 3.14 as the main targeted python version (as 3.10 is to be deprecated in the near future)
  • Smoke test for supporting cloudai as a library/framework with support for both 3.10 and 3.14

Test Plan

  • Automated CI

Additional Notes

@podkidyshev podkidyshev self-assigned this Jun 30, 2026
@podkidyshev podkidyshev added the dependencies Pull requests that update a dependency file label Jun 30, 2026
@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 03ac07a7-e0b4-411c-bc9a-09aade07941e

📥 Commits

Reviewing files that changed from the base of the PR and between fe2531c and 737f3cc.

📒 Files selected for processing (1)
  • doc/index.rst
 _________________________________________________________________________
< Performing code review exorcisms to the eerie strains of Tubular Bells. >
 -------------------------------------------------------------------------
  \
   \   \
        \ /\
        ( )
      .( o ).
📝 Walkthrough

Walkthrough

Pins Python to 3.14 in .python-version, adds Python 3.10–3.14 classifiers to pyproject.toml, updates docs to note 3.14 as the target version, expands the CI test matrix to include 3.14, and switches all CI jobs to uv sync --locked / uv run --locked execution.

Changes

Python 3.14 support and uv locked CI

Layer / File(s) Summary
Python version pin, classifiers, and docs
.python-version, pyproject.toml, doc/index.rst
Pins Python to 3.14, adds 3.10–3.14 classifier entries, and updates "Getting Started" and installation docs to state 3.14 as target with 3.10+ compatibility.
CI lint and test jobs switched to uv locked
.github/workflows/ci.yml (lines 19–84)
Lint job uses uv sync --locked and uv run --locked for pre-commit and Sphinx; test matrix adds Python 3.14; pytest, coverage, dead-fixture, and ci-only steps all run via uv run --locked.
Smoke job updated to Python 3.14 and .smoke-venv binaries
.github/workflows/ci.yml (lines 85–132)
Smoke job matrix adds Python 3.14; cloudai invocations switch to .smoke-venv binaries for help, verify-configs, and dry-run, with set -eEx/pipefail shell guards.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Hop hop hooray, Python three-fourteen's here!
The lockfile is locked and the CI is clear.
uv run --locked keeps the builds tight,
Smoke tests and coverage all gleaming bright.
A rabbit approves — the versions align! 🎉

🚥 Pre-merge checks | ✅ 4
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately highlights the main change to the CI Python target.
Description check ✅ Passed The description is clearly related and matches the shift to Python 3.14 plus smoke testing for 3.10 and 3.14.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch ipod/py-314

Comment @coderabbitai help to get the list of available commands.

@podkidyshev podkidyshev changed the title [CI] Python 3.13 [CI] Python 3.14 Jun 30, 2026
@podkidyshev podkidyshev marked this pull request as ready for review June 30, 2026 15:07

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/ci.yml (1)

8-39: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Set explicit least-privilege permissions for this workflow.

The workflow still relies on repository-default GITHUB_TOKEN scopes. For lint/test/smoke jobs that only read the repo, add an explicit permissions: block (at least contents: read) so this PR stays compliant with the ruleset and does not inherit broader token access than necessary.

Also applies to: 41-136

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 8 - 39, The workflow job currently
inherits the default GITHUB_TOKEN scopes instead of declaring least-privilege
access. Update the workflow definition to add an explicit permissions block for
the lint job (and the other affected jobs in this workflow), using at minimum
contents: read since these steps only need repository read access. Place the
permissions near the job definitions so they are easy to find alongside linting
and documentation build steps.

Source: Linters/SAST tools

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 22-25: The CI workflow still uses mutable action tags, so update
every occurrence of actions/checkout@v6, actions/setup-python@v6, and
astral-sh/setup-uv@v5 in the workflow jobs to fixed commit SHA references
instead. Keep the same job setup and options, but replace the version tags in
the action declarations with pinned SHAs so the workflow cannot drift upstream.

In `@doc/index.rst`:
- Around line 48-50: Update the venv setup instructions to use the documented
interpreter explicitly instead of a generic python command. In the setup example
near the installation steps, replace the venv invocation with an
interpreter-specific command or a uv venv command, and keep the surrounding text
in sync with the preferred version referenced from .python-version so users
actually create the environment with the intended Python version.

---

Outside diff comments:
In @.github/workflows/ci.yml:
- Around line 8-39: The workflow job currently inherits the default GITHUB_TOKEN
scopes instead of declaring least-privilege access. Update the workflow
definition to add an explicit permissions block for the lint job (and the other
affected jobs in this workflow), using at minimum contents: read since these
steps only need repository read access. Place the permissions near the job
definitions so they are easy to find alongside linting and documentation build
steps.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: e49ef3c2-7ea3-4b6f-a490-c60ba0f8c44d

📥 Commits

Reviewing files that changed from the base of the PR and between 8116da5 and fe2531c.

📒 Files selected for processing (4)
  • .github/workflows/ci.yml
  • .python-version
  • doc/index.rst
  • pyproject.toml

Comment thread .github/workflows/ci.yml
Comment thread doc/index.rst
@podkidyshev podkidyshev merged commit 5e0c351 into main Jul 1, 2026
8 checks passed
@podkidyshev podkidyshev deleted the ipod/py-314 branch July 1, 2026 12:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants