Add build for Python 3.13 and 3.14#57
Conversation
📝 WalkthroughWalkthroughAdds Python 3.13 and 3.14 support by introducing two new GitHub Actions CI workflows, extending the Linux wheel build script with CP313 and CP314 build blocks (now also installing ChangesPython 3.13 and 3.14 support
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
.github/workflows/py313.yaml (1)
15-15: ⚖️ Poor tradeoffConsider security hardening: pin actions and disable credential persistence.
For improved supply-chain security, consider:
- Pinning actions to commit SHAs instead of tags (e.g.,
actions/checkout@<sha>)- Setting
persist-credentials: falseon the checkout step to prevent credential leakageExample hardening
steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + with: + persist-credentials: false🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/workflows/py313.yaml at line 15, The checkout action in the workflow is using a version tag (v4) instead of a pinned commit SHA, which poses a security risk. Update the `uses: actions/checkout@v4` line to pin it to a specific commit SHA (e.g., `actions/checkout@<full-commit-sha>`) for supply-chain security. Additionally, add a `with:` section to the checkout step and set `persist-credentials: false` to prevent credential leakage and improve security posture.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/workflows/py313.yaml:
- Around line 22-26: Python 3.12+ removed setuptools from the standard library,
causing setup.py imports to fail. In `.github/workflows/py313.yaml` at line 26,
add setuptools to the pip install command alongside cython (change the line from
`python -m pip install cython` to `python -m pip install setuptools cython`).
Apply the same fix in `.github/workflows/py314.yaml` at line 26, adding
setuptools to that pip install command as well.
---
Nitpick comments:
In @.github/workflows/py313.yaml:
- Line 15: The checkout action in the workflow is using a version tag (v4)
instead of a pinned commit SHA, which poses a security risk. Update the `uses:
actions/checkout@v4` line to pin it to a specific commit SHA (e.g.,
`actions/checkout@<full-commit-sha>`) for supply-chain security. Additionally,
add a `with:` section to the checkout step and set `persist-credentials: false`
to prevent credential leakage and improve security posture.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 2e0d3ea9-70c9-4513-ba9c-db0629eeedb1
📒 Files selected for processing (4)
.github/workflows/py313.yaml.github/workflows/py314.yamlbuild-linux-wheel.shsetup.py
Added build for Python 3.13 and 3.14. Removed old builds for Python 3.6 and 3.7 GitHub workflows were created. No further action was needed.
Breaking change: cysimdjson will no longer be available for Python 3.6 and 3.7