chore: upgrade Python for all utils and refactor#2127
Conversation
taddes
force-pushed
the
chore/update-python-STOR-485
branch
2 times, most recently
from
d502057 to
fb859fa
Compare
taddes
changed the title
taddes
force-pushed
the
chore/update-python-STOR-485
branch
2 times, most recently
from
d813312 to
b8229ba
Compare
|
|
||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} | ||
| cancel-in-progress: true |
There was a problem hiding this comment.
This and other similar edits are unrelated?
There was a problem hiding this comment.
Yes, this was testing for the other PR. I've enabled it here to make quicker checks and shutting down the runs when making dep checks
| ## Notes | ||
|
|
||
| - The `--secret` value must match the `SYNC_MASTER_SECRET` configured in the running syncstorage-rs instance. | ||
| - The generated token is scoped to the exact URI and method — a token generated for `GET /foo` is not valid for `PUT /foo`. |
There was a problem hiding this comment.
This sound right from a quick read but I'm no hawk auth pro. I also cannot tell if this is related to the Python upgrades.
There was a problem hiding this comment.
Yeah, I wanted to add the docs in the tools/ dir to the ones in our main docs repo, and did a little revision across the board.
| The latter modifies the query string which changes the mac/nonce and | ||
| potentially ts values (in the Hawk header). | ||
|
|
||
| potentially its values (in the Hawk header). |
There was a problem hiding this comment.
The original text was correct. 'ts' as in timestamp.
| license = "Mozilla Public License Version 2.0" | ||
| readme = "README.md" | ||
| requires-python = ">=3.9" | ||
| requires-python = ">=3.12" |
There was a problem hiding this comment.
I see 3.14 (from 3.12) so far except here. Why is that?
There was a problem hiding this comment.
With Poetry, you don't have to explicitly specify the version your using, so long as the constraint, which is greater than 3.12 is sufficient. Sometimes Poetry will scream at you with certain dependencies (like some we use that are outdated) if the version specifier is too high.
| """Same input always produces the same hash.""" | ||
| assert metrics_hash(make_args(), "abc") == metrics_hash(make_args(), "abc") | ||
|
|
||
|
|
There was a problem hiding this comment.
Better than no tests I guess. But if metrics_hash returns the same hex string every time the two tests above would still pass.
There was a problem hiding this comment.
...and the two tests below as well.
| result = metrics_hash(args, "value") | ||
| assert isinstance(result, str) | ||
| assert args.hmac_key == b"foo" | ||
|
|
There was a problem hiding this comment.
If we really want to test metrics_hash then we need to compare its output against known values.
There was a problem hiding this comment.
Good point, I then pre-computed a value using hmac and hashlib, put it in the test and compare against it, so that's better 👍
basically:
import hmac
import hashlib
res = hmac.new(b'foo', b'value', hashlib.sha256).hexdigest())
|
|
||
|
|
||
| def test_create_token_expires_in_future() -> None: | ||
| """The expiry timestamp is strictly after the current time.""" |
There was a problem hiding this comment.
Not so sure about "strictly". create_token doesn't even validate the duration argument.
| assert decoded["uid"] == args.uid | ||
| assert decoded["node"] == args.node | ||
| assert decoded["fxa_uid"] == args.fxa_uid | ||
| assert decoded["fxa_kid"] == args.fxa_kid |
There was a problem hiding this comment.
Why not test the expiration this way too?
|
|
||
| def test_invalid_expiry_mode(self): | ||
| def test_invalid_expiry_mode(self) -> None: | ||
| """An unrecognised expiry mode raises an exception.""" |
There was a problem hiding this comment.
I can't help but honour my Canadian heritage 🇨🇦 @chenba
taddes
force-pushed
the
chore/update-python-STOR-485
branch
from
a495a27 to
896de4b
Compare
| env: | ||
| RUST_VERSION: "1.91" # RUST_VER | ||
| PYTHON_VERSION: "3.12" # PY_VER | ||
| PYTHON_VERSION: "3.14" # PY_VER |
There was a problem hiding this comment.
I'll note again -- AFAICT this and RUST_VERSION aren't actually used anywhere
There was a problem hiding this comment.
Aha, good point, it's a hangover from the original run of setting up the actions. Only the rust and python setup actions use this. I can flag this on my current workflow refactor and make sure to take it out, since these will move into the root workflow.
There was a problem hiding this comment.
That or I can yank them out here, since they're not doing anything 👍
taddes
force-pushed
the
chore/update-python-STOR-485
branch
from
c79ec34 to
d14393d
Compare
| ruff = "^0.15.6" | ||
| black = "^26.3.1" | ||
| bandit = "^1.9.4" | ||
| isort = "^8.0.1" |
There was a problem hiding this comment.
I'm a Python novice so maybe I simply don't understand how any of this works...but I don't think some of these deps are used? How and where is isort invoked?
There was a problem hiding this comment.
Ah yes, I'm probs the only one using these and running them with poetry... I had meant to add makefile targets to use these utilities. I will make sure to do that in another PR and include it as a part of our Python checks workflows since yeah, not doing us much good. 😹
In short, ruff does most of the heavy lifting with format checks and linting, but isort makes the imports PEP8 compliant, bandit checks for vulnerabilities, pydocstyle provides utilities for code documentation, black is a formatter, and mypy gives us type safe-ish Python with proper annotation checks and validation.
taddes
force-pushed
the
chore/update-python-STOR-485
branch
from
d14393d to
5132b98
Compare
| from __future__ import annotations | ||
|
|
There was a problem hiding this comment.
I think these are no longer needed on Python 3.14, which we're moving to?
| from __future__ import annotations |
There was a problem hiding this comment.
Yeah good point then, looked it up to be sure and it's the default to support the PEP 649 lazy annotation evaluation. Thx for catching 👍
taddes
force-pushed
the
chore/update-python-STOR-485
branch
from
abe18ad to
f7221ea
Compare
…it works for prs and branches
3 participants
Description
Testing result of workflow Python update
Issue(s)
Closes link.