-
Notifications
You must be signed in to change notification settings - Fork 31
Change workflow to using uv and ruff. #133
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Changes from all commits
b870611
756477f
1db63dd
4dcd5a3
945f5f7
3a92dcc
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,26 +18,26 @@ jobs: | |
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: actions/checkout@v7 | ||
| - name: Set up Python 3.10 | ||
| uses: actions/setup-python@v3 | ||
| uses: actions/setup-python@v6 | ||
| with: | ||
| python-version: "3.10" | ||
| - name: Install dependencies | ||
| run: | | ||
| python -m pip install --upgrade pip | ||
| pip install flake8 pytest tox | ||
| pip install -r requirements/test.txt | ||
| # Won't pass flake8 yet | ||
| # - name: Lint with flake8 | ||
| # run: | | ||
| # # stop the build if there are Python syntax errors or undefined names | ||
| # flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | ||
| # # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide | ||
| # flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics | ||
| - name: Test with tox | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 | ||
| with: | ||
| # Install a specific version of uv. | ||
| version: "0.11.26" | ||
| - name: Build the wheel | ||
| run: uv build --wheel | ||
| - name: Install the project | ||
| run: uv sync --dev | ||
| - name: Perform static checks | ||
| run: uv run ruff check | ||
| - name: Run tests using the locally built wheel | ||
| run: | | ||
| tox | ||
| uv pip install dist/*.whl | ||
| uv run pytest tests | ||
|
|
||
| build-no-pqc: | ||
| # Regression coverage for issue #2659: INVALID_DEVID is only declared | ||
|
|
@@ -47,13 +47,18 @@ jobs: | |
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - uses: actions/checkout@v7 | ||
| with: | ||
| submodules: recursive | ||
| - name: Set up Python 3.10 | ||
| uses: actions/setup-python@v3 | ||
| uses: actions/setup-python@v6 | ||
| with: | ||
| python-version: "3.10" | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 | ||
| with: | ||
| # Install a specific version of uv. | ||
| version: "0.11.26" | ||
| - name: Install build deps | ||
| run: | | ||
| sudo apt-get update | ||
|
|
@@ -63,7 +68,7 @@ jobs: | |
| cd lib/wolfssl | ||
| ./autogen.sh | ||
| ./configure --enable-cryptonly --disable-shared \ | ||
| --disable-kyber --disable-dilithium \ | ||
| --disable-mlkem --disable-mldsa \ | ||
| --enable-aes --enable-aesgcm --enable-aessiv \ | ||
| --enable-aesctr --enable-aesgcm-stream \ | ||
| --enable-des3 --enable-chacha --enable-poly1305 \ | ||
|
|
@@ -81,12 +86,16 @@ jobs: | |
| env: | ||
| USE_LOCAL_WOLFSSL: ${{ github.workspace }}/wolfssl-install | ||
| run: | | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🟠 [Medium] build-no-pqc mixes uv pip install with uv run, risking an extension rebuild without USE_LOCAL_WOLFSSL The install step uses uv's Fix: Verify uv does not rebuild the extension between steps; if it can, add
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Added a step to verify the no-pqc doesn't have ML-DSA and ML-KEM enabled. |
||
| python -m pip install --upgrade pip | ||
| pip install -r requirements/test.txt | ||
| pip install -e . | ||
| uv venv | ||
| uv pip install -r requirements/test.txt | ||
| uv pip install -e . | ||
| - name: Check absence of ML-KEM and ML-DSA support | ||
| run: | | ||
| uv run python -c "from wolfcrypt._ffi import lib as _lib; assert _lib.ML_KEM_ENABLED == 0, 'ML-KEM should be disabled'" | ||
| uv run python -c "from wolfcrypt._ffi import lib as _lib; assert _lib.ML_DSA_ENABLED == 0, 'ML-DSA should be disabled'" | ||
| - name: Import smoke (regression for INVALID_DEVID) | ||
| run: python -c "from wolfcrypt.random import Random; Random()" | ||
| run: uv run python -c "from wolfcrypt.random import Random; Random()" | ||
| - name: Run tests | ||
| env: | ||
| USE_LOCAL_WOLFSSL: ${{ github.workspace }}/wolfssl-install | ||
| run: pytest tests/ | ||
| run: uv run pytest tests | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -21,32 +21,32 @@ Install the following on Windows: | |
|
|
||
| * `CMake <https://cmake.org/download/>`_ | ||
| * `Git <https://git-scm.com/download/win>`_ | ||
| * `Python 3.9 <https://www.python.org/downloads/windows/>`_ | ||
| * `Python 3.10 or newer <https://www.python.org/downloads/windows/>`_ | ||
| * `Build Tools for Visual Studio <https://visualstudio.microsoft.com/downloads/>`_. This is in the "Tools for Visual Studio" section at the bottom of the page. The "Desktop development with C++" pack is needed from the installer. | ||
|
|
||
| Then from the command line install tox and CFFI using: | ||
| Then from the command line install `uv` using: | ||
|
|
||
| .. code-block:: sh | ||
|
|
||
| pip install tox cffi | ||
| pip install uv | ||
|
|
||
| Or by following the installation instructions on the astral web site. `<https://docs.astral.sh/uv/getting-started/installation/>`_ | ||
|
|
||
| You can then build the source distribution packages using: | ||
|
|
||
| .. code-block:: sh | ||
|
|
||
| python setup.py sdist | ||
| uv build --sdist | ||
|
|
||
|
|
||
| Linux | ||
| ^^^^^ | ||
|
|
||
| The `setup.py` file covers most things you will need to do to build and install from source. As pre-requisites you will need to install either from your OS repository or pip. You'll also need the Python development package for your Python version: | ||
| The `setup.py` file covers most things you will need to do to build and install from source. As pre-requisites you will need to install either from your OS repository or uv. You'll also need the Python development package for your Python version: | ||
|
|
||
| * `cffi` | ||
| * `tox` | ||
| * `pytest` | ||
| * `uv` | ||
|
|
||
| To build a source package run `python setup.py sdist`, to build a wheel package run `python setup.py bdist_wheel`. To test the build run `tox`. The `tox` tests rely on Python 3.9 being installed, if you do not have this version we recommend using `pyenv` to install it. | ||
| To build a source package run `uv build --sdist`, to build a wheel package run `uv build --wheel`. To test the build run `uv run pytest`. The tests rely on Python 3.10 or later being installed. | ||
|
|
||
| Installation | ||
| ------------ | ||
|
|
@@ -61,46 +61,71 @@ To build wolfcrypt-py against a local installation of the native C wolfSSL | |
| library, use the USE_LOCAL_WOLFSSL variable. This variable should be | ||
|
|
||
| wolfcrypt-py can be built against a local version of the native wolfSSL | ||
| library by using pip with the USE_LOCAL_WOLFSSL variable. USE_LOCAL_WOLFSSL | ||
| library by using uv build --wheel with the USE_LOCAL_WOLFSSL variable. USE_LOCAL_WOLFSSL | ||
| should be set equal to the installation path for the wolfSSL library: | ||
|
|
||
| .. code-block:: bash | ||
|
|
||
| $ USE_LOCAL_WOLFSSL=/path/to/wolfssl/install pip install . | ||
| $ USE_LOCAL_WOLFSSL=/path/to/wolfssl/install uv build --wheel | ||
|
|
||
| If building wolfcrypt-py against a local wolfSSL library, wolfcrypt-py | ||
| will attempt to do native feature detection to enable/disable wolfcrypt-py | ||
| features based on how native wolfSSL has been compiled. It uses the | ||
| <wolfssl/options.h> header to do feature detection. | ||
|
|
||
| After this the local build can be installed from the locally built wheel in dist. | ||
|
|
||
| .. code-block:: bash | ||
|
|
||
| $ pip install dist/wolfcrypt*.whl | ||
|
|
||
| Testing | ||
| ------- | ||
| .. code-block:: console | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🟠 [Medium] Malformed reStructuredText: code-block directive missing blank line The newly added console block has no blank line between the directive header and its body. RST requires a blank line after a directive before its content; without it docutils raises Fix: Insert a blank line between
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fixed. |
||
|
|
||
| $ uv run python3 | ||
|
|
||
| .. code-block:: python | ||
|
|
||
| >>> from wolfcrypt.hashes import Sha256 | ||
| >>> Sha256('wolfcrypt').hexdigest() | ||
| b'96e02e7b1cbcd6f104fe1fdb4652027a5505b68652b70095c6318f9dce0d1844' | ||
|
|
||
| Testing ``wolfcrypt``'s source code with ``tox`` | ||
| ------------------------------------------------ | ||
| Testing ``wolfcrypt``'s source code with ``pytest`` | ||
|
dgarske marked this conversation as resolved.
|
||
| --------------------------------------------------- | ||
|
|
||
| To run the unit tests in the source code, you'll need ``tox`` and a few other | ||
| To run the unit tests in the source code, you'll need ``uv`` and a few other | ||
| requirements. | ||
|
|
||
| 1. Make sure that the testing requirements are installed: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| $ sudo -H pip install -r requirements/test.txt | ||
| $ uv sync --dev | ||
|
|
||
|
|
||
| 2. Run ``tox``: | ||
| 2. Run ``pytest``: | ||
|
|
||
| .. code-block:: console | ||
|
|
||
| $ tox | ||
| ... | ||
| _________________________________ summary _________________________________ | ||
| py3: commands succeeded | ||
| congratulations :) | ||
| $ uv run pytest | ||
| ======================================= test session starts ======================================= | ||
| platform linux -- Python 3.10.12, pytest-9.1.1, pluggy-1.6.0 | ||
| rootdir: /some_directory/wolfcrypt-py | ||
| configfile: pyproject.toml | ||
| collected 165 items | ||
|
|
||
| tests/test_aesgcmstream.py ......... [ 5%] | ||
| tests/test_asn.py .. [ 6%] | ||
| tests/test_chacha20poly1305.py ...... [ 10%] | ||
| tests/test_ciphers.py ........................................... [ 36%] | ||
| tests/test_delete_descriptor_binding.py ................. [ 46%] | ||
| tests/test_error_string.py .... [ 49%] | ||
| tests/test_hashes.py ........................... [ 65%] | ||
| tests/test_hkdf.py ........ [ 70%] | ||
| tests/test_mldsa.py .............................. [ 88%] | ||
| tests/test_mlkem.py ............ [ 95%] | ||
| tests/test_pwdbased.py . [ 96%] | ||
| tests/test_random.py ...... [100%] | ||
|
|
||
| ======================================= 165 passed in 7.09s ======================================= | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -40,21 +40,10 @@ dev = [ | |
| "ruff", | ||
| "sphinx", | ||
| "sphinx-rtd-theme", | ||
| "tox >= 4", | ||
| "ty", | ||
|
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🔵 [Low] tox tested a built wheel (package = "wheel"); uv run pytest tests the editable/source install The removed Fix: If packaging coverage matters, add a job/step that builds the wheel (
Contributor
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The build step now explicitly builds a wheel. This wheel is subsequently used to run the tests, replacing the source tree install. |
||
| "types-cffi", | ||
| ] | ||
|
|
||
| [tool.tox] | ||
| requires = ["tox>=4"] | ||
| env_list = ["py3"] | ||
|
|
||
| [tool.tox.env_run_base] | ||
| package = "wheel" | ||
| deps = ["-rrequirements/test.txt"] | ||
| commands = [["py.test", "tests/"]] | ||
|
|
||
|
|
||
| [tool.ruff] | ||
| # Exclude a variety of commonly ignored directories. | ||
| exclude = [ | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,3 @@ | ||
| -r prod.txt | ||
| tox>=4 | ||
| pytest>=8 | ||
| types-cffi>=1.17 |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,3 @@ | ||
|
|
||
| # test_chacha20poly1305.py | ||
| # | ||
| # Copyright (C) 2022 wolfSSL Inc. | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,3 @@ | ||
| # -*- coding: utf-8 -*- | ||
| # | ||
| # test_chacha_iv.py | ||
| # | ||
| # Copyright (C) 2006-2022 wolfSSL Inc. | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,3 @@ | ||
| # -*- coding: utf-8 -*- | ||
| # | ||
| # test_cipher_modes.py | ||
| # | ||
| # Copyright (C) 2006-2022 wolfSSL Inc. | ||
|
|
||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,3 @@ | ||
| # -*- coding: utf-8 -*- | ||
| # | ||
| # test_hmac_copy.py | ||
| # | ||
| # Copyright (C) 2006-2022 wolfSSL Inc. | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🟠 [Medium] Enabling uv run ruff check may fail CI on previously-unlinted code
The PR removes the commented-out flake8 block that carried the note
# Won't pass flake8 yetand replaces it with an ACTIVEuv run ruff checkstep (configured rulesE4,E7,E9,F,B,UP, overwolfcrypt/*.pyandscripts/build_ffi.py). If that code has not been cleaned up to satisfy those rules, thebuildjob now fails on every push/PR. The README shows passing pytest output but no ruff output, so ruff cleanliness is unverified in the diff.Fix: Run
uv run ruff checkagainst the current tree and fix (or narrow the rule set / add# noqa) any violations before merging, so CI stays green.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The static check passes in the pipeline verification and prints a satisfying
All checks passed!message.