From ea8c349f6dce955696850198b8544d0203b467fb Mon Sep 17 00:00:00 2001 From: Roberto Bertó <463349+robertoberto@users.noreply.github.com> Date: Tue, 19 May 2026 02:35:08 +0000 Subject: chore: clean packaging and development tooling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit modernizes the project's tooling and packaging without changing the runtime code. It addresses dead workflows, obsolete helper scripts, duplicated configuration, and stale developer docs. Removed: - .github/workflows/python-app.yml: targeted Python 3.12, referenced a non-existent requirements.txt, ran only flake8 with pytest commented out - Makefile: hard-coded env/bin/python paths that do not work with uv - run_tests.sh and run_tests.py: duplicated each other and referenced removed modules (test_exceptions, test_quick) - sphinx/ and .readthedocs.yaml: the RTD config pointed to docs/source/conf.py while the sphinx tree lived under sphinx/source, so the build never worked and no docs were ever published - docs/development/architecture.md, refactor-roadmap.md, and quality-and-utils.md: described the pre-cleanup proposal that included specs/exceptions/request_id, now contradicted by the code Edited: - pyproject.toml: - dropped the validation extra (Pydantic) — specs/ is gone - dropped the duplicated [tool.hatch.metadata].dependencies block - dropped the duplicated [dependency-groups].dev block - declared the wheel package explicitly via [tool.hatch.build.targets.wheel].packages - bumped pytest floor to >=8.0 (Python 3.13 compatible) - added richer classifiers (Development Status, audience, topic, Typing :: Typed), keywords, license file pointer, and a Changelog URL - .github/workflows/python-pr-validation.yml: upgraded to actions/checkout@v4 and setup-python@v5, switched to astral-sh/setup-uv, removed obsolete architecture argument - .github/dependabot.yml: added the github-actions ecosystem so workflow versions stay current Added: - pyvyos/py.typed: PEP 561 marker advertising the package as typed - .pre-commit-config.yaml: neutral hooks only (whitespace, EOF, YAML/TOML syntax, large-file guard); no formatters or linters yet Kept: - docs/development/vyos_api/: JSON reference for the VyOS HTTPS API, useful for future contract tests Tests still pass: 57/57. --- .github/workflows/python-pr-validation.yml | 34 ++++++++++++++++-------------- 1 file changed, 18 insertions(+), 16 deletions(-) (limited to '.github/workflows/python-pr-validation.yml') diff --git a/.github/workflows/python-pr-validation.yml b/.github/workflows/python-pr-validation.yml index 3aae387..611372b 100644 --- a/.github/workflows/python-pr-validation.yml +++ b/.github/workflows/python-pr-validation.yml @@ -1,29 +1,31 @@ -name: Python Pull Request Validation Workflow +name: Pull Request Validation on: - pull_request: - branches: [ "main", "master" ] + pull_request: + branches: ["main"] + +permissions: + contents: read jobs: - Validation: + validate: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 - - name: Set up Python 3.12 - uses: actions/setup-python@v2 + - name: Set up Python 3.13 + uses: actions/setup-python@v5 with: python-version: "3.13" - architecture: "x64" + + - name: Install uv + uses: astral-sh/setup-uv@v3 + with: + enable-cache: true - name: Install dependencies - run: | - python3 -m pip install --upgrade pip - pip install uv - uv venv - uv pip install -e .[dev] + run: uv sync --extra dev - - name: Python Run Tests - run: | - uv run pytest -v + - name: Run tests + run: uv run pytest -v -- cgit v1.2.3 From 7aa4989061950a336287cd8b581813ccd60b1832 Mon Sep 17 00:00:00 2001 From: Roberto Bertó <463349+robertoberto@users.noreply.github.com> Date: Tue, 19 May 2026 03:06:11 +0000 Subject: build: tighten runtime deps and lower Python floor to 3.11 - requires-python: >=3.13 -> >=3.11. The code does not use any 3.13-only feature. typing.List/Dict/Union/Optional throughout, no PEP 695 generics, no Self, no match. Classifiers updated to advertise 3.11/3.12/3.13. - runtime dependencies: trim to requests only. - python-dotenv is only used by examples; move to the dev extra. - urllib3 is never imported by pyvyos directly; it remains available transitively through requests. - pre-existing dev tooling (pytest, pytest-cov, pytest-env) untouched. - CI: PR validation runs on a 3.11/3.12/3.13 matrix. - README: reword the Python requirement. - .python-version: 3.13.0 -> 3.13 (CI uses the matrix). - Wheel build verified to include pyvyos/py.typed and to declare Requires-Python: >=3.11 with requests as the only runtime requirement. --- .github/workflows/python-pr-validation.yml | 12 ++++++++---- .python-version | 2 +- CHANGELOG.md | 9 +++++++++ README.md | 2 +- pyproject.toml | 7 ++++--- 5 files changed, 23 insertions(+), 9 deletions(-) (limited to '.github/workflows/python-pr-validation.yml') diff --git a/.github/workflows/python-pr-validation.yml b/.github/workflows/python-pr-validation.yml index 611372b..081f7a8 100644 --- a/.github/workflows/python-pr-validation.yml +++ b/.github/workflows/python-pr-validation.yml @@ -10,14 +10,18 @@ permissions: jobs: validate: runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + python-version: ["3.11", "3.12", "3.13"] steps: - name: Checkout uses: actions/checkout@v4 - - name: Set up Python 3.13 + - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: - python-version: "3.13" + python-version: ${{ matrix.python-version }} - name: Install uv uses: astral-sh/setup-uv@v3 @@ -25,7 +29,7 @@ jobs: enable-cache: true - name: Install dependencies - run: uv sync --extra dev + run: uv sync --extra dev --python ${{ matrix.python-version }} - name: Run tests - run: uv run pytest -v + run: uv run --python ${{ matrix.python-version }} pytest -v diff --git a/.python-version b/.python-version index 4eba2a6..24ee5b1 100644 --- a/.python-version +++ b/.python-version @@ -1 +1 @@ -3.13.0 +3.13 diff --git a/CHANGELOG.md b/CHANGELOG.md index 13bc332..293a942 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,15 @@ behavior**. - Documented public API stability and deprecation timeline in `README.md`. ### Changed +- `requires-python` lowered to `>=3.11` (was `>=3.13`). The codebase + does not use any 3.13-only syntax, and the lower floor makes the + package reachable for the typical VyOS automation environment. CI now + validates against 3.11, 3.12, and 3.13. +- Runtime dependencies trimmed to `requests>=2.32.0,<3.0` only. + - `python-dotenv` was never imported by the library itself — it is now + a `dev` extra used by the bundled examples. + - `urllib3` was never used directly by `pyvyos` — it stays available + transitively through `requests`. - `vagrant/` lab setup moved to `examples/vagrant/`. - `pyvyos.core.*` is now the internal implementation layer; the supported public API is `from pyvyos import VyDevice, ApiResponse`. The legacy diff --git a/README.md b/README.md index 96c1ec8..83dbd90 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ tooling, and integrations with configuration management systems. pip install pyvyos ``` -Requires **Python 3.13 or newer**. +Requires **Python 3.11 or newer**. Tested on 3.11, 3.12, and 3.13. ## Quick start diff --git a/pyproject.toml b/pyproject.toml index 1f35384..b266351 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -10,7 +10,7 @@ authors = [ ] description = "Python SDK for interacting with the VyOS HTTPS API" readme = "README.md" -requires-python = ">=3.13" +requires-python = ">=3.11" license = { file = "LICENSE" } keywords = ["vyos", "networking", "sdk", "api", "router", "firewall"] classifiers = [ @@ -20,6 +20,8 @@ classifiers = [ "Topic :: System :: Networking", "Topic :: Software Development :: Libraries :: Python Modules", "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", "Programming Language :: Python :: 3.13", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", @@ -27,12 +29,11 @@ classifiers = [ ] dependencies = [ "requests>=2.32.0,<3.0", - "python-dotenv>=1.0.1,<2.0", - "urllib3>=2.5.0", ] [project.optional-dependencies] dev = [ + "python-dotenv>=1.0.1,<2.0", "pytest>=8.0,<10.0", "pytest-cov>=5.0,<7.0", "pytest-env>=0.6.2,<1.3", -- cgit v1.2.3 From c5a2ae114835791de16c5b982632569377c39bfa Mon Sep 17 00:00:00 2001 From: Roberto Bertó <463349+robertoberto@users.noreply.github.com> Date: Tue, 19 May 2026 03:20:53 +0000 Subject: ci: pin uv cache key to pyproject.toml The matrix job in commit 7aa4989 left astral-sh/setup-uv@v3 with its default cache fingerprint of "**/uv.lock". This repo is a library and intentionally does not commit uv.lock (commit a2df706), so the glob matches nothing and the action errors out. Switch the fingerprint to pyproject.toml, the actual source of truth for dependencies. Cache hits remain across PRs that don't touch dependencies; cache invalidates on dependency changes. --- .github/workflows/python-pr-validation.yml | 1 + 1 file changed, 1 insertion(+) (limited to '.github/workflows/python-pr-validation.yml') diff --git a/.github/workflows/python-pr-validation.yml b/.github/workflows/python-pr-validation.yml index 081f7a8..349fe99 100644 --- a/.github/workflows/python-pr-validation.yml +++ b/.github/workflows/python-pr-validation.yml @@ -27,6 +27,7 @@ jobs: uses: astral-sh/setup-uv@v3 with: enable-cache: true + cache-dependency-glob: "pyproject.toml" - name: Install dependencies run: uv sync --extra dev --python ${{ matrix.python-version }} -- cgit v1.2.3 From 62aa8b885e45ad9cd8f8ce5d2a48b4aeff82e502 Mon Sep 17 00:00:00 2001 From: Roberto Bertó <463349+robertoberto@users.noreply.github.com> Date: Tue, 19 May 2026 06:08:52 +0000 Subject: ci: bump actions off Node.js 20 GitHub deprecation notice: Node.js 20 will be removed from runners in September 2026 and forced to Node 24 in June 2026. Pin to current majors that already run on Node 24. - actions/checkout@v4 -> v6 - actions/setup-python@v5 -> v6 - astral-sh/setup-uv@v3 -> v8 - pypa/gh-action-pypi-publish@v1.13.0 -> v1.14.0 - pre-commit/pre-commit-hooks@v5.0.0 -> v6.0.0 This commit does not change pyvyos HTTP payloads, request handling, or response parsing. --- .github/workflows/python-pr-validation.yml | 6 +++--- .github/workflows/python-publish.yml | 6 +++--- .pre-commit-config.yaml | 2 +- CHANGELOG.md | 7 +++++-- 4 files changed, 12 insertions(+), 9 deletions(-) (limited to '.github/workflows/python-pr-validation.yml') diff --git a/.github/workflows/python-pr-validation.yml b/.github/workflows/python-pr-validation.yml index 349fe99..1123ee3 100644 --- a/.github/workflows/python-pr-validation.yml +++ b/.github/workflows/python-pr-validation.yml @@ -16,15 +16,15 @@ jobs: python-version: ["3.11", "3.12", "3.13"] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - name: Install uv - uses: astral-sh/setup-uv@v3 + uses: astral-sh/setup-uv@v8 with: enable-cache: true cache-dependency-glob: "pyproject.toml" diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index 57189af..2ebf94e 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -19,10 +19,10 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4.1.1 + - uses: actions/checkout@v6 - name: Set up Python 3.13 - uses: actions/setup-python@v5.0.0 + uses: actions/setup-python@v6 with: python-version: "3.13" @@ -35,7 +35,7 @@ jobs: run: uv build - name: Publish package - uses: pypa/gh-action-pypi-publish@v1.13.0 + uses: pypa/gh-action-pypi-publish@v1.14.0 with: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7dcae7d..4d771e1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -4,7 +4,7 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v5.0.0 + rev: v6.0.0 hooks: - id: trailing-whitespace - id: end-of-file-fixer diff --git a/CHANGELOG.md b/CHANGELOG.md index 411fa9b..e3a4391 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -51,8 +51,11 @@ behavior**. - removed duplicated dependency blocks, - dropped the unused `validation` extra, - raised the pytest floor for Python 3.13. -- PR validation workflow upgraded to `actions/checkout@v4`, - `actions/setup-python@v5`, and `astral-sh/setup-uv@v3`. +- PR validation workflow upgraded to `actions/checkout@v6`, + `actions/setup-python@v6`, and `astral-sh/setup-uv@v8`. Publish + workflow upgraded to `actions/checkout@v6`, `actions/setup-python@v6`, + and `pypa/gh-action-pypi-publish@v1.14.0`. Pre-commit hooks bumped to + `pre-commit/pre-commit-hooks@v6.0.0`. All move off Node.js 20. - `.env.example` default flipped to `VYDEVICE_VERIFY_SSL=true`; commented with field descriptions. -- cgit v1.2.3 From 4080faf81dcfe248394643cfce14112f3346b62f Mon Sep 17 00:00:00 2001 From: Roberto Bertó <463349+robertoberto@users.noreply.github.com> Date: Tue, 19 May 2026 06:10:07 +0000 Subject: ci: pin setup-uv to v8.1.0 (no floating v8 tag yet) --- .github/workflows/python-pr-validation.yml | 2 +- CHANGELOG.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to '.github/workflows/python-pr-validation.yml') diff --git a/.github/workflows/python-pr-validation.yml b/.github/workflows/python-pr-validation.yml index 1123ee3..d4e55de 100644 --- a/.github/workflows/python-pr-validation.yml +++ b/.github/workflows/python-pr-validation.yml @@ -24,7 +24,7 @@ jobs: python-version: ${{ matrix.python-version }} - name: Install uv - uses: astral-sh/setup-uv@v8 + uses: astral-sh/setup-uv@v8.1.0 with: enable-cache: true cache-dependency-glob: "pyproject.toml" diff --git a/CHANGELOG.md b/CHANGELOG.md index e3a4391..e0a915d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -52,7 +52,7 @@ behavior**. - dropped the unused `validation` extra, - raised the pytest floor for Python 3.13. - PR validation workflow upgraded to `actions/checkout@v6`, - `actions/setup-python@v6`, and `astral-sh/setup-uv@v8`. Publish + `actions/setup-python@v6`, and `astral-sh/setup-uv@v8.1.0`. Publish workflow upgraded to `actions/checkout@v6`, `actions/setup-python@v6`, and `pypa/gh-action-pypi-publish@v1.14.0`. Pre-commit hooks bumped to `pre-commit/pre-commit-hooks@v6.0.0`. All move off Node.js 20. -- cgit v1.2.3 From 6071528289e4a8b11a772433c33851136d30f133 Mon Sep 17 00:00:00 2001 From: Roberto Bertó <463349+robertoberto@users.noreply.github.com> Date: Tue, 19 May 2026 06:14:08 +0000 Subject: ci: pin actions by full commit SHA Per OpenSSF Scorecard 'Pinned-Dependencies' guidance, third-party GitHub Actions should be referenced by full commit SHA, not by tag. Tags are mutable; a SHA is not. Each pin keeps a '# vX.Y.Z' trailing comment so Dependabot can read the current version and propose updates while still pinning by SHA. - actions/checkout de0fac2 # v6.0.2 - actions/setup-python a309ff8 # v6.2.0 - astral-sh/setup-uv 0880764 # v8.1.0 - pypa/gh-action-pypi-publish cef2210 # v1.14.0 This commit does not change pyvyos HTTP payloads, request handling, or response parsing. --- .github/workflows/python-pr-validation.yml | 6 +++--- .github/workflows/python-publish.yml | 6 +++--- CHANGELOG.md | 13 ++++++++----- 3 files changed, 14 insertions(+), 11 deletions(-) (limited to '.github/workflows/python-pr-validation.yml') diff --git a/.github/workflows/python-pr-validation.yml b/.github/workflows/python-pr-validation.yml index d4e55de..5defe21 100644 --- a/.github/workflows/python-pr-validation.yml +++ b/.github/workflows/python-pr-validation.yml @@ -16,15 +16,15 @@ jobs: python-version: ["3.11", "3.12", "3.13"] steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: ${{ matrix.python-version }} - name: Install uv - uses: astral-sh/setup-uv@v8.1.0 + uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 with: enable-cache: true cache-dependency-glob: "pyproject.toml" diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml index 2ebf94e..9ab4867 100644 --- a/.github/workflows/python-publish.yml +++ b/.github/workflows/python-publish.yml @@ -19,10 +19,10 @@ jobs: deploy: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Python 3.13 - uses: actions/setup-python@v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 with: python-version: "3.13" @@ -35,7 +35,7 @@ jobs: run: uv build - name: Publish package - uses: pypa/gh-action-pypi-publish@v1.14.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: user: __token__ password: ${{ secrets.PYPI_API_TOKEN }} diff --git a/CHANGELOG.md b/CHANGELOG.md index e0a915d..28c5e82 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -51,11 +51,14 @@ behavior**. - removed duplicated dependency blocks, - dropped the unused `validation` extra, - raised the pytest floor for Python 3.13. -- PR validation workflow upgraded to `actions/checkout@v6`, - `actions/setup-python@v6`, and `astral-sh/setup-uv@v8.1.0`. Publish - workflow upgraded to `actions/checkout@v6`, `actions/setup-python@v6`, - and `pypa/gh-action-pypi-publish@v1.14.0`. Pre-commit hooks bumped to - `pre-commit/pre-commit-hooks@v6.0.0`. All move off Node.js 20. +- GitHub Actions bumped off Node.js 20 and pinned by full commit SHA + (per [OpenSSF Scorecard guidance][1]) with a `# vX.Y.Z` comment so + Dependabot can keep them current: + `actions/checkout@v6.0.2`, `actions/setup-python@v6.2.0`, + `astral-sh/setup-uv@v8.1.0`, `pypa/gh-action-pypi-publish@v1.14.0`. + Pre-commit hooks bumped to `pre-commit/pre-commit-hooks@v6.0.0`. + +[1]: https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies - `.env.example` default flipped to `VYDEVICE_VERIFY_SSL=true`; commented with field descriptions. -- cgit v1.2.3