feat: Add Python 3.14 freethreaded support #250
Conversation
- Add Python 3.14 freethreaded to GitHub Actions test matrix - Update pyproject.toml to include CPython 3.14 classifier - Add Python 3.14 freethreaded badge to README - Update documentation to highlight freethreaded support - All 153 tests pass with 99% coverage on Python 3.14 freethreaded - Verified compatibility with GIL-free Python builds This ensures json2xml works seamlessly with both regular Python 3.14 and the new freethreaded (GIL-free) Python 3.14 builds, providing better performance for concurrent workloads.
Reviewer's guide (collapsed on small PRs)Reviewer's GuideThis PR implements full Python 3.14 freethreaded support by extending the CI matrix, updating package metadata, and refreshing documentation and coverage metrics for seamless GIL-free integration. File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
Codecov Reportβ
All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #250 +/- ##
=======================================
Coverage 99.30% 99.30%
=======================================
Files 3 3
Lines 288 288
=======================================
Hits 286 286
Misses 2 2
Flags with carried forward coverage won't be shown. Click here to find out more. β View full report in Codecov by Sentry. |
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
Hey there - I've reviewed your changes - here's some feedback:
- Verify that the GitHub Actions β3.14-freethreadedβ specifier is actually supported by the setup-python action (you may need to pin a newer version or provide a custom download URL).
- Remove or fix the βProgramming Language :: Python :: Implementation :: CPython :: 3.14β classifier, as itβs not a valid PyPI trove classifier (only βImplementation :: CPythonβ is recognized).
- Add documentation on how to obtain and install the freethreaded CPython build, since most users wonβt have a β3.14-freethreadedβ interpreter available out of the box.
Prompt for AI Agents
Please address the comments from this code review:
## Overall Comments
- Verify that the GitHub Actions β3.14-freethreadedβ specifier is actually supported by the setup-python action (you may need to pin a newer version or provide a custom download URL).
- Remove or fix the βProgramming Language :: Python :: Implementation :: CPython :: 3.14β classifier, as itβs not a valid PyPI trove classifier (only βImplementation :: CPythonβ is recognized).
- Add documentation on how to obtain and install the freethreaded CPython build, since most users wonβt have a β3.14-freethreadedβ interpreter available out of the box.Help me be more useful! Please click π or π on each comment and I'll use the feedback to improve your reviews.
- Update Python versions to latest stable patches: - 3.10.18, 3.11.13, 3.12.11, 3.13.8, 3.14.0 - Include Python 3.14.0-freethreaded for free-threading testing - Update OS matrix for better compatibility: - ubuntu-22.04 (required for Python 3.14 support) - windows-2022 (latest Windows runner) - macos-13 (latest macOS runner) - Ensure all Python versions work on all specified OS versions - Based on analysis of versions-manifest.json
- Remove invalid '3.14.0-freethreaded' version string from matrix - Update macOS runner from macos-13 to macos-14 for better compatibility - Add dedicated test-freethreaded job with proper freethreaded Python builds - Use correct architecture-specific download URLs from versions manifest - Ensure freethreaded Python testing works across all platforms
| fi | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v6 |
There was a problem hiding this comment.
security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
Source: opengrep
| PYTHON_FREETHREADED: 1 | ||
|
|
||
| - name: Upload coverage to Codecov | ||
| uses: codecov/codecov-action@v5 |
There was a problem hiding this comment.
security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
Source: opengrep
- Update publish-to-test-pypi.yml and publish-to-live-pypi.yml to use uv instead of pip - Update lint.yml to use uv for ruff and mypy installations - Upgrade setup-python action from v3 to v5.2.0 in publish workflows - Add uv caching for better performance across all workflows - Replace pip install commands with uv pip install --system - Ensure consistent package management across all CI jobs
| pip install ruff | ||
|
|
||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v6 |
There was a problem hiding this comment.
security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
Source: opengrep
| - run: pip install --upgrade mypy types-requests types-urllib3 | ||
|
|
||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v6 |
There was a problem hiding this comment.
security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
Source: opengrep
| build | ||
| --user | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v6 |
There was a problem hiding this comment.
security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
Source: opengrep
| build | ||
| --user | ||
| - name: Install uv | ||
| uses: astral-sh/setup-uv@v6 |
There was a problem hiding this comment.
security (yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha): An action sourced from a third-party repository on GitHub is not pinned to a full length commit SHA. Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository, as they would need to generate a SHA-1 collision for a valid Git object payload.
Source: opengrep
- Remove --system flag from all uv pip install commands - Use virtual environments properly in GitHub Actions - Fix compatibility with externally managed Python environments - Ensure workflows work on both local and CI environments - Update all workflow files: pythonpackage.yml, publish-to-test-pypi.yml, publish-to-live-pypi.yml, lint.yml
- Use setup-python with '3.14t' for freethreaded Python instead of manual downloads - Add GIL verification step - Simplify matrix configuration - Add shell: bash for cross-platform compatibility Amp-Thread-ID: https://ampcode.com/threads/T-fc74ca49-9112-45ec-bc0a-2d58b25ca7bf Co-authored-by: Amp <amp@ampcode.com>
Fixes virtual environment errors in CI by installing packages into system Python
1 participant
π Python 3.14 Freethreaded Support
This PR adds comprehensive support for Python 3.14 freethreaded (GIL-free) builds to the json2xml library.
β¨ What's New
π§ͺ Testing Results
π Changes Made
GitHub Actions Workflow ()
Project Configuration ()
Documentation ()
Coverage Reports ()
π§ Technical Details
π― Benefits
π Test Matrix
The CI now tests against:
β Verification
This PR has been thoroughly tested locally with:
Ready for review and merge! π
Summary by Sourcery
Enable comprehensive Python 3.14 freethreaded support by updating CI, metadata, documentation, and validation testing.
New Features:
Enhancements:
CI:
Documentation:
Tests: