ci(github-action): update python to 3.14 #610

Two GitHub Actions workflows updated to use Python 3.14 in their "Set up Python" steps (.github/workflows/mcp-catalog-sync.yaml: 3.12 → 3.14; .github/workflows/security-gate.yaml: 3.10 → 3.14). No other workflow logic, control flow, or exported/public-entity changes.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Python Version Updates `./.github/workflows/mcp-catalog-sync.yaml`, `./.github/workflows/security-gate.yaml`	Updated "Set up Python" runtime versions to `3.14` (`mcp-catalog-sync`: `3.12` → `3.14`; `security-gate`: `3.10` → `3.14`). No other edits to steps or control flow.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'ci(github-action): update python to 3.14' clearly and concisely summarizes the main change: updating Python versions in GitHub Actions workflows from 3.10/3.12 to 3.14.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

📝 Generate docstrings

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch renovate/runtime-python

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

homebot-0 · 2025-12-20T11:09:00Z

✅ Gitleaks Secret Scan Passed

No secrets detected in this pull request.

Check	Status
Secret patterns	✅ Clean
Sensitive files	✅ None detected

coderabbitai

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/security-gate.yaml:
- Around line 227-231: The GitHub Actions step "Set up Python" currently
requests Python 3.14 which breaks ensure-sops installation; update the
python-version value in the actions/setup-python@... step (the "Set up Python"
step) to a compatible runtime such as "3.10" or "3.10.x" (i.e., <=3.10) so pip
can install ensure-sops successfully, and keep the existing action reference
(actions/setup-python) unchanged.

coderabbitai · 2026-01-22T02:50:04Z

.github/workflows/security-gate.yaml

      - name: Set up Python
        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
-          python-version: "3.10"  # ensure-sops requires Python <3.11
+          python-version: "3.14"  # ensure-sops requires Python <3.11



⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

ensure-sops Python version requirements PyPI

💡 Result:

ensure-sops (PyPI) requires Python >=3.7 and <3.11. [1]

Sources:
[1] ensure-sops on PyPI (project metadata).

🌐 Web query:

ensure-sops latest version Python 3.14 support PyPI releases

💡 Result:

The latest ensure-sops release on PyPI is 0.1.2 (uploaded Aug 4, 2022). The PyPI release provides a generic py3-none-any wheel but does not declare or document explicit Python 3.14 support. [1][2]

If you need guaranteed 3.14 support, either test the package under CPython 3.14 (pip install and run your checks) or contact/raise an issue with the project upstream to request an explicit release/CI that targets Python 3.14. [1][2]

Sources:

ensure-sops on PyPI (release history & files). [1]

package metadata summary (Safety DB). [2]

Python 3.14 breaks ensure-sops installation (security gate will fail).

ensure-sops on PyPI requires Python <3.11; setting Python 3.14 will cause pip install to fail and break this gate. Revert to Python ≤3.10 unless ensure-sops releases a compatible version.

Safe fallback

- name: Set up Python uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 with: - python-version: "3.14" # ensure-sops requires Python <3.11 + python-version: "3.10" # ensure-sops requires Python <3.11

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

- name: Set up Python

uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0

with:

python-version: "3.10" # ensure-sops requires Python <3.11

python-version: "3.14" # ensure-sops requires Python <3.11

- name: Set up Python

uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0

with:

python-version: "3.10" # ensure-sops requires Python <3.11

🤖 Prompt for AI Agents

In @.github/workflows/security-gate.yaml around lines 227 - 231, The GitHub Actions step "Set up Python" currently requests Python 3.14 which breaks ensure-sops installation; update the python-version value in the actions/setup-python@... step (the "Set up Python" step) to a compatible runtime such as "3.10" or "3.10.x" (i.e., <=3.10) so pip can install ensure-sops successfully, and keep the existing action reference (actions/setup-python) unchanged.

coderabbitai

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/mcp-catalog-sync.yaml:
- Around line 814-816: The workflow currently uses actions/setup-python with
python-version "3.14", which is not an explicitly tested runtime for pip-audit;
change the setup step to use python-version "3.13" instead or add an explicit
compatibility check for pip-audit (e.g., a short step that installs pip-audit
and runs pip-audit --version or a smoke-run) before the security scan; update
the actions/setup-python usage and the pip-audit invocation references so the
job either pins to "3.13" or verifies 3.14 support with a clear failure if
incompatible.

♻️ Duplicate comments (1)

.github/workflows/security-gate.yaml (1)
227-234: Python 3.14 breaks ensure-sops — security gate will fail.

The inline comment on line 230 states ensure-sops requires Python <3.11, yet the version is set to 3.14. This is a direct contradiction that will cause pip install ensure-sops==0.1.2 to fail with a version incompatibility error.

ensure-sops 0.1.2 (last release: Aug 2022) declares Requires-Python: >=3.7,<3.11. This security gate is dead on arrival.

Revert to Python 3.10 or find an alternative SOPS validation tool that supports modern Python.
Revert to compatible Python version
      - name: Set up Python
        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
-          python-version: "3.14"  # ensure-sops requires Python <3.11
+          python-version: "3.10"  # ensure-sops requires Python <3.11

coderabbitai · 2026-01-22T16:19:45Z

.github/workflows/mcp-catalog-sync.yaml

        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
-          python-version: "3.12"
+          python-version: "3.14"


⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

pip-audit PyPI Python 3.14 compatibility

💡 Result:

Short answer: pip-audit should work on Python 3.14, but it’s not explicitly listed as a tested runtime.

Evidence:

The pip-audit README on GitHub says it requires "Python 3.10 or newer." [1]

The pip-audit PyPI project pages for recent releases show "py3" wheels and recent uploads built with newer CPython (up through 3.13 in uploaded metadata), indicating broad py3 compatibility. [2][3]

What I recommend:

You can try installing pip-audit on Python 3.14 (pip install pip-audit). If you need guaranteed, CI-tested support, check the repository’s Actions matrix or open an issue asking maintainers to confirm/test 3.14. (See the repo README for installation and contributing links.) [1]

Sources:

GitHub README (pypa/pip-audit) — installation / required Python. [1]

pip-audit on PyPI (project page and recent release metadata). [2][3]

🏁 Script executed:

# Examine the workflow file to get full context head -n 820 .github/workflows/mcp-catalog-sync.yaml | tail -n 30

Repository: jlengelbrecht/prox-ops

Length of output: 1334

Use Python 3.13 or explicitly verify pip-audit 3.14 compatibility.

Python 3.14 is not an explicitly tested runtime for pip-audit. While it likely works (pip-audit requires 3.10+), using an untested Python version in the security scanning step risks silent failures. Either pin to Python 3.13 (tested) or open an issue with pypa/pip-audit to confirm 3.14 support before merge.

Action pinning is correct.

🤖 Prompt for AI Agents

In @.github/workflows/mcp-catalog-sync.yaml around lines 814 - 816, The workflow currently uses actions/setup-python with python-version "3.14", which is not an explicitly tested runtime for pip-audit; change the setup step to use python-version "3.13" instead or add an explicit compatibility check for pip-audit (e.g., a short step that installs pip-audit and runs pip-audit --version or a smoke-run) before the security scan; update the actions/setup-python usage and the pip-audit invocation references so the job either pins to "3.13" or verifies 3.14 support with a clear failure if incompatible.

homebot-0 bot added renovate Dependency update by Renovate update/minor Minor version update - new features labels Dec 20, 2025

homebot-0 bot added the area/github Changes to GitHub workflows and configuration label Dec 20, 2025

homebot-0 bot force-pushed the renovate/runtime-python branch from 5b26eef to a6e11f1 Compare January 21, 2026 20:47

coderabbitai bot approved these changes Jan 21, 2026

View reviewed changes

homebot-0 bot force-pushed the renovate/runtime-python branch from a6e11f1 to 2920351 Compare January 22, 2026 02:44

coderabbitai bot requested changes Jan 22, 2026

View reviewed changes

homebot-0 bot force-pushed the renovate/runtime-python branch from 2920351 to 3793d94 Compare January 22, 2026 16:13

coderabbitai bot requested changes Jan 22, 2026

View reviewed changes

homebot-0 bot force-pushed the renovate/runtime-python branch from 3793d94 to 74ed113 Compare January 27, 2026 08:13

ci(github-action): update python to 3.14

9b4b430

homebot-0 bot force-pushed the renovate/runtime-python branch from 74ed113 to 9b4b430 Compare January 27, 2026 09:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(github-action): update python to 3.14 #610

ci(github-action): update python to 3.14 #610

Uh oh!

homebot-0 bot commented Dec 20, 2025 •

edited

Loading

Uh oh!

coderabbitai bot commented Dec 20, 2025 •

edited

Loading

Uh oh!

homebot-0 bot commented Dec 20, 2025

Uh oh!

coderabbitai bot left a comment

Uh oh!

coderabbitai bot Jan 22, 2026

Uh oh!

coderabbitai bot left a comment

Uh oh!

coderabbitai bot Jan 22, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

ci(github-action): update python to 3.14 #610

Are you sure you want to change the base?

ci(github-action): update python to 3.14 #610

Uh oh!

Conversation

homebot-0 bot commented Dec 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v3.14.2: 3.14.2

v3.14.1: 3.14.1

v3.14.0: 3.14.0

v3.13.11: 3.13.11

v3.13.10: 3.13.10

v3.13.9: 3.13.9

v3.13.8: 3.13.8

v3.13.7: 3.13.7

v3.13.6: 3.13.6

v3.13.5: 3.13.5

v3.13.4: 3.13.4

v3.13.3: 3.13.3

v3.13.2: 3.13.2

v3.13.1: 3.13.1

v3.13.0: 3.13.0

v3.12.12: 3.12.12

v3.12.11: 3.12.11

v3.12.10: 3.12.10

v3.12.9: 3.12.9

v3.12.8: 3.12.8

v3.12.7: 3.12.7

v3.12.6: 3.12.6

v3.12.5: 3.12.5

v3.12.4: 3.12.4

v3.12.3: 3.12.3

v3.12.2: 3.12.2

v3.12.1: 3.12.1

v3.12.0: 3.12.0

v3.11.14: 3.11.14

v3.11.13: 3.11.13

v3.11.12: 3.11.12

v3.11.11: 3.11.11

v3.11.10: 3.11.10

v3.11.9: 3.11.9

v3.11.8: 3.11.8

v3.11.7: 3.11.7

v3.11.6: 3.11.6

v3.11.5: 3.11.5

v3.11.4: 3.11.4

v3.11.3: 3.11.3

v3.11.2: 3.11.2

v3.11.1: 3.11.1

v3.11.0: 3.11.0

Configuration

Uh oh!

coderabbitai bot commented Dec 20, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Uh oh!

homebot-0 bot commented Dec 20, 2025

✅ Gitleaks Secret Scan Passed

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jan 22, 2026

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Jan 22, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

homebot-0 bot commented Dec 20, 2025 •

edited

Loading

`v3.14.2`: 3.14.2

`v3.14.1`: 3.14.1

`v3.14.0`: 3.14.0

`v3.13.11`: 3.13.11

`v3.13.10`: 3.13.10

`v3.13.9`: 3.13.9

`v3.13.8`: 3.13.8

`v3.13.7`: 3.13.7

`v3.13.6`: 3.13.6

`v3.13.5`: 3.13.5

`v3.13.4`: 3.13.4

`v3.13.3`: 3.13.3

`v3.13.2`: 3.13.2

`v3.13.1`: 3.13.1

`v3.13.0`: 3.13.0

`v3.12.12`: 3.12.12

`v3.12.11`: 3.12.11

`v3.12.10`: 3.12.10

`v3.12.9`: 3.12.9

`v3.12.8`: 3.12.8

`v3.12.7`: 3.12.7

`v3.12.6`: 3.12.6

`v3.12.5`: 3.12.5

`v3.12.4`: 3.12.4

`v3.12.3`: 3.12.3

`v3.12.2`: 3.12.2

`v3.12.1`: 3.12.1

`v3.12.0`: 3.12.0

`v3.11.14`: 3.11.14

`v3.11.13`: 3.11.13

`v3.11.12`: 3.11.12

`v3.11.11`: 3.11.11

`v3.11.10`: 3.11.10

`v3.11.9`: 3.11.9

`v3.11.8`: 3.11.8

`v3.11.7`: 3.11.7

`v3.11.6`: 3.11.6

`v3.11.5`: 3.11.5

`v3.11.4`: 3.11.4

`v3.11.3`: 3.11.3

`v3.11.2`: 3.11.2

`v3.11.1`: 3.11.1

`v3.11.0`: 3.11.0

coderabbitai bot commented Dec 20, 2025 •

edited

Loading