Skip to content

ci(github-action): update python to 3.14 #610

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
homebot-0 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

ci(github-action): update python to 3.14 #610

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/mcp-catalog-sync.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -829,7 +829,7 @@ jobs:
if: steps.image.outputs.image_type == 'pypi'
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.12"
python-version: "3.14"
Comment on lines 830 to +832
Copy link

@coderabbitai coderabbitai bot Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

pip-audit PyPI Python 3.14 compatibility

💡 Result:

Short answer: pip-audit should work on Python 3.14, but it’s not explicitly listed as a tested runtime.

Evidence:

  • The pip-audit README on GitHub says it requires "Python 3.10 or newer." [1]
  • The pip-audit PyPI project pages for recent releases show "py3" wheels and recent uploads built with newer CPython (up through 3.13 in uploaded metadata), indicating broad py3 compatibility. [2][3]

What I recommend:

  • You can try installing pip-audit on Python 3.14 (pip install pip-audit). If you need guaranteed, CI-tested support, check the repository’s Actions matrix or open an issue asking maintainers to confirm/test 3.14. (See the repo README for installation and contributing links.) [1]

Sources:

  • GitHub README (pypa/pip-audit) — installation / required Python. [1]
  • pip-audit on PyPI (project page and recent release metadata). [2][3]

🏁 Script executed:

# Examine the workflow file to get full context
head -n 820 .github/workflows/mcp-catalog-sync.yaml | tail -n 30

Repository: jlengelbrecht/prox-ops

Length of output: 1334

Use Python 3.13 or explicitly verify pip-audit 3.14 compatibility.

Python 3.14 is not an explicitly tested runtime for pip-audit. While it likely works (pip-audit requires 3.10+), using an untested Python version in the security scanning step risks silent failures. Either pin to Python 3.13 (tested) or open an issue with pypa/pip-audit to confirm 3.14 support before merge.

Action pinning is correct.

🤖 Prompt for AI Agents 
In @.github/workflows/mcp-catalog-sync.yaml around lines 814 - 816, The workflow
currently uses actions/setup-python with python-version "3.14", which is not an
explicitly tested runtime for pip-audit; change the setup step to use
python-version "3.13" instead or add an explicit compatibility check for
pip-audit (e.g., a short step that installs pip-audit and runs pip-audit
--version or a smoke-run) before the security scan; update the
actions/setup-python usage and the pip-audit invocation references so the job
either pins to "3.13" or verifies 3.14 support with a clear failure if
incompatible.


- name: Run pip-audit (PyPI packages)
id: pip-audit
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/security-gate.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ jobs:
- name: Set up Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.10" # ensure-sops requires Python <3.11
python-version: "3.14" # ensure-sops requires Python <3.11

Comment on lines 227 to 231
Copy link

@coderabbitai coderabbitai bot Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

ensure-sops Python version requirements PyPI

💡 Result:

ensure-sops (PyPI) requires Python >=3.7 and <3.11. [1]

Sources:
[1] ensure-sops on PyPI (project metadata).

🌐 Web query:

ensure-sops latest version Python 3.14 support PyPI releases

💡 Result:

The latest ensure-sops release on PyPI is 0.1.2 (uploaded Aug 4, 2022). The PyPI release provides a generic py3-none-any wheel but does not declare or document explicit Python 3.14 support. [1][2]

If you need guaranteed 3.14 support, either test the package under CPython 3.14 (pip install and run your checks) or contact/raise an issue with the project upstream to request an explicit release/CI that targets Python 3.14. [1][2]

Sources:

  • ensure-sops on PyPI (release history & files). [1]
  • package metadata summary (Safety DB). [2]

Python 3.14 breaks ensure-sops installation (security gate will fail).

ensure-sops on PyPI requires Python <3.11; setting Python 3.14 will cause pip install to fail and break this gate. Revert to Python ≤3.10 unless ensure-sops releases a compatible version.

Safe fallback 
      - name: Set up Python
        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
-          python-version: "3.14"  # ensure-sops requires Python <3.11
+          python-version: "3.10"  # ensure-sops requires Python <3.11
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Set up Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.10" # ensure-sops requires Python <3.11
python-version: "3.14" # ensure-sops requires Python <3.11
- name: Set up Python
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
with:
python-version: "3.10" # ensure-sops requires Python <3.11
🤖 Prompt for AI Agents 
In @.github/workflows/security-gate.yaml around lines 227 - 231, The GitHub
Actions step "Set up Python" currently requests Python 3.14 which breaks
ensure-sops installation; update the python-version value in the
actions/setup-python@... step (the "Set up Python" step) to a compatible runtime
such as "3.10" or "3.10.x" (i.e., <=3.10) so pip can install ensure-sops
successfully, and keep the existing action reference (actions/setup-python)
unchanged.

- name: Install ensure-sops
run: |
Expand Down
Loading