Skip to content

Modernize packaging, tooling, and CI#60

Open
splch wants to merge 5 commits into
mainfrom
modernize-packaging
Open

Modernize packaging, tooling, and CI#60
splch wants to merge 5 commits into
mainfrom
modernize-packaging

Conversation

@splch

@splch splch commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

Summary

Modernizes both packages off setup.py to a uv workspace with current tooling, plus CI and release automation. No library behavior changes beyond supporting current cirq.

  • Packaging: pyproject.toml + uv workspace (replaces setup.py/requirements.txt); Python floor raised to 3.11; both packages now ship py.typed.
  • Dependencies: cirq/cirq-google bumped to >=1.6,<2 (new gates wrapped); dropped unused astor and pytype.
  • Tooling: ruff (lint + format) replaces black + pylint; ty type-checking as a blocking gate; 99% coverage gate. Config consolidated into pyproject.toml.
  • CI: rewritten on uv with SHA-pinned actions (lint, type-check, test on 3.11-3.13, pip-audit); added a tag-driven release workflow using PyPI Trusted Publishing.
  • Hygiene: CHANGELOG.md, SECURITY.md, Dependabot, and issue/PR templates.

Test plan

uv run pytest (285 pass, 99% coverage), uv run ruff check, uv run ruff format --check, and uv run ty check all green.

Note: each PyPI project needs its trusted publisher configured before the first OIDC release.

splch added 4 commits June 5, 2026 11:47
- Replace setup.py and requirements.txt with PEP 621 pyproject.toml for
  both packages, grouped under a uv workspace with a committed uv.lock.
- Raise the Python floor to 3.11 (required by cirq 1.6) and add py.typed
  markers so the type hints ship to downstreams.
- Drop unused runtime deps (astor, pytype) and the pre-3.8
  typing-extensions guard; ship a per-package LICENSE.
- Bump cirq and cirq-google to >=1.6,<2 and wrap the gates 1.6 added
  (UniformSuperpositionGate; google WillowGate, AnalogDetuneQubit,
  AnalogDetuneCouplerOnly); exclude new google and testing gates from
  the gate-mirror test.
- Replace black and pylint with ruff (lint + format); consolidate all
  tool config into the root pyproject.
- Apply ruff autofixes: import sorting and PEP 585/604 typing across
  both packages.
- Add ty type checking, scoped to source and advisory in CI for now.
- Add a 99% pytest coverage gate (migrated from ci/.coveragerc).
- Rewrite CI on uv with SHA-pinned actions, least-privilege
  permissions, concurrency, and a 3.11-3.13 matrix.
- Add a pre-commit config and a modern CONTRIBUTING.md.
- Remove the superseded ci/ scripts and configs.
- Exclude testing_samples.py from ruff to preserve its
  line-number-sensitive tests.
Resolve all 75 ty diagnostics so type-checking can become a required CI
job (drop continue-on-error).

Real fixes:
- Annotate build()/_build() func params as types.FunctionType so the
  __globals__/__closure__/__code__ accesses and the _BuildTransformer
  call resolve; add the importlib.util import and assert the loaded spec
  is not None before use.
- Guard cirq_blqs_op __str__ with getattr for __name__, which a
  functools.partial factory does not have (previously a latent error).
- Annotate the wait() sympy parameters as Expr rather than Basic to
  match cirq.
- Drop the dead pre-3.8 typing_extensions Protocol fallback in both
  protocols modules now that the floor is 3.11.

Scoped ty config (documented in pyproject):
- Exclude tests, sample programs, and notebooks from type-checking.
- Ignore unresolved-attribute/not-subscriptable in the build-rewrite
  modules, which manipulate gast's untyped dynamic AST nodes.
- Ignore unresolved-attribute in the cirq gate module, where cirq
  assigns gate constants dynamically (covered by the gate-mirror tests).
Complete the modernization with release automation and project files:

- release.yml: tag-triggered publishing via PyPI Trusted Publishing (OIDC,
  no tokens). Per-package tags (blqs-v* and blqs-cirq-v*) since the two
  distributions version independently; the job verifies the tag matches the
  package's _version.py and builds only that package with uv.
- CI: add a pip-audit job that audits the resolved dependency set.
- CHANGELOG.md (Keep a Changelog) and SECURITY.md.
- Dependabot for the github-actions and uv ecosystems.
- Issue forms and a pull request template.

All GitHub Actions are pinned to commit SHAs.
@cla-bot cla-bot Bot added the cla-signed label Jun 5, 2026
@splch splch self-assigned this Jun 5, 2026

@antalszava antalszava left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very cool changes! 🙌 A few minor comments and some minor adjustments may be required, otherwise lgtm 💯

Comment thread .github/ISSUE_TEMPLATE/bug_report.yml Outdated
id: versions
attributes:
label: Versions
description: Output of `python -c "import blqs; print(blqs.__version__)"` (and cirq if relevant) plus your Python version.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(minor:)
-(and cirq if relevant) plus your Python version. short code could be added for these too

url: https://github.com/ionq/blqs/security/advisories/new
about: Please report security issues privately, not as a public issue.
- name: Question or discussion
url: https://github.com/ionq/blqs/discussions

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

afaik this has to be turned on in the Settings of the repo - it doesn't exist atm.

Comment thread .github/ISSUE_TEMPLATE/feature_request.yml Outdated
Comment thread .github/ISSUE_TEMPLATE/feature_request.yml Outdated
strategy:
fail-fast: false
matrix:
python-version: ["3.11", "3.12", "3.13"]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why no 3.14?

with:
enable-cache: true
- run: uv sync
- run: uv run ty check

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(minor:) why is this a separate step from lint?

Comment thread SECURITY.md
Please do not open a public issue for security vulnerabilities.

Report privately through GitHub's
[private vulnerability reporting](https://github.com/ionq/blqs/security/advisories/new)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

page not found error on the link

Comment thread blqs/blqs/_ast.py

for old, new in zip(walk_ast(annotated_ast), walk_ast(new_ast)):
if hasattr(old, "original_lineno"):
for old, new in zip(walk_ast(annotated_ast), walk_ast(new_ast), strict=False):

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why was strict=False set here?

elif [[ "$tag" == blqs-v* ]]; then
pkg="blqs"; dir="blqs"; ver="${tag#blqs-v}"
else
echo "::error::Unrecognized tag '$tag'"; exit 1

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this error now abort the entire workflow? i.e., will no tags be published to PyPi?

Co-authored-by: antalszava <antalszava@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants