Modernize packaging, tooling, and CI#60
Open
splch wants to merge 5 commits into
Open
Conversation
- Replace setup.py and requirements.txt with PEP 621 pyproject.toml for both packages, grouped under a uv workspace with a committed uv.lock. - Raise the Python floor to 3.11 (required by cirq 1.6) and add py.typed markers so the type hints ship to downstreams. - Drop unused runtime deps (astor, pytype) and the pre-3.8 typing-extensions guard; ship a per-package LICENSE. - Bump cirq and cirq-google to >=1.6,<2 and wrap the gates 1.6 added (UniformSuperpositionGate; google WillowGate, AnalogDetuneQubit, AnalogDetuneCouplerOnly); exclude new google and testing gates from the gate-mirror test.
- Replace black and pylint with ruff (lint + format); consolidate all tool config into the root pyproject. - Apply ruff autofixes: import sorting and PEP 585/604 typing across both packages. - Add ty type checking, scoped to source and advisory in CI for now. - Add a 99% pytest coverage gate (migrated from ci/.coveragerc). - Rewrite CI on uv with SHA-pinned actions, least-privilege permissions, concurrency, and a 3.11-3.13 matrix. - Add a pre-commit config and a modern CONTRIBUTING.md. - Remove the superseded ci/ scripts and configs. - Exclude testing_samples.py from ruff to preserve its line-number-sensitive tests.
Resolve all 75 ty diagnostics so type-checking can become a required CI job (drop continue-on-error). Real fixes: - Annotate build()/_build() func params as types.FunctionType so the __globals__/__closure__/__code__ accesses and the _BuildTransformer call resolve; add the importlib.util import and assert the loaded spec is not None before use. - Guard cirq_blqs_op __str__ with getattr for __name__, which a functools.partial factory does not have (previously a latent error). - Annotate the wait() sympy parameters as Expr rather than Basic to match cirq. - Drop the dead pre-3.8 typing_extensions Protocol fallback in both protocols modules now that the floor is 3.11. Scoped ty config (documented in pyproject): - Exclude tests, sample programs, and notebooks from type-checking. - Ignore unresolved-attribute/not-subscriptable in the build-rewrite modules, which manipulate gast's untyped dynamic AST nodes. - Ignore unresolved-attribute in the cirq gate module, where cirq assigns gate constants dynamically (covered by the gate-mirror tests).
Complete the modernization with release automation and project files: - release.yml: tag-triggered publishing via PyPI Trusted Publishing (OIDC, no tokens). Per-package tags (blqs-v* and blqs-cirq-v*) since the two distributions version independently; the job verifies the tag matches the package's _version.py and builds only that package with uv. - CI: add a pip-audit job that audits the resolved dependency set. - CHANGELOG.md (Keep a Changelog) and SECURITY.md. - Dependabot for the github-actions and uv ecosystems. - Issue forms and a pull request template. All GitHub Actions are pinned to commit SHAs.
antalszava
approved these changes
Jun 9, 2026
antalszava
left a comment
There was a problem hiding this comment.
Very cool changes! 🙌 A few minor comments and some minor adjustments may be required, otherwise lgtm 💯
| id: versions | ||
| attributes: | ||
| label: Versions | ||
| description: Output of `python -c "import blqs; print(blqs.__version__)"` (and cirq if relevant) plus your Python version. |
There was a problem hiding this comment.
(minor:)
-(and cirq if relevant) plus your Python version. short code could be added for these too
| url: https://github.com/ionq/blqs/security/advisories/new | ||
| about: Please report security issues privately, not as a public issue. | ||
| - name: Question or discussion | ||
| url: https://github.com/ionq/blqs/discussions |
There was a problem hiding this comment.
afaik this has to be turned on in the Settings of the repo - it doesn't exist atm.
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| python-version: ["3.11", "3.12", "3.13"] |
| with: | ||
| enable-cache: true | ||
| - run: uv sync | ||
| - run: uv run ty check |
There was a problem hiding this comment.
(minor:) why is this a separate step from lint?
| Please do not open a public issue for security vulnerabilities. | ||
|
|
||
| Report privately through GitHub's | ||
| [private vulnerability reporting](https://github.com/ionq/blqs/security/advisories/new) |
|
|
||
| for old, new in zip(walk_ast(annotated_ast), walk_ast(new_ast)): | ||
| if hasattr(old, "original_lineno"): | ||
| for old, new in zip(walk_ast(annotated_ast), walk_ast(new_ast), strict=False): |
| elif [[ "$tag" == blqs-v* ]]; then | ||
| pkg="blqs"; dir="blqs"; ver="${tag#blqs-v}" | ||
| else | ||
| echo "::error::Unrecognized tag '$tag'"; exit 1 |
There was a problem hiding this comment.
does this error now abort the entire workflow? i.e., will no tags be published to PyPi?
Co-authored-by: antalszava <antalszava@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Modernizes both packages off
setup.pyto a uv workspace with current tooling, plus CI and release automation. No library behavior changes beyond supporting current cirq.pyproject.toml+ uv workspace (replacessetup.py/requirements.txt); Python floor raised to 3.11; both packages now shippy.typed.cirq/cirq-googlebumped to>=1.6,<2(new gates wrapped); dropped unusedastorandpytype.ruff(lint + format) replaces black + pylint;tytype-checking as a blocking gate; 99% coverage gate. Config consolidated intopyproject.toml.CHANGELOG.md,SECURITY.md, Dependabot, and issue/PR templates.Test plan
uv run pytest(285 pass, 99% coverage),uv run ruff check,uv run ruff format --check, anduv run ty checkall green.Note: each PyPI project needs its trusted publisher configured before the first OIDC release.