Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Annotate the library (add py.typed) #970

Merged
merged 3 commits into from
Mar 25, 2025
Merged

Annotate the library (add py.typed) #970

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e3861dd
Stricter mypy setup
jku Feb 3, 2025
2883df9
workflows: Run linter on oldest supported Python
jku Mar 17, 2025
d17acca
lint: Exclude hash module from linting
jku Mar 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/_test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ jobs:
include:
# Run macOS tests on 3.9 (current OS X python) and latest,
# Run Windows and "special" tests on latest Python version only
# Run linter on oldest supported Python
- python-version: "3.9"
os: macos-latest
toxenv: py
Expand All @@ -34,7 +35,7 @@ jobs:
- python-version: "3.13"
os: ubuntu-latest
toxenv: py-test-gpg-fails
- python-version: "3.13"
- python-version: "3.9"
os: ubuntu-latest
toxenv: lint

Expand Down
37 changes: 0 additions & 37 deletions mypy.ini
View file
Open in desktop

This file was deleted.

42 changes: 40 additions & 2 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@ include = [
"/securesystemslib",
"/requirements*.txt",
"/tox.ini",
"/mypy.ini",
"/CHANGELOG.md",
"/.coveragerc",
]
Expand All @@ -87,4 +86,43 @@ indent-width = 4
"tests/*" = [
"S", # bandit: Not running bandit on tests
"E501" # line-too-long
]
]

[tool.mypy]
warn_unused_configs = "True"
warn_redundant_casts = "True"
warn_unused_ignores = "True"
warn_unreachable = "True"
strict_equality = "True"
disallow_untyped_defs = "True"
show_error_codes = "True"

exclude = [
"^securesystemslib/_vendor/",
"^securesystemslib/_gpg/",
"^securesystemslib/hash.py",
]

[[tool.mypy.overrides]]
module = [
# let's not install typeshed annotations for GCPSigner
"google.*",
# Suppress error messages for non-annotating dependencies
"PyKCS11.*",
"asn1crypto.*",
"sigstore_protobuf_specs.*",
"pyspx.*",
"azure.*",
"boto3.*",
"botocore.*",
"hvac.*",
]
ignore_missing_imports = "True"

[[tool.mypy.overrides]]
module = [
"securesystemslib._gpg.*",
"securesystemslib._vendor.*",
"securesystemslib.hash",
]
follow_imports = "skip"
Empty file added securesystemslib/py.typed
View file
Open in desktop
Empty file.
2 changes: 1 addition & 1 deletion securesystemslib/signer/_hsm_signer.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@
_PYKCS11LIB = None


def PYKCS11LIB(): # noqa: N802
def PYKCS11LIB(): # type: ignore[no-untyped-def] # noqa: N802
"""Pseudo-singleton to load shared library using PYKCS11LIB envvar only once."""
global _PYKCS11LIB # noqa: PLW0603
if _PYKCS11LIB is None:
Expand Down
7 changes: 5 additions & 2 deletions securesystemslib/signer/_key.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
SECP256R1,
SECP384R1,
SECP521R1,
EllipticCurve,
EllipticCurvePublicKey,
)
from cryptography.hazmat.primitives.asymmetric.ed25519 import (
Expand Down Expand Up @@ -346,11 +347,13 @@ def _verify_ed25519_fallback(self, signature: bytes, data: bytes) -> None:
def _verify(self, signature: bytes, data: bytes) -> None:
"""Helper to verify signature using pyca/cryptography (default)."""

def _validate_type(key, type_):
def _validate_type(key: object, type_: type) -> None:
if not isinstance(key, type_):
raise ValueError(f"bad key {key} for {self.scheme}")

def _validate_curve(key, curve):
def _validate_curve(
key: EllipticCurvePublicKey, curve: type[EllipticCurve]
) -> None:
if not isinstance(key.curve, curve):
raise ValueError(f"bad curve {key.curve} for {self.scheme}")

Expand Down
2 changes: 1 addition & 1 deletion securesystemslib/signer/_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
from securesystemslib.hash import digest


def compute_default_keyid(keytype: str, scheme, keyval: dict[str, Any]) -> str:
def compute_default_keyid(keytype: str, scheme: str, keyval: dict[str, Any]) -> str:
"""Return sha256 hexdigest of the canonical json of the key."""
data: str | None = encode_canonical(
{
Expand Down
4 changes: 2 additions & 2 deletions securesystemslib/storage.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
from abc import ABCMeta, abstractmethod
from collections.abc import Iterator
from contextlib import contextmanager
from typing import IO, BinaryIO
from typing import IO, Any, BinaryIO

from securesystemslib import exceptions

Expand Down Expand Up @@ -189,7 +189,7 @@ class FilesystemBackend(StorageBackendInterface):
# objects.
_instance = None

def __new__(cls, *args, **kwargs):
def __new__(cls, *args: Any, **kwargs: Any) -> FilesystemBackend:
if cls._instance is None:
cls._instance = object.__new__(cls, *args, **kwargs)
return cls._instance
Expand Down
2 changes: 1 addition & 1 deletion tox.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ commands =
ruff format --diff {[testenv:lint]lint_dirs}
ruff check {[testenv:lint]lint_dirs}

mypy {[testenv:lint]lint_dirs}
mypy securesystemslib
zizmor --persona=pedantic -q .

[testenv:fix]
Expand Down