Python 3.14 support

[majiidd]

• Python 3.14 support.
• Migrated from setup.py to pyproject.toml (PEP 621).
• Improved CI/CD pipeline with job dependencies and parallel execution.
• Marked Python 3.15 as experimental with allowed failures.

Summary by CodeRabbit

Release Notes

• Chores
  • Added Python 3.14 support
  • Added experimental Python 3.15 support with allowed failures
  • Enhanced CI/CD pipeline with improved job dependencies and parallel test execution
  • Updated build and publishing infrastructure

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The project migrates Python packaging from setup.py to pyproject.toml, restructures the CI/CD pipeline with multi-stage jobs and artifact sharing, adds Python 3.14 support, marks Python 3.15 as experimental, and upgrades Codecov to v5.

Changes

Cohort / File(s)	Summary
CI/CD Pipeline Restructuring .github/workflows/ci.yml	Introduced new lint and build jobs with explicit dependencies, expanded test matrix with experimental Python variants and PyPy, split publish flow into separate test and production PyPI jobs with artifact downloading, and upgraded Codecov action from v4 to v5.
Python Packaging Migration pyproject.toml, setup.py	Removed setup.py entirely and migrated packaging metadata to pyproject.toml; added Python 3.14 to Black target-version configuration.
Release Documentation CHANGELOG.md	Added release notes for version 5.5.0 documenting PEP 621 migration, Python 3.14 support, Python 3.15 experimental support, and improved CI/CD pipeline.

Sequence Diagram(s)

sequenceDiagram
    actor Developer
    participant GitHub as GitHub Actions
    participant Lint as Lint Job
    participant Tests as Tests Job<br/>(Matrix)
    participant Build as Build Job
    participant TestPyPI as Publish to<br/>Test PyPI
    participant PyPI as Publish to<br/>PyPI
    participant Artifacts as Artifact<br/>Storage

    Developer->>GitHub: Push code
    GitHub->>Lint: Start (checks out code)
    GitHub->>Tests: Start (multiple Python variants)
    
    Lint->>Lint: Run pre-commit checks
    Tests->>Tests: Run test suite
    
    Lint-->>GitHub: ✓ Pass/Fail
    Tests-->>GitHub: ✓ Pass/Fail
    
    alt Lint & Tests Pass
        GitHub->>Build: Start (needs: [lint, tests])
        Build->>Build: Build sdist & wheel
        Build->>Artifacts: Upload distributions
        Artifacts-->>Build: Stored
        
        alt Test Build
            GitHub->>TestPyPI: Start (needs: build)
            TestPyPI->>Artifacts: Download artifacts
            Artifacts-->>TestPyPI: Retrieved
            TestPyPI->>TestPyPI: Publish to Test PyPI
        end
        
        alt Production Build
            GitHub->>PyPI: Start (needs: build)
            PyPI->>Artifacts: Download artifacts
            Artifacts-->>PyPI: Retrieved
            PyPI->>PyPI: Publish to PyPI
        end
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 The setup.py hops away, pyproject.toml takes the stage,
Three Python friends join the party—14 and 15's coming of age!
Lint then tests, build then publish, jobs dance in line,
Artifacts pass between stages, the pipeline's divine! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the primary change—adding Python 3.14 support—which is the headline feature mentioned in the PR objectives and is addressed throughout the changeset (pyproject.toml, CI workflow updates).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch new-python

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

In general, this issue is fixed by explicitly setting a minimal permissions block either at the workflow root (applies to all jobs) or at the individual job level. Since the publish-test-pypi and publish-pypi jobs already specify the extra id-token: write permission they need, the cleanest approach is to set a restrictive default at the workflow root (e.g., contents: read) and then rely on existing job-level permissions for the publishing jobs.

The single best fix here without changing functionality is:

• Add a workflow-level permissions block near the top of .github/workflows/ci.yml, right after the on: block and before concurrency:.
• Set contents: read as the default, which is sufficient for actions/checkout@v4 and all the current jobs’ behavior (lint, tests, build). The publishing jobs already define permissions: id-token: write, which will override the workflow default for those jobs and keep them functioning as before.

Concretely:

• Edit .github/workflows/ci.yml.

• After line 10 (workflow_dispatch:) insert:

  permissions:
    contents: read

• No other imports, methods, or definitions are required; this is purely a workflow YAML change.

In general, you should explicitly specify permissions for the workflow (or per job) so the GITHUB_TOKEN is restricted to the least privileges necessary. For build and test jobs that only read the repository and interact with external services via their own tokens (like Codecov or PyPI OIDC), contents: read is usually sufficient, and sometimes even contents: none if actions/checkout is not used.

For this workflow, the cleanest and least-disruptive fix is:

• Add a permissions block at the workflow root that applies to all jobs by default, setting contents: read. This covers lint, tests, and build, which only need to read the repo and do not appear to need write access to anything in GitHub.
• Keep the existing per-job permissions blocks for publish-test-pypi and publish-pypi (they already request id-token: write), letting GitHub merge the defaults with job-specific overrides. They do not need contents write access either, so the root contents: read works fine.

Concretely:

• In .github/workflows/ci.yml, add:

  permissions:
    contents: read

  after the on: block and before the concurrency: block (around line 11).

• No other changes to steps or jobs are required.

This adds explicit minimal permissions without changing existing functionality.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.24%. Comparing base (bdff1c5) to head (6478d47).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##           master      #60   +/-   ##
=======================================
  Coverage   93.24%   93.24%           
=======================================
  Files           5        5           
  Lines        1021     1021           
=======================================
  Hits          952      952           
  Misses         69       69           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.