Add binding#17
Conversation
phillip-wenig-frequenz
requested review from
leandro-lucarella-frequenz,
llucax,
malteschaaf and
shsms
github-actions
Bot
added
part:docs
phillip-wenig-frequenz
force-pushed
the
add-binding
branch
from
7e45f78 to
6b15351
Compare
| @@ -0,0 +1,455 @@ | |||
| use chrono::{DateTime, TimeDelta, Utc}; | |||
There was a problem hiding this comment.
Looks like we're missing the header lines. For example: https://github.com/frequenz-floss/frequenz-microgrid-component-graph-python/blob/v0.x.x/src/lib.rs#L1-L4
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - platform: ubuntu-24.04 |
There was a problem hiding this comment.
PyPI would only accept wheels that are built on the manylinux containers. Easiest to copy from here: https://github.com/frequenz-floss/frequenz-microgrid-component-graph-python/blob/v0.x.x/.github/workflows/ci.yaml
And ci-pr.yaml from the same dir for basic PR checks.
Signed-off-by: Phillip Wenig <phillip.wenig@frequenz.com>
Signed-off-by: Phillip Wenig <phillip.wenig@frequenz.com>
Signed-off-by: Phillip Wenig <phillip.wenig@frequenz.com>
phillip-wenig-frequenz
force-pushed
the
add-binding
branch
2 times, most recently
from
2885cfb to
1461740
Compare
Signed-off-by: Phillip Wenig <phillip.wenig@frequenz.com>
Signed-off-by: Phillip Wenig <phillip.wenig@frequenz.com>
phillip-wenig-frequenz
force-pushed
the
add-binding
branch
from
1461740 to
167feed
Compare
phillip-wenig-frequenz
merged commit 19930e0
into
frequenz-floss:v0.x.x
llucax
left a comment
llucax
left a comment
There was a problem hiding this comment.
Hello 👋
I see a lot of the latest fixed I made to GitHub workflows are being reverted in this PR. A lot of effort was put to improve our workflow/actions hygiene to be as secure as possible. Please be more careful when updating actions/workflows from now on, do not just blindly revert code, and as general rules:
- Make sure to always pin actions using hashes to prevent supply chain attacks
- Always call
pythonwith-Ito prevent arbitrary code execution - Be careful about shell expansion issues
To be sure, I would revert to the original template files and re-apply only the necessary changes.
Also, as we grow the number of projects we have in rust with python bindings, I think it would be very useful to add a new repo type to repo-config. Maybe you can create an issue in repo-config listing all currently known differences between a "normal" python lib and a rust binding python lib?
I created an issue so this doesn't get lost:
| uses: frequenz-floss/gh-action-nox@80a9845a59ffc71d27b9c41099eb6cb55bc7b671 # v1.1.1 | ||
| uses: frequenz-floss/gh-action-nox@v1.0.1 |
There was a problem hiding this comment.
Why this? This is not good, we should always pin dependencies (it was also downgraded, but that will be taken care of by dependabot). Can you please revert to use hashes? Same for all the others.
| permissions: | ||
| # Read repository contents for checkout and dependency resolution only. | ||
| contents: read | ||
|
|
There was a problem hiding this comment.
Not good. You are reverting the latest fixes I did in repo-config to improve security. Without declaring permissions explicitly, actions will have write permission. Please revert.
There was a problem hiding this comment.
I asked Phillip to copy the existing stuff from component-graph-py, where we have verified that this config works for maturin based rust binding builds, and didn't want to research. And at least those two repos haven't diverged from each other.
It would be nice to get repo-config support for rust bindings, because we're likely to get more soon(tm).
This particular item I remember removing very clearly because we talked about it: frequenz-floss/frequenz-microgrid-component-graph-python#16 (comment)
There was a problem hiding this comment.
I asked Phillip to copy the existing stuff from component-graph-py, where we have verified that this config works for maturin based rust binding builds, and didn't want to research. And at least those two repos haven't diverged from each other.
Understood. Still, please be careful about reverting changes related to security, I think the priority should be security, if we need to align, we need to bring the less secure workflow to be like the most secure workflow, not the other way around. And I totally get that this changes are new and you might have been unaware. It is just a heads-up for the future.
It would be nice to get repo-config support for rust bindings, because we're likely to get more soon(tm).
100% agreed, I suggested that too. If you could create an issue it would be helpful (and a PR would be amazing 😆 )
| platform: | ||
| target: |
There was a problem hiding this comment.
If possible revert this too, so it is as aligned with repo-config templates as possible, so we have higher chances that migration scripts work on this repo. Eventually we should probably create a new project type rust-binding (or something like that) in repo-config.
| runs-on: ubuntu-slim | ||
| # Drop token permissions: this job only checks matrix status from `needs`. | ||
| permissions: {} | ||
| runs-on: ubuntu-24.04 |
There was a problem hiding this comment.
Please revert this too. Permissions for sure, but the runner too, unless the step needs docker or some tool that is not included in ubuntu-slim.
There was a problem hiding this comment.
These are built using the manylinux containers, the ubuntu-slim here isn't relevant.
| run: python -Im pip freeze | ||
| run: python -m pip freeze |
There was a problem hiding this comment.
More security fixes that are being regressed. Please also revert.
| # Collect aliases into an array to avoid accidental (or malicious) | ||
| # shell injection when passing them to mike. | ||
| aliases=() | ||
| if test -n "$ALIASES"; then | ||
| read -r -a aliases <<<"$ALIASES" | ||
| fi | ||
| # mike is installed as a console script, not a runnable module. | ||
| # Run the installed script under isolated mode to avoid importing from | ||
| # the workspace when building docs from checked-out code. | ||
| python -I "$(command -v mike)" \ | ||
| deploy --update-aliases --title "$TITLE" "$VERSION" "${aliases[@]}" | ||
| mike deploy --update-aliases --title "$TITLE" "$VERSION" $ALIASES |
| extra_opts=() | ||
| if echo "$REF_NAME" | grep -- -; then extra_opts+=(--prerelease); fi | ||
| extra_opts= | ||
| if echo "$REF_NAME" | grep -- -; then extra_opts=" --prerelease"; fi | ||
| gh release create \ | ||
| -R "$REPOSITORY" \ | ||
| --notes-file RELEASE_NOTES.md \ | ||
| --generate-notes \ | ||
| "${extra_opts[@]}" \ | ||
| "$REF_NAME" \ | ||
| dist/* | ||
| $extra_opts \ | ||
| $REF_NAME \ | ||
| dist/wheels-*/*.whl dist/wheels-sdist/*.tar.gz |
| # Create GitHub releases and upload distribution artifacts. | ||
| # We need write permissions on contents to create GitHub releases and on | ||
| # discussions to create the release announcement in the discussion forums | ||
| contents: write | ||
| runs-on: ubuntu-slim | ||
| discussions: write | ||
| runs-on: ubuntu-24.04 |
3 participants
Summary
This PR introduces Rust-backed Python bindings for
frequenz-resamplingand migrates the Python package to thefrequenz.resamplingnamespace.It adds a PyO3 extension module built with
maturin, moves/exposes the Python API in the new package path, expands tests for the bindings, and updates docs/CI/tooling paths to align with the compiled-package architecture.Changes
src/lib.rs,Cargo.toml,Cargo.lock)frequenz/resamplingfrequenz/resampling/_rust_backend.pyi)resampling/__init__.pysrctofrequenzREADME.md,AGENTS.md)Upgrade Notes
resamplingfrequenz.resamplingfrequenz.resampling._rust_backend).Validation