Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prepare for wheel publishing (alpha patch version of 0.0.1) #283

Merged
merged 11 commits into from
Aug 14, 2024

Conversation

mihaimaruseac
Copy link
Collaborator

@mihaimaruseac mihaimaruseac commented Aug 13, 2024

Summary

Prepare the project so that we can publish a wheel with the library (as part of #175). Attempt to make sure we can still proceed with both building the library and the surrounding CLI.

We are going to use hatch for all development work as that makes it very simple:

  • to test: hatch test
  • to test with coverage: hatch test -c
  • to test against all supported python versions: hatch test --all (-c still supported)
  • to format the code: hatch fmt
  • to check the formatting (in GHA, etc.): hatch fmt --check.
  • to check typing: hatch run type:check. This is a custom environment and we can create others in the future (e.g., for documentation)
  • to build the wheel: hatch build. The wheel can then be installed in a separate virtual env if needed for future testing.
  • to run custom tests: hatch shell or hatch run $cmd.

Testing now happens in parallel, and in randomized fashion. Fast and removes the possibility of a test case influencing the behavior of another.

Another benefit of using hatch is that it allows us to build C/C++ extensions (via plugins), so when we need to get extra performance or drop to C/C++ (e.g., for #201) we can just do it.


In order to make this buildable as a wheel, I needed to restructure the code. So, the first commit moves files around and only changes 2 markdown links. The files are moved to get to a src/ layout. There are more benefits for a src/ layout than a flat
layout, such as:

  • documentation is easier to generate
  • we won't accidentally test against code that is different than what users would see
  • we can include only the source in the wheel, reducing PyPI bandwidth
  • it makes it clearer which parts of the repo go into the wheel and which ones are ancillary. Incidentally, we might now want to move the SLSA parts to another repo and maybe rename this one? We can do this at a later time.

Since we would need to change README.model_signing.md anyway once the API is ready, I have not updated it besides just fixing the image pointer.

I have deleted old files from when this was a POC. Since we're working on releasing the library, we no longer need those. The code in these files is already implemented in the library. What these files used to test is now in the test files.

The alternative to not moving the files to the root of the folder would have been to duplicate LICENSE, etc. inside the model-signing directory, so that packaging tools would see it. But we still needed to move files around to get to the src/ layout and to make documentation work correctly. So, it did not make sense to also duplicate LICENSE.


For the second commit of the PR I just focused on making sure that hatch build builds the wheel and the tarball. As a bonus, hatch shell drops us into a virtual environment with the package locally installed, in an editable fashion: we can just edit the files and can immediately test the code without having to reinstall the wheel somewhere else. So, we get the benefits of testing exactly the wheel that is shipped to the users without having to have a separate virtual environment to install the wheel in, without having to manually manage that.

The wheel that gets built is minimal. Here's the corresponding tarball's contents (output of tar tf):

model_signing-0.0.1a0/model_signing/__init__.py
model_signing-0.0.1a0/model_signing/hashing/__init__.py
model_signing-0.0.1a0/model_signing/hashing/file.py
model_signing-0.0.1a0/model_signing/hashing/hashing.py
model_signing-0.0.1a0/model_signing/hashing/memory.py
model_signing-0.0.1a0/model_signing/manifest/__init__.py
model_signing-0.0.1a0/model_signing/manifest/manifest.py
model_signing-0.0.1a0/model_signing/serialization/__init__.py
model_signing-0.0.1a0/model_signing/serialization/serialization.py
model_signing-0.0.1a0/model_signing/serialization/serialize_by_file.py
model_signing-0.0.1a0/model_signing/serialization/serialize_by_file_shard.py
model_signing-0.0.1a0/model_signing/signature/__init__.py
model_signing-0.0.1a0/model_signing/signature/encoding.py
model_signing-0.0.1a0/model_signing/signature/fake.py
model_signing-0.0.1a0/model_signing/signature/key.py
model_signing-0.0.1a0/model_signing/signature/pki.py
model_signing-0.0.1a0/model_signing/signature/signing.py
model_signing-0.0.1a0/model_signing/signature/sigstore.py
model_signing-0.0.1a0/model_signing/signature/verifying.py
model_signing-0.0.1a0/model_signing/signing/__init__.py
model_signing-0.0.1a0/model_signing/signing/as_bytes.py
model_signing-0.0.1a0/model_signing/signing/empty_signing.py
model_signing-0.0.1a0/model_signing/signing/in_toto.py
model_signing-0.0.1a0/model_signing/signing/signing.py
model_signing-0.0.1a0/model_signing/signing/sigstore.py
model_signing-0.0.1a0/.gitignore
model_signing-0.0.1a0/LICENSE
model_signing-0.0.1a0/README.model_signing.md
model_signing-0.0.1a0/pyproject.toml
model_signing-0.0.1a0/PKG-INFO

I added a few more formatting settings and run hatch fmt across the entire code, affecting slsa_for_models too. Added some excludes and we'll work on minimizing those in the future.


Updated .gitignore to exclude all the artifacts generated during development. Updated GitHub Actions to run via hatch. Removed GHA workflows which became obsolete, as well as the requirements files for model_signing, since now dependencies are handled via hatch.


Since CodeQL was complaining about signature/sigstore.py and we already have singing/sigstore.py with the implementation of signing with Sigstore, I removed the file in signature. Incidentally, we might want to rename signature/ as pki/ as it only has the parts needed for signing with own PKI. We would then offer this as a feature of the wheel (pip install model_signing[pki]) instead of having it be there by default. But these changes will happen in future PRs.


This would require rebase on #279, #240 given that we have moved files around. It closes #192 given that all tests have been migrated. It closes #68 due to the same. Similarly, closes #182. Also, closes #231 since we have fixed slsa_for_models code to pass hatch fmt

Release Note

NONE (will add when ready to publish, also with CHANGELOG.md)

Documentation

NONE (will add when ready to publish, there's some TODO now to merge README.md files)

Copy link
Contributor

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just took a skim, looking forward to the changes. A few quick questions:

Can we exclude the .gitignore?

The wheel that gets built is minimal. Here's the corresponding tarball's contents (output of tar tf):

...
model_signing-0.0.1a0/.gitignore
...

pyproject.toml Outdated Show resolved Hide resolved
pyproject.toml Outdated Show resolved Hide resolved
@mihaimaruseac
Copy link
Collaborator Author

mihaimaruseac commented Aug 13, 2024

Can we exclude the .gitignore?

Yes, I somehow thought that that is the default, but it's not. Will amend + force push/rebase.

@spencerschrock
Copy link
Contributor

Can we exclude the .gitignore?

Yes, I somehow thought that that is the default, but it's not. Will amend + force push/rebase.

The answer is probably no:

https://hatch.pypa.io/latest/plugins/builder/sdist/#default-file-selection

The following files are always included and cannot be excluded:

/pyproject.toml
/hatch.toml
/hatch_build.py
/.gitignore or /.hgignore
Any defined readme file
All defined license-files

@mihaimaruseac
Copy link
Collaborator Author

mihaimaruseac commented Aug 13, 2024

I was just going to paste that. Yeah, cannot be removed from sdist, but it is not in the wheel anyway.

@mihaimaruseac mihaimaruseac force-pushed the packaging branch 4 times, most recently from 378c640 to f3b0acb Compare August 13, 2024 22:23
This commits moves files around to get to a `src/` layout
(https://packaging.python.org/en/latest/discussions/src-layout-vs-flat-layout/#src-layout-vs-flat-layout)
for the code. There are more benefits for a `src/` layout than a flat
layout, such as:

- documentation is easier to generate
- we won't accidentally test against code that is different than what
  users would see
- we can include only the source in the wheel, reducing PyPI bandwidth
- it makes it clearer which parts of the repo go into the wheel and
  which ones are ancillary. Incidentally, we might now want to move the
  SLSA parts to another repo and maybe rename this one? We can do this
  at a later time.

For this commit I only moved the files around. The only change is in
`README.md` where I replaced the pointer to `model_signing/README.md`
with one to `README.model_signing.md`, as I'm creating this file now.

Since we would need to change `README.model_signing.md` anyway once the
API is ready, I have not updated it besides just fixing the image
pointer.

I have deleted old files from when this was a POC. Since we're working
on releasing the library, we no longer need those.

The alternative to not moving the files to the root of the folder would
have been to duplicate LICENSE, etc. inside the `model-signing`
directory, so that packaging tools would see it. I decided against that,
since we still needed to move files around to make a `src/` directory
and it did no longer make sense to also do file duplication.

Signed-off-by: Mihai Maruseac <[email protected]>
Decided to use [`hatch`](https://hatch.pypa.io/latest/). Well,
`hatchling` for the build backend and `hatch` as project manager.

While not important for this step, using `hatch` allows us to have
multiple environments for different usage scenarios. We can have one
environment for tests, one for type checking, etc.

For this commit, I just focused on making sure that `hatch build` builds
the wheel and the tarball. As a bonus, `hatch shell` drops us into a
virtual environment with the package locally installed, in an editable
fashion: we can just edit the files and can immediately test the code
without having to reinstall the wheel somewhere else. So, we get the
benefits of testing exactly the wheel that is shipped to the users
without having to have a separate virtual environment to install the
wheel in, without having to manually manage that.

The wheel that gets built is minimal. Here's the corresponding tarball's
contents (output of `tar tf`):

```
model_signing-0.0.1a0/model_signing/__init__.py
model_signing-0.0.1a0/model_signing/hashing/__init__.py
model_signing-0.0.1a0/model_signing/hashing/file.py
model_signing-0.0.1a0/model_signing/hashing/hashing.py
model_signing-0.0.1a0/model_signing/hashing/memory.py
model_signing-0.0.1a0/model_signing/manifest/__init__.py
model_signing-0.0.1a0/model_signing/manifest/manifest.py
model_signing-0.0.1a0/model_signing/serialization/__init__.py
model_signing-0.0.1a0/model_signing/serialization/serialization.py
model_signing-0.0.1a0/model_signing/serialization/serialize_by_file.py
model_signing-0.0.1a0/model_signing/serialization/serialize_by_file_shard.py
model_signing-0.0.1a0/model_signing/signature/__init__.py
model_signing-0.0.1a0/model_signing/signature/encoding.py
model_signing-0.0.1a0/model_signing/signature/fake.py
model_signing-0.0.1a0/model_signing/signature/key.py
model_signing-0.0.1a0/model_signing/signature/pki.py
model_signing-0.0.1a0/model_signing/signature/signing.py
model_signing-0.0.1a0/model_signing/signature/sigstore.py
model_signing-0.0.1a0/model_signing/signature/verifying.py
model_signing-0.0.1a0/model_signing/signing/__init__.py
model_signing-0.0.1a0/model_signing/signing/as_bytes.py
model_signing-0.0.1a0/model_signing/signing/empty_signing.py
model_signing-0.0.1a0/model_signing/signing/in_toto.py
model_signing-0.0.1a0/model_signing/signing/signing.py
model_signing-0.0.1a0/model_signing/signing/sigstore.py
model_signing-0.0.1a0/.gitignore
model_signing-0.0.1a0/LICENSE
model_signing-0.0.1a0/README.model_signing.md
model_signing-0.0.1a0/pyproject.toml
model_signing-0.0.1a0/PKG-INFO
```

Signed-off-by: Mihai Maruseac <[email protected]>
Tested by running `hatch shell` then `python` then

```
>>> import model_signing
>>> import model_signing.hashing
>>> import model_signing.hashing.hashing
>>> import model_signing.hashing.file
>>> import model_signing.hashing.memory
>>> import model_signing.manifest
>>> import model_signing.manifest.manifest
>>> import model_signing.serialization
>>> import model_signing.serialization.serialization
>>> import model_signing.serialization.serialize_by_file
>>> import model_signing.serialization.serialize_by_file_shard
>>> import model_signing.signing
>>> import model_signing.signing.as_bytes
>>> import model_signing.signing.in_toto
>>> import model_signing.signing.signing
>>> import model_signing.signing.sigstore
>>> import model_signing.signature
>>> import model_signing.signature.fake
>>> import model_signing.signature.key
>>> import model_signing.signature.pki
>>> import model_signing.signature.signing
>>> import model_signing.signature.sigstore
>>> import model_signing.signature.verifying
>>> ^D
```

Tested the same with `hatch build`, copying the wheel to outside the
soruce tree, creating a virtual env, and installing the wheel in the
empty env, after which I ran the above imports again.

Signed-off-by: Mihai Maruseac <[email protected]>
Enable random order testing to surface out cases where one test case
depends on another. Enable parallel testing to speed up testing.

Will add matrix support later.

```
plugins: xdist-3.6.1, mock-3.14.0, rerunfailures-14.0, randomly-3.15.0
12 workers [233 items]
.........................................................................................................................................................................................................................................                                          [100%]
================================================================================================================================== 233 passed in 2.18s ===================================================================================================================================
```

Signed-off-by: Mihai Maruseac <[email protected]>
Did some minor fixes here and there, but left a bunch for future PRs.

Signed-off-by: Mihai Maruseac <[email protected]>
This builds a custom environment in which we run `pytype` for just the
library and the test. Unlike style linting, here we completely ignore
`slsa_for_models`.

Signed-off-by: Mihai Maruseac <[email protected]>
We now use hatch to install and manage the dependencies.

Signed-off-by: Mihai Maruseac <[email protected]>
We already have a Sigstore signer in the main library, this is no longer
needed. If the CodeQL scanner would not have failed here, I would have
kept it around for a future cleanup.

Signed-off-by: Mihai Maruseac <[email protected]>
Comment on lines +41 to +42
- name: Set up Hatch
uses: pypa/hatch@a3c83ab3d481fbc2dc91dd0088628817488dd1d5
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm curious how dependabot will update this. I haven't seen the install branch approach they take for the action before.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, not sure if we'll lose dependency caching but can always revisit in future.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we have to keep an eye on this and revisit in the future. There's an alternative path to install via pipx

model_signing/signature/sigstore.py Show resolved Hide resolved
pyproject.toml Outdated Show resolved Hide resolved
pyproject.toml Show resolved Hide resolved
Comment on lines +88 to +89
[tool.ruff.lint]
select = ["B", "D", "E", "F", "I", "N", "PLC", "PLE", "PT", "SIM", "W"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this be extend-select?
https://hatch.pypa.io/1.9/config/static-analysis/#extending-config

Or should we be explicit through select?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll switch to extend-select once we minimize the rules we exclude, but right now we have a superset of what's by default, so select seems better.

src/model_signing/signature/pki.py Outdated Show resolved Hide resolved
src/model_signing/signature/pki.py Outdated Show resolved Hide resolved
@spencerschrock
Copy link
Contributor

also can i selfishly request this patch so the VSCode pytest integration still works with the new layout? As an added bonus it restores the ability to do pytest . to run the tests (for anyone with muscle memory).

diff --git a/pyproject.toml b/pyproject.toml
index 7b02f97..7691c99 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -62,6 +62,9 @@ installer = "pip"
 parallel = true
 randomize = true
 
+[tool.pytest.ini_options]
+pythonpath = "src"
+
 [tool.ruff]
 line-length = 80
 target-version = "py311"

Signed-off-by: Mihai Maruseac <[email protected]>
@mihaimaruseac
Copy link
Collaborator Author

Added the patch, but note that it only works if you have pytest installed in the env from outside of hatch's managed ones.

@mihaimaruseac
Copy link
Collaborator Author

(wrong click on the close button, sorry)

mihaimaruseac added a commit to mihaimaruseac/sigstore-community that referenced this pull request Aug 14, 2024
These are added and tested in
sigstore/model-transparency#283.

We only require Linux checks for the model signing library and
linting/py-style.

Signed-off-by: Mihai Maruseac <[email protected]>
Copy link
Contributor

@spencerschrock spencerschrock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similarly this should be able to close #231 ?

@mihaimaruseac
Copy link
Collaborator Author

Ohh, good catch. Yes!

@mihaimaruseac mihaimaruseac merged commit 58c43b1 into sigstore:main Aug 14, 2024
18 checks passed
@mihaimaruseac mihaimaruseac deleted the packaging branch August 14, 2024 19:52
haydentherapper pushed a commit to sigstore/community that referenced this pull request Aug 14, 2024
These are added and tested in
sigstore/model-transparency#283.

We only require Linux checks for the model signing library and
linting/py-style.

Signed-off-by: Mihai Maruseac <[email protected]>
mihaimaruseac added a commit to mihaimaruseac/model-transparency that referenced this pull request Aug 14, 2024
This file gets generated when testing with coverage data (`hatch test -c`). I missed adding it to `.gitignore` in sigstore#283 because I didn't run testing with coverage locally. Fixing the issue now.

Signed-off-by: Mihai Maruseac <[email protected]>
mihaimaruseac added a commit that referenced this pull request Aug 14, 2024
This file gets generated when testing with coverage data (`hatch test -c`). I missed adding it to `.gitignore` in #283 because I didn't run testing with coverage locally. Fixing the issue now.

Signed-off-by: Mihai Maruseac <[email protected]>
susperius pushed a commit to susperius/model-transparency that referenced this pull request Aug 21, 2024
…#283)

* Reorganize code to enable wheel publishing

This commits moves files around to get to a `src/` layout
(https://packaging.python.org/en/latest/discussions/src-layout-vs-flat-layout/#src-layout-vs-flat-layout)
for the code. There are more benefits for a `src/` layout than a flat
layout, such as:

- documentation is easier to generate
- we won't accidentally test against code that is different than what
  users would see
- we can include only the source in the wheel, reducing PyPI bandwidth
- it makes it clearer which parts of the repo go into the wheel and
  which ones are ancillary. Incidentally, we might now want to move the
  SLSA parts to another repo and maybe rename this one? We can do this
  at a later time.

For this commit I only moved the files around. The only change is in
`README.md` where I replaced the pointer to `model_signing/README.md`
with one to `README.model_signing.md`, as I'm creating this file now.

Since we would need to change `README.model_signing.md` anyway once the
API is ready, I have not updated it besides just fixing the image
pointer.

I have deleted old files from when this was a POC. Since we're working
on releasing the library, we no longer need those.

The alternative to not moving the files to the root of the folder would
have been to duplicate LICENSE, etc. inside the `model-signing`
directory, so that packaging tools would see it. I decided against that,
since we still needed to move files around to make a `src/` directory
and it did no longer make sense to also do file duplication.

Signed-off-by: Mihai Maruseac <[email protected]>

* Add publishing metadata to pyproject.toml

Decided to use [`hatch`](https://hatch.pypa.io/latest/). Well,
`hatchling` for the build backend and `hatch` as project manager.

While not important for this step, using `hatch` allows us to have
multiple environments for different usage scenarios. We can have one
environment for tests, one for type checking, etc.

For this commit, I just focused on making sure that `hatch build` builds
the wheel and the tarball. As a bonus, `hatch shell` drops us into a
virtual environment with the package locally installed, in an editable
fashion: we can just edit the files and can immediately test the code
without having to reinstall the wheel somewhere else. So, we get the
benefits of testing exactly the wheel that is shipped to the users
without having to have a separate virtual environment to install the
wheel in, without having to manually manage that.

The wheel that gets built is minimal. Here's the corresponding tarball's
contents (output of `tar tf`):

```
model_signing-0.0.1a0/model_signing/__init__.py
model_signing-0.0.1a0/model_signing/hashing/__init__.py
model_signing-0.0.1a0/model_signing/hashing/file.py
model_signing-0.0.1a0/model_signing/hashing/hashing.py
model_signing-0.0.1a0/model_signing/hashing/memory.py
model_signing-0.0.1a0/model_signing/manifest/__init__.py
model_signing-0.0.1a0/model_signing/manifest/manifest.py
model_signing-0.0.1a0/model_signing/serialization/__init__.py
model_signing-0.0.1a0/model_signing/serialization/serialization.py
model_signing-0.0.1a0/model_signing/serialization/serialize_by_file.py
model_signing-0.0.1a0/model_signing/serialization/serialize_by_file_shard.py
model_signing-0.0.1a0/model_signing/signature/__init__.py
model_signing-0.0.1a0/model_signing/signature/encoding.py
model_signing-0.0.1a0/model_signing/signature/fake.py
model_signing-0.0.1a0/model_signing/signature/key.py
model_signing-0.0.1a0/model_signing/signature/pki.py
model_signing-0.0.1a0/model_signing/signature/signing.py
model_signing-0.0.1a0/model_signing/signature/sigstore.py
model_signing-0.0.1a0/model_signing/signature/verifying.py
model_signing-0.0.1a0/model_signing/signing/__init__.py
model_signing-0.0.1a0/model_signing/signing/as_bytes.py
model_signing-0.0.1a0/model_signing/signing/empty_signing.py
model_signing-0.0.1a0/model_signing/signing/in_toto.py
model_signing-0.0.1a0/model_signing/signing/signing.py
model_signing-0.0.1a0/model_signing/signing/sigstore.py
model_signing-0.0.1a0/.gitignore
model_signing-0.0.1a0/LICENSE
model_signing-0.0.1a0/README.model_signing.md
model_signing-0.0.1a0/pyproject.toml
model_signing-0.0.1a0/PKG-INFO
```

Signed-off-by: Mihai Maruseac <[email protected]>

* Add required deps to install/use the package.

Tested by running `hatch shell` then `python` then

```
>>> import model_signing
>>> import model_signing.hashing
>>> import model_signing.hashing.hashing
>>> import model_signing.hashing.file
>>> import model_signing.hashing.memory
>>> import model_signing.manifest
>>> import model_signing.manifest.manifest
>>> import model_signing.serialization
>>> import model_signing.serialization.serialization
>>> import model_signing.serialization.serialize_by_file
>>> import model_signing.serialization.serialize_by_file_shard
>>> import model_signing.signing
>>> import model_signing.signing.as_bytes
>>> import model_signing.signing.in_toto
>>> import model_signing.signing.signing
>>> import model_signing.signing.sigstore
>>> import model_signing.signature
>>> import model_signing.signature.fake
>>> import model_signing.signature.key
>>> import model_signing.signature.pki
>>> import model_signing.signature.signing
>>> import model_signing.signature.sigstore
>>> import model_signing.signature.verifying
>>> ^D
```

Tested the same with `hatch build`, copying the wheel to outside the
soruce tree, creating a virtual env, and installing the wheel in the
empty env, after which I ran the above imports again.

Signed-off-by: Mihai Maruseac <[email protected]>

* Add testing support via `hatch test`.

Enable random order testing to surface out cases where one test case
depends on another. Enable parallel testing to speed up testing.

Will add matrix support later.

```
plugins: xdist-3.6.1, mock-3.14.0, rerunfailures-14.0, randomly-3.15.0
12 workers [233 items]
.........................................................................................................................................................................................................................................                                          [100%]
================================================================================================================================== 233 passed in 2.18s ===================================================================================================================================
```

Signed-off-by: Mihai Maruseac <[email protected]>

* Standardize formatting with `hatch fmt`

Did some minor fixes here and there, but left a bunch for future PRs.

Signed-off-by: Mihai Maruseac <[email protected]>

* Add `pytype` support via `hatch run type:check`

This builds a custom environment in which we run `pytype` for just the
library and the test. Unlike style linting, here we completely ignore
`slsa_for_models`.

Signed-off-by: Mihai Maruseac <[email protected]>

* Update `.gitignore` to exclude all cache artifacts

Signed-off-by: Mihai Maruseac <[email protected]>

* Update GHAs to use hatch for testing and linting

The scripts are now much simpler and easier to update to newer versions
of Python.

I also added copyright notices to all files. Removed the workflows that
are no longer relevant (slsa_for_ml needs to be pinned right now to
first make sure it works -- probably we'll move it to a separate repo).

Signed-off-by: Mihai Maruseac <[email protected]>

* Remove old model signing requirements files.

We now use hatch to install and manage the dependencies.

Signed-off-by: Mihai Maruseac <[email protected]>

* Fix codeQL scan: remove unused file.

We already have a Sigstore signer in the main library, this is no longer
needed. If the CodeQL scanner would not have failed here, I would have
kept it around for a future cleanup.

Signed-off-by: Mihai Maruseac <[email protected]>

* Handle review comments

Signed-off-by: Mihai Maruseac <[email protected]>

---------

Signed-off-by: Mihai Maruseac <[email protected]>
susperius pushed a commit to susperius/model-transparency that referenced this pull request Aug 21, 2024
This file gets generated when testing with coverage data (`hatch test -c`). I missed adding it to `.gitignore` in sigstore#283 because I didn't run testing with coverage locally. Fixing the issue now.

Signed-off-by: Mihai Maruseac <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Lint over the entire repository Re-factor unit tests
3 participants