Add Python 3.14 support #32
Conversation
Addresses issue k9securityio#31 by adding Python 3.14 support to cedar-py, which unblocks the failing CI for releases. Changes: - Upgrade PyO3 from 0.19.0 to 0.27.1 for Python 3.14 compatibility - Update maturin from 1.7.8 to >=1.8,<2 for Python 3.14 wheel building - Migrate PyModule API from deprecated GIL Refs to Bound<PyModule> - Update CI workflow to use Python 3.x (now includes Python 3.14) - Update macOS runner from deprecated macos-13 to macos-15-intel All unit tests (31) and integration tests (74) pass with Python 3.14.0. Backward compatibility verified with Python 3.9, 3.11. Fixes k9securityio#31
|
On Windows the test_authorized_batch_perf failed the performance metric. It's a timing-sensitive test that expects batch operations to be 3x faster, but on the windows runner it did not meet the bar. The actual functionality works correctly, it just doesn't meet the additional strict performance threshold. It did this on the previous CI run too. |
|
Thanks for the PR! When investigating the CI failure (#31), I also came to the conclusion that supporting Python 3.14 would probably require updating PyO3, maturin, et al and didn't have time to do that. So I was trying to fix #31 without an upgrade. As you may have guessed, I stopped when I hit what may be a perf degradation on the Windows build because I didn't have time to investigate that immediately. I'll review this PR as soon as I can. |
|
This looks great. Thank you! There are a number of additional Python runtimes supported depending on the processor architecture. Runtime support appears to be:
I've tested this PR locally and it LGTM. |
2 participants
This adds Python 3.14 support to cedar-py, building on the work started in ec5d0f9 and 9c15185.
The temporary workaround of pinning to Python 3.13 prevented CI failures, but we still need to actually support Python 3.14 for users who want to use the new AWS Lambda Python 3.14 runtime. The main issue was that PyO3 0.19.0 doesn't support Python 3.14, so I've upgraded it to 0.27.1 along with maturin to 1.8+ to enable Python 3.14 wheel building.
The PyO3 upgrade required migrating from the deprecated GIL Refs API to the newer Bound API in src/lib.rs. This is just a signature change in the module initialization function and doesn't affect the Python-facing API at all.
I've tested this locally with Python 3.9, 3.11, and 3.14. All unit tests (31) and integration tests (74) pass on each version. Wheels build successfully for Python 3.9, 3.10, 3.11, 3.13, and 3.14.
With these changes, we can change python-version back to 3.x in CI and it will properly build Python 3.14 wheels instead of failing.
Fixes #31
Note I I used Claude Code to help research the PyO3 migration requirements and test across multiple Python versions. It sped things up.