build(deps): update ruff requirement from <0.11.14 to <0.14.3

Makefile

@@ -26,7 +26,7 @@ all:
 dev: $(VENV)/pyvenv.cfg
 
 $(VENV)/pyvenv.cfg: pyproject.toml
-	python -m venv env
+	python3 -m venv env
 	$(VENV_BIN)/python -m pip install --upgrade pip
 	$(VENV_BIN)/python -m pip install -e .[$(INSTALL_EXTRA)]
 

pyproject.toml

@@ -24,7 +24,7 @@ doc = ["pdoc >= 14.2,< 16.0"]
 lint = [
     # NOTE: ruff is under active development, so we pin conservatively here
     # and let Dependabot periodically perform this update.
-    "ruff < 0.11.14",
+    "ruff < 0.14.3",
     "mypy >= 1.0",
 ]
 codegen = ["datamodel-code-generator>=0.25.2", "sigstore-rekor-types[lint]"]
@@ -62,22 +62,18 @@ warn_unused_ignores = true
 
 [tool.ruff]
 line-length = 100
-select = ["ALL"]
+lint.select = ["ALL"]
+lint.pydocstyle.convention = "pep257"
+lint.ignore = [
+    "COM812",  # not recommended with ruff formatter
+]
 
-[tool.ruff.per-file-ignores]
+[tool.ruff.lint.per-file-ignores]
 "src/rekor_types/__init__.py" = [
     "TCH001", # False positive: imports are re-exports, not just for type hints.
 ]
 "src/rekor_types/_internal/*.py" = [
-    "A003",   # some fields shadow python builtins
-    "E501",   # handled by black, and catches some docstrings we can't autofix
+    "E501",   # handled by formatter, catches some docstrings we can't autofix
     "ERA001", # false positives
     "D400",   # overly opinionated docstrings
-    "D415",   # overly opinionated docstrings
-    "UP006",  # pydantic doesn't support PEP 585 below Python 3.9
-    "UP007",  # pydantic doesn't support PEP 604 below Python 3.10
-]
-"test/**/*.py" = [
-    "D",    # no docstrings in tests
-    "S101", # asserts are expected in tests
 ]

src/rekor_types/__init__.py

@@ -2,7 +2,7 @@
 
 from __future__ import annotations
 
-from typing import Annotated, Literal, Union
+from typing import Annotated, Literal
 
 from pydantic import BaseModel, ConfigDict, Field, StrictInt, StrictStr
 
@@ -119,6 +119,6 @@ class Tuf(_ProposedEntryMixin):
 
 
 ProposedEntry = Annotated[
-    Union[Alpine, Cose, Dsse, Hashedrekord, Helm, Intoto, Jar, Rekord, Rfc3161, Rpm, Tuf],
+    Alpine | Cose | Dsse | Hashedrekord | Helm | Intoto | Jar | Rekord | Rfc3161 | Rpm | Tuf,
     Field(discriminator="kind"),
 ]

src/rekor_types/_internal/alpine.py

@@ -5,7 +5,6 @@
 from __future__ import annotations
 
 from enum import Enum
-from typing import Optional, Union
 
 from pydantic import BaseModel, ConfigDict, Field, RootModel, StrictStr
 
@@ -47,12 +46,12 @@ class Package(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    pkginfo: Optional[dict[str, StrictStr]] = Field(
+    pkginfo: dict[str, StrictStr] | None = Field(
         default=None,
         description="Values of the .PKGINFO key / value pairs",
     )
     hash: Hash = Field(..., description="Specifies the hash algorithm and value for the package")
-    content: Optional[str] = Field(
+    content: str | None = Field(
         default=None,
         description="Specifies the package inline within the document",
     )
@@ -67,11 +66,11 @@ class Package1(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    pkginfo: Optional[dict[str, StrictStr]] = Field(
+    pkginfo: dict[str, StrictStr] | None = Field(
         default=None,
         description="Values of the .PKGINFO key / value pairs",
     )
-    hash: Optional[Hash1] = Field(
+    hash: Hash1 | None = Field(
         default=None,
         description="Specifies the hash algorithm and value for the package",
     )
@@ -89,7 +88,7 @@ class AlpineV001Schema(BaseModel):
         alias="publicKey",
         description="The public key that can verify the package signature",
     )
-    package: Union[Package, Package1] = Field(
+    package: Package | Package1 = Field(
         ...,
         description="Information about the package associated with the entry",
     )

src/rekor_types/_internal/cose.py

@@ -5,7 +5,6 @@
 from __future__ import annotations
 
 from enum import Enum
-from typing import Optional
 
 from pydantic import BaseModel, ConfigDict, Field, RootModel, StrictStr
 
@@ -48,17 +47,17 @@ class Data(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    payload_hash: Optional[PayloadHash] = Field(
+    payload_hash: PayloadHash | None = Field(
         default=None,
         alias="payloadHash",
         description="Specifies the hash algorithm and value for the content",
     )
-    envelope_hash: Optional[EnvelopeHash] = Field(
+    envelope_hash: EnvelopeHash | None = Field(
         default=None,
         alias="envelopeHash",
         description="Specifies the hash algorithm and value for the COSE envelope",
     )
-    aad: Optional[str] = Field(
+    aad: str | None = Field(
         default=None,
         description="Specifies the additional authenticated data required to verify the signature",
     )
@@ -70,13 +69,13 @@ class CoseV001Schema(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    message: Optional[str] = Field(default=None, description="The COSE Sign1 Message")
+    message: str | None = Field(default=None, description="The COSE Sign1 Message")
     public_key: str = Field(
         ...,
         alias="publicKey",
         description="The public key that can verify the signature",
     )
-    data: Optional[Data] = Field(
+    data: Data | None = Field(
         default=None,
         description="Information about the content associated with the entry",
     )

src/rekor_types/_internal/dsse.py

@@ -5,7 +5,6 @@
 from __future__ import annotations
 
 from enum import Enum
-from typing import Optional, Union
 
 from pydantic import BaseModel, ConfigDict, Field, RootModel, StrictStr
 
@@ -83,17 +82,17 @@ class DsseV001Schema1(BaseModel):
         populate_by_name=True,
     )
     proposed_content: ProposedContent = Field(..., alias="proposedContent")
-    signatures: Optional[list[Signature]] = Field(
+    signatures: list[Signature] | None = Field(
         default=None,
         description="extracted collection of all signatures of the envelope's payload; elements will be sorted by lexicographical order of the base64 encoded signature strings",
         min_length=1,
     )
-    envelope_hash: Optional[EnvelopeHash] = Field(
+    envelope_hash: EnvelopeHash | None = Field(
         default=None,
         alias="envelopeHash",
         description="Specifies the hash algorithm and value encompassing the entire envelope sent to Rekor",
     )
-    payload_hash: Optional[PayloadHash] = Field(
+    payload_hash: PayloadHash | None = Field(
         default=None,
         alias="payloadHash",
         description="Specifies the hash algorithm and value covering the payload within the DSSE envelope",
@@ -112,7 +111,7 @@ class DsseV001Schema2(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    proposed_content: Optional[ProposedContent] = Field(default=None, alias="proposedContent")
+    proposed_content: ProposedContent | None = Field(default=None, alias="proposedContent")
     signatures: list[Signature] = Field(
         ...,
         description="extracted collection of all signatures of the envelope's payload; elements will be sorted by lexicographical order of the base64 encoded signature strings",
@@ -130,11 +129,11 @@ class DsseV001Schema2(BaseModel):
     )
 
 
-class DsseSchema(RootModel[Union[DsseV001Schema1, DsseV001Schema2]]):
+class DsseSchema(RootModel[DsseV001Schema1 | DsseV001Schema2]):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    root: Union[DsseV001Schema1, DsseV001Schema2] = Field(
+    root: DsseV001Schema1 | DsseV001Schema2 = Field(
         ...,
         description="log entry schema for dsse envelopes",
         title="DSSE Schema",

src/rekor_types/_internal/hashedrekord.py

@@ -5,7 +5,6 @@
 from __future__ import annotations
 
 from enum import Enum
-from typing import Optional
 
 from pydantic import BaseModel, ConfigDict, Field, RootModel, StrictStr
 
@@ -16,7 +15,7 @@ class PublicKey(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    content: Optional[str] = Field(
+    content: str | None = Field(
         default=None,
         description="Specifies the content of the public key or code signing certificate inline within the document",
     )
@@ -28,11 +27,11 @@ class Signature(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    content: Optional[str] = Field(
+    content: str | None = Field(
         default=None,
         description="Specifies the content of the signature inline within the document",
     )
-    public_key: Optional[PublicKey] = Field(
+    public_key: PublicKey | None = Field(
         default=None,
         alias="publicKey",
         description="The public key that can verify the signature; this can also be an X509 code signing certificate that contains the raw public key information",
@@ -69,7 +68,7 @@ class Data(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    hash: Optional[Hash] = Field(
+    hash: Hash | None = Field(
         default=None,
         description="Specifies the hash algorithm and value for the content",
     )

src/rekor_types/_internal/helm.py

@@ -5,7 +5,6 @@
 from __future__ import annotations
 
 from enum import Enum
-from typing import Optional, Union
 
 from pydantic import BaseModel, ConfigDict, Field, RootModel, StrictStr
 
@@ -63,7 +62,7 @@ class Provenance(BaseModel):
         ...,
         description="Information about the included signature in the provenance file",
     )
-    content: Optional[str] = Field(
+    content: str | None = Field(
         default=None,
         description="Specifies the content of the provenance file inline within the document",
     )
@@ -75,7 +74,7 @@ class Provenance1(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    signature: Optional[Signature] = Field(
+    signature: Signature | None = Field(
         default=None,
         description="Information about the included signature in the provenance file",
     )
@@ -91,11 +90,11 @@ class Chart(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    hash: Optional[Hash] = Field(
+    hash: Hash | None = Field(
         default=None,
         description="Specifies the hash algorithm and value for the chart",
     )
-    provenance: Union[Provenance, Provenance1] = Field(
+    provenance: Provenance | Provenance1 = Field(
         ...,
         description="The provenance entry associated with the signed Helm Chart",
     )

src/rekor_types/_internal/intoto.py

@@ -5,7 +5,6 @@
 from __future__ import annotations
 
 from enum import Enum
-from typing import Optional, Union
 
 from pydantic import BaseModel, ConfigDict, Field, RootModel, StrictStr
 
@@ -46,12 +45,12 @@ class Content(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    envelope: Optional[StrictStr] = Field(default=None, description="envelope")
-    hash: Optional[Hash] = Field(
+    envelope: StrictStr | None = Field(default=None, description="envelope")
+    hash: Hash | None = Field(
         default=None,
         description="Specifies the hash algorithm and value encompassing the entire signed envelope; this is computed by the rekor server, client-provided values are ignored",
     )
-    payload_hash: Optional[PayloadHash] = Field(
+    payload_hash: PayloadHash | None = Field(
         default=None,
         alias="payloadHash",
         description="Specifies the hash algorithm and value covering the payload within the DSSE envelope; this is computed by the rekor server, client-provided values are ignored",
@@ -78,7 +77,7 @@ class Signature(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    keyid: Optional[StrictStr] = Field(
+    keyid: StrictStr | None = Field(
         default=None,
         description="optional id of the key used to create the signature",
     )
@@ -96,7 +95,7 @@ class Envelope(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    payload: Optional[str] = Field(default=None, description="payload of the envelope")
+    payload: str | None = Field(default=None, description="payload of the envelope")
     payload_type: StrictStr = Field(
         ...,
         alias="payloadType",
@@ -140,11 +139,11 @@ class Content1(BaseModel):
         populate_by_name=True,
     )
     envelope: Envelope = Field(..., description="dsse envelope")
-    hash: Optional[Hash1] = Field(
+    hash: Hash1 | None = Field(
         default=None,
         description="Specifies the hash algorithm and value encompassing the entire signed envelope",
     )
-    payload_hash: Optional[PayloadHash1] = Field(
+    payload_hash: PayloadHash1 | None = Field(
         default=None,
         alias="payloadHash",
         description="Specifies the hash algorithm and value covering the payload within the DSSE envelope",
@@ -160,11 +159,11 @@ class IntotoV002Schema(BaseModel):
     content: Content1
 
 
-class IntotoSchema(RootModel[Union[IntotoV001Schema, IntotoV002Schema]]):
+class IntotoSchema(RootModel[IntotoV001Schema | IntotoV002Schema]):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    root: Union[IntotoV001Schema, IntotoV002Schema] = Field(
+    root: IntotoV001Schema | IntotoV002Schema = Field(
         ...,
         description="Intoto for Rekord objects",
         title="Intoto Schema",

src/rekor_types/_internal/jar.py

@@ -5,7 +5,6 @@
 from __future__ import annotations
 
 from enum import Enum
-from typing import Optional, Union
 
 from pydantic import BaseModel, ConfigDict, Field, RootModel, StrictStr
 
@@ -68,7 +67,7 @@ class Archive(BaseModel):
         ...,
         description="Specifies the hash algorithm and value encompassing the entire signed archive",
     )
-    content: Optional[str] = Field(
+    content: str | None = Field(
         default=None,
         description="Specifies the archive inline within the document",
     )
@@ -83,7 +82,7 @@ class Archive1(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    hash: Optional[Hash1] = Field(
+    hash: Hash1 | None = Field(
         default=None,
         description="Specifies the hash algorithm and value encompassing the entire signed archive",
     )
@@ -96,11 +95,11 @@ class JarV001Schema(BaseModel):
     model_config = ConfigDict(
         populate_by_name=True,
     )
-    signature: Optional[Signature] = Field(
+    signature: Signature | None = Field(
         default=None,
         description="Information about the included signature in the JAR file",
     )
-    archive: Union[Archive, Archive1] = Field(
+    archive: Archive | Archive1 = Field(
         ...,
         description="Information about the archive associated with the entry",
     )