Skip to content

refactor!: improve Macaron wheel name and add a new install script#1291

Merged
behnazh-w merged 6 commits intomainfrom
behnazh/improve-packaging
Feb 6, 2026
Merged

refactor!: improve Macaron wheel name and add a new install script#1291
behnazh-w merged 6 commits intomainfrom
behnazh/improve-packaging

Conversation

@behnazh-w
Copy link
Member

@behnazh-w behnazh-w commented Jan 28, 2026
edited
Loading

Summary

This PR introduces breaking changes by improving the Macaron wheel naming for clearer platform and architecture identification, and by adding a new installation script. It also makes the slsa-verifier installation optional and adjusts dependency handling for security advisories.

Description of changes

  • Wheel name change: The Macaron Python wheel filename now includes explicit platform and architecture information. This helps prevent confusion and ensures correct package selection and installation across different environments.
  • New installation script: Added a build script to streamline the installation of Macaron as a Python package, making setup simpler for end users.
  • Optional slsa-verifier installation: Updated the build process to allow for optional installation of slsa-verifier, enhancing flexibility for users who may not require this dependency.
  • Removed the macaron-python-package tag from some of the integration tests to decrease the CI execution time.
  • Dependency Handling: Stopped ignoring GHSA-7gcm-g887-7qv7 in dependencies because the new version of protobuf (6.33.5) fixes the CVE.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Jan 28, 2026
@behnazh-w behnazh-w force-pushed the behnazh/improve-packaging branch 5 times, most recently from 607ab3d to 01c14b3 Compare January 29, 2026 06:06
@behnazh-w
refactor!: make slsa-verifier installation optional
cc489a1 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w
chore(deps): do not ignore GHSA-7gcm-g887-7qv7 anymore
bf47102 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w
chore: change the wheel name to reflect the platform and arch
1bc99f7 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w
build: add a script to install Macaron as a Python package
eee3cfc 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w behnazh-w force-pushed the behnazh/improve-packaging branch from d9989f9 to eee3cfc Compare February 5, 2026 23:48
@behnazh-w behnazh-w changed the title refactor!: make slsa-verifier installation optional refactor!: improve Macaron wheel name and add a new install script Feb 5, 2026
@behnazh-w behnazh-w marked this pull request as ready for review February 5, 2026 23:55
@behnazh-w behnazh-w requested a review from nicallen February 5, 2026 23:58
@behnazh-w
docs: update the contribution docs regarding slsa-verifier installation
7fe9a2c 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
nicallen
nicallen reviewed Feb 6, 2026
View reviewed changes
nicallen
nicallen previously approved these changes Feb 6, 2026
View reviewed changes
Copy link
Member

@nicallen nicallen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other than the one suggested improvement to the docs, looks good to me.

@behnazh-w
chore: address PR feedback
659b087 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w behnazh-w merged commit f1d9ac4 into main Feb 6, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicallen nicallen nicallen approved these changes

Assignees

No one assigned

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@behnazh-w @nicallen