Release 0.19.2#95
Open
sewhyte wants to merge 9 commits into
Open
Conversation
Collaborator
sewhyte
commented
May 14, 2026
sewhyte
commented
- Update build and publish process
- Update API calls to leverage paged endpoints where available
- Switch build tooling to pyproject.toml + python -m build (drop setup.py) - Add MANIFEST.in to exclude tools/ symlink from sdist - Remove .bumpversion.cfg (version now static in pyproject.toml) - Update unit-test CI to actions/checkout@v6 and setup-python@v5 - Update tox build-dists env to use python -m build - Add tox to uv dev dependencies, add uv.lock to .gitignore
There was a problem hiding this comment.
Pull request overview
This PR prepares the 0.19.0 release by migrating packaging metadata to pyproject.toml, updating build/publish workflows, and switching several API list/report calls to paged endpoints.
Changes:
- Replaces
setup.py/bumpversion-based packaging with PEP 517/621 metadata andpython -m build. - Updates CI/publish workflows and expands unit-test Python versions.
- Adds paged-response handling for attacks, users, companies, reports, and scenarios, with updated tests/mocks.
Reviewed changes
Copilot reviewed 23 out of 24 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
.bumpversion.cfg |
Removes old bumpversion configuration. |
.github/workflows/pypi-prod.yaml |
Updates production publish workflow actions/runtime settings. |
.github/workflows/pypi-test.yaml |
Updates Test PyPI publish workflow actions/runtime settings. |
.github/workflows/unit-test.yml |
Updates test workflow actions and Python matrix. |
.gitignore |
Ignores uv.lock and ENDPOINTS.md. |
MANIFEST.in |
Excludes tools from source distributions. |
Makefile |
Moves install/package targets to pip/build commands. |
gremlinapi/__init__.py |
Makes secret filtering tolerate unset config values. |
gremlinapi/attacks.py |
Uses paged endpoints for active/completed attacks. |
gremlinapi/companies.py |
Uses paged endpoint for company users. |
gremlinapi/reports.py |
Uses paged endpoint for team reports. |
gremlinapi/scenarios.py |
Uses paged endpoints for scenario runs/active scenarios. |
gremlinapi/users.py |
Uses paged endpoints for users and active users. |
gremlinapi/util.py |
Derives version from installed metadata or pyproject.toml. |
pyproject.toml |
Adds project metadata and build-system configuration. |
setup.py |
Removes legacy setuptools entry point. |
tests/test_attacks.py |
Updates attack list tests for paged responses. |
tests/test_companies.py |
Updates company user tests for paged responses. |
tests/test_httpclient.py |
Resets auth config between HTTP client tests. |
tests/test_reports.py |
Updates team report tests for paged responses. |
tests/test_scenarios.py |
Updates scenario list tests for paged responses. |
tests/test_users.py |
Updates user list tests for paged responses. |
tests/util.py |
Adds shared paged-response mock data. |
tox.ini |
Updates distribution build command to use build. |
Comments suppressed due to low confidence (3)
gremlinapi/users.py:138
- This has the same token-name mismatch as
list_users: the next request is built withpageToken, but the loop only looks forpage_tokenin the response. Multi-page active-user results will be truncated after the first page if the API returnspageToken. Use the response field name consistently and cover a two-page response in tests.
page_token = body.get("page_token") or None
gremlinapi/init.py:106
- The bearer token is used as a raw regex pattern. Tokens commonly contain characters such as
.,+, or/, so this can overmatch or fail to redact the exact token. Escape the token value before passing it tore.sub.
rf"{bearer_token}[\'\s]?",
"..." + bearer_token[-4:],
gremlinapi/init.py:112
- The password is interpolated into the regex without escaping. A password containing regex metacharacters can make log filtering fail or redact the wrong text. Escape the password before constructing the pattern.
rf"{password}[\'\s]?",
"[PASSWORD REDACTED]",
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Drop Makefile (superseded by uv and tox) - Expand Python classifiers to 3.8-3.14 to match CI matrix - Bump requires-python to >=3.8 (3.7 is EOL) - Raise setuptools build requirement to >=61.0.0 for PEP 621 support - Drop wheel from build-system requires
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 23 out of 24 changed files in this pull request and generated 5 comments.
Comments suppressed due to low confidence (3)
setup.py:1
- Removing
setup.pyleaves the documented source-install command inREADME.md(python3 setup.py install) broken. Update the source installation docs to use the newpyproject.tomlbuild/install flow before deleting this file.
gremlinapi/init.py:105 - This regex interpolates the bearer token directly. Bearer tokens can contain regex metacharacters such as
., so the filter can match/redact unintended text; escape the token before passing it tore.sub.
rf"{bearer_token}[\'\s]?",
gremlinapi/init.py:111
- This regex interpolates the password directly. Passwords can contain regex metacharacters (for example
[), which can raisere.errorduring logging and prevent redaction; escape the password before passing it tore.sub.
rf"{password}[\'\s]?",
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 23 out of 24 changed files in this pull request and generated 3 comments.
Comments suppressed due to low confidence (3)
setup.py:1
- Issue: deleting
setup.pyleaves the documented source-install command broken. Details:README.mdstill instructs users to runpython3 setup.py install, which will fail once this file is removed. Recommended fix: update the installation docs to use the new pyproject-based command such aspython -m pip install .or restore a compatibilitysetup.pyshim.
Makefile:1 - Issue: deleting the Makefile leaves the documented Docker workflow broken. Details:
README.mdstill tells users to runmake docker-build && make docker-run-interactive, but those targets are removed with this file. Recommended fix: either update the README with equivalentdocker build/docker runcommands or keep the Makefile targets.
.bumpversion.cfg:1 - Issue: removing the bumpversion configuration makes the documented versioning workflow unusable. Details:
CONTRIBUTING.mdstill says this package uses bumpversion and shows bumpversion commands, but there is no longer a config telling it to update the project version. Recommended fix: update the contributing guide for the new pyproject versioning process or keep an equivalent bumpversion configuration.
…rage - Escape secrets with re.escape() in SecretsFilter to handle metacharacters - Add _optional_team_endpoint to report_teams paged loop (was silently ignored) - Add multi-page pagination test for report_teams - Update CONTRIBUTING.md to reflect static version in pyproject.toml - Bump setuptools requirement to >=61.0.0 for PEP 621 support, drop wheel - Expand Python classifiers to 3.8-3.14, bump requires-python to >=3.8
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 25 changed files in this pull request and generated 11 comments.
Comments suppressed due to low confidence (2)
setup.py:1
- Removing
setup.pybreaks the documented source install command inREADME.md(python3 setup.py install) and the Dockerfile's install hint. Update those instructions to use the new pyproject-based install/build flow, or keep a compatibility shim if those commands are still supported.
Makefile:1 - Removing the Makefile breaks the documented Docker workflow in
README.md(make docker-build && make docker-run-interactive). Update the README with the replacement commands or keep the Make targets until the docs are migrated.
- Add multi-page tests for list_active_attacks and list_completed_attacks - Add multi-page tests for list_scenario_runs and list_active_scenarios - Add pageSize to register_cli_action metadata for list_scenario_runs, list_active_scenarios, and report_teams - Move pytest from runtime to dev dependencies - Update CONTRIBUTING.md version example to 0.19.2
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 24 out of 25 changed files in this pull request and generated no new comments.
Comments suppressed due to low confidence (2)
setup.py:1
- Deleting
setup.pyleaves the README's source-install command (python3 setup.py install, README.md:21) broken. Update the documented install path (for example,python -m pip install .) in the same release so users are not directed to a removed file.
Makefile:1 - Removing the Makefile breaks the README's documented Docker workflow (
make docker-build && make docker-run-interactive, README.md:28). Either keep replacement targets or update the documentation to the new build/run commands before deleting these targets.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.