{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":682178126,"defaultBranch":"main","name":"model-transparency","ownerLogin":"sigstore","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2023-08-23T15:57:02.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/71096353?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1725886665.0","currentOid":""},"activityList":{"items":[{"before":"fcf9f67af7e52d7d37fca5b3bbda5d3156a94224","after":"74dedf98efb5ee3aac8c8f07851e6f0b147fbe57","ref":"refs/heads/main","pushedAt":"2024-09-11T19:46:21.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Add scripts for benchmarks using the current API (#306)\n\n* Add environment for running and generating benchmarks\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Add generator for models\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Write in chunks\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Add matrix, expand description\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Add script for serialization benchmark\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Proper capitalization of help messages\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Add benchmark runner\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Use numpy to generate random data.\r\n\r\nWe go from\r\n\r\n```\r\n[...]$ hyperfine -w 3 \"python benchmarks/generate.py file --root /tmp/file 100000000\"\r\nBenchmark 1: python benchmarks/generate.py file --root /tmp/file 100000000\r\n  Time (mean ± σ):     10.290 s ±  0.140 s    [User: 10.197 s, System: 0.092 s]\r\n  Range (min … max):   10.149 s … 10.541 s    10 runs\r\n```\r\n\r\nto\r\n\r\n```\r\n[...]$ hyperfine -w 3 \"python benchmarks/generate.py file --root /tmp/file 100000000\" --show-output\r\nBenchmark 1: python benchmarks/generate.py file --root /tmp/file 100000000\r\n  Time (mean ± σ):     381.1 ms ±  13.9 ms    [User: 512.9 ms, System: 633.1 ms]\r\n  Range (min … max):   365.5 ms … 412.1 ms    10 runs\r\n```\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Fix typos\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Document all functions\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Handle review\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Handle review\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Use id but with comment\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Undo de-indent added by editor\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Add scripts for benchmarks using the current API (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2517806389\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/306\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/306/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/306\">#306</a>)"}},{"before":"bebab921ba15009e4931614748dd3ab0801c42dc","after":null,"ref":"refs/heads/dependabot/github_actions/all-92cd5b737a","pushedAt":"2024-09-09T12:57:45.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"}},{"before":"f8ed11001213277bb22747746ea835aa1135cb87","after":"fcf9f67af7e52d7d37fca5b3bbda5d3156a94224","ref":"refs/heads/main","pushedAt":"2024-09-09T12:57:43.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"build(deps): bump pypa/gh-action-pypi-publish in the all group (#304)\n\nBumps the all group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish).\r\n\r\n\r\nUpdates `pypa/gh-action-pypi-publish` from 1.10.0 to 1.10.1\r\n- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)\r\n- [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/8a08d616893759ef8e1aa1f2785787c0b97e20d6...0ab0b79471669eb3a4d647e625009c62f9f3b241)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: pypa/gh-action-pypi-publish\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-patch\r\n  dependency-group: all\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"build(deps): bump pypa/gh-action-pypi-publish in the all group (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2512867127\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/304\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/304/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/304\">#304</a>)"}},{"before":null,"after":"bebab921ba15009e4931614748dd3ab0801c42dc","ref":"refs/heads/dependabot/github_actions/all-92cd5b737a","pushedAt":"2024-09-09T04:23:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"build(deps): bump pypa/gh-action-pypi-publish in the all group\n\nBumps the all group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish).\n\n\nUpdates `pypa/gh-action-pypi-publish` from 1.10.0 to 1.10.1\n- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)\n- [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/8a08d616893759ef8e1aa1f2785787c0b97e20d6...0ab0b79471669eb3a4d647e625009c62f9f3b241)\n\n---\nupdated-dependencies:\n- dependency-name: pypa/gh-action-pypi-publish\n  dependency-type: direct:production\n  update-type: version-update:semver-patch\n  dependency-group: all\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"build(deps): bump pypa/gh-action-pypi-publish in the all group"}},{"before":"8b12f71ae794829ecae8a5160c22ee890e677711","after":null,"ref":"refs/heads/dependabot/github_actions/all-1916bf8524","pushedAt":"2024-09-02T13:03:23.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"}},{"before":"7cd9d943aea8710dd8713a0b1c801bdab198c52a","after":"f8ed11001213277bb22747746ea835aa1135cb87","ref":"refs/heads/main","pushedAt":"2024-09-02T13:03:21.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"build(deps): bump the all group with 3 updates (#303)\n\nBumps the all group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) and [actions/setup-python](https://github.com/actions/setup-python).\r\n\r\n\r\nUpdates `actions/upload-artifact` from 4.3.6 to 4.4.0\r\n- [Release notes](https://github.com/actions/upload-artifact/releases)\r\n- [Commits](https://github.com/actions/upload-artifact/compare/834a144ee995460fba8ed112a2fc961b36a5ec5a...50769540e7f4bd5e21e526ee35c689e35e0d6874)\r\n\r\nUpdates `pypa/gh-action-pypi-publish` from 1.9.0 to 1.10.0\r\n- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)\r\n- [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0...8a08d616893759ef8e1aa1f2785787c0b97e20d6)\r\n\r\nUpdates `actions/setup-python` from 5.1.1 to 5.2.0\r\n- [Release notes](https://github.com/actions/setup-python/releases)\r\n- [Commits](https://github.com/actions/setup-python/compare/39cd14951b08e74b54015e9e001cdefcf80e669f...f677139bbe7f9c59b41e40162b753c062f5d49a3)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: actions/upload-artifact\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-minor\r\n  dependency-group: all\r\n- dependency-name: pypa/gh-action-pypi-publish\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-minor\r\n  dependency-group: all\r\n- dependency-name: actions/setup-python\r\n  dependency-type: direct:production\r\n  update-type: version-update:semver-minor\r\n  dependency-group: all\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"build(deps): bump the all group with 3 updates (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2499983863\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/303\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/303/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/303\">#303</a>)"}},{"before":null,"after":"8b12f71ae794829ecae8a5160c22ee890e677711","ref":"refs/heads/dependabot/github_actions/all-1916bf8524","pushedAt":"2024-09-02T04:42:14.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"build(deps): bump the all group with 3 updates\n\nBumps the all group with 3 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) and [actions/setup-python](https://github.com/actions/setup-python).\n\n\nUpdates `actions/upload-artifact` from 4.3.6 to 4.4.0\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/834a144ee995460fba8ed112a2fc961b36a5ec5a...50769540e7f4bd5e21e526ee35c689e35e0d6874)\n\nUpdates `pypa/gh-action-pypi-publish` from 1.9.0 to 1.10.0\n- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)\n- [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0...8a08d616893759ef8e1aa1f2785787c0b97e20d6)\n\nUpdates `actions/setup-python` from 5.1.1 to 5.2.0\n- [Release notes](https://github.com/actions/setup-python/releases)\n- [Commits](https://github.com/actions/setup-python/compare/39cd14951b08e74b54015e9e001cdefcf80e669f...f677139bbe7f9c59b41e40162b753c062f5d49a3)\n\n---\nupdated-dependencies:\n- dependency-name: actions/upload-artifact\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n  dependency-group: all\n- dependency-name: pypa/gh-action-pypi-publish\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n  dependency-group: all\n- dependency-name: actions/setup-python\n  dependency-type: direct:production\n  update-type: version-update:semver-minor\n  dependency-group: all\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"build(deps): bump the all group with 3 updates"}},{"before":"a577c4a1bb577b5ec60305ec72db24802090a947","after":"7cd9d943aea8710dd8713a0b1c801bdab198c52a","ref":"refs/heads/main","pushedAt":"2024-08-27T21:53:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Change release trigger to be `release` instead of the wrong `tags` (#302)\n\n* Fix typo in release workflow\r\n\r\nEvent to trigger workflow run is `push`, not `tags`. The `tags` part is just a filter.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Use the same trigger as `sigstore-python`\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Change release trigger to be <code>release</code> instead of the wrong <code>tags</code> (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2490425043\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/302\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/302/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/302\">#302</a>"}},{"before":"a577c4a1bb577b5ec60305ec72db24802090a947","after":null,"ref":"refs/tags/v0.0.2a","pushedAt":"2024-08-27T21:37:17.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"}},{"before":"ae62038d96a61ff52c0c394cac6e4381f16f327d","after":"a577c4a1bb577b5ec60305ec72db24802090a947","ref":"refs/heads/main","pushedAt":"2024-08-27T21:35:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Add trusted publishing workflow (#301)\n\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Add trusted publishing workflow (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2490412473\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/301\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/301/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/301\">#301</a>)"}},{"before":"e1e36f03535070642fcc1d2f007e9f8372bc522d","after":"ae62038d96a61ff52c0c394cac6e4381f16f327d","ref":"refs/heads/main","pushedAt":"2024-08-27T20:00:07.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Add support for Python3.10 (#300)\n\n* ADd support for Python3.10\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Run CI on py3.10 too\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Reduce some indentation\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Add support for Python3.10 (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2490092723\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/300\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/300/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/300\">#300</a>)"}},{"before":"79b5e9120d7ae997406d81610c4df70b58e9546a","after":"e1e36f03535070642fcc1d2f007e9f8372bc522d","ref":"refs/heads/main","pushedAt":"2024-08-22T17:23:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Fix SLSA for ML workflows (#299)\n\n* Fix TF\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Fix PT\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Only run on linux\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Fix lint\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Properly exclude the other OSes\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Fix SLSA for ML workflows (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2479395327\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/299\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/299/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/299\">#299</a>)"}},{"before":"e18b1d580d92db85e961de15302c384cad19956a","after":"79b5e9120d7ae997406d81610c4df70b58e9546a","ref":"refs/heads/main","pushedAt":"2024-08-21T18:13:10.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":" enable pyupgrade (UP) linter (#298)\n\n* enable pyupgrade linter\r\n\r\nThe main rule we're interested in is UP035, which helps prevent using\r\ndeprecated imports. Specifically some of the `typing` imports which now\r\nlive in `collections.abc`.\r\n\r\nI disabled two rules which consider some optional args as unnecessary,\r\nas there were many occurrences and it seemed opinionated.\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>\r\n\r\n* autofix pyupgrade violations\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>","shortMessageHtmlLink":" enable pyupgrade (UP) linter (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2478676168\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/298\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/298/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/298\">#298</a>)"}},{"before":"5a88752cafd4f8301513b147bf3e6365ca83cbf0","after":"e18b1d580d92db85e961de15302c384cad19956a","ref":"refs/heads/main","pushedAt":"2024-08-21T17:52:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Add signing and verification  CLI scripts. (#240)\n\n* <3 git\r\n\r\nSigned-off-by: Martin Sablotny <msablotny@nvidia.com>\r\n\r\n* linter\r\n\r\nSigned-off-by: Martin Sablotny <msablotny@nvidia.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Martin Sablotny <msablotny@nvidia.com>","shortMessageHtmlLink":"Add signing and verification CLI scripts. (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2411990178\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/240\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/240/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/240\">#240</a>)"}},{"before":"69ccdc930f4cf6414141f41466dd96cf54170489","after":"5a88752cafd4f8301513b147bf3e6365ca83cbf0","ref":"refs/heads/main","pushedAt":"2024-08-20T21:28:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"WIP (#297)\n\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"WIP (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2476488305\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/297\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/297/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/297\">#297</a>)"}},{"before":"b16ce61e71d1b6a9ae58d17c360f3af6c058123f","after":"69ccdc930f4cf6414141f41466dd96cf54170489","ref":"refs/heads/main","pushedAt":"2024-08-19T18:22:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Don't run some GHA workflows in forks. (#296)\n\nSome workflows can only run without error while triggered from this\r\nrepo. Whenever they get triggered from a fork they fail. So, prevent\r\nthem from running on forks.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Don't run some GHA workflows in forks. (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2473791734\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/296\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/296/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/296\">#296</a>)"}},{"before":"d964170fa73e6890adbd05a93d2fe63331e79b54","after":"b16ce61e71d1b6a9ae58d17c360f3af6c058123f","ref":"refs/heads/main","pushedAt":"2024-08-19T16:51:11.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Modification of CI Workflow to enhance Coverage reporting (#295)\n\nThe problem is that the coverage report is being displayed on the command line, and it would be ideal to have a GitHub formatted output that shows up in code files\r\nin the PR that highlights the lines of code that were not covered in the unit test CI workflow. Doing do, would assist reviewers in ensuring that the code coverage is high.\r\n\r\nThe unit_tests workflow has been modified to:\r\n- Create a coverage file only if the specified OS and python version finish the test\r\n- Run a step to process the file and extract the file names and the missed lines/ranges and highlight the lines using workflow commands\r\n\r\nResolves: #288\r\n\r\nSigned-off-by: youssef-itanii <youssef.itani@gmail.com>","shortMessageHtmlLink":"Modification of CI Workflow to enhance Coverage reporting (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2473498563\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/295\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/295/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/295\">#295</a>)"}},{"before":"838e95846c6387c98e741efa9175461ad401a88e","after":null,"ref":"refs/heads/dependabot/github_actions/all-f91f66476d","pushedAt":"2024-08-19T04:35:17.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"}},{"before":"c2d623d7e75d816aebab523e268c0b70d41e6633","after":"d964170fa73e6890adbd05a93d2fe63331e79b54","ref":"refs/heads/main","pushedAt":"2024-08-19T04:35:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"build(deps): bump pypa/hatch in the all group (#294)\n\nBumps the all group with 1 update: [pypa/hatch](https://github.com/pypa/hatch).\r\n\r\n\r\nUpdates `pypa/hatch` from a3c83ab3d481fbc2dc91dd0088628817488dd1d5 to 257e27e51a6a5616ed08a39a408a21c35c9931bc\r\n- [Release notes](https://github.com/pypa/hatch/releases)\r\n- [Commits](https://github.com/pypa/hatch/compare/a3c83ab3d481fbc2dc91dd0088628817488dd1d5...257e27e51a6a5616ed08a39a408a21c35c9931bc)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: pypa/hatch\r\n  dependency-type: direct:production\r\n  dependency-group: all\r\n...\r\n\r\nSigned-off-by: dependabot[bot] <support@github.com>\r\nCo-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>","shortMessageHtmlLink":"build(deps): bump pypa/hatch in the all group (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2472421982\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/294\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/294/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/294\">#294</a>)"}},{"before":"3ea11d4c3faf857ae62804b941a7972db7befba8","after":"c2d623d7e75d816aebab523e268c0b70d41e6633","ref":"refs/heads/main","pushedAt":"2024-08-19T04:28:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Add unit tests for signing with sigstore (#291)\n\n* Configure coverage reporting\r\n\r\nBy default, `hatch test -c` coverage report lists only counts of lines and lines missing and percentages but there is no way to see which are the ones that are missing. We don't have an option to generate an html report at the moment (https://github.com/pypa/hatch/pull/1477). Added some options to display missing lines.\r\n\r\nAlso, by default, all files are included in the report, including tests (covering the test-only code). I removed the tests, but if we decide we should add them that's easy to do.\r\n\r\nMore importantly, the report lists files that are 100% covered (not useful in CI) and empty files (not useful at all). So, I removed those from the output.\r\n\r\nThere is another bigger issue that only files that are imported by a test get reported, so if we have code that is not tested at all it will not show up here. We already have such code in `signature/` and `signing/sigstore.py`. Fixing this will be left for later.\r\n\r\nCurrent output is:\r\n\r\n```\r\nName                                         Stmts   Miss  Cover   Missing\r\n--------------------------------------------------------------------------\r\nsrc/model_signing/signing/in_toto.py           168     68    60%   65-78, 181-190, 342-367, 485-512, 660-671, 793-806\r\n--------------------------------------------------------------------------\r\nTOTAL                                          745     70    91%\r\n```\r\n\r\nFixing the missing coverage is left for later. We should aim for 95%+ or so coverage, I think.\r\n\r\nWe should probably make it so that GitHub reports this table back on PRs, so reviewers can quickly ask for more testing without needing to check the GHA report. Punted for later, for now I'll just remember to just keep checking.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Add unit tests for signing with sigstore.\r\n\r\nWe need to do quite a lot of mocking around Sigstore, but we are able to test all logic in our library. What is left to do for testing is e2e integration tests (#5) and testing with signing on one OS and verifying on another (#25). Both of these are integration style tests and we will only be able to run them in GHA. I'll send a PR for those soon.\r\n\r\nWhile testing, I discovered some minor bugs with error reporting and one moderate bug. Fixed in this PR.\r\n\r\nWe now have achieved 100% test coverage! :tada:\r\n\r\n```\r\nName    Stmts   Miss  Cover   Missing\r\n-------------------------------------\r\nTOTAL     835      0   100%\r\n```\r\n\r\nWell, almost. There are 2 files that are not imported by tests at all, so they don't get included in the report:\r\n\r\n```\r\nsrc/model_signing/signature/fake.py\r\nsrc/model_signing/signature/pki.py\r\n```\r\n\r\nThis depends on #287 which configures the coverage reporting.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Add unit tests for signing with sigstore (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2470362332\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/291\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/291/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/291\">#291</a>)"}},{"before":null,"after":"838e95846c6387c98e741efa9175461ad401a88e","ref":"refs/heads/dependabot/github_actions/all-f91f66476d","pushedAt":"2024-08-19T04:19:30.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dependabot[bot]","name":null,"path":"/apps/dependabot","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/29110?s=80&v=4"},"commit":{"message":"build(deps): bump pypa/hatch in the all group\n\nBumps the all group with 1 update: [pypa/hatch](https://github.com/pypa/hatch).\n\n\nUpdates `pypa/hatch` from a3c83ab3d481fbc2dc91dd0088628817488dd1d5 to 257e27e51a6a5616ed08a39a408a21c35c9931bc\n- [Release notes](https://github.com/pypa/hatch/releases)\n- [Commits](https://github.com/pypa/hatch/compare/a3c83ab3d481fbc2dc91dd0088628817488dd1d5...257e27e51a6a5616ed08a39a408a21c35c9931bc)\n\n---\nupdated-dependencies:\n- dependency-name: pypa/hatch\n  dependency-type: direct:production\n  dependency-group: all\n...\n\nSigned-off-by: dependabot[bot] <support@github.com>","shortMessageHtmlLink":"build(deps): bump pypa/hatch in the all group"}},{"before":"995e89ae3ea5689eebd27f0cdaf77ed2bb64e32b","after":"3ea11d4c3faf857ae62804b941a7972db7befba8","ref":"refs/heads/main","pushedAt":"2024-08-15T21:52:35.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Update command to regenerate test goldens (#290)\n\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Update command to regenerate test goldens (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2468742099\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/290\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/290/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/290\">#290</a>)"}},{"before":"57ba14052e589ed9bd470ad57022ca43f5018737","after":"995e89ae3ea5689eebd27f0cdaf77ed2bb64e32b","ref":"refs/heads/main","pushedAt":"2024-08-15T21:50:10.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Update link to documentation (#286)\n\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Update link to documentation (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2468493483\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/286\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/286/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/286\">#286</a>)"}},{"before":"5f38673df804e4958db7fd55c50c644d25cbbcb8","after":"57ba14052e589ed9bd470ad57022ca43f5018737","ref":"refs/heads/main","pushedAt":"2024-08-14T23:55:22.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"mark library as providing type annotations (#285)\n\nI also confirmed the `py.typed` file gets included in the wheel produced\r\nby `hatch build`.\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>","shortMessageHtmlLink":"mark library as providing type annotations (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2466988802\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/285\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/285/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/285\">#285</a>)"}},{"before":"738ab2a8f1906a6956d063cb7ba995d86019e961","after":"5f38673df804e4958db7fd55c50c644d25cbbcb8","ref":"refs/heads/main","pushedAt":"2024-08-14T21:02:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Setup automated generation of model_signing documentation (#279)\n\n* add hatch doc environment\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>\r\n\r\n* add documentation github workflow\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>\r\n\r\n* ignore documentation output directory\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>","shortMessageHtmlLink":"Setup automated generation of model_signing documentation (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2454010319\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/279\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/279/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/279\">#279</a>)"}},{"before":"58c43b13717eee213f00f222aa6fa0b422e4ff1f","after":"738ab2a8f1906a6956d063cb7ba995d86019e961","ref":"refs/heads/main","pushedAt":"2024-08-14T20:22:48.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Add `.coverage` to `.gitignore`. (#284)\n\nThis file gets generated when testing with coverage data (`hatch test -c`). I missed adding it to `.gitignore` in #283 because I didn't run testing with coverage locally. Fixing the issue now.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Add <code>.coverage</code> to <code>.gitignore</code>. (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2466738915\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/284\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/284/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/284\">#284</a>)"}},{"before":"7429f1e146e2df59d3b4cd4c0942cb4ec48e1931","after":"58c43b13717eee213f00f222aa6fa0b422e4ff1f","ref":"refs/heads/main","pushedAt":"2024-08-14T19:52:05.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"Prepare for wheel publishing (alpha patch version of 0.0.1) (#283)\n\n* Reorganize code to enable wheel publishing\r\n\r\nThis commits moves files around to get to a `src/` layout\r\n(https://packaging.python.org/en/latest/discussions/src-layout-vs-flat-layout/#src-layout-vs-flat-layout)\r\nfor the code. There are more benefits for a `src/` layout than a flat\r\nlayout, such as:\r\n\r\n- documentation is easier to generate\r\n- we won't accidentally test against code that is different than what\r\n  users would see\r\n- we can include only the source in the wheel, reducing PyPI bandwidth\r\n- it makes it clearer which parts of the repo go into the wheel and\r\n  which ones are ancillary. Incidentally, we might now want to move the\r\n  SLSA parts to another repo and maybe rename this one? We can do this\r\n  at a later time.\r\n\r\nFor this commit I only moved the files around. The only change is in\r\n`README.md` where I replaced the pointer to `model_signing/README.md`\r\nwith one to `README.model_signing.md`, as I'm creating this file now.\r\n\r\nSince we would need to change `README.model_signing.md` anyway once the\r\nAPI is ready, I have not updated it besides just fixing the image\r\npointer.\r\n\r\nI have deleted old files from when this was a POC. Since we're working\r\non releasing the library, we no longer need those.\r\n\r\nThe alternative to not moving the files to the root of the folder would\r\nhave been to duplicate LICENSE, etc. inside the `model-signing`\r\ndirectory, so that packaging tools would see it. I decided against that,\r\nsince we still needed to move files around to make a `src/` directory\r\nand it did no longer make sense to also do file duplication.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Add publishing metadata to pyproject.toml\r\n\r\nDecided to use [`hatch`](https://hatch.pypa.io/latest/). Well,\r\n`hatchling` for the build backend and `hatch` as project manager.\r\n\r\nWhile not important for this step, using `hatch` allows us to have\r\nmultiple environments for different usage scenarios. We can have one\r\nenvironment for tests, one for type checking, etc.\r\n\r\nFor this commit, I just focused on making sure that `hatch build` builds\r\nthe wheel and the tarball. As a bonus, `hatch shell` drops us into a\r\nvirtual environment with the package locally installed, in an editable\r\nfashion: we can just edit the files and can immediately test the code\r\nwithout having to reinstall the wheel somewhere else. So, we get the\r\nbenefits of testing exactly the wheel that is shipped to the users\r\nwithout having to have a separate virtual environment to install the\r\nwheel in, without having to manually manage that.\r\n\r\nThe wheel that gets built is minimal. Here's the corresponding tarball's\r\ncontents (output of `tar tf`):\r\n\r\n```\r\nmodel_signing-0.0.1a0/model_signing/__init__.py\r\nmodel_signing-0.0.1a0/model_signing/hashing/__init__.py\r\nmodel_signing-0.0.1a0/model_signing/hashing/file.py\r\nmodel_signing-0.0.1a0/model_signing/hashing/hashing.py\r\nmodel_signing-0.0.1a0/model_signing/hashing/memory.py\r\nmodel_signing-0.0.1a0/model_signing/manifest/__init__.py\r\nmodel_signing-0.0.1a0/model_signing/manifest/manifest.py\r\nmodel_signing-0.0.1a0/model_signing/serialization/__init__.py\r\nmodel_signing-0.0.1a0/model_signing/serialization/serialization.py\r\nmodel_signing-0.0.1a0/model_signing/serialization/serialize_by_file.py\r\nmodel_signing-0.0.1a0/model_signing/serialization/serialize_by_file_shard.py\r\nmodel_signing-0.0.1a0/model_signing/signature/__init__.py\r\nmodel_signing-0.0.1a0/model_signing/signature/encoding.py\r\nmodel_signing-0.0.1a0/model_signing/signature/fake.py\r\nmodel_signing-0.0.1a0/model_signing/signature/key.py\r\nmodel_signing-0.0.1a0/model_signing/signature/pki.py\r\nmodel_signing-0.0.1a0/model_signing/signature/signing.py\r\nmodel_signing-0.0.1a0/model_signing/signature/sigstore.py\r\nmodel_signing-0.0.1a0/model_signing/signature/verifying.py\r\nmodel_signing-0.0.1a0/model_signing/signing/__init__.py\r\nmodel_signing-0.0.1a0/model_signing/signing/as_bytes.py\r\nmodel_signing-0.0.1a0/model_signing/signing/empty_signing.py\r\nmodel_signing-0.0.1a0/model_signing/signing/in_toto.py\r\nmodel_signing-0.0.1a0/model_signing/signing/signing.py\r\nmodel_signing-0.0.1a0/model_signing/signing/sigstore.py\r\nmodel_signing-0.0.1a0/.gitignore\r\nmodel_signing-0.0.1a0/LICENSE\r\nmodel_signing-0.0.1a0/README.model_signing.md\r\nmodel_signing-0.0.1a0/pyproject.toml\r\nmodel_signing-0.0.1a0/PKG-INFO\r\n```\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Add required deps to install/use the package.\r\n\r\nTested by running `hatch shell` then `python` then\r\n\r\n```\r\n>>> import model_signing\r\n>>> import model_signing.hashing\r\n>>> import model_signing.hashing.hashing\r\n>>> import model_signing.hashing.file\r\n>>> import model_signing.hashing.memory\r\n>>> import model_signing.manifest\r\n>>> import model_signing.manifest.manifest\r\n>>> import model_signing.serialization\r\n>>> import model_signing.serialization.serialization\r\n>>> import model_signing.serialization.serialize_by_file\r\n>>> import model_signing.serialization.serialize_by_file_shard\r\n>>> import model_signing.signing\r\n>>> import model_signing.signing.as_bytes\r\n>>> import model_signing.signing.in_toto\r\n>>> import model_signing.signing.signing\r\n>>> import model_signing.signing.sigstore\r\n>>> import model_signing.signature\r\n>>> import model_signing.signature.fake\r\n>>> import model_signing.signature.key\r\n>>> import model_signing.signature.pki\r\n>>> import model_signing.signature.signing\r\n>>> import model_signing.signature.sigstore\r\n>>> import model_signing.signature.verifying\r\n>>> ^D\r\n```\r\n\r\nTested the same with `hatch build`, copying the wheel to outside the\r\nsoruce tree, creating a virtual env, and installing the wheel in the\r\nempty env, after which I ran the above imports again.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Add testing support via `hatch test`.\r\n\r\nEnable random order testing to surface out cases where one test case\r\ndepends on another. Enable parallel testing to speed up testing.\r\n\r\nWill add matrix support later.\r\n\r\n```\r\nplugins: xdist-3.6.1, mock-3.14.0, rerunfailures-14.0, randomly-3.15.0\r\n12 workers [233 items]\r\n.........................................................................................................................................................................................................................................                                          [100%]\r\n================================================================================================================================== 233 passed in 2.18s ===================================================================================================================================\r\n```\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Standardize formatting with `hatch fmt`\r\n\r\nDid some minor fixes here and there, but left a bunch for future PRs.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Add `pytype` support via `hatch run type:check`\r\n\r\nThis builds a custom environment in which we run `pytype` for just the\r\nlibrary and the test. Unlike style linting, here we completely ignore\r\n`slsa_for_models`.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Update `.gitignore` to exclude all cache artifacts\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Update GHAs to use hatch for testing and linting\r\n\r\nThe scripts are now much simpler and easier to update to newer versions\r\nof Python.\r\n\r\nI also added copyright notices to all files. Removed the workflows that\r\nare no longer relevant (slsa_for_ml needs to be pinned right now to\r\nfirst make sure it works -- probably we'll move it to a separate repo).\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Remove old model signing requirements files.\r\n\r\nWe now use hatch to install and manage the dependencies.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Fix codeQL scan: remove unused file.\r\n\r\nWe already have a Sigstore signer in the main library, this is no longer\r\nneeded. If the CodeQL scanner would not have failed here, I would have\r\nkept it around for a future cleanup.\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n* Handle review comments\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Mihai Maruseac <mihaimaruseac@google.com>","shortMessageHtmlLink":"Prepare for wheel publishing (alpha patch version of 0.0.1) (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2462182110\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/283\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/283/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/283\">#283</a>)"}},{"before":"ee629b56b99adb5715265c083c859599de236532","after":null,"ref":"refs/heads/create-pull-request/patch","pushedAt":"2024-08-14T15:57:46.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"}},{"before":null,"after":"ee629b56b99adb5715265c083c859599de236532","ref":"refs/heads/create-pull-request/patch","pushedAt":"2024-08-13T00:26:38.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"github-actions[bot]","name":null,"path":"/apps/github-actions","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/15368?s=80&v=4"},"commit":{"message":"Bump frozen dependencies\n\nSigned-off-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>","shortMessageHtmlLink":"Bump frozen dependencies"}},{"before":"22f40717f8c0887f21e06d85bb4d03c978118949","after":"7429f1e146e2df59d3b4cd4c0942cb4ec48e1931","ref":"refs/heads/main","pushedAt":"2024-08-12T23:36:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"mihaimaruseac","name":"Mihai Maruseac","path":"/mihaimaruseac","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/323199?s=80&v=4"},"commit":{"message":"enable flake8-pytest-style linter (#281)\n\n* enable flake8-pytest-style linter\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>\r\n\r\n* fix broad exception matching\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>\r\n\r\n---------\r\n\r\nSigned-off-by: Spencer Schrock <sschrock@google.com>","shortMessageHtmlLink":"enable flake8-pytest-style linter (<a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"2462062513\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sigstore/model-transparency/issues/281\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sigstore/model-transparency/pull/281/hovercard\" href=\"https://github.com/sigstore/model-transparency/pull/281\">#281</a>)"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEs5t0_QA","startCursor":null,"endCursor":null}},"title":"Activity · sigstore/model-transparency"}