Watch the live stream:

Watch on YouTube

About the show

Sponsored by Microsoft for Startups Founders Hub.

Special guest: Seth Larson

Brian #1: Test your packages and wheels

• I’ve been building some wheels the last couple of weeks with various tools:
  • flit, flit-core, and flit build
  • hatch, hatchling, and hatch build
  • setuptools, build_meta, and python -m build
• There are a few projects I’ve used to make sure my projects are in good shape
  • wheel-inspect - you can inspect within Python code through inspect_wheel() function that converts to json. Or use on the command line with wheel2json
  • check-wheel-contents - a linter for wheels
  • tox - easily test the building, installation, and running of a package locally
    • I actually start here, then utilize the other two tools
• Should have been obvious, but it wasn’t to me
  • Projects saved on git (such as gitHub) don’t keep wheels in git. (this was obvious)
  • When installing from git using pip install git+https://path/to/git/repo.git
    • Your local pip will run the packaging backend to build the wheel before installing.
    • Yet another way to test packaging.

Michael #2: The Jupyter+git problem is now solved

• Jupyter notebooks don’t work with git by default (they inherently have meaningless conflicts).
• With nbdev2, the Jupyter+git problem has been totally solved.
• Uses a set of hooks which provide clean git diffs, solve most git conflicts automatically, and ensure that any remaining conflicts can be resolved entirely within the standard Jupyter notebook environment.
• The techniques used to make the merge driver work are quite fascinating

Seth #3: Help us test system trust stores in Python

• Package aiming to replace certifi called “truststore”, use system trust stores for HTTPS instead of a static list of certificates.
• Problem truststore is solving usually manifests in corporate networks: “unable to get local issuer certificate”.
• Experimental support added to pip to prove the implementation
• Users can try out the functionality and report issues.

Brian #4: Making plots in your terminal with plotext

• Bob Belderbos
• Tutorial on using plotext - that’s one t in the middle
• With the rise of CLI usage, plots are a nice addition.
• Bob’s plot is great, but check out the options in the plotext docs
  • lots-o-plots
  • streaming data
  • images
  • subplots
• so fun

Michael #5: jinja2-fragments

• Carson from HTMX (see podcast and course) wrote about template fragments.
• My jinja_partials project sorta fulfills this, but not really.
• I had a nice discussion with Sergi Pons Freixes who uses jinja_partials about this.
• He created Jinja2 fragments

Seth #6: SLSA 3 Generic Builder for GitHub Actions GA

• Supply chain Levels for Software Artifacts, or SLSA (“salsa”)
• Tools to attest to and verify “provenance” of artifacts, ie “where it came from”
• Prove cryptographically that artifacts are built from a specific GitHub repository, commit, tag. Another future defense against stolen PyPI credentials/accounts.
• Generic builder means you can sign anything, like wheels/sdists

Extras

Brian:

• Bring your pytest books to PyBay, if you want them signed.
  • I’m only bringing a small amount.
• I’ll be presenting
  • "Sharing is Caring - pytest fixture edition” at 3:05
  • “Experts Panel on Testing in Python” at 7:00
• And be a zombie on my 8 am flight back unless I can change my reservation.
• That’s this weekend, Sat Sept 10, in SF

Michael:

• Heroku announces plans to eliminate free plans
• Banned paywalls
• PyPI phisher identified: Actor Phishing PyPI Users Identified and Actors behind PyPI supply chain attack have been active since late 2021
• Major Python CVE: CVE-2020-10735: Prevent DoS by large int[HTML_REMOVED]str conversions

Seth:

• Pyxel, retro game engine for Python, v1.8.0 added experimental web support with WASM

Joke: Dev just after work